Daily Tech Digest - August 31, 2019

AI ‘Emotion Recognition’ Can’t Be Trusted

If emotion recognition becomes common, there’s a danger that we will simply accept it and change our behavior to accommodate its failings. In the same way that people now act in the knowledge that what they do online will be interpreted by various algorithms (e.g., choosing to not like certain pictures on Instagram because it affects your ads), we might end up performing exaggerated facial expressions because we know how they’ll be interpreted by machines. That wouldn’t be too different from signaling to other humans. Barrett says that perhaps the most important takeaway from the review is that we need to think about emotions in a more complex fashion. The expressions of emotions are varied, complex, and situational. She compares the needed change in thinking to Charles Darwin’s work on the nature of species and how his research overturned a simplistic view of the animal kingdom. “Darwin recognized that the biological category of a species does not have an essence, it’s a category of highly variable individuals,” says Barrett. “Exactly the same thing is true of emotional categories.”

With customer protection in mind, regulators are staying ahead of this technology and introducing the first wave of AI regulations meant to address AI transparency. This is a step in the right direction in terms of helping customers trust AI-driven experiences while enabling businesses to reap the benefits of AI adoption. This first group of regulations relates to the understanding of an AI-driven, automated decision by a customer. This is especially important for key decisions like lending, insurance and health care but is also applicable to personalization, recommendations, etc. The General Data Protection Regulation (GDPR), specifically Articles 13 and 22, was the first regulation about automated decision-making that states anyone given an automated decision has the right to be informed and the right to a meaningful explanation. According to clause 2(f) of Article 13: "[Information about] the existence of automated decision-making, including profiling ... and ... meaningful information about the logic involved [is needed] to ensure fair and transparent processing."

Apple iPhones Hacked by Websites Exploiting Zero-Day Flaws

Apple iPhones Hacked by Websites Exploiting Zero-Day Flaws
Google reported two serious flaws - CVE-2019-7287 & CVE-2019-7286 - to Apple on Feb. 1, setting a seven-day deadline before releasing them publicly, since they were apparently still zero-day vulnerabilities as well as being used in active, in-the-wild attacks. Apple patched the flaws via iOS 12.1.4, released on Feb. 7, together with a security alert. Hacking modern operating systems - including iOS - typically requires chaining together exploits for multiple flaws. In the case of mobile operating systems, for example, attackers may require working exploits that allow them to initially access a device - typically via a WebKit-based browser - and then to escape sandboxes and jailbreak the device to install a malicious piece of code. All told, Google says that it counted five exploit chains that made use of 14 vulnerabilities: "seven for the iPhone's web browser, five for the kernel and two separate sandbox escapes." The identified exploits could have been used to hack devices running iOS 10, which was released on Sept. 13, 2016, and nearly every newer version of iOS, through to the latest version of iOS 12.

The challenge: creating a better future of work

With appropriate policies, any job can become a good job. There’s nothing about today’s low-wage service jobs, home-care work and gig jobs that means we can’t make them good jobs, like we have done before. The jobs of the future are upon us today. We can’t turn the clock back and resurrect all of the manufacturing jobs that have disappeared. But we can create the good jobs of the future. Rather than wondering what kinds of jobs we will be doing for robot bosses, we need to decide what we want work and jobs to be doing for us, our families and our communities in the future. The state can take the lead in charting a new path forward that works for all Californians. In an executive order creating a Future of Work Commission, Gov. Gavin Newsom emphasized the need to “modernize the social compact between the government, the private sectors and workers.” We can begin to formulate policies that set guardrails on how robots and artificial intelligence can be used to improve the quality of jobs, not just replace them. We can look beyond upskilling workers to upgrading jobs.

Electronic word-of-mouth can make or break a product launch

eWOM can also affect product strategy. Executives at GM scrapped plans for a type of Buick crossover after reading tweets criticizing the design. And beauty products retailer Sephora canceled the release of a Starter Witch Kit — an innovative product that combined perfumes with tarot cards and a crystal ball, among other items — after critics accused the brand of trivializing witchcraft as a religious practice. So what’s the key to getting product launches to go viral, generating positive eWOM across the Internet? Researchers have yet to connect the dots between innovativeness, a firm’s marketing strategies, and the sentiments expressed through eWOM channels, particularly as they relate to the success of new products. But a new study aims to make those connections and provides suggestions for creating effective viral marketing campaigns for new products. To arrive at their findings, the authors conducted a two-phase study. The first phase analyzed a data set of millions of eWOM posts on message boards, forums, and social media platforms such as Facebook, Twitter, and Instagram.

Why 2-factor authentication isn't foolproof

Two-factor authentication is certainly more effective than just a username and password. But the risks of attack and data breach remain if 2FA is poorly implemented, especially in cases where appropriate checks aren't included before the authentication challenges are presented. Password leakage and credential misuse is on the rise, and attackers are continuously devising new ways to improperly access organizations and systems. We need to embrace evolving approaches to identity security that improves security posture while simultaneously keeping a simple user experience. Modern, adaptive, risk-based approaches that leverage real-time metadata and threat detection techniques have to be the standard. Intelligence needs to be built into the authentication process that leverage dynamic controls in real time. They also need the ability to block authentication requests when they are considered to be high risk. These risk factors include detecting anonymous proxy usage, detection of malicious IP addresses, dynamic geo-controls, device controls, and analyzing for unusual access patterns or overly privileged accounts.

Rating IoT devices to gauge their impact on your network

IoT | Internet of Things  >  A web of connected devices.
Devices with low-bandwidth requirements include smart-building devices such as connected door locks and light switches that mostly say “open” or “closed” or “on” or “off.” Fewer demands on a given data link opens up the possibility of using less-capable wireless technology. Low-power WAN and Sigfox might not have the bandwidth to handle large amounts of traffic, but they are well suited for connections that don’t need to move large amounts of data in the first place, and they can cover significant areas. The range of Sigfox is 3 to 50 km depending on the terrain, and for Bluetooth, it’s 100 meters to 1,000 meters, depending on the class of Bluetooth being used. Conversely, an IoT setup such as multiple security cameras connected to a central hub to a backend for image analysis will require many times more bandwidth. In such a case the networking piece of the puzzle will have to be more capable and, consequently, more expensive. Widely distributed devices could demand a dedicated LTE connection, for example, or perhaps even a microcell of their own for coverage.

