Showing posts with label SDDC. Show all posts
Showing posts with label SDDC. Show all posts

September 30, 2016

Ransomware Spreads Through Weak Remote Desktop Credentials

According to Kaspersky Lab, the TeamXRat attackers peform brute-force attacks against internet-connected RDP servers and then manually install the Xpan ransomware on the hacked servers. "Connecting remote desktop servers directly to the Internet is not recommended and brute forcing them is nothing new; but without the proper controls in place to prevent or at least detect and respond to compromised machines, brute force RDP attacks are still relevant and something that cybercriminals enjoy," the Kaspersky researchers said in a blog post. "Once the server is compromised, the attacker manually disables the Antivirus product installed on the server and proceeds with the infection itself." 


This Emerging Tech Company Has Put Asia's Tuna On The Blockchain

A British company just ended a pilot in Indonesia, using blockchain to pioneer a new method of traceability when it comes to fishing, which could stop many of the troubling practises within the illegal fishing industry–including slavery. Provenance used mobile, blockchain technology and smart tagging to track fish caught by fishermen with verified social sustainability claims. Their pilot successfully tracked fish in Indonesia from January to June of 2016, and demonstrated not just another digital interface, but a solution to tracking systems and claims securely and without the need for a centralized data management system.


Wealth and Asset Management Report Predicts Blockchain Use by 2021

It is predicted that by 2021, the convergence of these smart technologies will produce a huge impact on the wealth profession, unlocking the doors of global wealth across a diverse universe of investors. However, with a fast-paced marketplace, it is important for investors to understand their customers’ needs and behaviors, and make the necessary technology changes to meet their requirements. Bob Reynolds, President and CEO of Putnam Investments, commented in the report that ‘the business moves in cycles, and some are severe.” ... As a consequence, economist Dr. Nouriel Roubini said in the report that “mediocre growth and low interest rates have become the new normal.”


The Open Group Launches the O-BA Preliminary Standard Part I

Developed by The Open Group Governing Board Business Architecture Work Group, this is the first installment of a three-part standard. Combined, the three parts of the standard will explicitly address all aspects of a business architecture practice. Not only will it examine the holistic approach in modeling required, but also the way of working and thinking, as well organizing and supporting. The standard clearly defines the systemic nature of transformations, the varying interests and goals of stakeholders, and prepares for consistent communication of business priorities and needs throughout the transformation lifecycle. It addresses a real need to solve structural challenges in enterprise and organizational transformations.


How is IoT Paving The Way for the Future

As the tech world is moving towards the cloud, it’s hard to imagine it functioning without IoT. And as we indulge ourselves in our devices and pour large amounts of data in this enormous mesh called IoT, it has swelled up to gigantic proportions. Such a huge system demands an extensive amount of technology and skills in order to sustain itself. But do we have the what it takes to monitor, maintain and secure IoT? According to Nick Jones, VP Distinguished Analyst at Gartner, “A recurring theme in the IoT space is the immaturity of technologies and services and of the vendors providing them. Architecting for this immaturity and managing the risk it creates will be a key challenge for organizations exploiting the IoT. In many technology areas, lack of skills will also pose significant challenges.”


Shutterstock CIO shares SDDC architecture lessons learned

With an SDDC, there are APIs for everything, so I can enable our software deployment for our product. They can have an API through Puppet and deploy through the infrastructure, and we can set up the key metrics, so if we're seeing load increase on our conservative platform, we can automatically expand that, or I can move that up to AWS. I've got some drivers from the leadership team: [They said] 'We want to move to AWS, we want to be faster.' Okay. I would argue that an SDDC makes you incredibly fast when you look at what we need to do as a company and how we need to service dev and products team -- it's that API-driven economy. They just want to be able to fire code out and know that that code gets deployed and we're operating and monitoring it and we're ensuring that stuff is staying up.


