Daily Tech Digest by Kannan Subbiah

October 09, 2014

Microsoft Wants to Kill Email Attachments
Because the linked file is stored in the cloud, it can be accessed simultaneously by multiple recipients. OWA's interface supports real-time co-authoring of linked and attached documents, so several collaborators can simultaneously work on a single document. This summer, Microsoft added a new side-by-side view to OWA to help streamline the real-time collaboration process. The view lets users open linked or attached documents alongside email, allowing them to both modify a received document and reply with an email message from within a single interface.

Disruption Coming For MDM - The Hub of Context
Much more intuitive, analytic, and intelligent about our master data. And this is what innovative MDM companies are doing - using a graph db repository (ie. Pitney Powes Spectrum MDM). And, still other innovative organizations are saying, we can build this on our own by leveraging a graph db (good confirmation and examples of this with NeoTechnologies). And, you have data profiling and discovery tools like Global IDs helping you identify and build a graph of your data (they OEM NeoJ from NeoTechnologies and use the open source graph db Titan).

DukeScript: A New Attempt to Run Java Everywhere
The basic architecture of a DukeScript Application is actually very simple and consists of three components. There’s a Java Virtual Machine, there’s a HTML-Renderer Component, and there’s DukeScript. DukeScript glues the JVM and the HTML-Component together and acts as a bridge between the business logic running in the VM and the UI written in HTML/JavaScript. DukeScript applications run inside a JVM and use the HTML-Renderer to display the page. When the page is loaded, DukeScript binds the dynamic elements of the page to the data model using Knockout.js internally.

Mobile technology: Ushering in the search generation
Since mobile devices have always been around, they have no intimidation about learning how they work. They have been able to do things with them from the get-go, and like the inquisitive kids they are have rapidly learned how to make them do what they want. They have seen Mom and Dad "just Google it" countless times, and the search process is normal for them. Learning to search on devices is happening at a very early age, which is clear if you talk to their parents. Show them once and they hit the ground searching. This may be the most profound effect that mobile technology will have on society in developed countries.

The cloud according to Daryl
Plummer pointed out that while interest in cloud is high, moving to the cloud is a long, slow journey for large enterprises. According to Gartner research, 90% of respondents to a recent survey said they are doing some form of cloud computing. And 78% said they plan to increase cloud spending through 2017. In fact, one-third of IT spending on services goes to cloud-based services. But cloud is only 4% of the total IT spend, which means companies are dipping their toes into cloud, but aren’t diving in by any means. Plummer dismissed concerns about cloud security. ``Most clouds I run into are more secure than most enterprises I run into,’’ he said.

Activist Elliott Pushes EMC to Dump VMware
The two companies are holding each other back, the letter said, and cites several examples where the two outfits, ostensibly part of the same company, effectively compete against each other — with the result that EMC shares have underperformed compared to its peers (companies like Hewlett-Packard, IBM, Cisco Systems and Intel) and the wider markets. The firm, controlled by the billionaire Paul Singer, controls more than two percent of EMC’s shares, and started its campaign to force its breakup in July. But this latest sally comes just days after HP announced its big breakup plan.

Obama Had Security Fears on JPMorgan Data Breach
Jim Duffy, an ADP spokesman, said the payroll processing firm had “observed Internet-based traffic from those criminals allegedly reported” to have hacked into JPMorgan. But he added that ADP had not “observed any issues associated with such scanning of our defenses.” Regions said in a statement that it “consistently monitors for any unusual activity. At this point, we have no evidence of any breach.” ... JPMorgan has said that the attackers obtained names and some email addresses but did not penetrate enough to get account information, and that there was no evidence of any illicit movement of money across the 76 million affected households.

Judges spar with attorneys on national security data requests
Federal judges challenged attorneys on Wednesday to clarify the rationale and constitutionality of government data requests, in a line of questioning that may ultimately introduce greater transparency into what is now a tightly cloaked process. The hearing, held in a federal appeals court in San Francisco, focused on National Security Letters, or NSLs, a type of data request commonly used by the Federal Bureau of Investigation to obtain information from companies, ostensibly for the purposes of investigating national security matters.

Shellshocked, and expecting worse to come
Unfortunately for those of us that have to deal with the vulnerability, the Linux operating system is used in lots of devices that we don’t normally think of as computers, so they don’t fall into a normal patching routine. I suppose it’s so widely used because it’s free, making it attractive as a platform for vendors to use when they set out to create a new product, from toasters to cars. But for many of those products, the Linux operating system is way more complex than what they really need. On my network, I found it in network devices, load balancers and even a couple of my favorite security products. And one of those was my firewall!

Half of all Android devices still vulnerable to 'privacy disaster' browser bug
At the time, Todd Beardsley, a researcher with security firm Rapid 7, described the bug as a "privacy disaster", explaining that "any arbitrary website (say, one controlled by a spammer or a spy) can peek into the contents of any other web page". The bug also allowed an attacker to hijack a web session by stealing a session cookie. Since the affected browser ships with all pre-KitKat versions of Android (Google dropped the browser in Android 4.4), it would mean that around 75 percent of all Android users with the Google Play app could be exposed to such an attack,according to Google's figures.

Quote for the day:

"The best way to find yourself, is to lose yourself in the service of others" -- MK Gandhi

October 08, 2014

BYON is a bigger threat to the enterprise than BYOD
Bring your own network (BYON) is "the ability of end users to create or access alternative networks when the available options are not satisfactory for their purposes." This sounds great if you're an end user or a vendor selling mobile access, but it's not so great if you're in charge of corporate security. From an enterprise perspective, BYON is seen as a derivative of the bring your own device (BYOD) movement. Since we're dealing with employee-created, unauthorized networks, however, data that travels via BYOD channels can't be monitored, which is a glaring data security risk that can introduce cyberthreats, such as malware, into a company's digital assets.