Addressing Large, Complex Unresolved Problems With AI

Tracking the demand for skills in the market and the educational infrastructure available to supply those skills, through a Skills Repository. This will help keep education concurrent with current market demands and ensure much better alignment between academia and corporates; Automate routine, time-consuming tasks – from creating and grading test papers, developing personalized benchmarks for each student, identifying gaps in student development, tracking aptitude and attentiveness within each subject, and enabling teachers to focus on curriculum development, coaching and mentoring, and improving behavioral and personality aspects of students; ... Review and summary-creation of long drawn cases and their history can be done through natural language processing and voice recognition; Routing Right-to-Information and governance-related citizen requests through intelligent bots, thus making it more efficient to get critical information; Employ Anomaly Detection frameworks to surface fraudulent transactions – especially among land deals.

TrickBot Variant Enables SIM Swapping Attacks: Report

TrickBot Variant Enables SIM Swapping Attacks: Report
The operators of this version of TrickBot are able to intercept a victim's PIN as well as other credentials when they attempt to log onto the websites of the three wireless carriers, according to the report. This allows for a so-called SIM attack, which involves taking a victim's phone number and porting it to another SIM card that is then under the control of the attackers. Then an attacker can collect one-time passwords or trick telecom employees into giving out information about the victim through social engineering techniques. These moves create opportunities for further attacks, such as account takeover schemes. "Interception of short message service (SMS)-based authentication tokens or password resets is frequently used during account takeover fraud," the SecureWorks report notes. Over the past year, SIM swapping has been used in the U.K. for attempted account takeover attacks that have targeted banks and other financial institutions. Account takeover attacks can pave the way for credential stuffing - a technique used to guess passwords and users names to steal data

Great Global Meetings: Navigating Cultural Differences

Team members will know their cultural differences are getting in the way, but they don’t have a safe or honest way to talk about them. Without a chance for team members to work through these differences, a collision course is inevitable. By missing the opportunity to openly explore how cultural differences affect its ability to collaborate, a team may become mired in cultural misunderstandings and handcuffed by invalid assumptions. Many may be afraid of saying the wrong thing or asking a question that may be offensive. Global team leaders should initiate candid discussions about cross-cultural differences as early as possible, ideally when a new team is forming. Cultural differences will affect collaboration one way or another, so it’s best to have team members familiarize themselves with each others’ cultures right up front, so they can decide how they want to work together moving forward. Allocate time for checkpoints at key junctures in the conversation. Pause periodically to let all participants absorb what’s just been said. Some people—Americans in particular—often feel compelled to puncture silence with a comment.

Quote for the day:

"Tend to the people, and they will tend to the business." -- John C. Maxwell

Daily Tech Digest - August 30, 2019

Cybersecurity Readiness: A Must-Have For Digital Transformation Success

On the flip side, digital transformation greatly expands the cyberattack surface, providing more potential targets for cybercriminals and nation-state adversaries. One estimate from Juniper Research shows that cybercrime will cost businesses a total of over $8 trillion by 2022. The unfortunate reality is that crime does pay, and techniques used to capitalize on technology vulnerabilities or the inherent trusting nature of humans are constantly being refined. As more devices and applications connect to the enterprise and workforces continue to become more globally widespread, potential pathways to successful infiltration will increase. Digital transformation requires solid security. Security is the enabler of successful digital transformation. It’s a veritable catch 22 -- forgo digital transformation and risk falling behind or fully embrace it and risk greater instances of compromise. As an experienced leader of many organizations, I can tell you ignoring technological progress is never a good option -- it's actually a quick way for seemingly innocuous competitors to capture marketshare. So how should businesses tackle digital transformation in relation to cybersecurity?

How to mitigate IoT security risks to tap business benefits

By far, one of the most effective IoT security services that any business can invest in, says Burns, is mobile device monitoring. “While end-to-end encryption and siloed networks are essential, there’s nothing more crucial than knowing the current status of all your IoT devices in real-time,” he says. While there “countless ways” IoT devices can benefit modern businesses, Burns says that in the light of potential IoT device vulnerabilities, it is important for enterprises to identify the risks and challenges to ensure that all internet-connected devices are secure  Surveying 950 IT and business decision makers globally, Gemalto found that companies are calling on governments to intervene, with 79% asking for more robust guidelines on IoT security, and 59% seeking clarification on who is responsible for protecting IoT. Despite the fact that many governments have already enacted or announced the introduction of regulations specific to IoT security, most (95%) businesses believe there should be uniform regulations in place, a finding that is echoed by consumers, with Gemalto research indicating that 95% expect IoT devices to be governed by security regulations.

Weigh infrastructure as code risks against the benefits

Infrastructure as code creation is not a step-by-step process detailed in a textbook. IaC development depends as much on business needs and processes as the infrastructure engineer who writes it. Infrastructure code functions similarly, but its development is unique to its writer. Personalized or specialized code isn't problematic for an IT organization -- unless the code writer leaves the company before it retires. Then, a new admin must make sense of an unfamiliar, highly personal code base. Once again, the problem lies in scope and effect. To take over an application role or server role is a challenge, but something with which most IT admins have some level of familiarity. It isn't the code itself that proves problematic for fresh eyes, but rather its construction and documentation. And, because of its ultimate range of effect, odds are slim that a new admin will be able to run trials in a sandbox before the code is needed in production.

What Is Cyberthreat Intelligence, and Why Do You Need It?

Along with providing your company the proper tools to stymie any cyberattacks, cyberthreat intelligence can determine if you've already had a security issue. Through the use of indicators of compromise (IOC), intelligence analysts can determine whether your systems have been hit with malware that, if left undetected, could spell trouble in the form of stolen sensitive data. One type of malware that's commonly used is spyware, which can be installed on a system without your knowledge to obtain internet usage data and other sensitive information. In a business setting, this could be credit card information, customers' and employees' personal information, and other valuable data. Malware can become a costly problem for any business. For example, one piece of malware named Ryuk caused major headaches for some organizations throughout the United States at the end of 2018 and early 2019. As a piece of ransomware, which locks systems down before demanding payment for the user to gain access, Ryuk specifically targeted organizations that run on strict timetables ...

What is SAFe? The Scaled Agile Framework explained

What is SAFe? The Scaled Agile Framework explained
The Scaled Agile Framework encompasses a set of principles, processes and best practices that helps larger organizations adopt agile methodologies, such as Lean and Scrum, to develop and deliver high-quality products and services faster. SAFe is particularly well-suited for complex projects that involve multiple large teams at the project, program, and portfolio levels. The current version, SAFe 4.6, focuses on five core competencies that help enterprises to “successfully navigate digital disruption and to effectively respond to volatile market conditions, changing customer needs, and emerging technologies,” according to Scaled Agile, the framework’s provider. ... While SAFe focuses on alignment, teamwork, and provisioning across a large number of agile teams, there are other popular frameworks for scaling agile at larger organizations, including Large-Scale Scrum (LeSS) and Disciplined Agile Delivery (DAD). It is important to understand each of these frameworks so that your organization can select the best option for your projects.

