Daily Tech Digest - February 04, 2020

What to know about software development security — why it’s still so hard and how to tackle it

What to know about software development security right now image
When it comes to securing applications, consider threat modelling, a process that identifies but also prioritises potential threats from an attacker’s perspective. Questions to ask might include: what kind of data would an attacker be seeking? One popular threat model is STRIDE, which can be used in tandem with the DREAD risk assessment framework: this helps work out how likely is the threat to happen, the threat’s potential consequences, and whether the risk can be tolerated. For web applications, the Open Web Application Security Project Foundation, has published its top 10 list of the most common and critical security risks and this is an excellent reference source. Each threat is ranked by its agents, exploitability, prevalence, detectability, technical impact, and business impact. The top 10 OWASP help with API security, too. There is a shifting emphasis towards securing them at every part of the lifecycle, starting with the development stage.



Top 10 underused SD-WAN features

blue globe world network global transformation connected global connection
For enterprises that do business with the federal government, such as aerospace and defense companies, or enterprises with PCI compliance responsibilities, which includes just about everybody else, encryption keys need to be rotated on a regular basis (typically every 90 days). This can be a tedious manual process that entails complex change control policies and can require planned downtime. SD-WAN platforms can replace conventional VPN-based key rotations with an automated system that can be programmed to make the rotations as frequently as every minute without any interruption to data plane traffic. The result is better security, no downtime and no need for manual intervention. ... There are many scenarios in which companies need to keep different types of traffic separated from each other. For example, in the case of a merger or acquisition, the combined company might be a single entity on paper, but for business or compliance or security reasons, each business unit continues to operate independently. If the company then decides to upgrade to SD-WAN, it might be considering the purchase of two sets of physical devices.



Programming languages: Go and Python are what developers most want to learn


Do developers need a degree? Apple CEO recently said the skills needed to code could be achieved by teaching kids at an earlier stage in high school. Job seekers without a degree can also get jobs at Google, IBM, Home Depot, and Bank of America. HackerRank found that most developers hired at companies of all sizes do have a degree. But it found that small businesses with between one and 49 employees are the biggest source of employment for developers without a degree. It found that 32% of developers at small companies lack a degree compared with 9% of developers who work for firms with more than 10,000 employees. The top recruiting priority, with 38%, for hiring managers in 2020 is finding full-stack developers. The second and third most commonly sought after categories are back-end developers and data scientists. However, full-stack developers face more pressure than other groups, with 60% tasked with learning a completely new framework and 45% required to learn a new language last year. That proportion is higher than all other categories, including front-end developers, back-end developers, data scientists, DevOps engineers, and quality-assurance engineers.


Brexit messes up IT project plans


Bartels said in the report: “The slowdown in tech purchases by business and government is real and reflects the fact that business executives are generally reluctant to grow their tech budgets faster than the growth in their revenues.” Referencing the UK’s exit from the European Union on 31 January, Bartels noted that prime minister Boris Johnson and the Conservative majority in Parliament will need to negotiate a transition agreement that still leaves many key issues to be negotiated. “Those continued uncertainties will depress UK economic growth,” he said. Forrester expects tech purchasers to cut their budgets in response to these uncertainties, and forecast that the UK will experience a 1.4% decline in tech spending in 2020. Forrester noted that tech market growth across Western Europe “was not too bad in 2019”, with the region’s constant currency growth of 4.5% actually higher than the global growth rate of 3.9%. But Bartels noted in the report that Brexit uncertainties will knock down the UK’s tech spending.


Multi-cloud adoption is the future, so be prepared


Multi-cloud architectures add complexity. Each platform has its own set of rules for operations and management, which makes it harder to cross-train staff and give IT teams a holistic view of a company's cloud and on-premises assets. "Most organizations are pretty clear that they do not want broad silos operating independently in perpetuity," Johnston Turner said. Enterprises want to be able to optimize these different assets within their own constraints around security, cost and performance. That's why IDC predicts 70% of enterprises will deploy unified VMs, Kubernetes and multi-cloud management processes by 2022 to facilitate standardized governance and to provide a single view across environments. "You're just always going to have to do the talking to the lower level systems," she said. "But increasingly, the level of [automated extraction] -- the policy and controls that you can put on top of those controllers -- is really what matters."


