August 25, 2014

Payment cards with chips aren't perfect, so encrypt everything, experts say
The EMV specification as it exists today is vastly complex, and vendors have made additions on top of it, which means that it's easy to make mistakes when implementing it, Anderson said. Depending on how much attention you pay, you can design a secure system using EMV or an awful one, he said. Lucas Zaichkowsky, an enterprise defense architect at AccessData whose previous jobs involved investigating credit card breaches and assessing compliance with payment card security standards, agreed with Anderson. "People think that if we switch to EMV, these breaches will go away, but that's not true," said Zaichkowsky, who also held a presentation about POS system architecture and security at Black Hat.


A gift that keeps giving, software-defined storage now showing IT architecture-wide benefits
Software-defined storage advocates a new model, where applications and VMs are provisioned at the time that the user needs them. The storage resources that they need are provisioned on-demand, exactly for what the application and the user needs -- nothing more or less.  The idea is that you do this in a way that is really intuitive to the end-user, in a way that reflects the abstractions that user understands -- applications, the data containers that the applications need, and the characteristics of the application workloads.


Is the private cloud really a viable option for most enterprises?
Of course, private and public cloud architectures are not that pure. There are hybrid clouds, or, mixtures of private and public clouds, typically without direct portability between the private and public cloud server instances. Also, there are virtual private clouds (VPCs), which are private clouds hosted by public cloud providers, such as AWS. Moreover, there are hosted private clouds that are physical servers that may exist within a managed services provider or co-lo. The models get more cloudy as cloud technology providers come up with new ways to approach private clouds.


At Multiverse Impasse, a New Theory of Scale
The scale symmetry approach traces back to 1995, when William Bardeen, a theoretical physicist at Fermi National Accelerator Laboratory in Batavia, Ill., showed that the mass of the Higgs boson and the other Standard Model particles could be calculated as consequences of spontaneous scale-symmetry breaking. But at the time, Bardeen’s approach failed to catch on. The delicate balance of his calculations seemed easy to spoil when researchers attempted to incorporate new, undiscovered particles, like those that have been posited to explain the mysteries of dark matter and gravity.


8 Tips to Be a Better Career Negotiator
There are many places you can go to learn about a company's culture, and what past employees think of them, at places like Glassdoor.com and Salary.com. But don't neglect sources like press and product releases, Google News and trade sites and magazines. "Business savvy IT pros tend to conduct more research on market trends and utilize that information to negotiate offers more actively. These hires are likely to have a deeper understanding of the value of their skillsets and use that to initiate a negotiation conversation," says John Reed, Senior Executive Director with Robert Half Technology.


5 Tips to Consider When Designing Supply Chain Key Performance Indicators
You can’t predict anything with 100% certainty, and your predictive power wanes the farther out you gaze. The study of KPIs over time is all about finding patterns and signals, then applying intelligence in order to make better decisions and gain wisdom. In a previous post I focused on the pitfalls associated with supply chain KPI and metrics development. In this post, I’ll cover how businesses can improve their supply chain measurement processes by avoiding the common pitfalls by keeping in mind a few simple hints.


US warns 'significant number' of major businesses hit by Backoff malware
"Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the "Backoff" malware," the alert said. "Seven PoS system providers/vendors have confirmed that they have had multiple clients affected." The malware is thought to be responsible for the recent data breaches at Target, SuperValu supermarkets and UPS stores, and the Secret Service is still learning of new infections. DHS first warned of Backoff in late July, when it noted the malware was not detectable my most antivirus software. That made it particularly difficult to stop, because much of the fight against computer viruses and malware rests on antivirus applications.


Cybersecurity's hiring crisis: A troubling trajectory
Solving this crisis turns out to be as complex as defining what constitutes a "qualified hacker" -- in a business where having a pedigree can actually have you considered to be less qualified, and being unhirable by traditional standards is… almost desirable. Chris Hoff is the Vice President, Strategy and Technical Marketing Engineering – Security, Switching, and Solutions BU at Juniper Networks. Hoff told ZDNet that vendors are experiencing difficulty finding suitable candidates "in a highly competitive job market that have the required experience in a number of emerging disciplines such as advanced malware detection/mitigation, reverse engineering, forensics, crypto, virtualization and cloud."


Improve collaboration with enterprise video
In this webinar, Irwin Lazar, vice president and service director at Nemertes Research, explains how enterprise video can alleviate these issues to improve collaboration and engagement among employees. According to Lazar, the past two years have seen a push for enterprise video adoption, largely due to lower video costs, tight travel budgets and wider availability of HD video conferencing systems. Enterprises that adopt video to improve collaboration see benefits that range from better non-verbal communication to increased productivity.


Henri Eliot: Where cybersecurity and the boardroom intersect
A comprehensive cyber security plan requires the appropriate culture and tone at the top, which includes an awareness of the importance of security that extends from the C-suite to the professionals in each function, since breaches can occur at any level and in any department. The CEO should make it clear that cyber security is a major corporate priority, and should communicate that he or she is fully on board with enforcing compliance with policies and supports efforts to strengthen infrastructure and combat threats.


Quote for the day:

 "Humility is a great quality of leadership which derives respect and not just fear or hatred." -- Yousef Munayyer
Posted by at No comments:
Labels: , , , , , , , , , , , , ,

August 24, 2014

Managing Agile Teams with Project Managers
Adopting agile in organizations usually impacts the role and activities of project managers. Scrum offers the possibility for project managers to become Scrum masters or product owners. Project managers can also adopt their way of working and the things they do to work together with Scrum masters and agile teams. Jim Bird wrote the blog post agile - what’s a manager to do? in which he discusses how agile projects can be managed and the role of project management when working with agile teams. He explains the view of Scrum on project management and managers:


A Startup Hopes to Teach Computers to Spot Tumors in Medical Scans
Use of machine learning has exploded in recent years as high-powered computers have grown more advanced and algorithms have gotten better at teaching computers to recognize patterns. Most recently, some machine learning efforts have sought to mimic the physical workings of the human brain, either in software or in hardware (see “Thinking in Silicon”)—an approach often referred to as “deep learning.” Show a computer enough images of a yellow taxi driving down the street, for instance, and it’s possible for it to start to recognize yellow taxis whether they’re on a street or somewhere else. That is the strategy Enlitic is employing.


5 Tips for Agile Enterprise Architecture Innovation
More and more, IT is focused on reliability while the business side is pushing for tech innovation and new tech adoption. Enterprise architects and tech execs are right to be cautious about latching on to the next-big-thing, but there’s also little good done by ignoring this unprecedented wave of business interest and “shadow” adoption. Forrester Research analyst Brian Hopkins recently highlighted a handful of areas enterprise architects can stay grounded in their needs while reaching for innovation and agility. Here are five tips for fostering innovation and agility in EA development as adopted from Hopkins and Forrester’s “Emerging Technology playbook.”