How the Cloud Security Alliance helps businesses identify and mitigate cybersecurity risks

When we talk about how we advanced in the cloud kind of over the last 10 years, we're talking about people that are transitioning to the cloud. We talk about people that are in the cloud, but when they want to build on top of the controls they have currently. So when you think about security protection, a lot of these are imposed upon us where I have a regulation that I have to meet. And so that's how I kind of take those business requirements, those security requirements, and I transferred that to the cloud. Well, now we have so much more tooling and cloud that we're saying, "Hey, there are ways to enhance that security posture with new tools that are cloud relative, things like DevOps methodologies," and that's where it starts. So now that we have more people that own the process, that own the security process, we can not just get to the executives that are trying to say, Hey, let's implement these security policies, but now we're getting to the developers, we're getting to practitioners, we're getting to even the compliance folks that need to be aware of security, aware of even privacy and how to implement that as we're building applications, as we're building tools within our organization.

How to build AR apps for the enterprise and beyond

How to build AR apps for the enterprise and beyond image
Selling the idea to key stakeholders can be the biggest challenge of the whole AR implementation process. Many see AR as an entertainment tool rather than a business one. It can be a hard convincing an organisation to change its current processes if they do not see the business value. Resistance to new technology is common; you must have a tangible “why” to present to your business. The key to success is knowing who your stakeholders are. We were lucky that our CEO and founder, Jon Oringer, welcomes and encourages innovation. He fully embraced the idea of introducing AR to our business, but not all stakeholders are quite as open to transformation. Not everyone will have basic background knowledge of the technology, so make the AR concept you are presenting digestible and visual – what you are selling is a visual concept, after all, so let it tell the story. I like to provide examples that stakeholders might not know about, such as the Pepsi bus stop or Microsoft’s partnership with BAE (see both videos below). Examples help stir the imagination of your stakeholder. Then, if possible, aim for the output of an AR implementation to be measurable. This will help develop the technology down the line and prove the benefits of the adoption to stakeholders.

Overburdened SOC Analysts Shift Priorities

It's a vicious cycle: Much of the stress in the SOC comes from analysts surrounded by too many security tools that don't work well together or that they don't have time or resources to fully master, as more alerts bombard their screens every day. They just don't have the time or expertise to master the tools, or stay on top of the alerts these systems pump out. "More security sensors and log sources containing more signatures of potentially malicious activity combined with exponential IT growth — and a dramatic increase in malicious attacks," Calvert explains. He says SOCs should measure the time and effort spent on false positives and automate the process where they can. The noise and overload of tools and alerts can escalate quickly, according to Larry Ponemon, president of the Ponemon Institute. "A lot of research studies find the whole issue of interoperability and scalability is largely ignored and as result, the technologies don't actually work together, and you have more [tools] than you need," Ponemon says. An overwhelmed SOC can result in dangerously long times to resolve and remediate an attack.

Buying a Windows laptop? Five must-have features for my next notebook

Most business-class laptops today are designed as if they were little high-definition TVs, with a widescreen display whose aspect ratio is 16:9. That's the optimal configuration if you're watching a full HD movie, but it feels unbearably cramped when you're trying to get work done. The much more productivity-friendly display option is the 3:2 aspect ratio found on every Microsoft Surface laptop since the Surface Pro 3. That design results in a taller screen that easily accommodates two documents snapped into side-by-side windows. I wish more manufacturers would embrace that design, but the economics of the PC business apparently make it cost-prohibitive; the only recent exception I could find is from is Huawei. ... The advantage really becomes obvious on a device equipped with an eSIM, which can be configured through software and doesn't require a physical SIM card (although that option is available). On the ARM-powered Lenovo Yoga C630 PC I've carried on several recent trips, I can switch in seconds between mobile carriers. That's especially useful when traveling overseas where high-speed mobile data might be unavailable or an expensive option from your service provider.

VMware touts hyperscale SD-WAN

SD-WAN  >  The concept of a visual transition from hardware cables to software code.
“The package is a much simpler way for customers to quickly set up a modern SD-WAN, especially for those customers who don’t have a lot of IT personnel to handle setting up and configuring an SD-WAN,” Uppal said. “Branch office networking can be complex and expensive, and this package uses subscription pricing, and supports cloud-like capabilities and economics.” Dell EMC and VMware also announced SmartFabric Director, software that can be part of the service offering. Director enables data-center operators to build, operate and monitor an open network-underlay fabric based on Dell EMC PowerSwitch switches. Accoding to Dell, organizations that have embraced overlay software-defined networks need to make sure their physical, underlay networks are tuned to work with the SDN. "A lack of visibility between the two layers can lead to provisioning and configuration errors, hampering network performance,” Dell stated. The Director also supports flexible streaming telemetry to gather key operational data and statistics from the fabric switches it oversees, so customers can use it in security and other day-to-day operations, Dell said.

Quote for the day:

"A lot of people have gone farther than they thought they could because someone else thought they could." -- Zig Zigler

Daily Tech Digest - August 29, 2019

Waste Management dumps legacy processes, drives digital change
The old IT organization managed infrastructure and powered the business day to day. The new digital organization drives business value. We’ve evolved from a siloed black box operation that did its own thing to a collaborative thought partner that is not just shaping the solution but also shaping the opportunity. We don’t not want to hear our business partners say, “By the way, we are going to run a remote-control dozer. IT, can you figure out how to create a secure private network?” We want to be involved in those conversations up front. That shift requires my team to approach our business partners in a new way. Take cybersecurity, for example. IT needs to talk less about NIST frameworks and log analyses and more about the business risk and brand damage associated with a loss of customer data. Rather than talking about an SD-WAN, we should be talking about network speed’s impact on the user experience. Our “gallery walks” have been particularly effective in helping our technologists develop “business speak.” Here is how it works: On the 17th floor of our Houston headquarters, we’ve set up three stations that correspond to our three levers.

Develop a personal early warning system to avoid making bad leadership choices

Once you’ve identified your unforced errors, be honest with yourself about their effects. Select a few of your most common mistakes and ask yourself these two questions: “If my direct report were making this mistake, how would I react?” and “If a friend were making this mistake, what would I do?” With direct reports, you probably wouldn’t let those mistakes go unacknowledged, because you’re responsible for giving those employees performance feedback and you care about their growth and development. And with friends, you wouldn’t want people you care about to limit their potential due to a fixable issue. In the same way, you should care about how your actions affect your future as much as you would care about the future of your direct reports or friends. Now imagine that somebody you trust saw you repeatedly committing an unforced error. How would you want them to react? You’d probably want that person to prioritize candor over politeness. Increasing your self-awareness and asking for direct feedback can prevent you from being the last one to know about your own unforced errors.

