Daily Tech Digest - August 18, 2020

How eSIMs will aid mass market IoT development

This latest iteration of the ubiquitous SIM card, which has played a fundamental role in mobile telecommunications for over a quarter of a century, enables the SIM to be downloaded into a ‘Secure Element’ that can be permanently embedded inside any type of device, or thing. eSIMs can act as an authenticating party between the hardware device and service platform, to ensure end-to-end, chip-to-cloud security. Data can then be encrypted to protect against loss, theft, or tampering, with encryption available via zero-touch provisioning. ... This is the second wave of e-SIM hype. The initial industry hype a couple of years ago around the embedded version of the SIM card did not live up to preliminary expectations, in large part because the supply was there, but the demand was not. However, we are now seeing a resurgence, due to the demand increasing as IoT technologies mature and more – different – industries enter the IoT, and security increases due to legislation. An increasing number of operators too, are beginning to realise the cost benefits of these types of connections, opening up their networks to unlock the advantages of bundled, multi-device subscription plans, and new revenue opportunities, which is further driving demand. 

Combining DataOps and DevOps: Scale at Speed

We need to step away from organizing our teams and technologies around the tools we use to manage data, such as application creation, information management, identity access management and analytics and data science. Instead, we need to realize that data is a vital commodity, and to put together all those that use or handle data to take a data-centric view of the enterprise. When building applications or data-rich systems, development teams learn to look past the data delivery mechanics and instead concentrate on the policies and limitations that control data in their organization, they can align their infrastructure more closely to enable data flow across their organization to those who need it. To make the shift, DataOps needs teams to recognize the challenges of today's technology environment and to think creatively about specific approaches to data challenges in their organization. For example, you might have information about individual users and their functions, data attributes and what needs to be protected for individual audiences, as well as knowledge of the assets needed to deliver the data where it is required. Getting teams together that have different ideas helps the company to evolve faster. Instead of waiting minutes, hours or even weeks for data, environments need to be created in minutes and at the pace required to allow the rapid creation and delivery of applications and solutions.

Deepening Our Understanding Of Good Agile: General Issues

Kuhn distanced himself from the idea that a new theory in science was about the discovery of objective truth. Instead, he viewed each new scientific revolution or synthesis as “less problematic” and “more fruitful” than the previous synthesis, with fewer anomalies and greater predictive power and maybe greater simplicity and clarity. For example, Copernicus’s heliocentric theory of the galaxy had no greater predictive power than the previous earth-centric theory. But it won support because it was simpler and seemed more plausible. As it turned out, Copernicus’s theory involved the idea of rotating spheres which was dead wrong, but the heliocentric part turned out to be right. The theory won broad support, despite its flaws. It is in this sense that we should not be expecting to discover a theory of management that explains the objective truth about management or that prescribes the perfect organizational structure. We should be content if we can find a synthesis that has fewer anomalies and greater predictive power than the previous synthesis. That is so a fortiori for management compared to physical science, because human society is constantly changing, unlike the physical universe. So there is even less likelihood of attaining even temporary truth about the human universe.

Firms Still Struggle to Prioritize Security Vulnerabilities

The underlying problem is that once vulnerabilities have been identified by automated systems, the prioritization and patching process is mostly manual, which slows an organization's response, says Charles Henderson, global managing partner and head of IBM's cybersecurity services team, X-Force Red. "You think of vulnerability management as 'find a flaw, fix a flaw,'" he says. "The problem is that we have gotten really good at finding flaws, and we haven't seen ... as an industry the same attention paid to actually fixing stuff that we find." Patching continues to be a significant problem for most companies. Only 21% of organizations patch vulnerabilities in a timely manner, the survey found. More than half of companies cannot easily track how efficiently vulnerabilities are being patched, have enough resources to patch the volume of issues, nor have a common way of viewing assets and applications across the company. In addition, most organizations do not have the ability to tolerate the necessary downtime. Overall, most companies face significant challenges in patching software vulnerabilities, according to the survey of 1,848 IT and IT professionals by the Ponemon Institute for its State of Vulnerability Management in the Cloud and On-Premises report.

Cloudops tool integration is more important than the tools themselves

What’s missing is direct integration between the AIops tool and the security tool. Although they have different missions, they need each other. The security tool needs visibility into the behavior of all applications and infrastructure, considering that behaviors that are out of line with normal operations can often be tracked to security issues, such as DDoS attacks. At the same time, the cloudops tool could play some role in automatically defending the cloud-based systems, such as attempting a restart or taking other corrective action so the issue does not result in an outage. The recovery could be reported back to the security tool, which would take further action, such as blocking the IP address that is the source of the DDoS attack. This example describes security and ops tools working together, but there is much value in other tool integration as well. Configuration management, testing, special-purpose monitoring such as edge computing and IoT, data governance, etc., can all benefit from working together to create common automation between tools. The smarter cloud management and monitoring players, especially those selling AIops tools, have largely gotten the tool integration religion. 

