Daily Tech Digest by Kannan Subbiah

July 10, 2014

Controversial data center building and operation practices
There are many new and exciting data center building design, configuration and operation choices, but many of them involve trade-offs. These newer standards and best practices have adherents and detractors, and potential detrimental effects or poor return on investment won't always be immediately obvious. Even some standards required by building codes are nonetheless controversial. The specific concerns surrounding hot-aisle containment designs and safety warrant their own discussion.

The Impact of Big Data on Linguistics
Linguistics is an area that is constantly changing from one day to the next. There’s no stopping the evolution of language, and with the web and social media the speed at which it’s evolving has increased dramatically.There are so many contributing factors to language that impact how and when it changes that it can be extremely difficult to track and completely understand what about the language is changing and why it’s changing. Big data technology, like Hadoop Hive, is vital in assisting interested parties in gaining deeper and clearer insights into linguistics. It simplifies processes from weeks and months to seconds and minutes. It opens up possibilities that weren’t available before. Big data takes linguistics to the next level.

Provisioning versus Configuration
It is important to recognize the difference between these two steps in the deployment process and take into consideration the impact of configuration after provisioning on that process. Depending on the method of configuration, this step can have a serious impact on the speed and efficiency of the deployment process as a whole. It is also important to note for monitoring purposes, as virtual machine health and status is not the same as the health and status of the service, whether that be an application or a network service. Both must be monitoring and managed in a virtualized infrastructure to meet MTTD (mean time to detection) and MTTR (mean time to resolution) objectives.

Botnet aims brute-force attacks at point-of-sale systems
Micros Systems is based in Columbia, Maryland, and provides software applications, services and hardware systems, including POS terminals, to the hospitality and retail industries. If the BrutPOS malware successfully guesses the remote access credentials of an RDP-enabled system it sends the information back to a command-and-control server. Attackers then use the information to determine whether the system is a POS terminal and if it is, to install a malware program that's designed to extract payment card details from the memory of applications running on it.

Building A Security-Aware Culture
Awareness and training is one of the most effective elements to any information security program because most of the risks that organizations face are caused by user error, misconfiguration of systems or mismanagement. In fact, according to IBM’s 2014 Cyber Security Intelligence Index, 95% of all attacks in 2013 involved some type of human error, the most prevalent being an employee double clicking on an infected attachment or URL. The goal of an information security awareness and training program is to stop these errors from taking place by educating users on their responsibilities for ensuring the confidentiality, integrity and availability of information as it applies to their roles within the organization.

My “Desert Island Half-Dozen” – recommended reading for resilience
When I speak with customers, they often ask how they can successfully change the culture of their IT organization when deciding to implement a resilience engineering practice. Over the past decade I’ve collected a number of books and articles which I have found to be helpful in this regard, and I often recommend these resources to customers. I’ve included my favorites below, in no particular order, with a short explanation of why I’m recommending them.

Shift Left Performance Testing - a Different Approach
This article will explain a different approach to traditional Multi User Performance testing; using the same tools but combine them with modern data visualisation techniques to gain early insight into location specific performance and application areas that may have "sleeping" performance issues. Most programs concentrate first on functionality and second on anything else. Multi User Performance Testing, performed with tools like HP LoadRunner or Neotys Neoload, usually is one of those activities that happen late in the testing cycle. Many times this happens in parallel with User Acceptance Testing when the new system is already exposed to the end users.

Finance Analytics Requires Data Quality
A main requirement for the data used in analytics is that it be accurate because accuracy affects how well finance analytic processes work. One piece of seemingly good news from the research is that a majority of companies have accurate data with which to work in their finance analytics processes. However, only 11 percent said theirs is very accurate, and there’s a big difference between accurate enough and very accurate. The degree of accuracy is important because it correlates with, among other things, the quality of finance analytics processes and the agility with which organizations can respond to and plan for change.

Considering cloud service tiers
As enterprises move to public cloud-based resources, the use of application and data categories will play more important roles, for the same reasons listed above. For instance, there are public cloud storage services that are guaranteed to support SLAs (service level agreements) that approach 100 percent up time, but the costs are much higher per gigabyte of storage. Of course, there are public cloud services that don’t offer the same amount of up time, but charge way less. You need to match the right storage or compute services to the right use of those services by application tier, based upon cost-to-value. Again, we’ve been doing this for years with hardware and software, now we’re just extending this to the use of cloud-based services. The concepts should not be new, for most enterprises.

The Right Fit: The Enterprise Architect Selection Dilemma
With the increasing focus on mapping Enterprise Architecture value towards delivering business outcomes, it may be time to start re-evaluating the process of hiring and career development of this vital role. And there are organizations that have recognized this. Waddell and Reed’s listing on LinkedIn, if it is still up, is a good example of a well-defined EA role. IASA’s skills matrix and job descriptions for architects can also serve as a useful reference for this purpose. IASA’s EA job description lists around fifteen distinct job responsibilities, with additional sub-items around knowledge management and engagement. IASA also lists twenty separate criteria covering education, skills and experience for an Enterprise Architect.

Quote for the day:

"Leadership cannot really be taught. It can only be learned." -- Harold S. Geneen

July 09, 2014

The Agile BI Ship has Sailed — Get On Board Quickly or Risk Falling Behind
Do not use the term Agile BI synonymously with the terms intuitive and user friendly — two hugely overused and hyped terms in BI. Unfortunately, these terms are highly subjective and qualitative. Point-and-click, drag-and-drop GUIs may be intuitive to an experienced professional with a background in command line interfaces, but not so obvious to a millennial who grew up with a thumb-typing mobile phone UI. And while menu- and prompt-driven instrumented (radio buttons, dialog boxes, etc.) applications may seem user friendly to left-brained people (who think in numbers and lists), right-brained office workers (who see the world in pictures and associations) may prefer an application driven by icons, visual associations, and artistic Infographics.

Want to innovate? Become a "now-ist"
“Remember when people used to try to predict the future?” In this engaging talk, the head of the MIT Media Lab skips the future predictions and instead shares a new approach to creating in the moment: building quickly and improving constantly, without waiting for permission or for proof that you have the right idea. This kind of bottom-up innovation is seen in the most fascinating, futuristic projects emerging today, and it starts, he says, with being open and alert to what’s going on around you right now. Don’t be a futurist, he suggests: be a now-ist.

Google Tests Personal Data Market To Find Out How Much Your Personal Information Is Worth
Unsurprisingly, people value certain kinds of information more highly than others. But exactly how they value it depends on a complex set of other factors, such as the conditions under which information was gathered. The experiment involved a kind of living lab in Italy that monitored people continuously. The team recruited 60 people to take part in the study and gave them each a smart phone that recorded phone calls made and received, which applications were in use at any time and the time spent on them, the users’ locations throughout the day and the number of photographs taken.