WhatsApp’s privacy U-turn on sharing data with Facebook draws more heat in Europe

In the PM interview, Denham was also pressed on whether the ICO is doing anything to stop data flowing now, while it probes the arrangement, but she said she thinks no data is yet flowing from UK WhatsApp users to Facebook. “We are told that data is not yet being shared — so I am hoping that there is a pause in the data-sharing, and some rethinking of the terms and the consent and what data is being shared,” she said. We’ve asked Facebook to confirm whether or not it is harvesting UK WhatsApp data at this point or not and will update this post with any response. Making a general statement about the data-sharing agreement earlier this month, Europe’s Article 29 Working Party ...  asserted that: “Users should keep control of their data when Internet giants massively compile it.”


Why Automation Doubles IT Outsourcing Cost Savings

Automation is having the biggest impact on areas in which employees manage physical devices, such as network services. Most IT towers see an average 25 percent decrease in the number of resources required as a result of automation, but certain IT services experience a 50 percent headcount reduction, according to ISG. ISG found that network and voice costs are declining by 66 percent mostly due to the convergence of voice, video and data solutions built on highly standardized and virtualized capabilities, an environment ripe for leveraging automation. Service desk and end user support costs declined by 26 percent due to increased adoption of self help and remote support, the introduction of self-healing functionality, and significant automation of level one and two incidents.


The Top 10 AI And Machine Learning Use Cases Everyone Should Know About

Machine learning is a buzzword in the technology world right now, and for good reason: It represents a major step forward in how computers can learn. Very basically, a machine learning algorithm is given a “teaching set” of data, then asked to use that data to answer a question. For example, you might provide a computer a teaching set of photographs, some of which say, “this is a cat” and some of which say, “this is not a cat.” Then you could show the computer a series of new photos and it would begin to identify which photos were of cats. Machine learning then continues to add to its teaching set. Every photo that it identifies — correctly or incorrectly — gets added to the teaching set, and the program effectively gets “smarter” and better at completing its task over time.


On Abstractions and For-Each Performance in C#

A common misconception is the foreach loop in C# operates on IEnumerable. That is almost correct, but it actually operates on anything that looks like an IEnumerable. That means it must have a GetEnumerator method and that method must return an object (or struct) with Current and MoveNext methods, the latter of which returns a Boolean. This was necessary back in the .NET 1.x era when we didn’t have generics or IEnumerable<T>. If you used a non-generic IEnumerable to loop over an integer array, it would have to allocate a new object for each item in the array (an operation known as boxing). As that would be ridiculously expensive, they decided C# would look for a custom enumerator first, and if it couldn’t find one then it would fall back on IEnumerable.GetEnumerator.


Quote for the day:


"The Crystal Wind is the Storm, the Storm is Data, and the Data is Life The Players Litany" -- Daniel Keys Moran

Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

June 24, 2016

Mobile Payments: Where’s the Benefit?

Mobile payments continue to be less common than mobile banking — more consumers are checking their bank account balances and paying utility bills online, for example, than paying for their Starbucks coffee with their phones. But there were some positive signs for mobile payments adoption: For example, 24% of all mobile phone owners reported having made a mobile payment in the 12 months prior to the March 2016 survey, up from 20% in 2015. In addition, of current mobile payments users, 10% had started using mobile payments in the six months prior to the survey, and 20% said they had started using mobile payments in the prior one to two years. Younger individuals are adopting mobile payments faster. Of those with a mobile phone ages 18 to 29, 30% had made a mobile payment. Of those ages 30 to 44, 32% had done so.


How Smart Data Lakes are Revolutionizing Enterprise Analytics

Smart Data Lake solutions permit organizations to focus on the data that provides real business benefit. Currently, Smart Data Lakes are being adopted by pharma and financial institutions in use cases ranging from competitive intelligence and insider trading surveillance, to investigatory analytics and risk and compliance. For instance, the regulatory reporting environment for financial institutions is evolving quickly, placing unprecedented demands on legacy processes and technology. Two areas where new smart data solutions are already adding value for banks include report preparation as well as data and technology. Smart Data Lakes also improve the quality of your competitive intelligence by allowing subject-matter experts to curate, correct, and augment the data they know best.