Peter Thiel talks Apple, Bitcoin, tech investing, innovation

Speaking at the Gartner Symposium ITxpo, Thiel, at the conference to plug his Zero to One book, covered everything from entrepreneurial thinking to currency and investing in new technologies. Thiel covered a lot of ground ranging from education, innovation and how vertical integration is generally underestimated. There's also a big difference between globalization and technology innovation. Here's the recap on Thiel's talk.

Four Strategies For Thinking Ahead of the Curve
When I asked Filippo how he keeps his mind focused on seeing around corners, he revealed his lifelong passion for competitive chess. “It forces you to think two and three moves ahead.” All the great innovators do this. They take in more data, more inputs from the environment, from the meeting, from wherever. They live in what I call the future moment. This skillset, which I write extensively about in Winning the Innovation Game, is a safeguard to being blindsided by change. It’s fundamental to discover incredible opportunity. Below are four strategies for stepping up your game in this essential area.

Son of a Breach! Can Companies Just Safeguard Their Customers’ Data?
Sure enough, six days later, the company admitted that its payment systems were in fact breached and that the hack was going on for months. They went on to say that while credit card data was exposed, personal pins were not. Reassurance (not really). And while the exact number of affected cards wasn’t known at that time, one thing was for certain: If you used a credit card at one of Home Depot’s U.S or Canadian stores in the past 4-5 months, you needed to consider your credit card stolen and get on the phone with your bank ASAP.

Improve IT Governance with a Quick Assessment
Too often today we hear from both CIOs and clinical leaders that IT is operating in a silo and not well aligned with the emerging needs of the organization. Meaningful use and ICD-10 projects are good examples. These initiatives are often managed by IT, yet the decisions on workflow, training, content development, and management call for collaboration from clinical, business, and operational leadership. Well meaning executive teams develop cross-functional governance models, yet when it comes to decision making and participation we find too often that governance structures are largely on “paper only,” with IT making it happen.

Cloud Security's Silver Lining
With mobility on the rise, there's a trend of bypassing internal controls. This leads to a loss of visibility [for central IT]." At the core of these changes is the large growth in the SaaS market, drastically increasing the scope of the vulnerability of businesses and indicating the need to look at security as less of a "walled garden" model and more holistically. "In the future," Patel says, "the Internet edge will be cloud delivered. What's more, "although more mature CSPs have done a lot of work on security, […] that market is growing every day, and not everyone is equal."

Meet Linux kernel 3.17's best new features:
This means great new features are coming to a Linux distribution near you, though the 3.17 kernel's changes mostly consist of new and improved hardware support. New versions of the Linux kernel will eventually make their way into all sorts of other devices, too. A new Linux kernel means improvements for Chromebooks, Android devices, network routers, and any number of other embedded devices. Here's the most notable new features you'll find in the Linux 3.17 kernel.

Red Hat Storage Server 3: Not your usual software-defined storage
This new RHSS can run on your commerical off-the-shelf (COTS) x86 servers, and on OpenStack or Amazon Web Services (AWS) cloud. It's based on open source Red Hat's GlusterFS 3.6 file system and Red Hat Enterprise Linux (RHEL) 6. Red Hat claims that RHSS 3 can "easily scale to support petabytes of data and offer granular control of your storage environment while lowering the overall cost of storage."

What The United States Can Learn From Israel About Cybersecurity
In contrast to the United States, Israel’s government interacts closely with the private sector, academia, and civil society on cybersecurity issues. In fact, in 2013 Israel inaugurated an Advanced Technology Park at Ben Gurion University to serve as an international center of excellence for “cybernetics and cybersecurity.” The Technology Park brings together companies, academics, and the Israeli Defense Forces (IDF) to collaborate on projects, share research and information, and foster new thought leadership.

Shadow IT Risk and Reward
Don’t expect Shadow IT teams to conform to a single ALM governance model. Shadow IT teams follow their own process, and one has to carefully incorporate enterprise policies into Shadow IT ALM processes. Choose ALM tools that efficiently support multiple governance models. An important aspect to consider is different environment configurations and solution promotion rules. A department level Shadow IT team does not always want a development, test, and production environment. They may want to develop on their desktop/laptop, and push directly to production.

Quote for the day:

"Leadership is intangible, and therefore no weapon ever designed can replace it." -- Omar N. Bradley

October 07, 2014

Rebooting Deduplication in Your Next-Generation Data Center
There are a number of considerations to determine how deduplication should fit into an organization’s modern data center and workflows. However, there is no silver bullet technology to rein-in data center complexity. The type of data, content, and frequency of access required all need to be evaluated in order to find the best deduplication solution. Virtual machines (VMs), for example, require many backup applications to work within more dynamic and virtual workflows, which they are ill-equipped to handle. This data type must be managed differently from traditional data.

Microsoft CEO Nadella: Windows 10 is an IoT play too
The key for Windows in the future will be offering user experience consistency where ever it will run. "The Internet of Things end points will need an operating system that's manageable and secure. I feel Windows will be a fantastic operating system to run on the edge," said Nadella. Another key point will be taking that OS and the data end point and offloading into Azure for predictive analytics. "That's really our IoT strategy," said Nadella. "We're in IoT today. Listening to you today makes me want to go back and put my marketing department on it."

Gartner: Top 10 strategic predictions for businesses to watch out for
For a session that is high-tech oriented, this year’s Gartner strategic predictions were decidedly human. That is to say many were related to increasing the customer’s experience with technology and systems rather than the usual techno-calculations. “Machines are taking an active role in enhancing human endeavors,” said Daryl Plummer is a managing vice president, chief of Research and chief Gartner Fellow. “Our predictions this year maybe not be directly tied to the IT or CIO function but they will affect what you do.”

IBM, Pentaho make the case for a big data refinery
It's that push-pull between access and governance that seems to be helping bubble up another marketing term du jour: the data refinery. In IBM's vision, it enables businesses to keep data in the close-to-raw format, refining it to a properly integrated, aggregated and governed state "automatically, on demand when the business user is asking for it," Corrigan said. ... Hortonworks was on to this back in 2012, which Shaun Connolly, vice president of corporate strategy, described as "a new system capable of storing, aggregating and transforming a wide range of multi-structured raw data sources into usable formats that help fuel new insights for the business."