IoT accelerating digital transformation initiatives — Gartner

IoT accelerating digital transformation initiatives รข€” Gartner image
In 2020, revenue from endpoint electronics will total $389 billion globally and will be concentrated over three regions: North America, Greater China and Western Europe. These three regions will represent 75% of the overall endpoint electronics revenue. North America will record $120 billion, Great China will achieve $91 billion and Western Europe will come in third totalling $82 billion in 2020, according to Gartner. “Overall, end users will need to prepare to address an environment where the business units will increasingly buy IoT-enabled assets without policies for support, data ownership or integration into existing business applications,” said Alfonso Velosa, research vice president at Gartner. This will require the CIO’s [and CTO’s] team to start developing a policy and architecture-based approach to support business units’ objectives, while protecting the organisation from data threats.

How To Make Sense Of Digital Transformation If You're A Small Business

The hype is all about robots and AI killing jobs at one extreme end of the spectrum and about an AI-fueled utopia at the other. The reality, of course, is likely far more nuanced. In the business world, you can find a lot of gold in your basic, everyday operations -- the things your people do on a routine basis. Irrespective of your exact circumstances, you simply cannot afford to sit on the sidelines just because you’re a small business. Technology is not going away, so every small business should understand that DX is important. Since digital business transformation involves cultural change, it’s particularly crucial to get business leaders involved. Successful DX initiatives are led from the top. Small business leaders should get out of their comfort zones by making the time for forward-thinking initiatives, being open to risk-taking and understanding that they can't go it alone. Don’t forget about the “transformation” aspect of DX. In my experience, transformations simply don’t happen without a strategy.

4 steps to a blockchain implementation

Smaller companies are more likely to look to a vendor to supply a product. "I would see us working with one of our existing vendors to say, 'Are you forming an advisory panel or exploratory group of existing law firm clients that would want to roundtable about this and how do we see it as a benefit to the firm?'" Caraher said. He said that von Briesen & Roper would most likely work with its niche vendors in the document management space to see how they could incorporate distributed ledger technology into their products. Use of products employing distributed ledger technology would be a competitive advantage for his firm, Caraher said.  For larger companies, once a use case has been identified, Rhodes said, the next step is to identify an architecture to address the use case. And as with all IT projects, IT will need to determine budget, deadline and whether the work can be taken on using internal resources or whether outside help is needed.

Four Traits of Every Top-Tier IT Hire

Image: Olivier Le Moal - stock.adobe.com
Finding and retaining high-quality IT and engineering talent can be challenging, especially when considering just how rare it is to find new hires with a real passion for their work. According to a Deloitte study, 64% of all surveyed workers, including half of executives and senior management, report being neither passionate nor engaged in work. You’ll be able to tell right off the bat if a candidate has a passion for their work by the way they discuss their past accomplishments and future goals. You can uncover enthusiasm by asking questions such as: What made you decide to get into technology? How do you stay positive when a project hits serious roadblocks or setbacks? What has been your biggest career accomplishment so far? If a long pause follows any of those questions, you may need to move onto the next candidate. Candidates with a love for their work can usually cover these answers quickly and will get excited even about the opportunity to talk about past projects. At the end of the day, company leaders know that they have a lot of exciting work to accomplish but if team members stop enjoying it, the workload simply becomes unsustainable.

ECB Warns Banks On Public Cloud Data Security As Hackers Circle

Korbinian Ibel, a director general at the ECB’s supervisory arm, told Bloomberg: “There will be accidents, especially in the cloud. It’s not that clouds are more vulnerable, they’re actually often better protected than in-house systems, but they’re seen as juicy targets.” European banks are stepping up their use of cloud services from the likes of Amazon, Microsoft and Google. Germany’s Deutsche Bank says it eventually wants to move the majority of its applications to the cloud from what it has called “expensive and inflexible physical servers”. Up to now, Ibel told Bloomberg, big banks have tended to avoid putting “highly confidential data” into public clouds, but that may well change in the future as smaller challenger banks with little of their own infrastructure adopt wider cloud operations – enjoying lower costs and greater data flexibility as a result. This is when greater risk comes in. Ibel said: “We see the benefits of cloud computing. [But] the rule is that the banker is always responsible for their data and services.

Channeling AI into Government Citizen Engagement

Problems also arise when government agencies cannot determine customer intent. Response systems at contact centers often send customers around in circles, transferring them between agents. This is both frustrating for citizens and extremely costly for organizations. Despite investing significant amounts of money in automation, agencies continue to spend heavily on recruiting and training personnel to perform basic administrative tasks that, with the right design and planning, could be automated. In fact, training front-line service staff remains one of the biggest expenses for some government agencies. Customers can signal the same intent in many different ways. For example, a bank’s customers may have many ways of requesting their account balance. By developing a detailed library of customer intents, cataloguing how and why customers are reaching out, government can, with the right technology, respond more effectively and efficiently.

Face It -- Biometrics To Be Big In Cybersecurity

Authenitication by facial recognition concept. Biometrics. Security system.
The attraction is users will simply register their login credentials with websites and applications once, then the biometric information will supersede usernames and passwords. Fingerprint information is never stored on Google servers. It is maintained cryptographically on the device. This is a big deal. There are 2.8 billion Android users worldwide. Forbes calculates that 1.7 billion users will get the FIDO2 update. And FIDO2 is already supported across all of the leading internet browsers, including Google Chrome, Microsoft Edge, Firefox and Apple Safari. This follows a decision by Microsoft in 2018 to bring the same capability to 800 million Windows users through its Hello login. Faster, more secure logins make life easier for users. However, the real benefit accrues to enterprises, financial institutions, telecoms, insurance, and the government. Better authentication speeds ecommerce and banking transactions. It protects networks from malicious hackers and reduces the likelihood of fraud.

Privacy 2019: We're Not Ready

The good news is that the public has recognized the gravity of the problem. Breakthroughs in healthcare, smart traffic, connected communities, and artificial intelligence (AI) confer tremendous societal benefits but, at the same time, create chilling privacy risks. The bad news is that we're hardly ready to address these issues. As Berkeley professors Deirdre Mulligan and Kenneth Bamberger wrote in Privacy on the Ground: Driving Corporate Behavior in the United States and Europe, it's one thing to have privacy "on the books," but it's quite another thing to have privacy "on the ground." According to research by the International Association of Privacy Professionals (IAPP), more than 500,000 organizations have already registered data protection officers in Europe. Yet only a fraction of those roles can actually be staffed by individuals who are trained on privacy law, technologies, and operations. To rein in data flows across thousands of data systems, sprawling networks of vendors, cloud architectures, and machine learning algorithms, organizations large and small must deploy highly qualified people, technologies, and processes that are still in the early developmental stage.

