Daily Tech Digest - August 13, 2019

What is instant recovery? A way to quickly restore lost files and test backup systems

CSO > Microsoft Azure backups / cloud computing / binary code / data transfer
The first challenge is that the hypervisor is not really reading a VMDK image; it is reading a virtual image being presented to it by the backup product. Depending on which product you're using and which version of the backup you chose, the backup system may have to do quite a bit of work to present this virtual image. This is why most backup systems recommend limiting the number of instant booted images at a time if performance is important. The second reason instant recovery is not typically high-performance is that the VMDK is on secondary storage. In a world where many primary systems have gone to all-flash arrays, today's backup systems still use SATA, which is much slower. The final enemy of high-performance in an instant-recovery system is that many backups are stored in a deduplicated format. Presenting the deduplicated files as a full image takes quite a bit of processing power and again takes away from the performance of the system. Some deduplication systems can store the most recent copy in an un-deduplicated fashion making them much faster for an instant-recovery set up.

Pair Programming (PP) is an extreme programming approach to produce better software where two people work together at one computer and work is reviewed as it is done. The driver operates the keyboard while navigator is watching, asking questions, guiding, reviewing, learning and making suggestions. Find more about PP at Wikipedia. We often hear that Pair Programming is a “waste of time”, “doesn’t really work”, “suppresses creativity”, “kills privacy”, “stressful”, etc., These are all genuine concerns any team may have based on their circumstances and experience. ...PP helps in transitioning the knowledge and works great when you have new members on the team. Navigator plays a contributor role while the driver is the receiver. This approach indirectly reduces the training cost of the new members. Team members with heavy knowledge of the project tend to have more dependency, as they are knowledge-towers. It is always a good idea to spread that knowledge to others to reduce the dependency of those people. When these heavy-lifters pair with others, it helps to spread the knowledge easily.

8 features all enterprise SaaS applications must have

Reliability and security are two of the most important qualities for SaaS tools. Companies that run their software on premises are able to store corporate information in their own infrastructures, which helps them keep that sensitive data secure. However, when it comes to SaaS, the software providers are responsible for keeping user data safe. Consequently, it makes sense that security and data privacy are key capabilities in enterprise SaaS applications. Providers should also include features in their enterprise SaaS offerings that solve business issues and provide the availability and efficiency that are necessary in an increasingly challenging enterprise environment. There is little doubt that companies are looking into SaaS -- usually, in a multi-tenant model in which users from different organizations share the same instance of an application. SaaS is arguably the purest form of the cloud and the largest segment of the cloud market, with revenue expected to grow 22.2% to reach $73.6 billion this year, according to Gartner. In addition, SaaS is expected to reach 45% of total application software spending by 2021.

What Microsoft's upcoming 'outsourcing' licensing changes could mean

Microsoft's upcoming licensing change is going to be "massive" for customers who've been using AWS and Google Cloud dedicated hosts to run Windows Server and Windows client, says Directions on Microsoft's Miller. "Why? Those products never offered -- and still don't offer -- License Mobility through Software Assurance," he said.  Microsoft officials note that beginning October 1 "on-premises licenses purchased without Software Assurance and mobility rights cannot be deployed with dedicated hosted cloud services offered by the following public cloud providers: Microsoft, Alibaba, Amazon, and Google. They will be referred to as 'Listed Providers.'" On October 1, customers who already are running Microsoft on-premises software offerings from these listed providers will be able to continue to deploy and use Microsoft enterprise software under their existing licenses. But they won't be able to add workloads or upgrade to a new product version released after October 1 under their existing licenses.

How to implement edge computing

"Networking skills are important at the edge because you need highly skilled people who can make the decisions, such as whether they want to deploy one large network or a series of smaller, specialized networks," said Coufal. "These same network architects need to make decisions about which of their different networks under management should be federated with each other for information exchange and which they want to keep separate. In many cases, business security and information exchange requirements will dictate this." Coufal recommends that organizations take a measured approach when it comes to deploying computing at the edges of their enterprises. "This means pushing out portions of applications to the edges of your company, but not necessarily everything," he said. "You can always plan to scale out later." It's also important to place an emphasis on the security that will be needed at the edge, given that end user personnel, not necessarily IT, will be running and maintaining much of this edge computing. Finally, bandwidth is an issue. If you can place subsets of your data and your applications at the edge, the processing of data, as well as the data that is transmitted from point to point, will be faster.