CIOs Face Digital Leadership Problem: Gartner
One of the problems CIOs face is that inspiring people and developing strategic vision requires time. Aron suggested that CIOs appoint an "IT COO" to be in charge of operational issues within the division. He pointed out that CIOs who had such a person on their team gained at least a day each month that they could use for other, more critical tasks. The change in leadership is critical if a CIO is going to lead a change in IT culture, he said. The change in culture is critical if IT is going to respond to the changes facing businesses. Aron leaned on Peter Drucker for this action item, repeating Drucker's quote, "Culture eats strategy for breakfast."

Hacking: How Ready Is Your Enterprise?
For the first, it is important that you then ask what percentage of IT services and programs are covered by a risk assessment and what percentage of security incidents taking place were not identified in the risk assessment. The first question tells you how actively your IT is managing security and the second tells you whether there a gaps and risks. Your goal here should be to ensure that “IT-related enterprise risk does not exceed your risk appetite and your risk tolerance”. With regards to the security plan, you should be asking your IT leadership (your CIO or CISO) about the number of key security roles that have been clearly defined and about the number of security related incidents over time.

5 Steps to Take When a Data Breach Hits
The IT industry has an answer to almost every security problem. Need to lock down an app server to ward off hackers? There's likely a product available for that. Same goes for making sure a stolen Android phone uses strong authentication to keep a hacker from stealing data. However, if the worst does happen – say, the hackers manage to break into a server and steal credit card numbers from a database – it can be hard to know what to do next (other than panic). CIO.com spoke to several security and legal experts to find out what to do after a leak occurs. Here are their five steps for how to survive a data breach, in chronological order.

10 things you need to know before hiring penetration testers
Penetration testing is a crucial part of fortifying and maintaining network, IP and physical security, but as we discovered through numerous interviews, it's not a simple task to hire for. Pentesting involves giving professional pentesters permission to test and verify that new and existing systems, networks, applications and safeguards don't provide unauthorized access to malicious hackers — but pentest individuals and companies range from razor-sharp, thorough and helpful, all the way to oversold, irresponsible and negligent. Today's attackers are devious, creative, and not held back by anything. Here are the ten most critical things you need to know in order to hire the right pentesters.

Protection & Decompiling Software
The most common software crack is the modification of an application's binary to cause or prevent a execution specific part of the program. This is accomplished by reverse engineering the program code using a debugger until the software cracker reaches the subroutine that contains the primary method of protecting the software or by disassembling or decompiling an executable file with a program. Cracking some time done by monitoring the registry or file system changes done by the installation and 1st run of the application.

Ricoh's plans for transformation

Ricoh is in the midst of transformation, actively streamlining its company structure to accelerate growth across a number of markets. Like many traditional print hardware companies, it is shifting its focus to services. Its primary focus is on what it calls "workstyle innovation". Over the past few years, Ricoh has repositioned the company as a services-led organisation - and has greatly enhanced its marketing communications and web presence to shift perception of Ricoh as a company that can support a business' transformation in today's evolving and mobile workplace.

Quote for the day:

"There are only two types of darknesses. One that harvest the shadows..and one that leads the light" --Warda Patel

October 06, 2014

The prospects for Apple Pay in the UK
David Emm, principal security researcher from Kaspersky Lab, said people’s reaction to Apple Pay would have been different if not for the iCloud hacking claims. “I suspect we wouldn’t have had so much focus on this from a security point of view,” he said. “That suggests to me that in the longer term, security is unlikely to be a top priority for people. There’s no question that the convenience of mobile money services, being able to pay for things just by swiping your device, is increasing.”

How the CIO Role Is Changing As Business Needs Evolve
The duties of the CIO have changed in the last decade, says Steve Durbin, managing director of Information Security Forum. "Ten years ago, these guys were worrying about things like the mainframe computer," he says. "They didn't have people like you and me – users who would suddenly decide they're going to use their iPhone or tablet to access information." Part of the reason for the increased CIO role is that the power shifted away from IT and into the hands of the end users, whether they were customers or employees of the company.

IoT technology starting to impact product development
"What you are seeing is the convergence of industrial systems, Internet solutions, big data and the ability to build systems that use an enormous amount of compute power potentially distributed all over the planet," Soley said. For example, Coca-Cola Co. uses sensors in every part of its distribution, according to Soley. This entails everything from tracking down where a bottle needs to be delivered to orders of a specific syrup flavor. "They are sensing potentially hundreds of thousands of sites all over the world based on communication systems," he said.

Home Depot Security Team Understaffed And Overwhelmed For Years, Insiders Say
In fall 2011, Home Depot’s overall security team had about 60 employees with a variety of responsibilities, from finding security flaws in the network to ensuring that the company was meeting industry security standards. ... "You're having a hard enough time finding security holes," one former Home Depot security engineer told HuffPost. "Then half the people in your department leave and your workload doubles. It makes it even harder to catch stuff." Two former security employees described Mitchell as "bullying" and "abrasive" and said he was partly to blame for the loss of talented personnel.

HP to Separate Into Two New Industry-Leading Public Companies
Both companies will be well capitalized and expect to have investment grade credit ratings and capital structures optimized to reflect their distinct growth opportunities and cash flow profiles. The separation into independent publicly traded companies will provide each company with its own, more focused equity currency, and investors with the opportunity to invest in two companies with compelling and unique financial profiles well suited to their respective businesses. Management Structure Meg Whitman, President and Chief Executive Officer of HP, and Cathie Lesjak, Chief Financial Officer of HP, will hold these positions with Hewlett-Packard Enterprise.

The Navy is building robotic weaponized boats
The technology, which uses artificial intelligence, machine perception and distributed data fusion, was successfully demonstrated over two weeks in August on the James River in Virginia. "This is a huge advance for robotics and, specifically, for object recognition and artificial intelligence implementations," said Patrick Moorhead, an analyst with Moor Insights & Strategy. "These are the smartest robots I have seen. The combination of speed, object recognition and artificial intelligence is very, very impressive."