Quote for the day:

"One must be convinced to convince, to have enthusiasm to stimulate the others." -- Stefan Zweig

Daily Tech Digest - August 28, 2019

Being able to replicate neural behaviour on an electronic chip also offers exciting avenues for research to better understand the brain and how it is affected by disorders that disrupt neural connections, such as Alzheimer’s disease and other forms of dementia. The human brain is made up of billions of neurons in connected networks. They communicate with each other by using a sequence of electrical signals to express different behaviours, such as learning through sensory organs or more complicated processes like emotions and memory. Any disruption to these signalling sequences can lead to a loss of these vital neural connections, potentially causing memory loss and dementia. Curing these disorders would require identifying the faulty neurons and restoring their signalling routine, without affecting the functioning of other neurons in the network. So by having a computer model of the brain, neuroscientists would be able to simulate brain functions and abnormalities, and work towards cures, without the need for living test subjects. Our technology could also potentially be incorporated into wearable electronics, bionic prosthetics, or smart gadgets imbued with artificial intelligence.

Securing Our Infrastructure: 3 Steps OEMs Must Take in the IoT Age

In the manufacturing world, specifically the operations technology (OT) sphere, legacy operational standards such as OPC and Modbus are still in use today but were designed more than 20 years ago using old technologies, including COM. They were not designed for communication over modern IP networks with multiple security layers and, due to a general lack of cybersecurity sophistication, traditional OT networks have most security options disabled to simplify configuration. By its nature, a large open network of connected devices opens many new attack vector threats, even if individual devices may be secure when used independently. Because the weakest point in the system determines its overall security level, a comprehensive end-to-end approach is required to secure it. The lack of industry standards within the manufacturing space makes it difficult to develop such an approach because hackers concentrate on breaching a specific element within the technology stack.

Ransomware has evolved into a serious enterprise threat

In addition to a ransomware revival, the report highlights that more than 2.2 billion stolen account credentials were made available on the cyber criminal underground in the first quarter and that 68% of targeted attacks used spear phishing for initial access. “This shows how the cyber crime economy works,” said Samani. “Credentials are sold online, other criminals buy the credentials and then use them to get into organisations and use the ransomware they are an affiliate for to infect an organisation and demand tens of thousands of dollars in ransom. “The purpose of the threat report is not just to give the hard stats, but to encourage organisations to look at everything that is going on and see it is all connected and contributes to the wider ecosystem of crime.” The findings on ransomware targeting businesses are consistent with the fact that ransomware and other forms of cyber extortion are currently the most popular forms of cyber criminal activity in the UK, according to Rob Jones

The World Is Taking The Future Of Payments Seriously. Why Isn't The United States?

Let’s start with the simplest of the three: technological history. When modern-day payment systems were first developed, the United States was at the forefront of innovation and adoption. Debit and credit cards picked up significant momentum in the second half of the twentieth century. While shopping and paying online are now a global standard, it took time to filter into society. At the center were the thousands of e-commerce websites and companies that developed in the United States, particularly in Silicon Valley, in the late 90s and early 2000s. In the United States, all cards operate on the same point-of-sale systems to streamline the process for merchants. These outdated systems have left debit and credit cards as the historic standard, which is difficult to break out of. Point-of-sale systems have made China a fascinating case study. Historically, China has been slow to embrace new technologies, particularly in the consumer sector. Until about 10 years ago, the majority of transactions were made with cash; credit and debit cards were relatively rare in China’s payment ecosystem. When payment alternatives started to develop, it was roughly around the same time smartphones began to flood the market.

Do Self-Service and Low-Code Curb Shadow IT?

Image: Pixabay/Bykst
It’s important to point out there's an entire spectrum of low-code/no-code tools aimed at different audiences. Some are targeted at professional developers while others are targeted to web developers or citizen developers. The latter group tends to use “no-code” tools because the mechanics of writing code have been abstracted into visual drag-and-drop tools. Fintech company NES Financial standardized on Outsystems, which is an enterprise-class low-code platform because NES Financial voluntarily complies with Systems and Organizational Controls reporting (SOC 1), the Bank Secrecy Act (BSA), United States Citizenship and Immigration Service (USCIS) and Securities Exchange Commission (SEC) regulations. "Building systems and controlling data is an art in itself. You have to be aware of new regulations, requirements, and constraints, which is a full-time job," said Izak Joubert, CTO at NES Financial. "I think the ability for a marketing organization to implement something as a shadow IT organization is great conceptually, but it has massive risks for an organization if you look at it from a bigger perspective."

Tracking The Trajectory Of Cloud Computing

Despite the lack of coherent regulations, clients can use the cloud with confidence provided they know where their data is kept, which data protection laws apply, and whether the provider meets internal security policy. The cloud is multi tenancy by design – in other words, it brings lots of clients and third parties into the same network. Knowing which other organisations exist within the network, and how much data they will be able to access, is also a good move for service users. Cloud computing is changing: it’s smarter, faster, more powerful, and more popular than ever before. As technologies and industries converge, cloud applications will increase. However, the maturity of cloud computing has not been matched by regulations. Users are often uncertain about cloud compliance, and therefore less willing to rely on cloud based systems. Legal bodies and corporations need to come up with a prescriptive regulatory framework to enable the cloud to rise to its full potential.

Mitigating social engineering attacks with MFA

Providing a tool for employees to report phishing incidents, even just an email address for forwarding suspected phishing emails, can also help organisations. ... One technological solution that has proven successful against social engineering attacks, especially when the goal has been for acquiring access details, is the implementation of two-factor authentication. Two-factor authentication (2FA), and multifactor authentication (MFA), are access management systems that require two – or more – pieces of evidence, whether it be knowledge (such as passwords), possession (a physical token for example) or inherence (eg fingerprints) in order for access to be granted. The reason that 2FA/MFA is so successful is that should one of their verification stages (such as a password) become compromised, a hacker will still be unable to gain access to the organisation’s network without the other pieces of authentication.

Creating a 'Defensible' Cybersecurity Program

Business units also need to have input on the security steering committee to ensure that the security team is aligned with business goals. "It's very difficult to convince people that you are governing your security program from a business perspective if the business does not have a seat [on the steering committee]," Scholtz says. Dashboards or scorecards can be helpful for showing how security relates to the business and what the risk position is, Scholtz says. But implementing those takes time. Progress reports for executive boards can be tricky, Scholtz says. Executives don't need day-to-day operational information. Providing too much information may get executives interested in granular details that they ultimately have no control over, he points out. Scholtz's tips seem to offer a helpful start for setting up a cybersecurity program that supports business goals. But are they, indeed, practical? Let us know what you think.