Approach to Building an Enterprise Architecture
The Enterprise Architecture brings together Governance, Services, and Emerging Technology, identifying where these core entities sit and how they fit in and link to the Enterprise Architecture – including the business, systems components, technical and data reference models. Enterprise Architecture requires an iterative project approach, which provides for early deliverables that are progressively refined in subsequent milestones. In addition to evaluation of currently proposed Information Technology projects, current Information Technology environment must be evaluated at high level to provide understanding of Enterprise Architecture implications.


Seven tips on how to forecast future architecture needs
If predicting the future is so difficult, then the role of the Enterprise Architect in defining future architectures is a high risk task! And yet, this is a key part of what enterprise architects do on an almost daily basis. There is an ever-emerging continuum – from the past through the present to the future – and as a history graduate I am well aware of our need to position future architecture needs as an evolution from the past and the present. ... One of the unique characteristics of enterprise architecture is its aim to provide a coherent sense of direction across the multitude of investments that are made in separate projects and change programs.


A Better Way to Streamline the Applications Portfolio
Most CIOs are painfully aware that legacy applications are expensive to maintain. To free up IT budgets to develop new capabilities and innovative technologies, CIOs periodically launch projects to rationalize their applications portfolios. Their goal is to reduce redundant capabilities while retaining applications that deliver the greatest business value at the lowest cost. These projects typically follow a “big bang” approach in which the company develops a rationalization plan that entails retiring, replacing, consolidating, or launching many applications within a short time period. But such all-encompassing efforts have significant drawbacks.


What UX is and isn't?
User experience runs deep, is way more than the UI, and starts in the abstract with the strategy. What are the business, creative, or other internal goals? What does the user want to accomplish and what are their goals? At this level, UX is involving the team in user research, interviews, observations and the like. From there, we can start to discuss the scope needed to obtain the company, customer and user goals. Getting a little more concrete, we can then look at the structure needed to support the scope. UX will be working with the team on the flow of user tasks, interactions and how the information will be put together for easiest consumption.


The 3 Pillars of Data Quality
The cost of handling a CRM record can be massive. A Sirius Decisions study showed that it costs a company $1 to prevent one bad record from entering a CRM system, $10 to correct that bad record after it is entered into your CRM, and even worse, it costs $100 if nothing is done, as the ramifications of the bad data are felt over and over again. To stop this downward spiral, use the three pillars of data quality.


Information Governance Can Be a Key to Drive Efficiency
Compliance is a key reason for organisations to invest in better IT and management solutions, many of which tend to focus on one area alone - password management. In fact, good IT systems and information security policies should ensure that users no longer have to wait for accounts to be created and that NHS Trusts no longer have users sharing passwords, using generic accounts or staff enjoy having access rights that are no longer relevant to their role. ... The latest report labels current information governance arrangements as having become worse - less stringent - and it has led to confusion as a result of the volume of reconfigurations and staff changes across the NHS.


10 Steps to Organize and Facilitate a Successful Requirements Gathering Meeting
Some of the most important tasks a Business Analyst (BA) performs include eliciting, documenting, and analyzing requirements for a project. The technique that I use most when I am playing the role of a BA on a project and need to gather requirements from the stakeholders is to organize and facilitate a successful requirements gathering meeting. Below I have documented 10 steps that I recommend you follow as a guideline to help you organize and facilitate a successful requirements gathering meeting.


Quote for the day:

 "If we could sell our experiences for what they cost us ... we would all be millionaires. " -- Abigail Van Buren
Posted by at No comments:
Labels: , , , , , , , , ,

August 23, 2014

C++14 Is Here: New Features
C++14, the new C++ standard succeeding C++11, has been finally approved and is heading to ISO for publication this year. While improvements in C++14 are "deliberately tiny" compared to C++11, says C++ creator Bjarne Stroustrup, they still "add significant convenience for users" and are a step on the route to make C++ "more novice friendly." Within the C++ timeline, C++14 was planned as a minor release to complete the work that produced the C++11 standard, with the aim of becoming a cleaner, simpler, and faster language. New language features are left for the coming C++17 standard.


Five Levels of Big Data Maturity in an Organisation
Once the IT department is capable of working with Big Data technologies and the business understands what Big Data can do for the organisation, an organisation enters level 3 of the Big Data maturity index. Business adoption will result in more in-depth analysis of structured and unstructured data available within the company, resulting in more insights and better decision-making. Level 4 is the adoption of Big Data across the enterprise and results in integrated predictive insights into business operations and where Big Data analytics has become an integral part of the company’s culture. This level is the last level before a completely data-driven organisation that operates as a “data service provider”.


Improving Query Performance Using Partitioning in Apache Hive
Generally, Hive users know about the domain of the data that they deal with. ... In non-partitioned tables, Hive would have to read all the files in a table’s data directory and subsequently apply filters on it. This is slow and expensive—especially in cases of large tables. The concept of partitioning is not new for folks who are familiar with relational databases. Partitions are essentially horizontal slices of data which allow larger sets of data to be separated into more manageable chunks. In Hive, partitioning is supported for both managed and external tables in the table definition as seen below.


PCI DSS 3.0 Compliance Deadline Approaches. Will it Make Any Difference?
“There is more of a move to continuous compliance, but really that’s not something most organizations are ready for,” he said. “It will be interesting to see if anything changes.” If things do change, it may be at least in part because of increased awareness of the damage that a high-profile breach can cause. “Data security has become a board-level topic of discussion,” Borenstein said. “Executives recognize that the impact of a serious card loss breach can have a significant impact on customer perception, stock price, and more.”


The Value of Culture: Would you offer a new hire $1000 to quit?
Culture is not a singular element, but is made up of two mutually reinforcing elements—values and practices—which are easy to confuse. Mistaking practices for values is why success so often breeds failure. Xerox, for example, had a culture devoted to technical excellence and produced the world’s best performing copiers. It built up a great sales and service organization so that its customers could get the most out of their products. Yet that all came to naught when Canon and Ricoh started selling simpler, cheaper copiers that needed less maintenance.


Will Microsoft's Satya Nadella dump Windows Phone and the Xbox?
As for the the divisions that sell the Xbox, Surface, and Windows Phone devices, they practically contribute nothing. Computing and Gaming (C&G) Hardware, which makes the Xbox and the Surface, had a gross margin of 1% for the quarter. Phone Hardware had a gross margin of 3%. And even those dismal numbers overstate how little those divisions add to Microsoft's bottom line. Keizer says that C&G Hardware contributed only 0.1% of the company's gross margin, and Phone contributed only 0.3%. Under a strategy devised by former CEO Steve Ballmer, Microsoft was a devices and services company. Clearly, Microsoft couldn't get rid of hardware if half of its mission was to sell devices.