How Much of Your Data Would You Trade for a Free Cookie?
In a highly unscientific but delicious experiment last weekend, 380 New Yorkers gave up sensitive personal information — from fingerprints to partial Social Security numbers — for a cookie. “It is crazy what people were willing to give me,” said artist Risa Puno, who conducted the experiment, which she called “Please Enable Cookies,” at a Brooklyn arts festival. The cookies — actual cookies — came in flavors such as “Chocolate Chili Fleur de Sel” and “Pink Pistachio Peppercorn.” To get a cookie, people had to turn over personal data that could include their address, driver’s license number, phone number and mother’s maiden name.

The Agile Coaches' Coach Shares Her View on SAFe
An incredibly frustrating aspect of multiple Scrum teams in the same product area is the interdependencies between them, which can easily turn into interdependency gridlock. The cause of this is the way organizations organize. Most don’t yet organize in a way that lets us slice theWedding Cake into thin slices of actual customer value. I can rail against that all day long, but in the meantime, interdependencies between teams flourish and can result in unexpressed contracts -- think of them as informal Service Level Agreements (SLAs) between teams.

CIO interview: Ben Hine, technology director, UKTV
“Technology is a huge part of everyday life and defines the way they work,” he says. “But we didn’t want it to define us; we wanted people to define what they wanted from technology.” During the infrastructure refresh, the UKTV team moved buildings, so it had a blank canvas to work with. On day one, employees came into the new building to find their chosen laptop waiting for them. “We made every single person mobile,” he says. “We took their desks and every piece of kit – the telephone, PC, TV, personal video recorder, Sky Box – and managed to squash it all into a laptop.”

JPMorgan Chase attackers hit other banks
The attack compromised information and data used in connection with providing or offering services, the bank said. However, sensitive information including account numbers, passwords and credit, debit and Social Security numbers are not thought to have been compromised, the back stated. The bank said it does not believe customers "need to go through the inconvenience of having their cards reissued." Even when an attack does not involve credit card or social security numbers, however, information such as names of people who use a certain service can be used by criminals to pry more sensitive information from unsuspecting consumers via phishing attacks.

Quote for the day:

“The growth and development of people is the highest calling of leadership.” -- Harvey S. Firestone

October 05, 2014

Dirk Slama Keynote on The Internet of Things
"The vision for the Internet of Things is very powerful – a world in which assets, devices, machines, and cloud-based applications seamlessly interoperate, enabling new business models and services; with big data analytics as a foundation to support intelligent decision making in this connected world. As with every vision, the question is how to make it happen. This presentation provides key success factors for IoT, as well as a detailed overview of concrete IoT uses cases in the areas of automotive and transport, manufacturing and supply chain, as well as energy. Finally, a framework for IoT implementation is presented, which helps making your IoT projects a success."

NoSQL Databases: An Overview
Over the last few years we have seen the rise of a new type of databases, known as NoSQL databases, that are challenging the dominance of relational databases. Relational databases have dominated the software industry for a long time providing mechanisms to store data persistently, concurrency control, transactions, mostly standard interfaces and mechanisms to integrate application data, reporting. The dominance of relational databases, however, is cracking.

BMC Is Fixing Its Enterprise IT Software With User Experience Design
The key is being able to understand what the call center agent needs in a given point of time and how much workload Smart IT can handle. Combine this with a better front-end user experience for the call center agent and everything runs that much more quickly. “Pick the world's largest company and think about the number of employees they have,” Kaempf says. “To deliver better service to employees--that's a real win for them.” In Kaempf's opinion, enterprise has been too focused on solving technical problems--not user problems.

IBM Tries to Make Watson Smarter
“We never would have thought of it; we don’t have that DNA,” he said. “It validated the idea that we needed to open up the platform and make it available to the startup marketplace.” Ultimately, Rhodin said, IBM will pursue a revenue-sharing model for any effort that reaches market. The company also continues to pursue applications in the medical, financial, and legal sectors. Using Watson to examine thousands of documents could, for example, help doctors see different diagnoses in order of probability and “rule out things they didn’t think of,” Rhodin said.

Honda's in-car Connect system does Android its own way
Honda's engineers definitely squeezed a lot of functionality into the system, which may suit some folks and not others. For instance, you can download and use Android and Honda's own car-specific apps, including an optional Garmin-powered GPS. Other functions include FM radio, CD playback, USB and HDMI connectivity, Mirrorlink and Bluetooth. While it's great to have choices, we hope all of that functionality doesn't make the system difficult to use. The interface was a bit more fussy than we'd like, which could distract the driver. On the other hand, it's not lacking much in functionality compared to a smartphone, making it potentially more useful than other in-car systems.

Fixing the internet for confidentiality and security
First, it became clear that total surveillance is the norm even amongst Western democratic governments. Now we hear the UK government wants to be able to ban organisations without any evidence of involvement in illegal activities because they might “poison young minds”. Well, nonsense. Frustrated young minds will go off to Syria precisely BECAUSE they feel their avenues for discourse and debate are being shut down by an unfair and unrepresentative government – you couldn’t ask for a more compelling motivation for the next generation of home-grown anti-Western jihadists than to clamp down on discussion without recourse to due process.

Cyber Threat Intelligence
Threat intelligence is often presented in the form of Indicators of Compromise (IoCs) or threat feeds, although despite various attempts by vendors, it does not come in the form of an XML spreadsheet. Hence, threat intelligence requires organizations to understand themselves first and then understand the adversary. If an organization does not understand its assets, infrastructure, personnel and business operations – it cannot understand if it’s presenting opportunity to malicious actors. If an organization does not understand themselves fully to thus, identify what malicious actors might be interested in them – then it cannot properly recognize the intent of actors.

"Robotics Has Too Many Dreamers, Needs More Practical People"
Grishin said he wants to do more deals per year but, of course, he wants to find the right deals. "Robotics need dreamers," he said. "But there are too many dreamers now, and we need more practical people developing actual products." Grishin said that while looking for business opportunities, he saw too may entrepreneurs proposing cool new robots and concepts but with no business cases to support them. The robotics industry, he added, needs more startups to fail to allow entrepreneurs to learn from past mistakes and come up with more enduring plans.