Blurring the lines between RPA platforms and APIs

The capabilities of both RPA platforms and APIs are evolving to support use cases primarily handled by the others. The combination of RPA and APIs is a natural outgrowth of the modern business systems environment, particularly driven by the adoption of SaaS platforms and API-first becoming the new software mantra. Traditionally, RPA has been marketed to work with the complex mix of legacy, third-party and modern business applications that most organizations have accumulated. When delivering an RPA platform, it is nearly always best to use APIs when available, as the combination of these technologies delivers an extensive and change-resistant experience by removing the inherent change-prone UI layer from the equation. "Counter to what some may assume, the existence of an API does not negate the usefulness of RPA," Cottongim said.

A new IOT botnet is infecting Android-based set-top boxes

In a report published today and shared with ZDNet, WootCloud Labs said Ares operates by randomly scanning the internet for Android devices with open ADB ports. When it finds a vulnerable device, the Ares operators download a version of the Ares malware on the exposed device, which then acts as another scanning point for the Ares operators. Ares-infected devices will scan for both other Android systems with open ADB ports, but also for devices running Telnet services, specific to Linux-based servers and smart devices. While Ares operators are obviously trying to infect any device they can, WootCloud said it's seen the botnet infecting set-top boxes from HiSilicon, Cubetek, and QezyMedia. These attacks started in July, Srinivas Akella, Founder & Chief Technology Officer of WootCloud, told ZDNet in an email today. The exec also doesn't exclude the possibility that other types of Android systems were also infected. "To protect against the ADB being misused in these cases where it is left enabled, routers can be configured to block the ingress and egress network traffic to TCP port 5555, which is the ADB port," Akella said.

Quote for the day:

"Enthusiasm is excitement with inspiration, motivation, and a pinch of creativity." -- Bo Bennett

Daily Tech Digest - August 27, 2019

Why blockchain, despite some early success, remains a corporate enigma

binary chains / linked data / security / blockchain
Blockchain is not middleware meant to tie into existing legacy systems, but there are ways of automating the flow of data from ERP systems to a distributed ledger technology. Typically, APIs and data-sharing standards, such as GS1 (best known for the machine-readable barcode protocol), have been used to enable interoperability with legacy data systems. The IBM Food Trust, which is used by Walmart and other big box retailers to track food from farm to shelf, avoids manual data input by leveraging legacy tech investments through the GS1 standard; it automates the transfer and understanding of data between different parties on the electronic ledger. Regardless of how blockchain is implemented, most of the cost and legwork for rolling it out requires business partner participation in the network and involves hammering out business agreements and governance rules, said Kevin McMahon, director of emerging technologies at Chicago-based consultancy SPR. "Putting together the governance model and putting in the effort, time and energy building out a consortium as well as solving business challenges — that's always been the surprise for our clients," McMahon said.

AI Rushes Forward Driven by a Sense of Urgency

Image: sdecoret - stock.adobe.com
Companies and governments are rushing to embrace and integrate AI. Leading AI advocates such as Andrew Ng are encouraging companies to jump into AI use sooner rather than later. Research suggests that companies that fall behind in AI adoption might not ever catch up. Northeastern University professor Nada Sanders said recently that “organizations that take a measured and piecemeal approach to implementing emerging technologies will fall off the map, fade into irrelevance.” A recent op-ed argues that nations should be doubling down on AI research and development to remain competitive. It’s definitely a global race to see who will dominate with AI. Mark Cuban has famously said that the world's first trillionaires are going to come from somebody who masters AI and all its derivatives and applies it in ways we never thought of. All this change and the value it is creating is being driven by “narrow” or “weak AI,” algorithms that are incredibly proficient at a single task. Impressive as these algorithms are for discovering new drugs, forecasting volcanic eruptionsand even for deploying personalized meditations but they cannot share insights across information domains. 

Emerging From The Shadow

Emerging from the Shadow - ITNEXT
Make no mistake. Shadow IT as a challenge remains. The toughness of that challenge does remain—in fact, it has grown.  Gartner estimates that 40-50% of cloud and enterprise application consumption is already happening over uncontrolled and unaccounted for sources, as businesses can no longer rely on slow procurement processes from Central IT. By 2020, half of all IT spending at large enterprises with digital business aspirations will occur at the business-unit level, it says. Also, a 2017 survey by NTT Communications found 83% IT professionals reporting that employees stored company data on unsanctioned cloud services. This suggests how the increase in cloud adoption and prevalence of SaaS and mobile applications, have further facilitated the rise of shadow IT. With Internet of Things (IoT) and other emerging technologies already underway, analysts believe this to be an even starker reality. While shadow IT is used usually without ill-intent, owing to either negligence or for the sake of convenience, it poses a serious threat to data security. In most cases companies are unaware of their use and hence do not know whether their data comes from secured sources or not. 

How Anti-Patterns Can Constrain Microservices Adoption

Microservices create lots of small, distributed single-purpose services, with each service owning its own data. This service and data coupling support the notion of a bounded context and a shared-nothing architecture. Each service and its corresponding data compartmentalize and are completely independent of all other services. The data-driven migration antipattern occurs when you are migrating from a monolithic application to a Microservices architecture. Anti-pattern because of the migration for both the service functionality and the corresponding data together at the start while creating Microservices. There are two primary goals during any Microservices conversion effort. The first is to split the functionality of the monolithic application into small, single-purpose services. The second is to migrate the monolithic data into small databases owned by each service. The important aspect of developing Microservices rather than a monolithic application is inter-service communication. There are two communication styles i.e. synchronous vs asynchronous, one-to-one vs one-to-many mechanisms.

How IT departments can upskill in the new economy

Working in the gig economy works both for small businesses and startups, and large enterprises and public sector organisations. Yorkshire Water is one of the businesses mentioned in the TopCoders report. The water utility firm opened up 12 months of its data through the Leeds Open Data Institute to crowd-source the discovery of new trends or patterns. According to Yorkshire Water, it received a number of interesting submissions, such as an app proposal to use artificial intelligence (AI) to automate the recognition of leak noise, and a Fitbit-like device for monitoring water usage in household water pipes. New research has found that crowd-sourcing ideas for the smart use of public sector data offers a huge economic benefit. In July, the European Union (EU) reported that the total direct economic value of the data held in the public sector is expected to increase from a baseline of €52bn in 2018 to €194bn in 2030.