Smart Cities: Accelerating the Path to Digital Transformation


Accessing data and achieving interoperability from various smart city IoT services are also critical steps on any digital transformation journey. Otherwise, data remains locked in siloes, making it difficult and expensive to develop smart city applications. Unfortunately, the smart city market is still young and lacks standard data models for sensors and applications. Cisco Kinetic for Cities addresses this and reduces deployment complexity by normalizing data to consistent, well-defined data models by integrating an ecosystem of over 90 pre-integrated partners. This allows CKC to bring multiple services and vendors together in a single-pane-of-glass dashboard to enable better operation and smarter correlated policies. We also offer a series of CKC API training modules and CKC sandbox on Cisco DevNet where cities can join or leverage over 600,000 Cisco developers to develop new applications and services. At Cisco, we believe smart city technologies must be secure, scalable, and interoperable — not just to meet today’s needs, but also to enable cities to undergo a sustainable journey towards digital transformation.


The 5 Hottest Technologies In Banking For 2020

Robot Notebook Safe Piggy Bank Euro Coins
APIs are about speed, agility, and personalization. You’e dead in the water if: 1) It takes nine to 12 months to integrate partners’ products and/or data, or 2) The partnership process requires significant time and resources to negotiate legal matters, revenue sharing, pricing, etc. And for all the talk about personalization in banking, nothing that exists today comes close to what’s possible in an environment with a robust set of partial-stack fintech providers and smart full-stack banks integrated through APIs. ... For all the hype surrounding chatbots and machine learning (ML), few community-based financial institutions have deployed these technologies. Going into 2020, just 4% of the institutions surveyed by Cornerstone have already deployed chatbots—twice as many as had deployed them going into 2019. But going into 2019, 13% of the survey respondents said they would be making investments in chatbots—and most ended up not investing. There was a big jump in the percentage of institutions who have deployed machine learning from 2% in 2019 to 8% in 2020. And for 2020, another 17% expect to deploy ML tools. If history is any guide, however, fewer will actually invest.


Tech spending slowing along with world economy

stock market investment graph with indicator and volume data.
The one bright spot in their forecast is software. Forrester expects spending on software and cloud computing to actually grow during the forecast period by 5% in 2020 and 5.1% in 2021. Still these numbers are significantly less than 2018's 8.3% growth in software spending. "Any transformation of business operations or processes today involves the purchase of software," the report states. "The investments that firms are making to replace on-premises software with cloud alternatives is another factor driving the growth in software." After surging in 2017 and 2018 because of better economic activity globally and tax incentives in the US, however, spending on computer and telecom equipment is expected to fall. Even with growth slowing, spending on technology goods and services by businesses and governments will be robust in the coming years, going from $3.09T in 2016 to $3.71T in 2021.  As usual, the US outpaces the rest of the world by a massive margin. Anticipated US spending on technology for 2020, is $1.50T. At $289B, China, the next biggest spender, is expected to spend about a fifth of that amount.



Tesla and other autopilot-driven cars tricked with 2D projections

case-1.jpg
Researchers say that objects can be projected in a variety of ways, using cheap $300 projectors that you can buy from Amazon. These projectors can be handheld, or installed on flying drones. In addition, the research team says that projecting rogue 2D objects doesn't necessarily mean the projections need to be visible for long periods of time. A few hundreds milliseconds is enough, they said. Short-burst projections would be invisible to the human eye, but they'd still be visible and picked up by the powerful sensors and video cameras used by ADAS and autopilot systems. This opens the door for real-world scenarios where human drivers wouldn't even spot the projections, but the car would suddenly break or steer towards oncoming traffic. This is an important observation because most car makers advise drivers to use the autopilots only under direct supervision. Car vendors say the systems should be used to assist drivers while driving, but hands should always be kept on the wheel and eyes on the road.


Digital strategy for 2020-2030 sets out police technology plans


The strategy’s five ambitions are underpinned by seven enablers, which will provide the foundation for the nationwide digital transformation. These include data, strategic alignment and design, modernised core technology, connected technology, risk and security, talent, and transforming procurement. The enablers primarily focus on the need to develop common standards, approaches and structures across UK policing organisations, as well as to deliver better value for money. For example, the strategy recommends creating a national data management guide to drive data quality and consistency, while also developing a holistic data and technology framework to enable more consistent risk decisions. The strategy also recommends defining a “technology blueprint” for the next decade that avoids “the creation of bespoke solutions in favour of commercial off-the-shelf (Cots) applications.” The strategy claims that using Cots products, which it recommends setting specific procurement frameworks for, will ensure the standardisation of procurement and enhance value for money.



Quote for the day:


"Take time to deliberate; but when the time for action arrives, stop thinking and go in." -- Andrew Jackson


No comments:

Post a Comment