A New Credential for Healthcare Security Leaders

The Certified Healthcare Information Security Leader - or CHISL - credential was created by the Association of Executives in Healthcare Information Security, a subgroup of the College of Healthcare Information Management Executives. "There are a number of security certification programs, but they are not tailored to the healthcare environment," Marsh says in an interview with Information Security Media Group. The new certification is "sculpted" for healthcare security leaders, he says. In its statement about the new credential, CHIME notes that it's modeled after the organization's Certified Healthcare CIO, or CHCIO, certification program, which is exclusively for healthcare CIOs. To earn the CHISL designation, a security executive will need to pass an exam that tests knowledge of seven domains: organizational vision and strategy; technology proficiency; change management; value assessment and management; service management; talent management; and management of security relationships.

7 trends impacting commercial and industrial IoT data

According to Gartner, within the next four years, 75% of enterprise-generated data will be processed at the edge (versus the cloud), up from <10% today. The move to the edge will be driven not only by the vast increase in data, but also the need for higher fidelity analysis, lower latency requirements, security issues and huge cost advantages. While the cloud is a good place to store data and train machine learning models, it cannot deliver high fidelity real-time streaming data analysis. In contrast, edge technology can analyze all raw data and deliver the highest-fidelity analytics, and increase the likelihood of detecting anomalies, enabling immediate reaction. A test of success will be the amount of “power” or compute capability that can be achieved in the smallest footprint possible. ... The CEP function should enable real-time, actionable analytics onsite at the industrial edge, with a user experience optimized for fast remediation by operational technology (OT) personnel. It also prepares the data for optimal ML/AI performance, generating the highest quality predictive insights to drive asset performance and process improvements.

"Think of 5G and network slicing. That's a can of worms!" remarked Dr. Gerhard P. Fettweis, coordinator of Germany's 5G Lab and a professor at Technische Universit├Ąt Dresden. "How are you going to handle all this from an integrity, privacy, security [standpoint], knowing that your hardware is not going to be fail-proof -- because two years from now, we're going to have four major updates of the system, because we found out somebody could've been malfunctioning the system?" It isn't that AT&T, Verizon, and the successor company to the T-Mobile and Sprint merger have some suppressed, nascent desire to go into competition against Amazon, Microsoft Azure, and Google Cloud. But they may be reselling cloud capacity to companies large and small that could certainly disrupt the cloud providers' best-laid plans. These would include many of the cloud providers' largest enterprise customers, who may be willing to spend premiums on operating their own global, fiber optic cable-linked networks as though they were their own data centers.

Psychometric tests are a key weapon in battle against cyber security breaches

Cyberchology: psychometric tests are a key weapon in battle against cyber security breaches image
Phishing attacks are less likely to be effective if they are targeted at people with a preference for sensing. On the other hand, people with these personalities are more likely to take cyber security risks. There is a nuance here. It turns out that the cyber security risk takers are more likely to be people in this group who have a “preference for Perceiving and/or Extraversion. As for people who have a preference for feeling or judging, they “are more likely to fall victim to social engineering attacks than those with a preference for Thinking. But they also. tend to be more cautious and therefore more rigorous when following cyber security policies. However, the ‘Thinking’ group can over-estimate their own competence, leading to mistakes. The ESET and The Myers-Briggs Company Cyberchology report suggests that psychometric tests can be used to build self-awareness, thereby reducing vulnerability to potential cyber security breaches.

Empathy is a Technical Skill

Archeology and anthropology can give us good metaphors for what it’s like to work with software that we didn’t write ourselves. If you’re attempting to reconstruct someone else’s viewpoint, but you don’t have direct access to them, you’ll need to rely on two critical components: artifacts and context. The same applies to software. In a legacy system, we often don’t have access to the developers who initially wrote the code. So instead, we need to look at what they’ve left behind — their artifacts. Just like how pottery, skeletons, coins, foundations of buildings, and writing can help us figure out what someone’s life was like in the distant past, we can use those principles in software, too. The question to ask as you’re going about your daily work is, "Am I leaving durable evidence of my thinking that will help someone in the future?" That might be someone else after you’ve left for another role, or it could be your future self six months from now after you’ve forgotten the details of what you were working on.

Quote for the day:

"A simple but powerful rule: always give people more than what they expect to get." -- Nelson Boswel

No comments:

Post a Comment