Travel Intelligence and its big (data) benefits
The emergence of new technologies offers real-time data analyses and cutting edge forecasting capabilities across the entire travel cycle, allowing travel industry players to start doing things they had never even considered doing before. Big data is also today’s most powerful ingredient in the ongoing battle for competitive differentiation and personalisation. Understanding today’s traveller is vital to gain the competitive edge: the travel industry is moving beyond standard leisure and business segmentation towards a more personalised view of the customer. Real customer understanding can be drawn from multiple sources that exist at a company, industry and global level.

How to transform USB sticks into an undetectable malicious devices
Nohl explained that his team has written malicious code and deployed it intoUSBcontrol chips used in thumb drives and smartphones, at this point it is sufficient that victims connect the USB device to a computer to trigger the execution of malicious software. Nohl and Lell’s BadUSB demonstrations during Black Hat illustrated how their code could overwrite USB firmware and turn a USB device into anything. A flash drive plugged into a PC, could for example, emulate a keyboard and issue commands that steal data from the machine, spoof a computer’s network interface and redirect traffic by altering DNS settings, or could load malware from a hidden partition on the drive.

Quote for the day:

"You’ve got to get up every morning with determination if you’re going to go to bed with satisfaction.” -- George Lorimer

October 04, 2014

Driving IT Business Alignment: One CIOs Journey
To fix things, Dale and his team partnered with the business. Doing it together rather than separately enabled the IT organization and the business to collaborate and to build a better and more permanent partnership. Dale says, “We have really enjoyed implementing the solution, because the business units are now working very closely with IT”. Dale claims as well the relationship with their business units has gotten to be a very solid, trusting relationship with them, and very collaborative. They have learned to trust IT’s input, and IT has learned a lot from the business units about how they operate and like to operate.”

EA in practice: The Case Container
A central part to any typical Enterprise Application is the Case or Dossier, and the process handling this. The information going in to a Case, the business logic applied to it, and the subsequent business decision(s). It all has to be filed with accuracy. Case handling get complex because information changes over time, business decisions are made, and the business logic and the information going into it are also complex. Just look at financial institutions and insurance systems, as well as government systems. These have a load of legislation and business rules - that change over time – and every business decision must comply to the rules and information that was valid at that point in time. Otherwise that decision does not have integrity.

Examine API integration trends in the enterprise
As customers are looking to API integration tools more and more for mobile enablement, [representational state transfer (REST)/Javascript Object Notation] has become an accepted standard for exposing enterprise applications as APIs. Tools should facilitate the creation of these REST APIs, and on the back end [they should] support service discovery, shaping, cataloging and publishing APIs, and [monitor] the health and performance of these APIs at runtime.

Your Roadmap to Successful Adoption of Agile
Lean software development presents the traditional Lean principles in terms that relate to software development. Often when Lean is discussed, there tends to be a strong focus on eliminating waste and rightly so. However the real focus of Lean is the identification of value to the customer: delivering what they want, when they want it, and with the minimum amount of effort. To be sure, what is considered “valuable” also becomes a driver for what is considered wasteful. As folks think about Agile principles, I suggest that they also consider the Lean software development principles to help them in their Agile journey.

Information Security Controls Relating to Personnel
While the risk of threats are increasing, study says that the threat is more from the inside than from the outside. This has mandated the need for framing polices, procedures and controls around the employees of the organization, so that such risks arising from within can be mitigated or managed well. Whilst personnel security controls cannot provide guarantees, they are sensible precautions that provide for the identity of individuals to be properly established.

An immature security program is an exciting challenge
There are similarities between where my new company is right now with regards to security and where my old company was when I started there. But I don’t expect this new job to be a repeat of the last four years. For one thing, I am starting with all the knowledge and experience that I gained over the past four years. In the course of that time, I have learned a lot about things like cloud computing, mobile devices, advanced malware, data handling and security awareness. And I expect to keep on learning, since new things that I can’t even anticipate are sure to crop up.

Inside the Secret Clash of CIOs and CMOs
There's a fundamental problem in the way CMOs and CIOs look at technology projects. CIOs don't like loose ends. That is, they want to see projects that have a clear beginning and end -- a clear-cut return on investment. CMOs, however, can't afford to wait for this kind of clarity before embarking on projects. ... CMOs call this open-ended approach as being "agile," which is very different from what CIOs hear. For CIOs, "agile" means a software development methodology, according to The CIO-CMO Omnichannel study

When Good Federation Goes Bad
Given a choice of identity providers to leverage when logging in to a service provider, I generally choose the IdP that has the least data about me. In loose order of preference, this translates to Twitter, Microsoft, Google, and finally, Facebook. The first three generally require only my email address and a few other attributes, such as profile information I share publicly. Facebook, however is a whole other matter. I've written before on how Facebook throws a plethora of user identity attributes at a service provider when you use it as identity provider for a federated login.

Identity and Access Management Through the Enterprise Service Bus is a Pipe Dream
The first is the bi-directional nature of the ESB’s interface with the rest of your systems. This simply means the ESB can send and receive data and commands to any system it is connected to. Identity and Access Management processes don’t work the same way, however, as the type of data is “very different.” The changes involved, such as “a change in job or surname, or a promotion or departure of employees,” often can’t be read by the applications in their default modes, requiring significant development work on the part of the application supplier to make the system function. A result is that only very basic messages can be sent, such as the creation of a new identity.

The Problem with “Always On” Deduplication
The bigger problem is the way in which database systems store data. Relational databases use tables to improve performance and manage operations. A relational database such as Oracle has no duplicate data blocks, because each block in a tablespace (the logical container in which tables and indexes are stored) contains a unique key at the start and a checksum containing part of that key at the end. As a result, most shops are going to see little space saving, while paying the price of increased latency as the hardware pointlessly attempts to find matching blocks.