How to dilute the value of analytics
Business Intelligence (BI) can mean many things to many people, but generally BI is associated with business reports. When you fold business analytics (BA), especially advanced analytics that are predictive or prescriptive, under the BI umbrella you inherently dilute the value proposition that analytics can provide to an organization. Why is this important? Because everyone knows analytics is hot, so everyone today is selling some kind of analytics. When we allow business analytics to be synonymous with BI, we allow everyone's claims that they can "do analytics" appear to ring true.

Free ebook: Rethinking Enterprise Storage: A Hybrid Cloud Model
Rethinking Enterprise Storage: A Hybrid Cloud Model describes a storage architecture that some experts are calling a game changer in the infrastructure industry. Called the Microsoft hybrid cloud storage (HCS) solution, it was developed as a way to integrate cloud storage services with traditional enterprise storage. The author, Marc Farley, works at Microsoft on hybrid cloud storage solutions as a senior marketing manager. The book includes a Foreword by storage industry expert and noted blogger Martin Glassborow, better known in the industry as Storagebod.

This is what the new hybrid cloud looks like
Leong says hybrid cloud management is not about bursting, instead customers should think about supporting two basic IT environments today: an old one and a new one, what she calls “bi-modal’ management. The old environment is typically a company’s system of record that is heavily customized to the organization’s specific use case and serves a core function for the business. The new IT environment is where the company pursues leading edge projects; applications and software are developed rapidly, with fast iterations and quick launches. And IT has a challenge: “You don’t want your old stuff to slow down your new stuff,” Leong says. “If you try to blend those two you’ll end up doing neither one well.”

CloudPhysics Adds Virtual Storage Troubleshooting Service
Cloud Physics is a new kind of online monitoring company that analyzes the data from many customers to see what's working where and what isn't. Then as fresh trouble brews, its analytics system consults the knowledge base and alerts customers to the remedies. Its monitoring service can spot underlying hardware issues, such as firmware bugs or device incompatibilities, as well as report on the overall operational health of a virtualized environment. Unlike other systems monitoring, however, it claims to be predictive and prescriptive, allowing customers to take actions that head off trouble before end users are inconvenienced or systems are brought to a halt.

Panel tackles how to make mobile devices as secure as they are indispensable
As smartphones have become de rigueur in the global digital economy, users want them to do more work, and businesses want them to be more productive for their employees — as well as powerful added channels to consumers. But neither businesses nor mobile-service providers have a cross-domain architecture that supports all the new requirements for a secure digital economy, one that allows safe commerce, data sharing and user privacy. So how do we blaze a better path to a secure mobile future? How do we make today’s ubiquitous mobile devices as low risk as they are indispensable? BriefingsDirect recently posed these and other questions to a panel of experts on mobile security:

Simplifying IT Pays Off With Big Savings, Better Business Success
IT organizations that support demanding business requirements often find they need to support greater levels of complexity. The business side wants better accessibility for users and easier access into customer data. Ironically, as technology gets simpler for end-users its gets more complicated behind the scenes. Complexity is a fact of life for IT professionals, but according to a new IDC study, corralling that complexity can save enterprises big-time and improve business outcomes.

Architecting for big data
The disjunction between accurate and fast will only grow as big data gets bigger. As the Internet of Things (IoT) moves in, IT departments will face ever more infrastructure bottlenecks. Jarr said the three most common points of congestion are ingesting more and new sources of data, developing processes to quickly access that data to make data-driven decisions, and producing faster analytics for the business. Removing the roadblocks will "take fast data and start making it very smart data," he said. The problem may be that IT has simply outgrown its legacy relational database management systems (RDBMS).

Quote for the day:

"I hear and I forget. I see and I remember. I do and I understand." -- Chinese Proverb

July 08, 2014

Use virtual volumes vs. SDS in the fight for storage efficiency
Freewheeling application cut and paste is just the beginning of the benefits, advocates say.Software-defined storage also means you don't need to add steps to provision new storage to the guest application when needed, or to ensure the proper services are associated with the new storage (data protection services, thin provisioning, deduplication and so on), or to change parameters and processes for managing storage with each configuration change. These things would all be enabled in the brave new world of server-attached, software-defined storage in a way they never were in legacy SAN or NAS, according to evangelists.

Comparing Cloud Compute Services
Comparing cloud compute or servers is a different story entirely. Because of the diverse deployment options and dissimilar features of different services, formulating relevant and fair comparisons is challenging to say the least. In fact, we've come to the conclusion that there is no perfect way to do it. This isn't to say that you can't - but if you do, or if you are handed a third party comparison to look over, there are some things you should keep in mind - and watch out for (we've seen some poorly constructed comparisons). The purpose of this post is to highlight some of these considerations. To do so, I'll present actual comparisons from testing we've done recently on Amazon EC2, DigitalOcean, Google Cloud Platform, Microsoft Azure and SoftLayer.

Larry Page on Google’s Many Arms
Mr. Page, who was joined in the interview by Sundar Pichai, the executive in charge of Google’s Android and Chrome software projects, did not seem overly bothered by the outbursts. “We’re in San Francisco, so we expect that,” Mr. Page said of the protests. “There’s a rich history of protest in San Francisco.” Mr. Pichai pointed out that the company had introduced initiatives to improve its relationship with city residents. This year, it gave $600,000 to the city to bring free Wi-Fi service to San Francisco parks. “I think in some ways it’s good that there’s an open debate about it and I think we needed it,” Mr. Pichai said. “There’s been a lot of growth and the area is trying to adapt to that growth and that has been a concern.”

Databricks Unveils Spark as a Cloud Service
“One of the common complaints we heard from enterprise users was that Big Data is not a single analysis; a true pipeline needs to combine data storage, ETL, data exploration, dashboards and reporting, advanced analytics and creation of data products. Doing that with today’s technology is incredibly difficult,” said Databricks founder and CEO Ion Stoica. “We built Databricks Cloud to enable the creation of end-to-end pipelines out of the box while supporting the full spectrum of Spark applications for enhanced and additional functionality.” Spark provides support for interactive queries (Spark SQL), streaming data (Spark Streaming), machine learning (MLlib) and graph computation (GraphX) natively with a single API across the entire pipeline.

MapR Looks to Enhance Hadoop Accessibility with App Gallery
“Hadoop is a wonderful platform for doing large scale analytics on all different types of data, as long as you have got the right people running it that know what to do with it,” said John Webster, Senior Partner at Evaluator Group. “And sometimes those people can cost a lot of money. So there has been desire from the enterprise side to say, ‘Look, can you give us something easier to use to manipulate and get value from Hadoop other than going out and hiring the expertise?’ So this app gallery starts to fill that hole.” The app gallery also makes it easy for developers to submit their applications.