Real Time Audit within the Capabilities of Blockchain

Some studies have even shown that firms are reporting downward pressure on audit fees due to clients questioning the value of audit services, especially given that they are now increasingly ‘commoditised’ as a result of being heavily regulated, and thus there is little differentiation among the services being offered by various auditors. Many believe that #blockchain could transform this process, in part because the #technology removes the need for auditing to depend on trust. Blockchain provides a globally distributed, decentralized ledger of which everyone has the exact same copy. Whereas auditing at present entails the confirmation of transactions and balances on a company’s accounting ledger at the end of the period, a transaction on the blockchain would provide a permanent and immutable record of the transaction almost immediately.


Five Reasons Traditional IAM Can’t Handle the Internet of Things

One particular problem area for IoT security is Identity Management. In many ways, the Internet of Things is fueled by the identities of things to enable connections between people, devices, and apps, all of which require Identity and Access Management (IAM). Indeed, managing identities and controlling access to this valuable information is a critical step in securing the Internet of Things (IoT), but legacy identity and access management (IAM) systems cannot handle the extreme scale and complexity that the IoT brings to the enterprise. The Identity of Things requires a new class of IAM system. The best practice for managing identity in the Internet of Things is to employ a next-generation IoT IAM platform. But what exactly does next-gen IoT IAM entail? And how does it succeed where traditional, workforce IAM fails?


How the blockchain could kill off national currencies

“Money isn’t valuable by itself,” Meiri says, “it’s what you can do with it that matters.” Neighbourhood community managers and municipalities around the world are already agreeing with him and are using Colu to keep wealth circulating within their local communities. The startup also just closed a $9.6 million funding round including investment from venture capital firms Spark Capital and Aleph. Technology requires a perfect storm of circumstances before an innovation really takes hold, Meiri adds. If Spotify was pitching way back in 1995 it would have been a great idea, but it took the widespread growth of high-speed internet to turn music streaming into a reality.


Next-generation enterprise security architecture to combat cyber weaponry

What's interesting is there's almost an inverse correlation of those steps between genius required to do them and criminality of the steps. What we mean by that is it is not illegal to create an attack, create an exploit or discover a vulnerability. If it were, there would be entire universes of white hat attackers and cyber researchers who would no longer exist. That's their job. They're supposed to go around and look for vulnerabilities and see how they respond under attacks. It just happens to be a very hard thing to do, which is why the genius requirement is so high. The other end of this ecosystem, laundering money, is clearly illegal, regardless of whether it's cyber money or real money or anywhere in between. And monetizing that information -- selling things like Social Security numbers -- is obviously pretty illegal as well.


How Does It Work: IPTables

In the Linux ecosystem, iptables is a widely used firewall tool that interfaces with the kernel’s netfilter packet filtering framework. For users and administrators who don’t understand the architecture of these systems, creating reliable firewall policies can be daunting, not only due to challenging syntax, but also because of number of interrelated parts present in the framework. The iptables firewall works by interacting with the packet filtering hooks in the Linux kernel’s networking stack. These kernel hooks are known as the netfilter framework. Every packet that enters networking system (incoming or outgoing) will trigger these hooks as it progresses through the stack, allowing programs that register with these hooks to interact with the traffic at key points. The kernel modules associated with iptables register at these hooks in order to ensure that the traffic conforms to the conditions laid out by the firewall rules.


Gartner's Top 10 Security Predictions

“By 2018, the need to prevent data breaches from public clouds will drive 20% of organizations to develop data security governance programs.” Data security governance will be promoted by insurance companies that will set cyber premiums based on whether businesses have these programs in place. Prediction: “By 2020, 40% of enterprises engaged in DevOps will secure developed applications by adopting application security self-testing, self-diagnosing and self-protection technologies.” Here Perkins looks to maturing technology called runtime application self-protection (RASP) as a way to avoid vulnerabilities in applications that might result from problems overlooked due to the rapid pace at which DevOps teams work. RASP does its work rapidly and accurately to provide protection against vulnerabilities that might be exploited, he says.