Renee Troughton on Agile Australia, Pragmatic Scaling and Non-violent Communication
Dealing with scaling up teams and scaling product at the same time is very rarely talked about, but interestingly Scrum of Scrums was originally around eight people and at our last count we now have twenty people at our Scrum of Scrums. ... we are getting the questions answered and the risks raised that we need to get handled, at the end of the day it’s still a very functional Scrum, everyone that is there needs to know the information that is coming out of it, so sometimes it is about knowing when you can effectively brake the rules at scale. It’s not an ideal situation to have twenty people around one board, but it works.


Multi-Tenancy Design Consideration
Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, code portability, maintainability and platform agnostic support? The answer is doubtful. A multi-tenant application is a software where a shared code base installed on a single instance/pool serves 1…N client / tenants Architecting or designing a Multi-tenant application really needs a huge effort for handling all complexities from data security to UI display.


Half of UK IT unfamiliar with software-defined datacentres, shows study
“Through the use of software as opposed to hardware, an SDDC can offer businesses a fast, incredibly flexible way to not only virtualise their IT, but increase levels of flexibility, agility and control from the application layer down. It can remove barriers and enable business transformation," according to Linsell. Joe Baguley, VMware’s Europe CTO, previously predicted that software-defined everythingis changing the design, function and price points of datacentres. “Datacentres of tomorrow will not be populated with name-brand products,” he said.


US agencies to release cyberthreat info faster to healthcare industry
Information sharing has come a long way, she said, but still can be improved. Vetting information takes time, but DHS is looking at ways to speed up the process, she said. While Rosanova talking about healthcare providers sometimes needing security clearances to get threat information, those clearance aren't the "secret sauce," Castro said. Instead, participating in a collaborative environment, such as HITRUST's monthly threat briefing, will help drive forward more information sharing, she said. "The more collaboration you do like this, the better off you will be," he said.


5 ways to be a leader who gets it
To some, being a leader is just a job. But to others, it’s a choice, a calling even, to inspire others to engage, perform, and achieve. The women and men who make this choice are skilled in a number of areas that bring out the best in everyone and everything. They’re leaders who get it. Their secret sauce?  ... what social scientists call motivated blindness, a “systemic failure to notice unethical behavior in others when it’s not in our interest to do so.” Leaders who get it don’t sacrifice people and principles for profits


Quote for the day:

 "Follow effective action with quiet reflection. From the quiet reflection will come even more effective action." -- Peter Drucker
Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

August 22, 2014

How Big Data Is Changing Insurance Forever
Progressive say they have already collected a trillion seconds of driving data, by monitoring 1.6 million of their customers, and that this data is being used to build a picture of how people drive in general – which individual driving behaviour can be compared against. ... And it isn’t just our cars that insurance companies want to attach sensors to – health insurers are increasingly looking at ways they can monitor our lifestyle and activity levels to determine how likely we are, or will be in the future, to make expensive medical claims. Oscar is a health insurer currently only available to New York residents which claims to be built on big data from the ground up


BYOD: California Ruling A Wakeup Call
The key word in that disposition is "required," and isn't that really the opposite of the spirit of BYOD? When I look at BYOD, it is an optional benefit, not a requirement for employees. BYOD gives employees the choice to use their own devices if they so choose, but is not a requirement of their job. This is where your BYOD policy becomes crucial in determining how and whether employees will have access to data and a right to reimbursement for usage, if any.


Big data could bring 'second Age of Enlightenment', says PwC partner
“The next Data Protection Act will give consumers the right to be forgotten by companies,” said Tod. “A directive is working its way through Europe now. When this becomes law it will become more difficult to track visitors. There will be more protocols. “We may well now be in a golden age of big data. The regulators and consumer behaviour will catch up.” Tod, who will address Abta’s Travel Convention in Ljubljana, Slovenia, next month on ‘the power of data’, said: “We have more data and more analytical ability and there is no excuse for not participating. The costs have fallen to $1,000 a year using something like Amazon Web Services. Google Analytics is free.”


IBM SoftLayer: Data center as a service (DCaaS)
However, for many large enterprise clients, having an IaaS does not help solve their data center needs. Many of these clients have performance, management and security requirements which prevent them from moving into a “black box” environment where they have no insight or control over how such attributes are managed. In my opinion (and as many experts have mentioned in other blog posts on SoftLayer topics), the primary differentiator of SoftLayer is its ability to support bare metal servers. With the combination of networking infrastructure provided by SoftLayer and bare metal server offerings, any enterprise can now move away from its existing data center into a SoftLayer data center.


Lessons Learned From UPS Store Breach
Security experts praised the UPS Store for its quick response. "This probably stopped it (the infection) from getting much worse," Chris Wysopal, chief technology officer for Veracode, said. Because hackers are looking for network credentials, retailers need to make a list of the employees and vendors with remote access and restrict their privileges to those resources that are absolutely necessary. Also, passwords should be changed at least every six months and when vendors are dropped or employees leave, their credentials should be revoked immediately.


Contextual Intelligence
Context matters. This is not news to social scientists, or indeed to my colleagues who study leadership, but we have paid it insufficient attention in the field of management. There is nothing wrong with the analytic tools we have at our disposal, but their application requires careful thought. It requires contextual intelligence: the ability to understand the limits of our knowledge and to adapt that knowledge to an environment different from the one in which it was developed. Until we acquire and apply this kind of intelligence, the failure rate for cross-border businesses will remain high, our ability to learn from experiments unfolding across the globe will remain limited, and the promise of healthy growth worldwide will remain unfulfilled.


Largest HIPAA Breach: Hackers Steal Data on 4.5 Million Patients
A hacking group known as “APT 18” is suspected of stealing names, Social Security numbers, addresses, birthdays and telephone numbers from 4.5 million patients of Community Health Systems, a network of 206 hospitals across 29 states (see map at right). Credit card numbers and medical records were not accessed. It’s the largest attack involving patient information since the HHS started tracking HIPAA breaches in 2009, passing a Montana Department of Public Health breach that affected roughly 1 million people.


Quantitative Methodologies Assisting Performance Testing
A common misconception that performance testing activities under this testing arena is to basically use a load-testing tool to script the business scenario, execute the test and submit the results, but many are not aware the importance of basics (Quantitative Analysis / Methodologies) related to performance testing that are usually missed out or probably under the illusion that these are not required or might not come under their respective domain of work or nature of work activity. This gets very much misquoted when not properly communicated to the testing teams.