Top hardware firms join forces on IoT standards
The OIC is focused on defining a common communications framework based on industry standard technologies to connect and manage the flow of information across IoT devices. The goal is to design of products that intelligently, reliably and securely manage and exchange information under changing conditions, the group said in a statement. "Open source is about collaboration and choice,” said Jim Zemlin, executive director of The Linux Foundation. “The Open Interconnect Consortium is yet another proof point how open source helps fuel innovation," he said.

Rollback and Recovery Troubleshooting; Challenges and Strategies
Changes to the structure and code of your databases can go seriously wrong, leading to down-time and data loss. Obviously, you’ll do anything possible to prevent this happening but this will just reduce the probability of things going wrong. The chance still exists of having a failed deployment, and you need to have effective ways of recovering from an event like this as quickly and effectively as possible. Have you the best possible ways to ensure that you can smoothly recover from your deployment disasters? What are the trade-offs of these various approaches? This article will walk through the different mechanisms you can use to ensure you have at least one effective documented procedure, hopefully more, to recover from, or even undo, a failed deployment.

Auto-Autonomy: Cars Are Racing Toward Disruption
The unbundling of features of cars such as keys, personalized maps and entertainment mean that I can walk up to a car, tap in and drive off comfortably. I can also summon an equally convenient ride with precise GPS location. These benefits are extended to commercial fleets of vehicles, which suffer these same inefficiencies on a microeconomic scale. You can see shared fleets of cars using sharing technology that keeps cars in use and reduces the number of cars on the road — better for the owners, better for the roads and better all around. Needless to say, fewer cars is a massive disruption to the auto industry.

There Are No 'Kodak Moments'
Kodak was a technical treasure-chest, but the problems that it faced were more marketing than technical, and had less to do with the product(s) than they did with the role that the products played in the customers’ lives. Kodak lacked the ability to either interpret those roles or articulate them in a way that could drive innovations with a higher probability of adoption. It undoubtedly did not help that Kodak attempted to reduce the risks it was under in the imaging business by diversifying (and dispersing scarce resources and top management attention) into such unfamiliar businesses as pharmaceuticals [with its purchase of Sterling Pharmaceuticals], which further blurred the vision of what the firm stood for and what it aspired to achieve.

Understanding the Android Resource System
A large part of any Android application falls under the category of resources. In this context, resources can include things like layouts, images, audio, video, language definitions, styles and so on. The resource system in Android is quite powerful, and while it may seem odd at first, there's a method to its madness. In this article, I'll walk through the basics of how this system works, and how you can take advantage of it in your apps. When you create a new Xamarin.Android application, some resources are provided by default, and can be found in several subfolders under the main Resources folder. I'll start by taking a look at those folders and files provided in the default project.

Quote for the day:

"The best way to have a good idea is to have lots of ideas." -- Linus Pauling

July 07, 2014

A Growing Backlash Against the Relentless Advances in Technology?
Sustained innovations are improvements to existing products and services that do not create new markets, often in response to the requirements of a company’s most demanding, existing customers. Disruptive innovations, on the other hand, generally start life as simpler, more convenient, less expensive good enoughofferings that appeal to new or less-demanding customers. What makes them so dangerous to existing products is that, if allowed to gain a market foothold, they can get on a learning curve of rapidly improving quality and capabilities, and over time end up toppling the incumbents from their leadership position. Disruptive innovation is mostly about discovering new markets for new technologies, products and services.

As the digital economy ramps up, expect a new identity management vision to leapfrog passwords
The past three years have seen a huge uptick in the number and types of mobile devices, online services, and media. Yet, we're seemingly stuck with 20-year-old authentication and identity-management mechanisms -- mostly based on passwords. The resulting chasm between what we have and what we need for access control and governance spells ongoing security lapses, privacy worries, and a detrimental lack of interoperability among cross-domain cloud services. So, while a new generation of standards and technologies has emerged, a new vision is also required to move beyond the precarious passel of passwords that each of us seems to use all the time.

The trajectories of great software companies
Software buyers are second only to teenage clothing buyers when it comes to being fickle. The best vendors are those that capture as much market and mindshare as possible while the products are still perceived to be “hot." By inference, does this mean that the fastest growing vendors are necessarily the best? The fickleness of software buyers has been known for decades and some may assume that the most successful software vendors are those that scale extremely quickly. But, is a great software company one that grows slowly, moderately or rapidly?

With New Management On Board and Latest Release Out, CFEngine Gears Up for Growth
The new executive team has been revving up the CFEngine’s go-to-market strategy. The release of version 3.6 saw ease-of-use improvements like a visual dashboard for alerts and reporting. ... “There’s magic happening. We are quiet but confident,” said Kumar, who himself joined as part of the exec refresh in late 2013. “We now have a seasoned executive team with a track record of success. We have consistently heard that we have a technical advantage from analysts, press and customers. However, we didn’t do a good job in terms of mindshare. Now we’re about focusing on the right things – you can have great technology but you need a good go-to-market strategy.”

Getty Images Gains Visibility and Alignment with Kanban Portfolios

Over time, the Agile transition for application development became quite successful. The next area of focus quickly became demand and portfolio management. Getty Images executives’, business owners, and technology management wanted to focus on improving the prioritization process, visibility into technology work, and predictability. ... Seeking a solution and prior to bringing in Rally Portfolio Manager, Getty Images evaluated high-end IT project portfolio management tools, but Agile and Kanban support from those products was limited or nonexistent, and enterprise IT PPM tools were too expensive for the company's budget and the product capabilities were overkill for the company's needs

Cyber Insurance: The Next Big Thing for Businesses
"The trend early on was tech, financial and health-care companies buying insurance. That still continues" said Tim Francis, who heads insurer Travelers' cyber division. "In the last couple of years you've seen more retail and manufacturing firms buying insurance and now you are seeing small- and middle-market firms buying too." While many of the headlines about cybercrime tend to be about attacks at large firms, The Ponemon Institute's "2014 Cost of Data Breach Study: United States" found a company with less than 10,000 records is more likely to be hacked than a firm with more than 100,000 records, in part because smaller firms are less likely to have robust defenses

Why is the CMO running so much IT? Big data, says Ford exec
Lenard added, "I am heavily involved in the measurement of the effectiveness of our media in the digital space, but also the technology to better target customers." When it comes to using marketing data to inform the next generation of vehicles that Ford will build, the marketing department is also playing a role in the decision-making process of customer-facing technologies -- traditionally the realm of the CTO. Lenard and her team are especially focused on what customers want (or will want) in terms of integrating connectivity and consumer tech into Ford cars and trucks. "[Then there] is the connected car arena -- absolutely something we are all looking at," said Lenard.

Cisco iWAN marries MPLS and Internet for WAN aggregation
In most cases, web and cloud traffic will be sent through the Internet connection, but not all internal traffic must be routed through the WAN. Applications that require dedicated bandwidth and QoS guarantees are often best suited to an MPLS WAN that can make those guarantees. But other applications don’t require those guarantees. Some traffic between branches and the data center can be safely routed via the Internet, further reducing the need for WAN capacity. Taking advantage of this cost savings requires accurately determining the application to which each packet belongs.