Hey ops teams, developers want control of the data center

Application teams are tired of integrating with each and every SDDC to make their apps portable. Instead of integrating with the SDDC, app teams can integrate with a container runtime like Kubernetes, Swarm, or Mesos. All of the "portability" work now happens in the container runtime. Crucially, the industry is making Kubernetes, Swarm, and Mesos work on top of all of the SDDCs so you don't have to. Ops teams and the vendors who love them (like VMware) are rushing to support these new system management tools. In turn, the tools, like Kubernetes, are starting to build in developer-oriented features. According to the Kubernetes blog: "Kubernetes defines not only an API for administrators to perform management actions, but also an API for containerized applications to interact with the management platform." This latter API is new to Kubernetes, but we should expect it (and more like it) to cater to developers.


Multi-cloud is a safety belt for the speed-freaks

In the case of "multi-cloud," then, it's your application and organizational-knowledge portability you're hedging with in return for locking into the cloud native method of application development and delivery. What you get in return is the ability to run your cloud platform on any IaaS, public or private, that comes up. You'll probably want to choose a platform based on open source, like Cloud Foundry that's ensconced in a irreversible foundation. Then, even if you use a commercial, "open-core" distro of it, you'll have a huge degree of portability because the same application packaging, services and microservices architectures, and overall runtime will remain similar no matter which distro you choose in the future. At this point, many people look to build their own platform to maximize their future freedom to leave.


Quote for the day:


"The truth will set you free, but first it will make you miserable." -- James A. Garfield

Posted by at No comments:
Labels: , , , , , , , , , , ,

February 03, 2016

Make IT Delightful, and Other Ways to Enchant Your Employees

Satisfaction means our basic needs are met. Happiness means our emotional needs are met. Enchantment gives us meaningful experiences we didn’t even know we needed. And what better way than that to keep employees fully engaged? Yes, smart companies still must invest in fair compensation, diversity, family-friendly HR policies, work-life integration, playful environments and activities, perks, and a more holistic notion of well-being, as well as nurturing a values-based, purpose-driven culture that motivates people to work together for a greater cause. But the next step is to enchant employees in the same way you do customers.


Operations Challenges for the SDDC

For operations, moving to an SDDC architecture has the potential of adding more work to their already full plate. Shifting from physical to virtualized systems requires them to change how they monitor, manage and maintain the new infrastructure to comply with company security and regulatory compliance policies. They also need to help security and GRC teams achieve their goals of keeping the functional IT teams in their swim lanes, such as the networking team, while working in the virtualized infrastructure. On top of all this, operations has to make sure that they meet the business SLAs and the requirements for system availability and scalability.


Network Professionals Take On Increasingly Strategic Role in the Enterprise

The expansion of cloud computing brings both challenges and benefits to the networking team. Seventy percent say cloud will add complexity, while at the same time nearly the same amount (69%) stated cloud will enable the networking team to play a more strategic role. Software-defined networking (SDN) continues to rank high among organizations' network and data center plans. Forty-eight percent of enterprise organizations are actively researching plans around SDN and nine percent are piloting SDN technology. It's clear that they plan to be farther down the adoption curve in the future as 22% plan to be piloting the technology a year from now.


Headhunter dismisses 'rock star CIOs,' extols corporate values

Not culture, mind you — values. “Culture is tribal. Culture is esprit de corps, the tenure of your daily interactions,” Banerji said. The same company can have many subcultures. Marketing has its culture, IT another, the New York office has a different culture from the Boston office. And that’s perfectly OK, he said. But cultural independence shouldn’t be mistaken for core corporate values. “Values transcend function, they transcend geographies and times zones and business lines. They are the irrefutable tenets companies put forward to define who they are,” he said. It could be the corporate philosophy revolves around integrity, or creativity, or putting the client first.


Adapt, disrupt, transform, disappear: The 2015 Chief Digital Officer Study

Because the CDO role is just a few years old, it is not yet possible to determine whether companies with CDOs perform better in the marketplace than others. Indeed, some companies are flourishing without a single executive overseeing their digital transformation at the highest level — though most of these companies are already quite far along in their digital journeys. We believe, however, that less advanced companies would clearly profit by hiring one top executive to develop and carry out a coherent digital strategy. The goal of this study is to better understand which kinds of companies are hiring CDOs, who these new executives are, and how they approach the tasks in front of them — and then to look at how, specifically, the CDOs at several very different companies are taking on the demands of digitization.