Michael Daniel's Path to the White House
In discussing his role, Daniel says understanding the economics and psychology of cybersecurity is a big challenge. "At a very fundamental level, cybersecurity isn't just about the technology but it's also about the economics of cybersecurity," he says. "Intruders get in through those holes that we know about that we could fix," he says. "The question is, 'Why don't we do that?' That clearly leads me to the conclusion that we really don't understand all of those economics and psychology [situations] well enough." In the interview, which was interrupted when he was called to the West Wing, Daniel discusses:


Developing Talent for Large IT Projects
Large IT programs are sometimes highly stressful; they can entail considerable overtime, they’re met with little appreciation from the broader organization because of the disruption the programs might cause, and they depend on the work quality of others. Having the right culture to overcome these challenges is essential. According to a McKinsey study of organizational archetypes and characteristics of winning organizations, the culture of a large IT program should be built on three pillars. One is clear direction that inspires employees. Large technology investments have the ability to dramatically improve business performance, but too often the focus on business value is lost in the day-to-day efforts of the project. Frequent town-hall meetings can help to remind teams of the impact of their work.


Quote for the day:

 "To handle yourself, use your head; to handle others, use your heart." -- Eleanor Roosevelt
Posted by at No comments:
Labels: , , , , , , , , , , ,

August 21, 2014

Google fills the gap between IaaS and PaaS
"We don't think there's platform as a service and infrastructure as a service," said Dan Belcher, a Google product manager, at a recent roadshow in Cambridge, Mass. "We really think about a continuum of the level of control and management that you want us to handle and that you'll handle yourself." Developers choosing between infrastructure and platform services face too many tradeoffs, so there is still plenty of room to improve the ability to run workloads in the cloud and eliminate the either-or scenario, Belcher said.


Chief Compliance Officers: Five Steps to Hiring the Right Team
“It’s no longer about being reactive, but proactive,” says Kate Quinn, executive vice president with search firm DHR International in New York, specializing in capital markets and asset management. “Nobody wants a regulator calling to discuss a short-coming. It’s far better to catch things early on than to fix a problem later. Compliance is about following the rules and taking the preventative steps to ensure the fund or entity is following the rules, while still making money.” Granted, CCOs have always had to keep abreast of regulations, establish internal policies and procedures to meet them, document their work and ensure that everyone follows the rules.


Should the Entire Internet Be Encrypted?
What ties all these headlines together? Your online presence is being tracked, monitored, intercepted, evaluated, and compromised. With something like Heartbleed, you would pretty much be helpless if the online assets of a company that you were working with were compromised. You can mitigate your online footprint slightly by using features like “Incognito” mode in Google Chrome, or a “Private” tab in Opera web browsers, but these options really only eliminate local tracks. This is where the IceBrowser comes in. One of the best ways to cover your tracks and secure your Internet usage is through a VPN


Data Quality – Who’s Responsible
Data quality management is an important job and Everybody is sure that Somebody will do it. Anybody can do it, but Nobody does. Somebody got angry about that because it was Everybody’s job. Everybody thinks that Anybody can do it, but Nobody realises that Everybody won’t do it. In the end, Everybody blames Somebody when Nobody does what Anybody could do. Accurate data is undoubtedly the cornerstone of industry, but a lack of standardised data prevents efficient information exchange between departments and subsidiaries and impedes decision-making and understanding of business problems.


PaaS Debate Heats Up At Interop
With microservices, each service in an application runs in its own virtual machine or Linux container. Part of developers' excitement about the Docker container system is that it provides a detailed format for doing this, allowing services to be linked and nested in relation to each other and moved around as necessary. The microservice approach also makes them more maintainable. When a master copy of a service is modified and proven by testing, the order can be given for all containers running the service to get an automated upgrade.


The Internet of Things Brings Legal Gotchas to CIOs
“Many of the legal issues are not well understood even by sophisticated privacy practitioners,” says Christopher Wolf, a partner at the law firm Hogan Lovells. “In the world of sensors rather than computer screens, the legal issues are challenging.” The Federal Trade Commission last September took its first action against an Internet of Things manufacturer. TRENDnet, which marketed its Internet-connected cameras for home security and other uses, settled with the FTC over faulty software that left its cameras vulnerable to online viewing and listening.


Regulatory pressure accompanies changing IT landscape
Monitoring multiple devices for every employee at an organization is a challenge. The virtualized enterprise is not just about technology, though. Whether you are working at a firm in New York City or on an island, the expectation is that you will be working quickly and with more agility. You have to be able to do work on a range of mobile of devices. Everyone expects a high level of manageability and efficiency. And no one wants to pay extra money for these capabilities.


New attacks secretly use smartphone cameras, speakers and microphones
Have you ever stopped to think of the front-facing camera on your phone as a keylogger? How far away do you hold your smartphone from your face/eyes? The researchers demonstrated how an “attacker can use reflections in the user’s face to perform keylogging with a smartphone’s front camera.” This attack works even on phones with wretched megapixel cameras; phone “cameras with only 2MP are already sufficient for corneal keylogging if the phone is held in not more than 30 centimeters (11.8 inches) distance. Cameras of 32MP even allow for keylogging operations if the phone is held at 60 cm (23.6 inches) distance.”


Beefed-up Couchbase Server 3.0 beta targets developers and admins
"In addition to foundational changes, like the advanced stream-based protocol and tunable memory, which improve performance and enable Couchbase to support many new use cases, we have dramatically improved the developer experience making it easier to build and extend applications built on Couchbase," Couchbase VP products and engineering Ravi Mayuram said in a statement. The stream-based DCP improves speeds by removing bottlenecks, and helps the way increased memory and network capabilities are used, according to Couchbase. Among other benefits, it lists better view performance and the immediate streaming and rapid indexing of changes made to documents to enable data queries at near real-time speeds.


SOA and API Schism and Unification
When creating a unified architecture strategy embracing SOA and REST, a logical next question is when to create a service or an API. From a messaging perspective, services and APIs have similar attributes. They are both network accessible endpoints delivering data or triggering a transaction. From an architecture perspective, both services and APIs provide an opportunity to create loosely coupled solutions exhibiting separation of concerns. Many architects and developers desire to extend their Service Oriented Architecture (SOA) with APIs, but are not clear on when to create a service or create an API.


Quote for the day:

 "The most important thing in communication is hearing what isn't said" -- Peter Drucker
Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

August 20, 2014

Software-Defined Networking: Beyond the Hype
New and groundbreaking technologies tend to focus on innovation rather than practicality, so security is typically the last feature added to any new revolutionary piece of software. In other words, even though security is becoming increasingly important, it’s often prioritized later in the game. But with SDN making 75 percent of network and security configurations, the business risk for data breaches increases greatly without sufficient oversight. To curb this, you will have to be just as proactive and cautious about security as the admins working on legacy infrastructure.