“Pivot Points” and knowing that every leader has a unique journey
If there is a secret successful leaders have, it is this: Leading is about creating the job and the leader’s value to the mission. This is a very different approach from conventional thinking that success comes with doing what worked for others. Leaders want to know how others handled similar situations and their outcomes. However, leaders take that as a creative spark and adapt it to their own goals and methods.

How CIOs can adapt to embrace developer-led innovation
Developers that work in large enterprises should be considered the internal engine of innovation to the companies they work for. However, it is regretfully the case that IT budgets remain relatively flat and more often than not the developers are being asked to quarterback new projects that deliver competitive advantage. The new era of the developerisation of IT is well underway and much like its predecessor, the consumerisation of IT, it’s all about making stakeholders’ – in this case the developers’ – lives easier by giving them more flexibility to focus on producing great apps and delivering valuable IP.

Quote for the day:

“Purpose drives the process by which we become what we are capable of being.” -- Lolly Daskal

July 06, 2014

Focussed topic: Service Oriented Architecture

Service Oriented Architecture: SOA
Services are a group of methods that contain the business logic to connect a DB or other services. Methods have clearly defined and published methods for use by the clients as a black box. So what is a black box? It's nothing but a system or an object that can be viewed in terms of its input, output and transfer characteristics without knowledge of its internal workings. Across the platforms these methods can be accessed, no matter what your client developing a UI in C# or Java or any latest technology. It decouples the business services from the technical services, in other words the service methods having the business logic is not coupled with the specific programming language, both will react independently.

Integrated Load Test Analysis
What makes the integrated approach to load testing critical to those of us who have only had access to the external, Web Load Test data in the past is that we can immediately draw correlations between events inside the datacenter and the performance effects we are capturing outside the firewall. By integrating a few key Web Load Test metrics (Average Response Time, Transactions per Minute, and Total VUs) with select PureStack metrics (Number of Confluence Requests in the last 10 seconds and CPU percentages), the team was quickly able to have in-depth information available to them throughout the load test. Finding this high load job was a bonus of the load test, which clearly pointed out that the system was undersized for the load that the Portal team was expecting.

How SMAC is empowering Business Process Management
When it comes to improving processes, visibility is one of the most important attributes of a platform. Most of the commercial BPM products now provide complete process visibility with real-time analytics to help business users quickly and easily make changes to processes. The built-in dashboards make it easier to recognize performance issues in real-time and take corrective actions when needed. In order to operationalize insights from big data, or apply contextual information from mobile engagements, business processes must be redesigned to apply those insights.

Service Oriented Architecture Quality Evaluation
This paper presents a semi-automated method for evaluating SOAs called SOAQE, correcting defects observed so far with existing methods such as lacks of pertinence and accuracy for evaluation results. SOAQE takes as a starting point the McCall model, describing software quality, which led to an international standard for the evaluation of software quality (ISO/IEC 9126-1, 2001). This model is organized around three types of quality attributes (factors, criteria and metrics). The SOAQE method consists in decomposing the whole architecture and evaluating it according to the McCall model, i.e. a list of quality factors arising from business needs grouping criteria composed by metrics

An Event-Driven Service-Oriented Architecture Model For Enterprise Applications
Enterprise Applications are difficult to implement and maintain because they require a monolith of code to incorporate required business processes. Service-oriented architecture is one solution, but challenges of dependency and software complexity remain. We propose Event-Driven Service-Oriented Architecture, which combines the benefits of component-based software development, event-driven architecture, and SOA.

The Open Group Open Platform 3.0™ Starts to Take Shape
The Open Platform 3.0 standard will have other common artifacts: architectural principles, stakeholder definitions and descriptions, and so on. Independently-developed architectures that use them can be integrated more easily. Enterprises develop their architectures independently, but engage with other enterprises in business ecosystems that require shared solutions. Increasingly, business relationships are dynamic, and there is no time to develop an agreed ecosystem architecture from scratch. Use of the same architecture platform, with a common architecture environment including elements such as principles, stakeholder concerns, and basic models, enables the enterprise architectures to be integrated, and shared solutions to be developed quickly.

Why Obama Administration Should Have Paid More Attention to Load Testing
It seems like those responsible for deploying the site didn't really appreciate the importance of load testing, which is especially surprising when you consider that the website had in fact failed a pre-launch load test miserably. Of course, politics came into play as the deadline for the website was non-negotiable. But with all the red flags warning of failure, load testing should have played a much more critical role ... big issue with HealthCare.gov was that the contractors claimed they didn't have enough time and felt extreme pressure to roll out the website before it was properly tested. If load testing occurred earlier in the website development phase, testers would have been able to identify the parts of the website that were not working properly.

Building and Testing a Microservice in a Service-Oriented Architecture
The microservice architectural style is an approach to developing a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an HTTP resource API. These services are built around business capabilities and independently deployable by fully automated deployment machinery. ... One of the advantages of architecting your application in this style is that Microservices aren’t tied to a particular technology stack. This gave us the flexibility to choose technologies instead of defaulting to a technology that may or may not make sense.

Burn-Down or Burn-Out? How to Beat the Red-Sprint Agile Anti-Pattern
One of the key and often much underestimated benefits of working in agile teams, whether working on products or projects, is the idea of sustainable pace. Sustainable pace makes sure that the team retains its cool even under time pressure, which is common in software development. Those of you who have been part of agile teams will have noticed that achieving sustainable pace is not always easy. Either project management is chasing unrealistic estimates or is trying to prevent overruns or management expects ever-increasing productivity to meet a shorter time-to-market for their products.

Privacy vs personalization: The risks and rewards of engineered serendipity
“The notion of ‘designing for serendipity’ is an oxymoron because once we try to ‘engineer’ it into a system, users may no longer perceive the experience as serendipitous,” says Dr. Stephann Makri, a lecturer in Information Interaction at City University in London. “Designers of interactive systems shouldn’t try to offer serendipity on a plate. Instead, they should design tools that create opportunities for users to have experiences they might perceive as serendipitous.” Nonetheless this reworked notion of serendipity is here to stay on the web. With the rise of machine learning, a growing number of online publishers are using complex algorithms to learn from readers’ viewing habits and provide people with what they want to know before they know they want it.

Quote for the day:

"If you're not occasionally failing, you're not trying hard enough" -- Arthur Sulzberger Jr

July 05, 2014

Metadata: More Important Than We Ever Thought
Consider the routine way in which information about online behaviour is collected and analysed commercially. What's usually processed is not the content but the metadata. That means different things to different organisations, but at a simple level it might mean an ISP collecting the date, time, subject and recipient of an email but not the body content. Similarly, phone companies might log the date, time and recipient of a call but not the actual conversation. Why do they do this? The main reason is financial. Analysis of the bulk metadata allows them to infer useful information in order to better target their advertising and design new services that will appeal to their customers.