Measuring CI/CD Adoption Rates Is a Problem

It is also hard to define the market size for CI/CD since most surveys do not measure the depth of adoption. Just because a CI/CD tool is used within a company does not mean it is widely used, nor that its use cases have gone beyond the most basic. A better metric is what percentage of processes are automated Git commit to code to production. A DevOps focused survey from Codefresh reported that a third of companies had automated more than half of their workloads, but only 1% were all the way there. Another way to think about the issue is in terms of the percentage of developers at a company that use a particular product or service. The relevance of measuring CI/CD adoption came up in a recent twitter conversation, in which GitLab CEO Sid Sijbrandijg said about half of the Global 2000 companies have use CI/CD best practices like feature flags and tracing, but that only about 1% of workloads are being handled through this way.

Augmented data management draws more enterprise interest

Augmented data management uses machine learning and AI to make enterprise data management disciplines, such as data quality and integration, metadata management, master data management, and database management systems, "self-configuring and self-tuning," according to Gartner. Gartner included augmented data management in its recent list of top 10 data and analytics trends for 2019.Augmented data management is already starting to change how data professionals prepare and govern data with the help of more advanced machine learning capabilities and AI-driven automation, experts said. "Augmented data management will be an important enabler to faster, more scalable, more intelligent and higher quality augmented business decisions," said Bill Hostmann, research fellow at Dresner Advisory Services. David Menninger, an analyst at Ventana Research in Bend, Ore., said he sees augmented data management as part of a larger trend toward augmented software applications of all types, including analytics, which tends to get more attention.

Microsoft: Using multi-factor authentication blocks 99.9% of account hacks

The recommendation stands not only for Microsoft accounts but also for any other profile, on any other website or online service. If the service provider supports multi-factor authentication, Microsoft recommends using it, regardless if it's something as simple as SMS-based one-time passwords, or advanced biometrics solutions. "Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA," said Alex Weinert, Group Program Manager for Identity Security and Protection at Microsoft. Weinert said that old advice like "never use a password that has ever been seen in a breach" or "use really long passwords" doesn't really help. He should know. Weinert was one of the Microsoft engineers who worked to ban passwords that became part of public breach lists from Microsoft's Account and Azure AD systems back in 2016. As a result of his work, Microsoft users who were using or tried to use a password that was leaked in a previous data breach were told to change their credentials. But Weinert said that despite blocking leaked credentials or simplistic passwords, hackers continued to compromise Microsoft accounts in the following years.

Why we shouldn’t let AI write for us

letter handwriting cursive mail correspondence
The mainstreaming of AI business writing began with Google Smart Reply four years ago. Google Inbox users were offered a few colorless options for a reply to most emails. The feature still exists in Gmail, and with a single click you can respond with “Thanks!” or “I’ll send it to you” or “Let’s do Friday!” Last year Google added Smart Compose, which finishes the sentences you start. You can choose Google’s words by pressing the tab key. Using Smart Reply and Smart Compose saves time but makes replies dull. They’re dull because Google makes sure the replies are generic and designed to not annoy or offend anyone (for example, Google’s AI never uses gendered pronouns like “he” or “she”), and also because millions of other Gmail users are using the exact same wording for their replies. We all sound the same in our replies. Google is not alone. Lightkey makes a Windows application that works like Google’s Smart Compose. Quillbot is a cloud-based tool that can rephrase what you write (or what you copy and paste from others’ writing). It typically produces awkward prose. Machines have no ear for language.

How CIO Can Become The Boardroom Influencer

How CIO can become the boardroom influencer - CIO&Leader
While CIOs might be in a position of power, their success will depend on how they are developing the right blend of technical, business and influencing skills within their organization. The spotlight is therefore on the CIO’s expertise in solving these problems at hand. A study by MIT’s Center for Information Systems Research (CISR) brings to light that companies with experienced technologists on their board outperform others in areas such as revenue growth, return on assets and market capitalization growth. In other words, the significant contribution that CIO/CTO’s can bring to table gets reflected in the company’s financial outcomes. The analysis shows that out of 1,200 large enterprises with revenues over USD 1 billion, about 24% had board members that were classified as technology experts. These board members included those with experience as a CIO/CTO and expertise in software, digital platforms, big data and innovation, besides substantial years of leadership skills. According to the study, “Revenue growth over three years for boards with three or more such directors was 17.6% compared with 12.8% for boards without technology experts...."

Quote for the day:

"All leadership takes place through the communication of ideas to the minds of others." -- Charles Cooley

Daily Tech Digest - August 26, 2019

Samsung Galaxy Note 10 DeX Windows 10
Just because the Galaxy Note 10 Plus isn't the laptop replacement I've been looking for, it could be the primary computing device for workers who spend most of their time either in the field or moving between branch offices. I can easily see salespeople using the S Pen to click through the slides of a client presentation on a Note 10 Plus that's connected to a conference room TV. Regional managers who travel between stores could work directly from their Note 10 Plus provided their company had an external keyboard/mouse/display combo or loaner computer available at each site. And true field workers who rarely need to type on a keyboard during the day (like officers with the Chicago Police Department, which is running a pilot program with Samsung's DeX in Vehicle solution), could definitely use the Note 10 Plus for most tasks, if their companies take the time to ruggedize the phone...at a $1,099 a device you don't want to drop this thing on a factory floor or have it fall off the back of a truck on a construction site.

NASA Astronaut Accused Of Hacking Bank Account From Space

The New York Times report details how Summer Worden, Anne McClain's estranged spouse, put her skills as a former U.S. Air Force intelligence officer to work when she suspected McClain had been accessing her bank account. Having contacted her bank for details of the locations of logins to the account, Worden discovered one of the computers, where her login credentials were used from, was registered to NASA. McClain was aboard the International Space Station at the time, due to be part of the ill-fated all-female spacewalk, and putting two and two together led Worden to the conclusion that she had found her bank account hacker. McClain, who has since returned to Earth following her six months in space, has admitted that she did, indeed, access the account while aboard the International Space Station. The newspaper report stated that, under oath and via a lawyer, McClain insisted she was making sure there were sufficient funds in the account to care appropriately for the child they had been raising together.

Gartner Hype Cycle deems software-defined networking obsolete

The Gartner report is blunt and refreshing. For instance, check out this part: "Don't get caught up in SDN hype and claims that commercial products are 'SDN' or be persuaded that SDN is the answer to all networking problems since clearly this has not transpired." The same could be said for other hyped networking technologies. Instead, Gartner advised, enterprises should focus on solving specific problems within their networks and evaluate networking services based on their ability to deliver operational value. On a positive note, SDN shook up the networking industry by challenging established vendors and affecting subsequent market developments. SDN, for instance, spurred the rising use of white box switches, open source hardware and the development of independent network switch software providers. Fortuitously, for enterprises, traditional networking vendors also shifted their focus to innovate around network operations and management.