5 Ways To Beat The Digital Disruption Curse
Rather than just focusing on collaboration efforts across IT (a la DevOps), look for opportunities to unify digital teams across lines-of-business. One manufacturer I know did this by forming a cross-business DevOps style team tasked with integrating proprietary plant equipment with ERP for more seamless stock replenishment. In this case, IT teams provided expertise in security and standards, while engineers guided app development and analytics -- a perfect digital business combo.


Google SSL Decision: IT's Chance To Be A Hero
Unlike past algorithm tweaks that focused on keyword relevance and metadata optimization, this change requires IT to get the business ahead of the game or at least keep it playing. In the interim between now and when the full effects of the new algorithm begin to have an impact on organizations your business has an opportunity to gain a competitive advantage by ensuring it's SSL-enabled -- before the competition. Google's post gives seven specific steps to take. This change puts the ball squarely in IT's court. It is only within the bowels of IT that SSL can be enabled, whether implicitly on every application server that might deliver an app that will be affected, or explicitly via an SSL-enabled reverse proxy architecture.


IDG Survey – State of IT Cyber Defense Maturity
Download this IDG global survey report based on responses from over 1500 IT security professionals that sheds light on the state of cyber defense maturity. In addition to affording new incident and violation trends across industry and region, the results yield insights into IT security management capabilities, deficiencies and planned investments. Read it and see where your organization fits on the IT cyber defense maturity spectrum compared to your peers. The report delivers insights on: Network Complexity, Exposure; Diversity and Issue Velocity; and Challenging Security Management


The Next Battleground In The War Against Quantum Hacking
So in the cat and mouse game of information security, physicists have been fighting back by designing equipment that is more secure. Today, Nitin Jain at the Max Planck Institute for the Science of Light in Erlangen, Germany, and a few pals show how the changes still leave the equipment open to attack but at the same time reveal how the next generation of quantum cryptography could be made better. In quantum key distribution, Alice sends information to Bob encoded in the polarisation of single photons. So she might send a sequence of 0s and 1s as a series of photons polarised horizontally and vertically. Bob can then use this information as the key to a one-time pad for sending information with perfect security. Hence the name quantum key distribution.


Moving to the Cloud: 3 Data Integration Facts That Every Enterprise Should Understand
Overall, there seems to be two types of enterprises: First are the enterprises that get the value of data integration. They leverage the value of cloud-based systems, and do not create additional data silos. Second are the enterprises that build cloud-based data silos without a sound data integration strategy, and thus take a few steps backward, in terms of effectively leveraging enterprise data. There are facts about data integration that most in enterprise IT don’t yet understand, and the use of cloud-based resources actually makes things worse. The shame of it all is that, with a bit of work and some investment, the value should come back to the enterprises 10 to 20 times over.


Integrating R with production systems using an HTTP API
Today, two problems — one technical, and one organizational — create friction when trying to integrate R code into existing software applications. First, while R is a great language for analytical code, most enterprise software systems are written in more general purpose languages, such as Java, PHP, C#, C++, or even data pipeline tools such as Informatica or Microsoft’s SSIS. Invoking R code from these languages requires some non-trivial technical work, or translation to another language. This leads to the second problem: in most companies, software engineering teams are separate from analytics teams, so when analysts need engineering help, they are forced to compete against other priorities, or they must do their own engineering.


Data Governance: The Silent Hero to Achieving MDM Triumph
As the challenge to manage critical organizational data grows, businesses are increasingly embracing data governance strategies to protect the integrity of their valuable enterprise assets and to get the most from their master data management initiatives. Andrew White of Gartner recently blogged about the data governance challenge, saying, “In 2012 and 2013, a notable number of end users were struggling to embed the work of governance and stewardship in normal, day to day work of business users. Many firms are continuing to struggle with this. It is perhaps one of the major challenges of MDM and ANY information governance effort in this decade.” Designed to give control processes for data stewards and data custodians, data governance is more of a methodology than a tool.


3D Printing will Transform the Corporate IT Environment
The rise of 3D printing is likely to lead to the re-invention of many old products, as well as the introduction of extraordinary new innovations. Since these processes can print virtually anything that can be designed on a computer—thus eliminating the limitations posed by machine tools, stamping and moulding— engineers and designers will no longer be limited in their designs because of previous manufacturing technologies. In fact, the use of the technology has evolved beyond initial imagination with 3D printing technology being studied by biotechnology firms and academia for possible use in tissue engineering applications – in which organs and body parts are built using inkjet techniques.


PUE - the benevolent culprit in the datacentre
By some estimates, many datacentres are actually only using 10-15% of their electricity to power servers that are actually computing something. Companies should minimize costs and energy use, but nobody invests in a company solely based on how efficiently they move electricity. Datacentres are built and maintained for their computing capacity, and for the business work that can be done thereupon. I recommend correlating computing and power efficiency metrics with the amount of useful work and with customer or end user satisfaction metrics. When these factors are optimised in a continuous fashion, true optimization can be realised.


Quote for the day:

 “True leaders bring out your personal best. They ignite your human potential”. -- John Paul Warren
Posted by at No comments:
Labels: , , , , , , , , , ,

August 19, 2014

About 4.5M face risk of ID theft after hospital network hacked
The hacker group has been involved theft of intellectual property such as medical device and product development data, CHS said. In this instance, though, the group apparently targeted non-medical patient identification data. Since the breach was discovered, CHS is working with Mandiant to clean out its systems and implement new remediation measures, the filing noted. CHS is also cooperating with federal agencies in the investigation. The CHS incident is the second major breach to be disclosed in the past week.


Start-Up Has New Approach for SDN Security
The company is taking advantage of new capabilities offered by the exploding SDN technologies in its effort to provide security for software-defined datacenters. "SDN is an opportunity to introduce advanced security controls and capabilities into the datacenter network in a way that can scale to the demands of a large data centers and offer a dynamic and pro-active security control framework, detecting and mitigating an attack at an early stage," the company said. "Using these principles, GuardiCore offers a security platform, targeting the detection and prevention of attack techniques used by hackers in the propagation and control phases of the attack’s 'kill-chain' inside datacenters."


World-Class EA: Business Reference Model
Business architecture is being used to design, plan, execute, and govern change initiatives throughout public and private sector entities. An architectural approach can systematically highlight the most effective state for a given environment, and then define how change can be effected within acceptable benefit, cost, and risk parameters. A key challenge to this approach is the consistent definition of the organization and where it needs to be, and in response this White Paper introduces a comprehensive reference model for business. The Business Reference Model (BRM) can be applied to both private and public sector organizations alike, and gives complex organizations a common way to view themselves in order to plan and execute effective transformational change.