8 Brilliant Tools For Web Designers
Creating a website that is able to engage people requires creativity, skills and passion. Possessing the right tools can help web designers to shape up their ideas and concepts into lively designs. They can work more smoothly and their productivity will get boosted. Thus they would be able to create top notch designs and get applauded for their efforts. As there are so many tools around, choosing the right ones calls for investing time and effort. But we have made that search quite easy by providing a collection of immensely useful tools. All that designers need to do is to go through them and test these for their usefulness.

As security startups heat up, a reminder that security is not a product or service: it’s a value
The security industry is notorious for amplifying new threats and using scare tactics associated with emerging technologies to sell software, but you’re not being paranoid if someone is really out to get you. There are still plenty of criminals, and as technology changes rapidly security tools that were once useful are not necessarily so. . ... Technologies that were once the building blocks of IT security, such as traditional defense perimeter protections and end point antivirus solutions, are slowly losing relevance, as they are no longer effective in stopping data breaches or even employee misuse of corporate information.

Bangalore To Become Asia's First IoT Innovation Hub
Cisco has announced a strategic engagement with Electronics City Industries Association (ELCIA) to develop Asia’s first end-to-end Internet of Things (IoT) Innovation Hub in Bangalore. The company believes India’s fast growing Internet penetration will drive this collaboration and help Electronic System Design & Manufacturing (ESDM) companies and others of electronic city engaged in IoT product development. ... the demand for electronics hardware in the country is projected to increase to $400 billion by 2020 and this initiative will help address domestic demand, allowing local manufacturers to capture this growing market opportunity and save precious foreign exchange for India.

The 3 Keys to Agile Content Development
Agile means using real-time interactions and behavior monitoring to drive a more agile approach to creating and deploying branded content focused around the consumer. It seems obvious now that any effective approach to content has to put the consumer at the center and must be able to adapt based on cultural trends and consumer insights. Brands have become comfortable with “making the logo smaller,” and marketers and strategists have devised elegant thinking around content creation, often comparing brands to publishers or broadcasters. It’s certainly safe to say there’s a lot of commentary and strategizing around agile approaches to content creation--much of it, dead on.

Improve scalability with the SessionCache service
SessionCache Service allows session data to be stored in an object grid, so enterprise applications scale easily with better performance and without any of the previously mentioned multiple database server issues. In the Stone Age, application developers implemented session persistence. Today, since session persistence is so common, most application servers allow selection of a persistence target using server configurations. Application developers only interact with HTTP session APIs; the server configurations determine whether to persist and which technology to use for persistence.

Interacting with a World of Connected Objects
A few interesting things emerged for me — how much of organising your smart objects feels like a chore for people. There was lots of discussion about having to become a software engineer to understand the rule-making systems, and some conversation about how you should be able to buy some off the shelf structures like “Crate and Barrel’s Smart Home Ruleset” (I believe that was a Sierra-ism). There were another set of conversations about how hard these things were to set up and how much data and noise people might be expected to deal with. I don’t think I was particularly surprised by any of the particular issues people had with connected objects, but I was definitely surprised by how strongly people felt them.

Understanding and Using Regular Expressions
Damian Conway, a well-known member of the international Perl community, a widely sought-after speaker and teacher, and also the author of several technical books as well as numerous Perl software modules, discusses what regexes really are, how they actually work, and how programmers can make use of their existing software development skills to construct correct and efficient regexes. *Note: We're not able to use our standard split-screen view to show this, but wanted to bring it to you anyway.*

Cloud: The Road to African Innovation
Africa’s developers, entrepreneurs, and business leaders have unprecedented opportunities for innovation as a result of the cloud. But to make the most of them – and ensure the sustainability of emerging communities of “disruptors” and entrepreneurs – we need to clearly define what we want the continent’s cloud to be in terms of its accessibility, security, and collaborative potential. The cloud needs to be open – to cross-border and cross-platform development – if it is to be a truly effective platform for innovation. Supporting common standards like OpenStack, a free and open-source system for building clouds, needs to be a priority for both innovators and the organisations that sponsor them.

10 things I miss about old technology
Take a trip down memory lane as Scott Matteson shares some of his favorite memories about technology from way-back-when. ... Since Rob was born in the early 1970's like me, we both played a lot of the same games on the same computer systems. This book, in conjunction with shopping for tech gifts for my family (namely, iPad Minis for the kids), has provoked some nostalgia for the things I enjoyed during the olden days (hereby defined as the 1980s and 1990s) of technology, when I was a kid. Let's take a look at my 10 favorite things!

Quote for the day:

"Being easy-going when you have a goal to reach seldom makes the going easy" -- Frank Tyger

July 04, 2014

Computer Weekly names the 25 most influential women in UK IT
Computer Weekly has revealed its list of the 25 most influential women in UK IT in 2014. The aim of compiling the annual list of the top 25 women in UK IT is to focus on the role of women in IT, to recognise the most influential role models and to discuss the vital part that female IT leaders will play in the UK’s high-tech economy. The 25 inspirational women listed here on the 2014 list are role models for diversity and success among the tech community.

Software-defined networking with Windows Server 2012 R2 and System Center 2012 R2

Hyper-V Network Virtualization provides a virtual network abstraction of your physical network. Administrators can use the abstraction to achieve isolation and virtual machine mobility in completely new ways. You can, for example, host multi-tenant environments and isolate traffic in a dedicated virtual network independently of the physical infrastructure and without using Virtual Local Area Networks (VLANs). You also can move virtual machines between physical servers, sites, and into the cloud while preserving virtual network assignments and policies

Banks should avoid bitcoin and other virtual currencies for now, EU regulator warns
Unlike in China, this is not an outright ban, but the opinion does carry a lot of weight. The European Banking Authority (EBA), which has already warned consumers that they have little protection if they dabble in virtual currencies (VCs), said on Friday that the use of such currencies carries many risks, and requires a swathe of new legislation if it is to be properly regulated. In the meantime, it said, regulated financial services should avoid crossing paths with the virtual currency world. That’s not to say the EBA saw no upside to currencies like bitcoin; it noted the potential advantages of faster, cheaper transactions and greater financial inclusion. However, it said the risks outweighed those benefits, certainly in the European context.

Mobile Microscopes: Snapping The Future Of Health Care
While Fletcher and his students are foraying into other applications of the mobile microscope, such as examining your skin or testing for malaria and Tb, MIT’s Ramesh Raskar has become known as the ‘Eye Guy.’ As the head of the MIT Media Lab’s Camera Culture research, Raskar surfaced first in 2011 with a mobile tool for doing eye exams in developing countries – EyeNetra. EyeNetra was prototyped at MIT but went on to become a commercial startup, backed by Khosla Ventures. The company, and its investors, however, declined to comment on the status of the company, its reach, and the price point of EyeNetra.