Quote for the day:

"A leader takes people where they would never go on their own." -- Hans Finzel

October 03, 2014

Security Think Tank: Minor failings can trigger major data breaches
When small incidents go unchallenged – or even unnoticed – they become the accepted culture. So, the first time a door to a file room is propped open for the sake of convenience, the security policy is bypassed. If this goes unchallenged, it will happen again because “Fred” does not see the importance of putting his PIN code into the door entry system for the file room. This mindset cascades, with more and more people believing it to be acceptable behaviour. Before you know it, propping the door open is the norm within the business, offering an opportunity for files to be removed by unauthorised staff, altered and copied – and a more major security breach could occur.

10 Tips to Ensure Your IT Career Longevity
Many organizations are getting better at providing embedded employee performance and career management processes, according to Karen Blackie, CIO of Enterprise Systems & Data for GE Capital. However, she warns that you are your own best advocate and should always strive to "own" your career. Don't wait for your organization to do it for you because that day may never come. This means stepping back and thinking about where you want to be in X amount of time and then outlining the different skills and experience needed to get there.

Blowing the Lid off BYOD Containers for Security and Productivity
With the MaaS360 Secure Productivity Suite, you can prevent data leakage by controlling emails and attachments. This facet of the larger Enterprise Mobility Management suite also conducts online and offline compliance checks before email can be accessed. You can set it to restrict forwarding, moving data to other applications via cut and paste restrictions, and screen captures. This last point is a very important consideration as public apps embed deeper into the enterprise and homegrown programs are updated to serve the app world.

Artificial intelligence in your shopping basket: Machine learning for online retailers
BloomReach is able to aggregate data from many sources, with user data kept in silos for privacy reasons - an approach which also means keeping the computational, data-processing and machine leaning infrastructure separate from the serving infrastructure. The result is a micro services model that can deliver millions of pages from the cloud, while still learning from user interactions and new content. De Datta points out that without new information search boxes degrade over time, and the more inputs you have, the smarter the system gets.

CIOs must argue for smarter, more strategic technology investments
"We certainly see shifts in the IT budget, because growth was previously very strong in areas like storage and physical servers, but clearly that growth is reducing, as there are shifts to virtualisation and higher uptake of cloud models," she said. At the same time, these new forms of technologies and the service delivery models of the cloud are changing the way that IT is consuming technology, most evident in the shift of IT spending from a capital expense (capex) to an operating expense (opex) model.

Government Toils To Create Big Data Infrastructure
"This is not necessarily a new problem," said Steve Wallach, former technical executive at the National Geospatial-Intelligence Agency (NGA). As long as 30 years ago computers were producing more data than could be practically used, and the ability to produce it has outpaced our ability to manage it since then, he noted. "We are moving into a new area," said Wallach. The other major challenge is making the data available to other researchers who can add value to it. "I spend a lot of the taxpayers' money producing this data with the big machines,"

Does Hadoop Mean the End of the Data Model?
The natural result of separating the data content from the data structure is that the MapReduce program becomes the place where the two are linked. Depending on the data processing needs, this may or may not be a complete data structure definition. In addition, each developer will define this mapping in slightly differing ways, which results in a partial view that makes unified definition hard to assemble. The late-binding of data content to the data structure essentially places the developer as the middleman between the data and the data consumer since most data consumers are not MapReduce trained.

Cyber risk and the UK’s Cyber Essentials Scheme
The scheme builds on elements of ISO 27001, laying out a procedure for establishing resistance to cyber risk; the key aspect of the new initiative is that this resistance can be externally certified. External certification is important: it is designed to enable those dealing with an organisation – customers, suppliers and perhaps insurers – to know whether it meets a measurable minimum standard of cyber hygiene. This in turn should create a competitive advantage for those who demonstrate compliance over rivals who do not. Once the scheme is up and running, applicants will be able to get certification showing the level of compliance they have attained.

A Rails Enthusiast’s take on MEAN.js
To dive into MEAN, what better way for a Rails fan to get up to speed than by following the path of the famous demo, and creating my own blog application with MEAN.js. A more up-to-date version of the Rails blog exercise, without the “Uoooops,” is the Rails getting started guide. Our journey here will mirror this guide and summarize my comparison with Rails. To follow along with my code, check out the project on GitHub. ... To start a new app in MEAN, like Rails, we use a generator. MEAN.js uses Yeoman for automation, and is configured with a generator for a starter application. In this case, I created an application called Blog.

How iPaaS integration gains platform status
IPaaS service offerings are built around an Agile development methodology where time to market speed is crucial. An iPaaS service platform typically provides prebuilt connectors and development and configuration tools that are user-accessible, drag-and-drop type tools. Using the provided tools, organizations can implement integration projects involving SaaS or on-premises endpoints, data sources, applications, services, APIs and processes. Users are able to develop, deploy, execute, manage and monitor integrated interfaces linking multiple endpoints.

Quote for the day:

"Talent hits a target no one else can hit; Genius hits a target no one else can see." -- Arthur Schopenhauer

October 02, 2014

Encryption IS for the children; it's the gift of electronic privacy rights
But it’s for the children! Sorry, but I’m as tired of that rationalization being used as a reason to justify surveillance and censorship as using the terrorism threat as an excuse. Both were used by FBI Director James Comey in the form of warning about how restricting quick access by law enforcement to a smartphone could cost lives in some kidnapping and terrorism cases. “What concerns me about this,” Comey said, “is companies marketing something expressly to allow people to place themselves beyond the law.”

UK falling behind in cyber intrusion detection, study shows
Global information security budgets decreased 4% in the past year compared with 2013, and security spending as a percentage of IT budget has remained stalled at 4% or less for the past five years. Leadership is cited by 30% of respondents as the biggest obstacle to improving the overall effectiveness of the security function. More than a quarter of respondents do not think there is a senior executive who proactively communicates the importance of information security. UK respondents said the top three obstacles to improving security are: insufficient capital funding, a lack of leadership from the CEO or board and the lack of an effective information strategy.