BYOD Twists and Turns Keep CIOs Off-Balance
BYOD's ripple effect, however, pales in comparison to the benefits. There are huge corporate gains from employees using their mobile devices for work, Waran says. It's conventional wisdom that mobility improves worker productivity and collaboration, and BYOD's ability to scale the number of people in a mobile network will lead to exponentially higher benefits, a la Metcalfe's Law. There are individual worker productivity gains with BYOD, too. A BMC Software survey found that the average BYOD-carrying employee works an extra two hours and sends 20 more emails every day. One out of three BYOD employees checks work email before the official start of their work day, between 6 a.m. and 7 a.m.


HTC One Runs Windows
As far as Windows Phones go, the HTC One for Windows Phone is an appealing option. The metal design may steal sales away from Microsoft and its Lumia devices, thanks to its slick appearance and high-end materials. Its exclusivity to Verizon Wireless may hinder HTC a bit, but it left enough wiggle room in the press release language to imply other carriers might offer the device later this year. HTC is re-entering the Windows Phone market at in interesting time. Windows Phone's market share has dropped in the US to just 1.5%. Perhaps this premium handset, which stands in stark contrast to the polycarbonate designs from Microsoft/Nokia, is just the kick in the pants Windows Phone needs to regain some of its lost presence.


SanDisk's Ultra II SSD offers prices as low as 44 cents per gigabyte
The SanDisk Ultra II has a maximum sequential read/write speed of 550MBps and 500MBps, respectively. The SSD's random read/write performance tops out at 99,000 I/Os per second (IOPS) and 83,000 IOPS, respectively. By comparison, Samsung's TLC consumer SSD, the 840 EVO, retails for as little as $469 for a 1TB model. Samsung's 840 EVO SSD read/write performance tops out at 540MB/s and 520MB/s, respectively. As with other consumer-grade SSDs, SanDisk's new drive is designed and being marketed to deliver a cost-effective and upgrade for desktop and laptop users who want to increase performance, battery life and power efficiency.


Enhance Customer Retention and Acquisition Strategies with Insurance Data Analysis
By analyzing free form text data in adjuster notes, insurance companies can not only measure the time it takes to complete these activities but actually evaluate the quality of the interaction representatives have with customers. These are the moments of truth that can make or break the ever delicate relationship an insurer has with its customer. For example, if explaining the claims process is required when making first contact with the customer, the adjuster notes detailing the first contact activity can be analyzed to confirm if this requirement was met.


Feeling rushed? Break the habit of hurry and overwhelm
Take a deep breath. Seriously, when you feel your world about to spin out of control, close your office door or find someplace to be alone for a few minutes. Close your eyes and just breathe. Let your mind go blank — don’t think about your never-ending to-do list. Then open your eyes and focus on one single thing, whatever is next on your agenda. Consciously slow down as you walk back to your office or head for your next meeting. Your blood pressure will thank you, and so will your co-workers.


Interview with Thomas Imart, Creator of Tweetinvi
Twitter has become an integral part of most companies’ communication strategy. While direct messaging will always be in the forefront, the ability to analyze Twitter trends is often necessary. But Twitter doesn’t always make that easy. Over time many of the older APIs have been deprecated or removed entirely. Newer APIs have taken their place, but they often work very differently than one might expect. So we decided to talk to Thomas Imart, creator of Tweetinvi about his offering.


Exclusive: White House meets with big biz on immigration
Obama has pledged to act by the end of the summer, but the timing is a growing concern to Senate Democrats, who fear that a sweeping program to temporarily halt deportation will further endanger their chances of maintaining control of the chamber. They are most worried about the impact on key Senate races in red states, including Arkansas, North Carolina, Louisiana and Alaska. Obama has not yet received recommendations from his staff, and no decision has been made on how he should proceed, according to sources familiar with the process.


Quote for the day:

 "A friendship founded on business is better than a business founded on friendship." -- John D. Rockefeller
Posted by at No comments:
Labels: , , , , , , , , , , , ,

August 18, 2014

MPTCP offers performance and resiliency but security is nonexistent
"With MultiPath TCP, a perfectly normal client could say, 'I want to open 10 different TCP connections that are all part of one logical TCP connection.' It would simply fragment the traffic across all of those in such a way that there isn't enough information on any of those TCP channels for an intrusion detection system to recognize what the application layer is, or more precisely that it is malicious," he said. "If the intrusion detection is not aware that MPTCP exists and doesn't know how to collect all those TCP streams and reassemble what's going on, then it's blind to the application layer traffic."


Heartbleed software flaw exposes weaknesses in hardware design
Data is vulnerable to hackers when in transit or in computer memory, said Ruby Lee, professor of engineering at Princeton University's Department of Electrical Engineering, at a presentation to the Hot Chips conference. The weakness is in the memory and cache, or secondary memory where data temporarily resides before being sent for processing or storage. "This is correctly functioning hardware -- with no bugs -- but it is leaking out information," said Lee, who was chief architect and one of the lead processor developers at Hewlett-Packard before joining Princeton.


Collaborative Software Development Platforms for Crowdsourcing
Crowdsourced software development, by its very nature, is collabor-ative. The stakeholders in a crowdsourced software project form a virtual team with the support of collaboration tools and social media technologies. Various kinds of communication, collaboration, and coordination (3C) happen among the requesters, providers, and platform vendors for example, requesters and providers communicate about a task’s requirements and evaluation criteria, requesters coordinate the progress and technical decisions of different tasks, and providers collaborate with each other via shared artifacts and workspace.


For Big-Data Scientists, ‘Janitor Work’ Is Key Hurdle to Insights
“Data wrangling is a huge — and surprisingly so — part of the job,” said Monica Rogati, vice president for data science at Jawbone, whose sensor-filled wristband and software track activity, sleep and food consumption, and suggest dietary and health tips based on the numbers. “It’s something that is not appreciated by data civilians. At times, it feels like everything we do.” Several start-ups are trying to break through these big data bottlenecks by developing software to automate the gathering, cleaning and organizing of disparate data, which is plentiful but messy.


The Data Analysts Toolkit: Why are Excel and R useful together, and how do we connect them?
One area of interest is Predictive Modelling. This is the process of using a statistical or model to predict the value of a target variable. What does this actually mean? Predictive modelling is where we work to the predict values in new data, rather than trying to explain an existing data set. To do this, we work with variables. By their nature, these vary; if they didn’t, they would be called a constant. One pioneer was Francis Galton, who was a bit of an Indiana Jones in his day. Although he wrote in the 19th century, his work is considered good and clear enough to read today. Therefore, this research has a long lineage, although it seems to be a new thing. We will start with the simplest: linear regression.