Storage Landscape (Part 1) – Disruptive Technology Trends
There are several intersecting trends here. A key one is the move towards object storage – a flat namespace coupled with monolithic get/puts for object updates. This is fundamentally different from in-place, POSIX compliant read/write interfaces within a file system or database. Object based storage has come to prominence with cloud workloads and big data alongside popular key-value pair and No-SQL data abstractions and the scalability requirements of the cloud. Another interesting trend supports the ability to achieve cloud scale and match these application requirements. This is a major architectural shift in and of itself that I expect to cover more fully in a future post. In this case, strict consistency has been traded off for availability and partition-tolerance.

60 Minutes Got It Wrong: Data Brokers Aren’t Evil
Data brokers get it: Data sells. And now with big data (read “a lot more data”), there’s a lot more money to be made. The irony is that a lot of the “big” consumer data being collected, aggregated, anonymized, and sold is being generated by the consumers themselves. Think social media data. Think location data. Think mobile data. How about all the money these data brokers are making off your personal data? But let’s not limit it to just the data brokers. It’s any company that is keeping tabs on your online and offline activity. (Yes, I’m looking at you Google and Facebook and the 1000+ other organizations that are collecting our data). If the data is being collected, it can be monetized. For good or for ill.

Cyber fraudsters net up to $3.75bn in Brazil
The cyber criminals have been siphoning off funds using the man in the browser technique, which enables criminals to intercept and alter Boleto transactions without the victims’ knowledge. The attack is facilitated by malware injected into victims’ browsers after they have been tricked into clicking malicious links. Google’s Chrome, Mozilla’s Firefox and Microsoft’s Internet Explorer are all vulnerable to the attack, although the malware appears to affect only computers running Microsoft’s Windows operating system. Researchers believe that more than 192,000 computers have been infected with the malware used by the Boleto cyber criminals and that 83,506 email user credentials have also been stolen.

WPF Control Patterns.
WPF Control is one of the basic visual units of reuse in WPF. Controls can be placed in XAML code including other controls and made work together using various means. Here we shall go over dos and don'ts of programming with WPF controls based on very simple examples. Let us first consider a very simple control - it will allow the user to enter some text into an editable field (using e.g. aTextBox), it will provide a label for that editable field. (The label will give the name of the field explaining what the user is entering). Also the control is going to have a Button "Save" as an example of doing some action on the entered text. We shall call this control EditableTextAndLabelControl.

What Developers Need To Know About Android L
Historically, Google has given each version of Android an alphabetical name taken from sweets. Android 2.2 was “Froyo”; and Android 4.4 was “KitKat.” Google hasn't officially named—or numbered—the next version of Android, but the next letter in the alphabet is “L.” Will it be a Lollipop? Or Lemon Meringue Pie? Or perhaps Licorice? No one outside Google knows. L changes the design scheme of Android as well as adding some important projects to trim and analyze battery usage, a new compiler and bringing Android everywhere. If you're an Android developer, here's what you're going to need to know about Android L.

Virtual Panel: Configuration Management Tools in the Real World
Configuration management is the foundation that makes modern infrastructure possible. Tools that enable configuration management are required in the toolbox of any operations team, and many development teams as well. Although all the tools aim to solve the same basic set of problems, they adhere to different visions and exhibit different characteristics. The issue is how to choose the tool that best fits each organization's scenarios. This InfoQ article is part of a series that aims to introduce some of the configuration tools on the market, the principles behind each one and what makes them stand out from each other.

Creating and implementing a mobile testing strategy
A complete mobile testing strategy must also account for testing across differing network connection speeds and geographical locations, as well as address the use of Wi-Fi, 3G or 4G connections. Testing must confront such issues as screen resolution and brightness, CPU, memory and OS optimization. The mobile testing strategy must be geared to the architecture of the applications under test whether they are Web, mobile Web, native applications or hybrids. Finally, an organization must consider the test approach, primarily the use of emulators versus actual devices, or even real user monitoring.

Quote for the day:

"A positive attitude will not solve all your problems. But it will annoy enough people to make it worth the effort." -- Herm Albright..

July 03, 2014

CosmicDuke malware surprisingly linked to Miniduke campaign
The bad actors behind the CosmicDuke campaign specifically crafted filenames and content files to lure victims contain, the sample analyzed by F-Secure makes reference to Ukraine, Poland, Turkey, and Russia. The CosmicDuke gang used the language of targets and included details and information related to specific events of interest for victims. CosmicDuke campaign targeted Windows machines, victims were lured into opening a malicious PDF file contains an exploit or a Windows executable whose filename isartefact to appear like a legitimate document or image file.

Constructing a Term Structure of Interest Rates Using R (part 2 of 2)
In this article, we will look at how we can implement the two essential functions of a term structure: the forward interest rate, and the forward discount factor. We will apply a mix of notation adopted in the lecture notes Interest Rate Models: Introduction, pp 3-4, from the New York University Courant Institute (2005), along with chapter 1 of the bookInterest Rate Models — Theory and Practice (2nd edition, Brigo and Mercurio, 2006). A presentation by Damiano Brigo from 2007, which covers some of the essential background found in the book, is available here, from the Columbia University website.

Apple patent details automatically adjusting security settings based on location, biosensors
The term “security level” can refer to the types of security measure used (e.g., passcode, retinal scan, etc.) to control access to a mobile device. Each type of security measure used may be associated with a level of inherent security. For example, passcode-based security may be considered less secure than a retinal scan. The term “security level” can refer to the frequency with which a particular security measure is used. For example, a passcode may be required immediately or may only be required after 5 or more minutes of inactivity. The term “security level” can refer to the level of strength of a particular security measure used. For example, 4-digit numerical passcode may be associated with a lower security level than a longer alphanumeric password.

Cisco patches communications manager to close backdoor access vulnerability
"The vulnerability is due to the presence of a default SSH private key, which is stored in an insecure way on the system," Cisco said in a security advisory. "An attacker could exploit this vulnerability by obtaining the SSH private key. For example, the attacker might reverse engineer the binary file of the operating system." The other flaw, which enables privilege escalation, is located in the CUCDM application software and stems from the improper implementation of authentication and authorization controls for the Web-based user interface. An attacker can exploit the flaw to change the credentials of an administrative user by opening a specifically crafted URL. The attacker needs to be authenticated as a different user in the system or to trick an active user to click on a malicious link.