The battle for the IT budget: Operation versus experimentation
"Justifying the ROI for maintaining old solutions or building expensive new ones has become very challenging," Dufour said. "The win rate for on-premise has decreased a lot — below 20 percent for some products — and most companies have a solid aversion against buying hardware, paying for implementations and waiting for tangible results." Outsourcing is another way that many companies are saving money on operating expenses. Traditional outsourcing is still a popular way to save costs on helpdesk, but using platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) tools are, in a way, a form of outsourcing support as well.

The scary truth about data security with wearables
The amount of data being collected by just the wearable device on your wrist is simply astounding. Damien Mehers, a wearables developer who built the Evernote app for Pebble and the Samsung Galaxy Gear, said, "Especially with the fitness [devices], if you read the license agreements, if people really realized what they are signing up for, they might be horrified at what they're allowing the companies to do with the data. I think there needs to be more clarity and perspective from the user."

Building a disaster recovery plan starts with IT disowning DR
Once we have scored the risks, we define mitigation plans, which should map correctly to the risks. Disaster recovery can be expensive and it is easy to over-invest in recovery options that we will never actually trigger. And, because redundancy -- in systems, processes and capabilities -- is incredibly expensive, we should have redundancy or partial redundancy only on the high impact/high probability risks. For everything else, we think of how to quickly recover from a disaster, with "quickly" being highly situational.

Implementing repository Pattern With EF4 POCO support
Here all the method responsible to do query, return result in ObjectQuery Which have been used for a special reason and that is ObjectQuery.EnablePlanCachingProperty that indicates whether the query plan should be cached. Plan-caching caches information which is computed as part of putting together the query itself. By caching this, a subsequent execution of the same query (even if you change parameter values) will run much faster than the first one. This information is cached per app-domain so you will generally benefit from the query cache across multiple client requests to the same web app and the like.

IT pros told to pay attention to 'shadow IT'
The newest form of shadow IT, which Comstock also called "dark IT," is cloud services. These are platform, software and infrastructure services that can be obtained by using a personal credit card. Such services are popular because they allow employees to more quickly set up the services they need, without going through a probably already-overworked IT department. Comstock urged the audience to embrace this new form of shadow IT, because it provides a glimpse to IT staff of what their users require.

Microsoft partners with financial services industry to fight cyber crime
Under the new collaboration agreement, Microsoft will provide FS-ISAC members with visibility into malware infections on banking networks. This agreement is the latest example of Microsoft proactively partnering with customers, industry leaders and global law enforcement to counter cyber threats. Criminals have moved into cyber space to target banks, businesses and customers to steal millions of dollars without ever cracking a safe, said Richard Boscovich, assistant general counsel at Microsoft’s Digital Crimes Unit.

The channel needs the right blend of youth and experience
The lack of knowledge of business processes is the primary reason why many IT integration projects fail. Let’s face it, IT salesmen aren’t the greatest listeners in the world. They only ever stop talking in order to think about what they’re going to say next – meanwhile, your queries wash over them. At the risk of making a massive generalisation, it might be said that women are better listeners than men. Surely, listeners are what we need in this industry. Which is why another movement, Women Who Code, could be useful too.

CFOs – Vanguards or Villains?
The bold CFOs are unafraid to admit that their existing reported information may be both flawed and incomplete. The flawed aspect deals with continued use of non-causal cost allocation factors that lead to misleading simultaneous under and over-costed products and services (because cost allocations must have a zero-sum error to reconcile). The incomplete aspect deals with not tracing and assigning the channel and customer-related expenses reported below the gross profit margin line. These channel, selling, customer service and marketing-related “costs to serve” are arguably more important than product costs.

Quote for the day:

"We think of our brains as thinking machines, but they're not. They're survival machines." -- Kris Kimmel

October 01, 2014

The innovation dilemma: Who really calls the shots on new tech?
Modern IT goes beyond tactical issues, traditional sourcing models and resources, said Justice: "It is about aligning technology to people and processes to meet business goals (no matter where the service comes from) by continually aligning, vetting and leveraging technology options as they evolve." John Gracyalny, VP IT at SafeAmerica Credit Union, said the CIO is the right person to make these decisions "if, and only if" they are as well versed in business as they are in technology. "The day of the pure technologist is long gone," he added.

A Simple and Effective Algorithm for Anonymizing Location Data
The study of human mobility can potentially unlock great value for both commercial players, as well as the public sector. Location data can, for example, assist city traffic planning, and intelligent trans portation [9], as human movement patterns are not likely to significantly change over time [3, 22, 20, 18]. Individuals can also directly benefit from location-based services which provide personalized services to smartphone and tablet users, such as navigation, tracking, and recommendations for entertainment or new friendships. These location-based services heavily rely on the availability of location data.

Re-architecting the Data Center for the Digital Service Economy
Shannon Poulin, the Vice President of the Data Center Group; General Manager of the Datacenter Marketing Group; and General Manager of the Enterprise IT Solutions Group at Intel Corporation, is responsible for driving Intel's enterprise data center business. In this keynote Shannon will provide Intel's vision for re-architecting the data center for the digital service economy and highlight how Intel is investing in key technologies that will help enable enterprises to access the increased efficiency and agility of software defined infrastructure.

The 5 Sexiest Big Data Jobs Available Today
It’s been estimated that by 2015, almost two million people will be employed in big data jobs in the US. Hal Varian, Google’s chief economist, is quoted as saying “…the sexy job in the next 10 years will be statisticians” and Tom Davenport, Distinguished Professor at Babson College, believes that a data scientist has the sexiest job of the 21st century. So what are these sexy jobs? Here’s a quick look at some of the positions available today that might allow you to break into the glamorous and exciting world of the big data professionals:

5 Big Data Hadoop Use Cases for Retail
Now, Apache Hadoop provides the necessary technology and data pipeline for analyzing customers as individuals and creating individual marketing campaigns accordingly. Rather than guessing, gambling, and hoping campaigns succeed, businesses can make observations on retail data and focus on the individual shopper. Not only does this reduce the amount of time spent researching; it can lower marketing budgets significantly and allows ads to reach the right people. It’s not just about ad campaigns. There are a vast number of applications that can be built using Hadoop, from analyzing the customer to analyzing the brand, five of the most common of which are detailed below.