Consumer-facing industries lead in digital strategies: Forrester
"This is mainly because many want to ignore the changes that are taking place, but then there are others who say they know what it is, but they really don't know what it is. We refer to that as a 'bolt on' digital strategy where some executives will believe they are pushing a digital strategy but it's just really lip service, and they're not driving it through the business," he said. The report recommends in order to move from being a 'digital dinosaur', where a digital strategy is virtually non-existent, to a 'digital master', CIOs need to help shape a digital business vision in collaboration with other businesses leaders within the company.


Technology Can Make Lawful Surveillance Both Open and Effective
In brief, any surveillance process that collects or handles bulk data or metadata about users not specifically targeted by a warrant must be subject to public review and should use strong encryption to safeguard the privacy of innocent users. Only after law-enforcement agencies identify people whose actions justify closer investigation and demonstrate probable cause via an authorized electronic warrant can they gain access to unencrypted surveillance data or employ secret analysis processes. The details of an investigation need not be public, but the data collection process would be—what information was collected, from whom, and how it was encrypted, stored, searched, and decrypted.


Managing Mobile Risk in the Cloud
Iterative and agile software development methodologies and tools are the buzzwords of the moment because they capture how software developers are ideally working in this environment. Perfection will not be achieved before code is released, but at the same time certain minimum standards of data security and privacy, as well as release objectives, need to be met. This can be done, but certain preconceptions about the cloud need to be overcome in order to do so. The most important misconception about the cloud is that it necessarily exposes apps and data to the outside world. However, this is not so.


Grocery stores in multiple states hit by data breach
According to Supervalu, its internal IT team detected the intrusion and quickly moved to remediate it. "An investigation supported by third-party data forensics experts is on-going to understand the nature and scope of the incident," the company said. "Supervalu believes the intrusion has been contained and is confident that its customers can safely use their credit and debit cards in its stores. " The company is offering consumers affected by the breach a year's worth of free identity protection services. In a separate statement, AB Acquisition, which owns and operates Albertson's, ACME, Jewel-Osco, Shaw's and Star Markets said it is working closely with Supervalu to find out what exactly happened and what data might have been stolen.


“Professionalize” Information Security?
The only question is whether companies wish to invest in ensuring that they are hiring the professionals they need for information security. The technology world is rife with examples of private consortia establishing standards and other metrics for all sorts of critical networking and other tasks, often without the prodding or confiscated money of politicians. Licensure is simply an easy way to shove the costs of background work on taxpayers—effectively, socialization of security. To be sure, proponents of “professionalization” will state that the entire public has something to gain and on and on, offering the usual hackneyed justifications for yet another program to be administered by a government that can’t afford half of what it’s already doing.


Quote for the day:

 "We're living in a time when disruptive use of technology can take a business from nothing to number one." -- Robert Stroud
Posted by at No comments:
Labels: , , , , , , , , , , ,

August 17, 2014

Database Development: Comparing Python and Java ORM Performance
I have a good deal of experience with Java, which helped me in getting the Java ORM working, but a beginner might not be able to get past the setup difficulties. However, having used and written about both languages, I should note that despite these occasional difficulties my preference would generally be to use Java. Why? Well, Java is a proven technology; out of the box, Java is structured, secure, strongly typed, and thread-safe. Anyway, that's enough grumbling. Let's see how to set up some ORM code in these two languages.


Parallel-lazy Performance: Java 8 vs Scala vs GS Collections
Sponsored by Goldman Sachs. Java 8 has Streams, Scala has parallel collections, and GS Collections has ParallelIterables. Since we use parallelism to achieve better performance, it's interesting to ask: how well do they perform? We'll look at how these three APIs work with a critical eye toward performance. We'll also look at common performance pitfalls. Listen to Craig Motlin, the technical lead for GS Collections, a full-featured open-source Collections library for Java and the author of the framework's parallel, lazy API


MaxClients in Apache and its effect on Tomcat during Full GC
Let's see how the MaxClients option in Apache affects the system when Full GC has occurred in Tomcat. Most developers know that "stop the world (STW) phenomenon" occurs when GC has occurred in Java (for more refer to Understanding Java Garbage Collection). In particular, Java developers at NHN may have experienced faults caused by GC-related issues in Tomcat. Because Java Virtual Machine (JVM) manages the memory, Java-based systems cannot be free of the STW phenomenon caused by GC. Several times a day, GC occurs in services you have developed and currently operate. In this situation, even if TTS caused by faults does not occur, services may return unexpected 503 errors to users.


Performance Comparison of Virtual Machines and Linux Containers
The results show that Docker equals or exceeds KVM performance in every case tested. For CPU and memory performance KVM and Docker introduce a measurable but negligible overhead, although for I/O intensive applications both require tuning. Docker performance degrades when using files stored in AUFS, compared to using volumes, that have better performance. A volume is a specially-designated directory within one or more containers that bypasses the union file system, so it does not have the overhead that the storage backends may have. The default AUFS backend causes significant I/O overhead specially when using many layers and deep nested directory hierarchies.


Getting Serious About IPv6 – Go Big or Go Home
Think carefully before you just start shutting off IPv6. Remember, it is enabled and preferred and if your existing production network is using IPv6 for some of its network traffic you will have a production outage while you disable IPv6. Furthermore, you might not even know all the applications that ARE using IPv6, have fun troubleshooting that one. Even after you think you have turned off IPv6 on your equipment, how often do you actually audit and check to see if it is running? Does it get re-enabled with OS patches and updates? What about third party equipment that runs on your network or wireless/wired guest network?


Pattern Recognition Algorithm Recognizes When Drivers Are on the Phone
A dashboard camera in front of the driver is well-positioned to spot cell phone use. Their system processes the images from this camera in three steps. First, it locates the driver and crops the image to show just the face and area to each side of the face. The idea is to see the driver’s hands should they be raised next to the ear in holding a mobile phone while making a call. Next, it identifies any skin pixels in the image and assesses the position of these pixels. It then segments the image into areas showing face and hands. Finally, it assesses the likelihood that the driver is on a call and issues a warning accordingly.


Oracle slaps Oregon with a lawsuit over troubled Obamacare website
A key bone of contention in the dispute centers around the fact that Oregon hired Oracle on a time-and-materials basis, with the state serving as its own systems integrator. “That decision was akin to an individual with no construction experience undertaking to manage the processes of designing and building a massive multi-use downtown skyscraper without an architect or general contractor,” Oracle said. Another alleged flaw in the state’s approach: It decided to build Cover Oregon at the same time it was embarking on a major IT modernization project for other aspects of its health and human services operations.


SQL Server Change Tracking: A Near Bullet-Proof ETL Solution
This segment will introduce the concept of CT as well as provide a substantive demo (i.e., something better than a hello world example) of CT’s functionality. CT was introduced with SQL Server 2008R2 and unlike Change Data Capture (CDC) is available for all versions of SQL Server 2008 (and later) including SQL Server Express. CT captures changes to database table rows over a period of time. It does not record each change during that period, but retains the net changes by tracking the individual rows (using the Primary Key) that have changed. Thus, it is great for data extraction/synchronization, but not for auditing (that is CDC’s area of expertise).