The Death of Agile and Beyond

Despite the cry that from the agilists that agile is dead/failing, it remains popular and is becoming increasingly "fashionable" among the senior executives. Surveys by Deloitte and McKinsey show that more than 90% of the executives believe that "becoming agile" is a high priority. And of course, any high priority aspiration often comes with a mandated time-constraint. The first problem with these aspirations is the imposition; they rob people of the opportunity to choose agile as a way of being. However, the bigger problem is that these aspirations are missing a key element: the sense of why. Think of impact mapping for enterprise agility; impact mapping is a way of mapping any goal using four ordered questions why, who, how and what. Why is the most important aspect; in the case of the need to be agile, answering "Why do we aspire to be Agile" properly and keeping these reasons in the forefront of the discussion invites teams into agility instead of imposing it on them. However, in most mandated enterprise agile transformation the conversation focuses on the who, how and what.

Software-defined perimeter – the essence of trust

millennials trust
Today, the IP address is no longer sufficient to define the level of trust for a user. IP addresses lack user knowledge to assign and validate the trust. There is no contextual information taken into consideration. This is often referred to as the IP address conundrum. Therefore, as an anchor for the network location and policy, we need to look beyond the ports and IP addresses. Network policies have traditionally focused on what systems can communicate with each other. The permit or deny is a very binary framework to use in today's dynamic environment. It has resulted in a policy that is either too rigidly defined or too loosely defined. This is where the software-defined perimeter finds the middle-ground. ... The considerable benefit of using an identity provider is that it acts as a gateway for users to authenticate against the same centralized trust. However, VPNs or other gateway services require a different database with a different management process. This can create an overhead to either add or delete the users from different databases. Having everything controlled in one central database provider is the key to managing a single set of controls of trust. Essentially, in SDP, a user validates against an externally facing IDP and then the user is authenticated against the identity store.

Adopting Agile Principles In Health Care

A core tenet of our approach is that for each innovation, Inception Health establishes an Agile team composed of clinicians, engineers, managers, data scientists, and user representatives. Each team establishes an iterative cycle to improve outcomes and the value to patients, to the health professionals, and to the system overall. While the core team comprises a handful of employees, several hundreds of people from member health care systems have participated in these Agile projects. By embedding Agile principles in the integration process of innovation in the member health care systems, Inception Health has been able to integrate innovations and iterate quickly. In the past two years, Inception Health has implemented 26 innovation projects at Froedtert and the Medical College of Wisconsin Health Network, including online tools for behavioral health, diabetes management, patient engagement, campus wayfinding, and remote monitoring. To enable clinicians to prescribe digital applications at the point of care, Inception Health partnered with a company called Xealth to create a digital health formulary, tying in third-party digital health applications with the electronic health record and clinical workflows.

Hacker Claims He Can ‘Turn Off 25,000 Cars’ At The Push Of A Button

Car immobilizers hacked
Ken Munro, cybersecurity researcher and partner at Pen Test Partners, first described the hack to Forbes at the DEF CON convention in Las Vegas. He found that it was possible to turn the immobilizer on and the car off by sending a simple request via a browser. Once he'd entered the command, it took less than a second for the immobilizer to be triggered. It was as if Munro was acting as one of the SmarTrack call center employees who were permitted to turn the immobilizer on. SmarTrack systems just weren't correctly checking that the commands were being sent by an authorized user, Munro said. Munro warned that it would be impossible for anyone to start the car again with the immobilizer fitted. The only option would be to have the tech removed entirely, he added. "We now control the immobiliser, so only we can de-immobilize the car." And, if the hacker turned the immobilizer on when the car is moving, it would simply prevent the car from running as soon as the engine stopped. As Munro noted, that could be "quite nasty" if the car has an auto start and stop function. ... Munro was also critical of Thatcham Research, the industry body which had given accreditation to the SmarTrack devices, saying it was safe to use.

Choosing SIP vs. PRI: What are the differences?

Because SIP trunks are software-centric compared to PRI, they are far more elastic and scalable. Adding or reducing the number of calls a SIP trunk handles usually only takes a change in configuration on both sides of the trunk. The real limitation in the case of a SIP trunk is the bandwidth between trunk endpoints. That leads us to some drawbacks of SIP trunking. For one, many SIP trunk architectures allow a SIP trunk to ride across the same internet link that employees use to surf the internet, stream video and perform other internet-based tasks. This creates a situation where voice traffic riding across the SIP trunk can be negatively affected if there is insufficient bandwidth to handle both the calls traversing the SIP trunk and standard internet traffic. Thus, it's important to watch internet throughput closely so bottlenecks don't occur. While businesses can opt for running SIP trunks directly over the internet, telecommunications providers prefer to offer dedicated data lines directly to a customer's premises to ensure the quality and stability of their SIP trunks.

The end of project management?

clothes pins organize project management sort by ryan mcguire gratisography
As IT moves to more to a product management run organization, what are the impacts? CIOs say that the addition of product management to the mix has two impacts--increased internal customer delight and increased street cred of the CIO. When IT products are appropriate managed via product management, the impacts for the business should be digital products that are useful, usable, and get used. And CIOs suggest this is the case for both internal and external focused products. Here the business gets better aligned tools from a customer experience/user experience perspective. From this process, CIOs get to point to distinct products making an impact on the business. This is especially the case for customer-facing products where financial impact drawn from them. This makes IT more than just a cost-center that the CFO can't understand. From an organizational design perspective, teams should increasingly be based on products, not technical function. As the glue that ties disciplines to product, CIOs see the potential for clarity and transparency coming from product management and a renewed focus on data, analytics, and elevated maturity for CX, business technology, and soft skills.

Cryptography & the Hype Over Quantum Computing

So, what should we be doing now about the potential "quantum threat"? First, the cryptography research community should be focused on post-quantum secure cryptography. The good news is that this effort has been going on for years and is ongoing. The role of this research community is to make sure that we have the cryptography we need in the decades to come, and they are taking the issue seriously. (As a side note, symmetric encryption and message authentication codes are not broken by quantum computers, to the best of our knowledge.) Second, the cryptography research community should start thinking about standardization so that businesses are ready if the quantum threat does prove real. Once again, the good news is that NIST has already begun the process. But all of this is about what the "community" should do. What should you — as someone who uses cryptography to secure your business — do? Let's start with what you shouldn't be doing. You shouldn't buy post-quantum encryption and the like before standardization is complete.

Quote for the day:

"One of the advantages of being disorganized is that one is always having surprising discoveries." -- A.A. Milne