How Active Cypher is Securing Enterprises from Malware Attacks

The cautious CIO should take the approach that their organization is already infected with ransomware. For the majority of ransomware attacks, user’s negligence is the problem. If a firm has employees, its only time until they get ransomware. Yet IT departments should stop playing roulette hoping that they are not the ones to fall this month, but should instead take a proactive approach to first securing their data end-to-end, through automated file-level encryption like what is offered through Active Cypher File Fortress. Secondly, they should utilize solutions like Ransom Data Guard that effectively shields clients from all permutations of ransomware attacks like WannaCry, RobbinHood, TeslaCrypt…by obfuscating data and actively countering malware when it attempts to attack. Employee cyber-training only gets you so far. ... The success of India’s economy and the rise of its companies have unfortunately led hackers to increasingly attack the country. Active Cypher’s Indian clients are addressed in a similar fashion as we currently handle global and non-North American clients – our product is not intensive in prep or installation and company IT teams can download and install very easily in half a day.

How robotics and automation could create new jobs in the new normal

“Contrary to some beliefs, I see robots as creating vast amounts of new jobs in the future,” he said. “Just like 50 years ago a website designer, vlogger, or database architect were not things, over the next 50 years we will see many new types of job emerge.” Nicholson cites robot pilots as an example. “Ubiquitous, truly autonomous robots are still a long way from reality, so with semi-autonomous capabilities with humans in the loop, we can achieve much better performance overall and generate a brand-new job sector,” he added. There’s a growing consensus that humans will work in conjunction with robots, performing complementary roles that play to their respective strengths. ... The robots generate a significant amount of performance data, which is automatically compiled into reports that need to be interpreted, assessed, and analyzed to improve operation and fleet performance. While much of this work could be incorporated into existing roles, such tasks may eventually require dedicated employees, leading to the creation of new jobs. “Managers can view the routes being cleaned, take a look at quantitative metrics such as run time and task frequency, and receive notifications around diagnostics and relevant software updates,” Spruijt said.

The Security Interviews: How Crest is remaking the future of consultancy

Now that the security marketplace has grown significantly and security services providers have gone from boutique outfits to big-name brands, this need is becoming greater than ever, says Glover. He adds that buyers are now realising that if they contract their security services to structured organisations that back up their technology claims with certified skills and best practice, they get better outcomes. He also reckons that security consultancy will soon begin to move from an advisory-based practice to an opinion-based practice. “We haven’t really done that as an industry yet, but I absolutely believe that is the direction of play,” he says. But what does that actually mean? Glover explains: “Right now, we provide advice and guidance. We look at your systems and we say ‘that’s not very good – you should correct it’. That’s advice. But what we’re now seeing under GDPR [General Data Protection Regulation] and other regulations is you are asked if you have taken appropriate steps to secure your data, otherwise the regulator is going to take regulatory action or fine you a lot of money. “So we are now moving into this area where security consultants have to be professional auditors and say, in our professional opinion, this organisation has or has not taken appropriate steps to secure its data. ...”

What working from home means for CISOs

It’s easy to understand why employees do what they do. CISOs have always had trouble convincing them that productivity and protection are not mutually exclusive — that users can do their jobs just as effectively by following policies, accepting security controls and using pre-approved apps and devices, and especially while working from home, the shift to productivity at all costs has threatened to disrupt this delicate balance. It comes as cyber criminals look to capitalise on distracted home workers, unprotected endpoints, overwhelmed VPNs, and distributed security teams who may be forced to focus on more pressing operational IT tasks. Google is blocking as many as 18 million Covid-themed malicious and phishing emails every day. It takes just one to get through and convince a remote worker to click, and the organisation may be confronted with the prospect of a debilitating ransomware outage, BEC-related financial loss, or damaging data breach. With many organisations struggling financially in the wake of government-mandated lockdowns, few will welcome the costs associated with a serious security incident. 

Web of Things Over IoT and Its Applications

Internet connectivity is a minor concern for low-level sensors or hardware devices. Low level sensors such as temperature sensor, and motion sensor, usually transfer data using low level protocols like Bluetooth Low Energy (BLE), Zigbee, 6LoWPAN, etc., which are not Internet compatible. Since IoT Gateways understand those low level protocols, they basically play the role of adapters between the internet and those sensors. Protocol transformation would also take place here. IoT gateways are installed inside smart homes, smart factories etc., i.e., inside Local Area Network where no unified communication standard is available, thus, those gateways can be used to communicate using proprietary data format over the internet. Additionally, there are multiple cloud vendors that are providing IoT services in different shapes and textures. Once again there is a lack of standardization. AWS Alexa is tied with Philips Hue so AWS and Hue can understand their data format but no one else can. This is gravitating towards the vendor lock-in black hole. To get rid of this problem, IoT needs vendor neutral standards for the internet.

Quote for the day:

"Leadership is the art of influencing people to execute your strategic thinking." -- Nabil Khalil Basma

No comments:

Post a Comment