An Introduction to Functional Programming with Java 8
Given functional programming has been around since the 50s, and until recently mostly disregarded by the mainstream, why has it become such a hot topic? My opinion is that it’s because of its ability to easily process work in parallel taking advantage of multi-core processors, lazy (on-demand) evaluation, and ease of integration with other languages such as Java. Certainly the JVM has provided a good base for Scala which can even be embedded in a Java program, giving the best of both worlds plus an easier migration path for developers.


Three Secrets of Organizational Effectiveness
These are, of course, widely appreciated management methods for raising performance. But they’re rarely put into practice. Perhaps it’s because they feel counterintuitive to many managers. Even the leaders who use them, and whose enterprises benefit from the results, don’t know why they work. So the value of these powerful practices is often overlooked. That’s where neuroscience comes in. Breakthroughs in human brain research (using conventional experimental psychology research in addition to relatively new technologies like CT scans and magnetic resonance imaging) are revealing new insights about cognitive processes.


Quote for the day:

 "The first and best victory is to conquer self." -- Plato
Posted by at No comments:
Labels: , , , , , , , , , , ,

August 16, 2014

Converging API Governance and SOA Governance
API governance is heavily influenced by IT business goals and objectives. Leading API governance platforms provide analytics supporting the assessment of IT business value. The platform should capture service tier subscription information, collects usage statistics, present productivity metrics, and integrate with billing and payment systems. API governance encompasses API subscriptions and API promotion meta-data. Governance activities managing API promotion meta-data include rationalizing keyword tags used to categorize APIs, and developer documentation content management.


A Look at Cyber Security Trends for 2014
This year, there’s been more discussion than ever about numerous topics such as the benefits of big data, the Internet of Things, mobile technology, and how to make the most of cloud computing. There’s plenty of excitement to be had so far and much more on the way, but in the fast moving technological environment we now live in, there’s also reason to worry. Security in particular, whether it’s network security, computer security, or IT security, is foremost on many business leaders’ minds. To prepare for what the future may hold, it’s important to look back at some of the recent trends to see the threats and solutions having the biggest impact on cyber security.


IoT is here and there, but not everywhere yet
isco Systems has estimated IoT will generate $14.4 trillion in economic value between last year and 2022. But Kevin Shatzkamer, a distinguished systems architect at Cisco, called IoT a misnomer, for now. “I think we’re pretty far from envisioning this as an Internet,” Shatzkamer said. “Today, what we have is lots of sets of intranets.” Within enterprises, it’s mostly individual business units deploying IoT, in a pattern that echoes the adoption of cloud computing, he said. In the past, most of the networked machines in factories, energy grids and other settings have been linked using custom-built, often local networks based on proprietary technologies.


Think like a cop: two simple questions that will protect you from cyber wolves
The secret to avoiding danger is not to rely on lists of things experts tell you to do, but to get into the habit of knowing what to ask to avoid trouble. There are two questions that the C-suite and customers should ask to minimise their risk of exposure to cyber crime but these are not being asked. Why is that? ... The diligent police detective knows their powers of arrest and restraint before they start grappling around on the floor with a villain. They know and remember this because there is a strong likelihood they will face this danger and they must do the right thing when it happens. Once ingrained in the thin blue mind, the cue card can be written.


10 Essential Elements of a Mobile Strategy
In the past few years, our thought processes have shifted in three fundamental ways. We expect to: Satisfy any impulse on a mobile device within a minute. 52% of highly mobile people are frustrated when something they want isn’t available on their smartphone; Access relevant information in any circumstance via an app or mobile search. 45 percent of users between 18 and 29 use mobile search daily; Perform a wide variety of personal and professional tasks on our mobile devices, including accessing critical documents, sharing photos, submitting expenses, performing banking tasks, managing investment portfolios etc.


NASA Mission: Cloud Governance
After the IT group realized that there were multiple root accounts, it had to design and implement a governance model for managing the accounts and apply that model to the existing network infrastructure and cloud deployment, says JPL cyber security engineer Matt Derenski. The highly automated AWS cloud system helped JPL's IT staff sort out and manage the accounts issue and then other governance and compliance requirements. Chiang notes that JPL IT staffers sometimes have difficulty tracking usage and application data on the laboratory's internal network, but the Amazon cloud offers complete visibility into the number of active accounts and which servers they're running on.


5 Must-Have Characteristics to Enable Enterprise Architecture Successfully
A lot of organizations have tried to implement Enterprise Architecture in IT, but have had a hard time gaining credibility within the organization and communicating its value effectively. Many are now turning to consultants with strong EA backgrounds to come in and help make EA successful. There are 5 characteristics that we should ascribe to in order to enable a strong Enterprise Architecture foundation for an organization: Transparency; Integrity; Selflessness; Empathy; and Effective Communication.


Information Governance: Why it’s a priority, not an option
Despite purchasing highly sophisticated data management solutions from the best of vendors, organizations’ data suffers from inconsistencies with effects as minor, but embarrassing, as wrong address or contact person name being printed on customer invoice, to as major as wrong decisions being taken by top management because of incorrect/insufficient data being available to them. In extreme cases, the organizations may fail to support regulatory compliance, or might have to re-issue their financial statements in the face of reports containing inaccurate or incomplete information being presented to relevant stakeholders.


Big Data and the Information Governance Imperative
With a smaller information footprint, organizations can more easily find what they need and derive business value from it. They must eliminate the data debris regularly and consistently, and to do this, processes and systems must be in place to cull out valuable information and discard the data debris. An IG program sets the framework to accomplish this. But a key challenge is that because of the inter-disciplinary requirements for implementing IG—no one wants to own IG. It touches on parts of the strnegths of a CIO or General Counsel, but it also requires them to go out of their confort zone into new areas.


The IT skills conundrum: too many threats and not enough professionals
With fewer skilled professionals, some organisations will simply continue to struggle to do anything beyond keeping the lights on. The smarter businesses will take action to understand their risk exposure across the business and prioritise areas to focus on. This enables them to make more informed decisions around resource requirements to help mitigate risk. But a lack of resource will often mean that there is nobody available internally to carry out the assessment in the first place. Risk and security management are important areas for any organisation and, as the threat landscape evolves, every enterprise needs to consider its current risk exposure in the context of its commercial objectives.


Quote for the day:

 "Have confidence that if you have done a little thing well, you can do a bigger thing well, too." -- Joseph Storey
Posted by at No comments:
Labels: , , , , , , , , , ,
Subscribe to: Posts (Atom)