7 Strategic Givens for CISOs on Foreign State Threats to IP/Trade Secrets
If you're responsible for protecting your company’s Intellectual Property or Trade Secrets from Cyberattacks, you can improve your Information Security Program by understanding some of the key Strategic givens I've found at my Fortune 500 clients on Nation-State Adversaries. ... These compromises are increasingly driven by Nation-State Adversaries and often include companies that have physically deployed their high value company assets directly into “hostile” regions by either moving or outsourcing their manufacturing, research, or other core business functions. Here are some of the Strategic givens I’ve identified:

Intelligent cars draw investors to tech stocks
"It's a whole new market emerging," said Christian Jimenez, fund manager and president of Diamant Bleu Gestion. "The best way to play it for investors in the long term is to buy names such as Microsoft or chip makers such as Infineon, not (automakers) Peugeot and Renault". If the new market grows to $50 billion as forecast by French bank Exane BNP Paribas that would be roughly half the size of German carmaker BMW's revenues last year. Internet giant Google Inc is leading the charge among tech companies, trying to break into the century-old industry as it works on its own prototypes of fully autonomous vehicles.

End users matter most with today's performance management
As performance management systems have evolved, two different ways to get at the end-user experience have also emerged. Businesses can choose accordingly, depending on their needs. For now, application performance management tools are monitoring the user experience, but future incarnations of APM tools will employ end user performance management to predict what the user is going to do next. In this podcast, Modern Infrastructure editors also discuss Robert Green's June issue feature story on controlling cloud costs. Green has shared his expertise at Modern Infrastructure seminars, and lays out the five best ways to keep cloud costs transparent and under control.

Will Physical Location of Data Become Irrelevant for CIOs?
Logical location: This is emerging as the most likely solution for international data processing arrangements and is determined by who has access to the data. ... While the legal location of the provider would beIreland, the political location would be theU.S. and the physical location would beIndia, logically, all data could still be inGermany. For that to happen, all data in transit and all data at rest (inIndia) would have to be defensibly encrypted, with keys residing inGermany. With such an architecture there is an increase in cost and complexity and a reduction of usability through functions like preview and search, mobility and latency.

Analytics Vendors See a Fast-Maturing Health Care Audience
CFOs and CEOs soon will start having difficult decisions to make because of what they will learn from analytics, predicts David Janotha, vice president of healthcare at Axiom EMP, a vendor specializing in financial and operational analytics. CFO roles are changing; they have provided financial data to support basic financial analytics for reporting purposes, and now they need to take a more strategic leadership position “looking for outside-the-box solutions rather than building towers,” he predicts. CFOs need to become more clinically astute, find new avenues for providing care such as clinics in pharmacies, and give physicians data they need on the treatments they gave and the costs.

Four Questions to Revolutionise Your Business Model
The “four questions” of the book’s title -- Who, What, When, and Why – are hardly unique to the business world, but according to the authors, few firms subject their business model to such basic scrutiny frequently enough. There’s no substitute, Girotra and Netessine say, for the fundamental questions, such as “What should we sell?” and “When should we introduce our new products?” “I like to compare it to financial auditing, which every organisation does every year, many times,” Netessine said in an interview with INSEAD Knowledge. “Often, a public company will do it once a quarter. But then you ask the same company how often [it examines] its own business models, they’ll tell you, ‘Well, I don’t know. Twenty years ago? Thirty years ago?’”

Quote for the day:

"All you need in this life is ignorance and confidence; then success is sure" -- Mark Twain

July 02, 2014

Chief marketing technologist emerges to align marketing and IT
According to a Harvard Business Review article by Scott Brinker and Laura McLellan, "Marketing is rapidly becoming one of the most technology-dependent functions in business." To keep up, CMTs are enlisted as "part strategist, part creative director, part technology leader and part teacher." The CMT isn't an entirely new role in the C-suite, Brinker and McLellan point out. The function also goes by the name of global head of marketing technology or business information officer for global marketing, or any other term that basically boils down to "IT and marketing pro reporting to a senior marketing executive" (i.e. the chief marketing officer (CMO), VP of marketing operations or VP of digital marketing).

Questioning the Lambda Architecture
Why does code change? It might change because your application evolves and you want to compute new output fields that you didn’t previously need. Or it might change because you found a bug and need to fix it. Regardless, when it does, you need to regenerate your output. I have found that many people who attempt to build real-time data processing systems don’t put much thought into this problem and end-up with a system that simply cannot evolve quickly because it has no convenient way to handle reprocessing. The Lambda Architecture deserves a lot of credit for highlighting this problem.

Big Data Is Changing Every Industry, Even Yours!
The efficiency of every machine – and human – involved in the manufacturing process can be recorded so companies know what is working, and can make improvements where they are needed. And in agriculture, data analysis is helping the industry meet the challenge of increasing the world’s food production by 60%, as forecasters have said will be necessary by 2050 due to the growing population. John Deere fits sensors to its tractors and agricultural machinery and makes the readings available on its myjohndeere.com and Farmsight services. These help growers establish optimum conditions for their crops, and also lets John Deere forecast demand for spare parts.

Cyber security break-ins a 'daily hazard while firms skimp on protection'
"There are more cybercriminals on the internet than ever before and their tools are increasingly sophisticated, but the weakest link in the chain is still the bit between the chair and keyboard – we need to patch the human," warned David Emm, a security researcher from the internet security firm Kaspersky Lab. "Cybercrime is as old as the internet, and that means we've had time to study it. We are now familiar with it and can often deal with it." The security and safety of computers used on a daily basis is serious as a range of activities, from banking and tax returns, to shopping and private messages, relies on the internet.

Tech Breakthroughs May Mean 'Digital Everything' by 2025
"The digital world as we know it today will seem simple and rudimentary in 2025," the analysts wrote. "Thanks to the prevalence of improved semiconductors, graphene-carbon nanotube capacitors, cell-free networks of service antenna and 5G technology, wireless communications will dominate everything, everywhere... from the most remote farmlands to bustling cities -- we will all be digitally directed.
"Imagine the day when the entire continent of Africa is completely, digitally connected," they added. "That day will happen in 2025." The phrase "Beam me up, Scotty," which Star Trek made famous, also may get more usage in another 10 years.

Standards and APIs: How to Build Platforms and Tools to Best Manage Identity and Security
APIs are becoming exponentially more important in the identity world now. As Bradford alluded to, the landscape is changing. There are mobile devices as well as software-as-a-service (SaaS) providers out there who are popping up new services all the time. The common thread between all of them is the need to be able to manage identities. They need to be able to manage the security within their system. It makes total sense to have a common way to do this. APIs are key for all the different devices and ways that we connect to these service providers. Becoming standards based is extremely important, just to be able to keep up with the adoption of all these new service providers coming on board.

If you want developers to give a hoot about security, take a lesson from the squirrels
Developers look at systems, apps and other software tools and are impressed by the cool things they can do, and maybe by the economy with which it was all achieved. They marvel at features and innovation. In software parlance, they focus on their products' functional specifications (or user stories, for you agile folks). Security professionals look at those same things and immediately analyze them for what can go awry. We have a healthy presumption that things will go wrong more often than not. We are always trying to anticipate how we can respond to the things that go wrong and thinking about how we can keep them from going wrong in the first place.

