How eSIMs will aid mass market IoT development
This latest iteration of the ubiquitous SIM card, which has played a
fundamental role in mobile telecommunications for over a quarter of a century,
enables the SIM to be downloaded into a ‘Secure Element’ that can be
permanently embedded inside any type of device, or thing. eSIMs can act as an
authenticating party between the hardware device and service platform, to
ensure end-to-end, chip-to-cloud security. Data can then be encrypted to
protect against loss, theft, or tampering, with encryption available via
zero-touch provisioning. ... This is the second wave of e-SIM hype. The
initial industry hype a couple of years ago around the embedded version of the
SIM card did not live up to preliminary expectations, in large part because
the supply was there, but the demand was not. However, we are now seeing a
resurgence, due to the demand increasing as IoT technologies mature and more –
different – industries enter the IoT, and security increases due to
legislation. An increasing number of operators too, are beginning to realise
the cost benefits of these types of connections, opening up their networks to
unlock the advantages of bundled, multi-device subscription plans, and new
revenue opportunities, which is further driving demand.
Combining DataOps and DevOps: Scale at Speed
We need to step away from organizing our teams and technologies around the
tools we use to manage data, such as application creation, information
management, identity access management and analytics and data science.
Instead, we need to realize that data is a vital commodity, and to put
together all those that use or handle data to take a data-centric view of the
enterprise. When building applications or data-rich systems, development teams
learn to look past the data delivery mechanics and instead concentrate on the
policies and limitations that control data in their organization, they can
align their infrastructure more closely to enable data flow across their
organization to those who need it. To make the shift, DataOps needs teams to
recognize the challenges of today's technology environment and to think
creatively about specific approaches to data challenges in their organization.
For example, you might have information about individual users and their
functions, data attributes and what needs to be protected for individual
audiences, as well as knowledge of the assets needed to deliver the data where
it is required. Getting teams together that have different ideas helps the
company to evolve faster. Instead of waiting minutes, hours or even weeks for
data, environments need to be created in minutes and at the pace required to
allow the rapid creation and delivery of applications and solutions.
Deepening Our Understanding Of Good Agile: General Issues
Kuhn distanced himself from the idea that a new theory in science was about
the discovery of objective truth. Instead, he viewed each new scientific
revolution or synthesis as “less problematic” and “more fruitful” than the
previous synthesis, with fewer anomalies and greater predictive power and
maybe greater simplicity and clarity. For example, Copernicus’s heliocentric
theory of the galaxy had no greater predictive power than the previous
earth-centric theory. But it won support because it was simpler and seemed
more plausible. As it turned out, Copernicus’s theory involved the idea of
rotating spheres which was dead wrong, but the heliocentric part turned out to
be right. The theory won broad support, despite its flaws. It is in this sense
that we should not be expecting to discover a theory of management that
explains the objective truth about management or that prescribes the perfect
organizational structure. We should be content if we can find a synthesis that
has fewer anomalies and greater predictive power than the previous synthesis.
That is so a fortiori for management compared to physical science, because
human society is constantly changing, unlike the physical universe. So there
is even less likelihood of attaining even temporary truth about the human
universe.
Firms Still Struggle to Prioritize Security Vulnerabilities
The underlying problem is that once vulnerabilities have been identified by
automated systems, the prioritization and patching process is mostly manual,
which slows an organization's response, says Charles Henderson, global
managing partner and head of IBM's cybersecurity services team, X-Force Red.
"You think of vulnerability management as 'find a flaw, fix a flaw,'" he says.
"The problem is that we have gotten really good at finding flaws, and we
haven't seen ... as an industry the same attention paid to actually fixing
stuff that we find." Patching continues to be a significant problem for most
companies. Only 21% of organizations patch vulnerabilities in a timely manner,
the survey found. More than half of companies cannot easily track how
efficiently vulnerabilities are being patched, have enough resources to patch
the volume of issues, nor have a common way of viewing assets and applications
across the company. In addition, most organizations do not have the ability to
tolerate the necessary downtime. Overall, most companies face significant
challenges in patching software vulnerabilities, according to the survey of
1,848 IT and IT professionals by the Ponemon Institute for its State of
Vulnerability Management in the Cloud and On-Premises report.
Cloudops tool integration is more important than the tools themselves
What’s missing is direct integration between the AIops tool and the security
tool. Although they have different missions, they need each other. The
security tool needs visibility into the behavior of all applications and
infrastructure, considering that behaviors that are out of line with normal
operations can often be tracked to security issues, such as DDoS
attacks. At the same time, the cloudops tool could play some role in
automatically defending the cloud-based systems, such as attempting a restart
or taking other corrective action so the issue does not result in an outage.
The recovery could be reported back to the security tool, which would take
further action, such as blocking the IP address that is the source of the DDoS
attack. This example describes security and ops tools working together, but
there is much value in other tool integration as well. Configuration
management, testing, special-purpose monitoring such as edge computing and
IoT, data governance, etc., can all benefit from working together to create
common automation between tools. The smarter cloud management and
monitoring players, especially those selling AIops tools, have largely gotten
the tool integration religion.