How Barclays is cashing in on big data & Hadoop to stay ahead in fintech

It is fairly obvious then that even the most prominent fintech firms would not yet have the capacity to do the all this, at the scale an institution like Barclays can. However, just three years ago, Barclays did not have the capacity either. Simon said that historically the firm would have had to use a huge Oracle database, and "to process across all our small business customers on a daily bases it's about six weeks work of processing data." Six weeks is hardly useful for a small business under daily pressure to survive and trying to grow. Things have changed now though, Simon explains, thanks to the increased processing speed, and reduced cost of a Hadoop stack.


You’ve Been Hacked: How to Recover From the Nightmare

What’s next when you discover a hack at your facility? Healthcare organizations typically have detailed technical plans for closing access to networks, assessing damage and doing post mortems so it doesn’t happen again. But more than the technical repair that needs to go, organizations also need to have a plan for appropriately responding to the reputational hit that can occur from a hack. It’s more than just a PR department’s “problem.” IT executives will need to be involved to manage the fallout and craft responses that limit the damage to the organization’s reputation. It’s easy to botch. When retailer Target suffered a large cyber attack, the company tried getting the word out quickly on the extent of the attack and what it was doing to mitigate the damage and protect customers.


EU, U.S. Data-Transfer Deal Will Never Work

Steve Hunt, an industry analyst with Hunt Business Intelligence, initially reacted to the news with sarcasm. “That announcement makes me smile. I am actually thrilled about it,” he said. “I finally have a way to protect corporate secrets from government surveillance.” His tongue-in-cheek plan was to throw all sensitive data into a server, label the folder “European personal information” and “they’ll have to bypass.” Hunt, turning serious, said that such an agreement “would require policy and oversight that extends far beyond traditional government reach” and added that it would be “so costly and difficult that it would be practically impossible. It’s a promise without any possible weight behind it.” One of the many problems with such a move is audit efforts, confirming compliance.


How business outcomes are transforming IT spending

According to the report, 70% of respondents said it's critical that they're able to link IT investments to tangible business outcomes. So, if an understanding of IT's impact is this important, do these organizations feel that they are communicating that clearly enough? Well...not necessarily. Only 47% said that their organizations are doing an excellent or very good job at communicating how a particular IT investment impacted a business outcome. The remaining 53% said their organization needs a least some, if not significant, improvement in doing so. Not only did respondents say that identifying the impact on the business was important, but 68% of them said that, when making an IT investment decision, the business goals were more important than any of IT's operational goals.


Why I No Longer Use MVC Frameworks

Does a component-based Angular2 look a lot simpler? Not quite. The core package of Angular 2alone has 180 semantics, and the entire framework comes close to a cool 500 semantics, and that’s, on top of HTML5 and CSS3. Who has time to learn and master that kind of framework to build a Web app? What happens when Angular3 comes around? After using React and seeing what was coming in Angular2, I felt depressed: these frameworks systematically force me to use the BFF “Screen Scraping” pattern where every server-side API matches the dataset of a screen, in and out. That’s when I had my “to hell with it” moment. I’ll just build a Web app without React, without Angular, no MVC framework whatsoever, to see if I could find a better articulation between the View and the underlying APIs.


Quote for the day:


"No matter how you're treated or unappreciated, make the conscious decision to start each day anew as the best version of you" -- Carson V Heady

Posted by at No comments:
Labels: , , , , , , , , , , , , ,

February 14, 2014

Erasing SSDs: Security is an issue
The bright spot was encrypted SSDs, effectively deleting the encryption key makes the stored data useless. The one concern forwarded by the researchers is that there is no way to verify that the memory locations storing the encryption key data were sufficiently sanitized. The research team did not come out and say it, but reading between the lines has one believing there is no reliable way to sanitize SSDs other than physically destroying the device.