Nascent SDN security controls pose sizable risk
"In a network environment that's designed to be highly available, those are the hardest attacks to defend against," Young said. "Enterprises are going to have to be monitoring for these kinds of attacks, both intentional and unintentional, because it's something that hasn't been talked about." Furthermore, Young detailed the security-related issues with SDN configuration and change control. He said SDN products come with their own management consoles that typically aren't interoperable with other networking and security management consoles, adding another layer of complexity to network security management processes.

Building Data-Driven Apps: 5 Best Practices
What's the best way to deliver data-driven apps? These are apps that give consumers what they want but that are also highly scalable and enterprise class. Based on my years in the industry, I think there are five central principles that really will help us get there. There's a healthy appetite to get these data-driven apps out the door, and there's a huge amount of interest, verging on hype, in big data; Forrester Research recently estimated the potential size of what it calls "smart" computing -- that is, the big- or smart- or small-data market -- at more than $48 billion. It's thought that 90 percent of the Fortune 500 have some sort of big data projects either starting or established.

Commercial Nanotube Transistors Are Coming Soon
A project at IBM is now aiming to have transistors built using carbon nanotubes ready to take over from silicon transistors soon after 2020. According to the semiconductor industry’s roadmap, transistors at that point must have features as small as five nanometers to keep up with the continuous miniaturization of computer chips. “That’s where silicon scaling runs out of steam, and there really is nothing elbestse,” says Wilfried Haensch, who leads the company’s nanotube project at the company’s T.J. Watson research center in Yorktown Heights, New York. Nanotubes are the only technology that looks capable of keeping the advance of computer power from slowing down, by offering a practical way to make both smaller and faster transistors, he says.

Quote for the day:

"Winning is important to me, but what brings me real joy is the experience of being fully engaged in whatever I'm doing" -- Phil Jackson

July 01, 2014

Emergence versus Evolution
Aspects of a design will undoubtedly emerge as it evolves. Differing interpretations of requirements as well as information deficits between the various parties, not to mention changing circumstances all conspire to make it so. However, that does not mean the act of design is wholly emergent. Design connotes activity whereas emergence implies passivity. A passive approach to design is, in my opinion, unlikely to succeed in resolving the conflicts inherent in software development. In my opinion, it is the resolution of those conflicts which allows a system to adapt and evolve.

eBook: Top Continuous Testing Tips and Techniques
Until recently, implementation of truly continuous testing practices for application development has been easier said than done. Today, however, a number of products and services built around service virtualization are being employed on the pre-production side of the application lifecycle in a growing number of enterprises to help developers and testers reduce defects in production, shorten overall software cycles and test-cycle times, and just generally improve code quality. Read this paper to gain a greater understanding of service virtualization and discover tips and tricks for making continuous testing practices a welcome reality.

Can you really do it all in the cloud? No way, say tech chiefs
Paul Collins, director of ICT at the Australian International School Hong Kong, said cloud services should only be used where the applications or services are not regarded as a core or critical function of the business. Security and trust are not the only issues — CIOs should consider reliability and the ability to synchronise data between the local device and the cloud, he said. "There are many places on the planet where internet availability is just not an option," he added. Collins said security flaws such as Heartbleed and high-profile cases of password theft "shows that there is no such thing as an entirely infallible online cloud service... Let's not even start talking about the NSA."

Delivering Minimum Viable Analytics
Executives want to use this data to improve their operations and increase revenue through monetization. With ever-growing data and the ability to rationalize data across data siloes, there are more opportunities than there are resources. Most analytics solutions cannot afford to have elegance as a design goal. This statement might be a bit controversial. Analytics practitioners are professionals, and deliberately arguing for inelegant solutions seems counterintuitive. There are too many analytics efforts that failed when the analytics techniques were too sophisticated for the quality of the data.

New type of CFO represents a potent CIO ally
These CFOs say that they really feel the pain of systems not talking to each other. They understand this meansmaking disparate systems from the frontend to the backend talk to one another. But they, also, believe that making things less manual will drive important consequences including their own ability to inspect books more frequently. Given this, they see data as a competitive advantage. ... Strategic CFOs are also worried about data security. They believe their auditors are going after this with a vengeance. They are really worried about getting hacked. One said, “Target scared a lot of folks and was to many respects a watershed event”. At the same time, Strategic CFOs want to be able to drive synergies across the business. One CFO even extolled the value of a holistic view of customer.

Open source PCI DSS: A strategy for cheaper, easier PCI compliance
Despite its benefits, few have seen open source technology as an enabler for compliance, until now. In a 2014 RSA presentation, security professionals from Urbane Security proposed a PCI DSS compliance model composed of open source technology to help lower costs, increase scalability and improve the manageability of the systems that support PCI compliance. Do open source products have a place in enterprise PCI compliance strategies? In this tip, let's take a look at the open source opportunities for meeting three specific compliance needs: logging, file integrity monitoring and vulnerability scanning.

How to achieve better third-party security: Let us count the ways
The exploding number of online access points to companies means, "our walled fortress of firewalls and the like now has hundreds and thousands of doors. These doors are guarded by sentinels that allow any variable packet (think an employee badge without a picture) to pass through that wall," they wrote, in the paper titled, "Traitors in Our Midst: The risk of employee, contractors and third parties in the age of the Internet of Things and why security in depth remains critical to risk management."

After Crisis, Risk Officers Gain More Clout at Banks
Another big challenge is the slippery nature of risk itself. Before the financial crisis, for example, many lenders believed they had properly weighed the dangers of subprime mortgages—and had set aside a financial cushion of reserves that was big enough to absorb losses on the loans. Those predictions were disastrously wrong. "Our abilities to measure market risk are akin to where medicine was in the 1700s," says Damian Handzy, chairman and chief executive of Investor Analytics, a New York firm that operates risk-control systems. "Everyone is honestly trying to get better at this, but we're still in the laboratory. The old systems do not address systemic risk at all. Traditional banking tools are just not designed for that."

A new approach to reduce dysfunctional behavior at work
With rising demands in today’s workplace, emotional and behavioral disorders have soared. In“Untangling the Mind: Why We Behave the Way We Do,” Ted George, M.D., clinical professor of psychiatry at George Washington School of Medicine and neuroscientist at the National Institutes of Health, helps us understand America’s surge in emotional and behavioral disorders, including those we see in the workplace. Grasping “why” we instinctively react in certain ways is the first step in affecting change.

Inside the Changing Role of the CISO
CISOs face a host of new and emerging challenges, including risks generated by the ubiquity of mobile devices, the global scope of information assets, the difficulty of complying with new regulations and the threat of state-sponsored attacks as well as global cyber criminals. In response to these threats, organizations have elevated the role of CISOs to become a direct report to the chief information officer, chief risk officer or general counsel.

Quote for the day:

"The quality of a man's life is in direct proportion to his commitment to excellence, regardless of chosen field of endeavor." -- V. Lombardi