How Active Cypher is Securing Enterprises from Malware Attacks
The cautious CIO should take the approach that their organization is already
infected with ransomware. For the majority of ransomware attacks, user’s
negligence is the problem. If a firm has employees, its only time until they
get ransomware. Yet IT departments should stop playing roulette hoping that
they are not the ones to fall this month, but should instead take a proactive
approach to first securing their data end-to-end, through automated file-level
encryption like what is offered through Active Cypher File Fortress. Secondly,
they should utilize solutions like Ransom Data Guard that effectively shields
clients from all permutations of ransomware attacks like WannaCry, RobbinHood,
TeslaCrypt…by obfuscating data and actively countering malware when it
attempts to attack. Employee cyber-training only gets you so far. ... The
success of India’s economy and the rise of its companies have unfortunately
led hackers to increasingly attack the country. Active Cypher’s Indian clients
are addressed in a similar fashion as we currently handle global and non-North
American clients – our product is not intensive in prep or installation and
company IT teams can download and install very easily in half a day.
How robotics and automation could create new jobs in the new normal
“Contrary to some beliefs, I see robots as creating vast amounts of new jobs
in the future,” he said. “Just like 50 years ago a website designer, vlogger,
or database architect were not things, over the next 50 years we will see many
new types of job emerge.” Nicholson cites robot pilots as an example.
“Ubiquitous, truly autonomous robots are still a long way from reality, so
with semi-autonomous capabilities with humans in the loop, we can achieve much
better performance overall and generate a brand-new job sector,” he added.
There’s a growing consensus that humans will work in conjunction with robots,
performing complementary roles that play to their respective strengths. ...
The robots generate a significant amount of performance data, which is
automatically compiled into reports that need to be interpreted, assessed, and
analyzed to improve operation and fleet performance. While much of this work
could be incorporated into existing roles, such tasks may eventually require
dedicated employees, leading to the creation of new jobs. “Managers can view
the routes being cleaned, take a look at quantitative metrics such as run time
and task frequency, and receive notifications around diagnostics and relevant
software updates,” Spruijt said.
The Security Interviews: How Crest is remaking the future of consultancy
Now that the security marketplace has grown significantly and security
services providers have gone from boutique outfits to big-name brands, this
need is becoming greater than ever, says Glover. He adds that buyers are now
realising that if they contract their security services to structured
organisations that back up their technology claims with certified skills and
best practice, they get better outcomes. He also reckons that security
consultancy will soon begin to move from an advisory-based practice to an
opinion-based practice. “We haven’t really done that as an industry yet, but I
absolutely believe that is the direction of play,” he says. But what does that
actually mean? Glover explains: “Right now, we provide advice and guidance. We
look at your systems and we say ‘that’s not very good – you should correct
it’. That’s advice. But what we’re now seeing under GDPR [General Data
Protection Regulation] and other regulations is you are asked if you have
taken appropriate steps to secure your data, otherwise the regulator is going
to take regulatory action or fine you a lot of money. “So we are now moving
into this area where security consultants have to be professional auditors and
say, in our professional opinion, this organisation has or has not taken
appropriate steps to secure its data. ...”
What working from home means for CISOs
It’s easy to understand why employees do what they do. CISOs have always had
trouble convincing them that productivity and protection are not mutually
exclusive — that users can do their jobs just as effectively by following
policies, accepting security controls and using pre-approved apps and devices,
and especially while working from home, the shift to productivity at all costs
has threatened to disrupt this delicate balance. It comes as cyber criminals
look to capitalise on distracted home workers, unprotected endpoints,
overwhelmed VPNs, and distributed security teams who may be forced to focus on
more pressing operational IT tasks. Google is blocking as many as 18 million
Covid-themed malicious and phishing emails every day. It takes just one to get
through and convince a remote worker to click, and the organisation may be
confronted with the prospect of a debilitating ransomware outage, BEC-related
financial loss, or damaging data breach. With many organisations struggling
financially in the wake of government-mandated lockdowns, few will welcome the
costs associated with a serious security incident.
Web of Things Over IoT and Its Applications
Internet connectivity is a minor concern for low-level sensors or hardware
devices. Low level sensors such as temperature sensor, and motion sensor,
usually transfer data using low level protocols like Bluetooth Low Energy (BLE),
Zigbee, 6LoWPAN, etc., which are not Internet compatible. Since IoT Gateways
understand those low level protocols, they basically play the role of adapters
between the internet and those sensors. Protocol transformation would also take
place here. IoT gateways are installed inside smart homes, smart factories etc.,
i.e., inside Local Area Network where no unified communication standard is
available, thus, those gateways can be used to communicate using proprietary
data format over the internet. Additionally, there are multiple cloud vendors
that are providing IoT services in different shapes and textures. Once again
there is a lack of standardization. AWS Alexa is tied with Philips Hue so AWS
and Hue can understand their data format but no one else can. This is
gravitating towards the vendor lock-in black hole. To get rid of this problem,
IoT needs vendor neutral standards for the internet.
Quote for the day:
"Leadership is the art of influencing people to execute your strategic thinking." -- Nabil Khalil Basma
No comments:
Post a Comment