How to Optimize Your Enterprise Storage Solution
For enterprises that want their own internal data storage, it is best to start with network attached storage (NAS). A NAS filer is basically an extra server that connects to a network and rapidly adds extra storage to that network. However, at a certain point, too many NAS filers can overwork the local area network (LAN), affecting performance. When a NAS starts becoming too slow, creating a storage area network (SAN) is the next best step. A SAN is a collection of connected computers that are used solely for storing data.


Dozens of rogue self-signed SSL certificates used to impersonate high-profile sites
Such attacks involve intercepting the connections between targeted users and SSL-enabled services and re-encrypting the traffic with fake or forged certificates. Unless victims manually check the certificate details, which is not easy to do in mobile apps, they would have no idea that they're not communicating directly with the intended site. In order to pull-off man-in-the-middle attacks, hackers need to gain a position that would allow them to intercept traffic.


Cyberthreats: Know thy enemy in 2014
Defending a large network has never been harder. Expensive perimeter protection systems, complex host-based malware detection and even whitelisting systems have crumbled as attackers perfect an almost unbeatable pair of attacks: spear phishing and watering holes. Both attacks apply an age-old strategy: If a defense is too complex to beat head-on, bypass it. At the same time, social engineering, the Internet of Thingsand the combination of traditional Web applications, embedded applications and networked devices often with "versions" of Microsoft or Linux operating systems, present untold security challenges.


The Rise and Fall of Western Innovation
The main cause of this decline, according to Phelps, is corporatism—the inevitable tendency of businesses, workers, and other interests to band together to protect what they have. In modern economies, he says, corporations, unions, and other interests turn government into an agency for forestalling change and preserving the status quo. This problem has been worse in Europe than in the U.S., which is why productivity and per capita incomes in Europe have persistently lagged.


Workday: Linking technology design and user experience
We can hardly overstate the importance of software that users can easily adapt over time to changing business needs. Historically, it was difficult for users to change software rules and functionality in response to conditions such as a merger or new regulations. The software was inflexible, so these changes often required programmers to code customizations so the software could meet specific business requirements. A recent Gartner report explains the negative long-term impact of these customizations:


Mid-Level Leaders: Key Stakeholders, Agents of Change or Both?
It has come to my attention that a heightened focus on mid-level, or emerging, leaders has taken the industry by storm. However, I’m not just talking about the leadership development industry. This focus is being seen across many industries, pharmaceuticals and energy, in particular. Upon further reflection, it became clear why this is the case: both industries are facing major change initiatives, and mid-level leaders have been proven to be the most effective at managing change and ambiguity in the workplace.


Measuring the effectiveness of your security awareness program
Granted, measuring security effectiveness is not as straightforward as measuring a manufacturing process. There are many variables that are simply outside of one's direct control. In fact, a recent ISACA report conceded, "...security is contextual and not an isolated discipline; it depends on the organization and its operations. Furthermore, effective security must take into account the dynamically changing risk environment within which most organizations are expected to survive and thrive." All the more reason that improvements be addressed wherever possible!


Solving the Gordian Knot of Chronic Overcommittment in Development Organizations
There is no debate that the end result of these changes will be good for MegaRetail, but Claes already has hundreds of projects in various states of progress and the question remains whether there are enough people to staff these additional projects? There was no understanding or acceptance in the meeting that the IT department teams are already busy. In addition, the Marketing Director somewhat heavy handedly reminded Claes that business drives the company forward and IT is to be a supporting function and not a roadblock.


CEO Need-to-Know: Enterprise Cloud needs the SDDC
The vast majority of global enterprises today have in one way or another raised the prospect of a move to the Cloud. Yet fewer than 29 percent expect to be running the majority of their IT operations in the Cloud within the next 5 years[1]. Fact is that everyone’s talking about the Cloud, but few have defined it, much less created a strategy around it . Why? Because you can’t very well migrate well if you don’t know what to pack. Yet the promise of the Cloud is very real; the opportunities that a Cloud model presents can be significant for the enterprise that gets it right.


Quote for the day:

 "I am not discouraged, because every wrong attempt discarded is another step forward." -- Thomas A. Edison
Posted by at No comments:
Labels: , , , , , , , , , ,
Subscribe to: Posts (Atom)