Google Execs Have Ideas on How to Run Your Business
Most companies think that the set of stuff that needs to be done is much more onerous than it really is today, and that’s because they’re not thinking in terms of information, reach, and computing power. They’re thinking in terms of the inputs that go into the old 20th-century manufacturing world. If you look at software today, much software is built on open standards. We have much more powerful APIs. It’s very easy to do things, like the guys at Waze did or the guys at Uber did, to put information together and accomplish something very significant with a very small number of people.

Microsoft to detail more of its next-generation developer story in November
Microsoft will hold an invitation-only developer-focused event, targeted primarily at the CXO community, on November 12 in New York City, several sources of mine have said. That event coincides with the third, developer-focused day of the company's planned "Future Decoded" event in London. Microsoft CEO Satya Nadella is one of the speakers at the three-day Future Decoded conference. ... The next Microsoft Build conference isn't slated until April 2015 (no exact dates yet), Microsoft officials disclosed yesterday. But in the interim, the Softies are continuing to roll out updated versions of a number of Windows developer tools.

Information Governance: Principles for Healthcare (IGPHC)™
Called the Information Governance Principles for Healthcare (IGPHC), the framework is aimed at governing information across all organizational functions. Adapted from ARMA International’s Generally Accepted Recordkeeping Principles, IGPHC includes established practices from relevant areas such as quality improvement, safety, risk management, compliance, data governance, privacy and security. AHIMA defines information governance as “an organization-wide framework for managing information throughout its lifecycle and for supporting the organization’s strategy, operations, regulatory, legal, risk, and environmental requirements.”

Open source is starting to make a dent in proprietary software fortunes
This isn't good for incumbent vendors. As the report signals, "The popularity of open-source software has reached a point such that almost every incumbent and publicly-traded proprietary software vendor has an emerging privately held open-source rival that is targeting it." Still, a market like Business Intelligence is so large that an up-and-coming open-source vendor can easily get lost as a rounding error. At least for now. Where open source is having a near-term impact, according to the report, is "more in the data management and infrastructure software sectors." Still, others are also feeling the heat:

Chief analytics officer: The ultimate big data job?
Not every organization hiring a CAO is a digital pioneer, but many have matured to the point where they need to take a more strategic approach to analytics. Often, these businesses have deployed pockets of analysts and data scientists across the organization -- in marketing, IT, operations or finance -- but they aren't yet harnessing the collective wisdom or economies of scale. These companies are the prime candidates for a CAO. "When you start thinking about how to organize your analytics better and how to get more bang for the buck, you'd better be thinking about hiring a chief analytics officer," says Bill Franks, CAO at data-services firm Teradata.

Quote for the day:

"Truth alone will endure, all the rest will be swept away before the tide of time." -- Mahatma Gandhi

September 30, 2014

DevOps in Telecoms – Is It Possible?
Unlike IT and Internet platforms, they don't create a virtual service to be deployed somewhere in the cloud, nor can it be “continuously” patched in an Agile manner. They deliver hardware that may cost millions to commission and is maintained over years with strict SLA's. So on a technical level, by using OpenStack, Puppet, Chef, Salt or other technologies DevOps isn't going to do anything for the Telco guys. When I first asked my former colleagues from my time working in SaaS in 2012 what DevOps actually was, the confusing answer by advocates was:

6 Key Defenses Against Shellshock Attacks
Security vendor Cloudflare reported Monday that it has counted more 1.5 million distributed-denial-of-service attacks against the Shellshock flaw daily on its network. Web application firewall vendor Incapsula reported Monday that over the four days since Shellshock was made public Sept. 25, it has deflected more than 217,000 exploit attempts on over 4,115 domains. Incapsula has documented attacks originating from more than 890 IP addresses worldwide. So, what should companies do to defend against attackers? Experts from the SANS Institute, which provides data, network and cyber security training, offer the following advice:

Why Great CEOs Often Work Less to Achieve More
We are endlessly told that hard work creates more profit. Work harder to create more profit in your new business. Does more work really mean more profit? Do we have to put in ludicrously long hours to be successful? We have been brought up to believe that working more equates to being more successful. More input equates to more output. Well, I am not sure I agree. I think the logic (and many of the assumptions behind it) is flawed. Sure, if you are a one-person-business, charging per unit of time, then more units equals more money. But most businesses try to grow by employing people to spread the workload. Or, maybe you should simply charge more per unit of time!

Is the cloud instable and what can we do about it?
Like many of the web-scale applications using cloud-based infrastructure today, enterprise applications need to rethink their architecture. If the assumption is that infrastructure will fail, how will that impact architectural decisions? When leveraging cloud-based infrastructure services from Amazon or Rackspace, this paradigm plays out well. If you lose the infrastructure, the application keeps humming away. Take out a data center, and users are still not impacted. Are we there yet? Nowhere close. But that is the direction we must take.

"Upgrading" Pair Programming
Pair Programming it is a highly effective practices, but the remaining question if has enough coverage to describe the needed cooperative work inside the team. Unfortunately, the practice name it is interpreted too literally, only for direct coding activities. Yes, Agile has restore the importance of the coding in the overall development, but let think a little: what is the meaning of “Programming” from XP name? In fact it is “Development”, where the effective programming/coding it is, of course, very important. An XP programmer it is, in fact, a multi-role developer involved also in planning, requirements, architecture, and design, coding and testing. A much better term could be then “Pair Development”.

Enterprise Cloud Architecture: 3 Questions You Should Ask to Determine the Right Approach
Looking to minimize capital expenditures and convert to an OpEx-based model? Then a third-party cloud solution should probably be part of your equation. Want to move to the cloud but constrained by data storage regulations? A private cloud solution or a public cloud offering that meets your compliance requirements might be more up your alley. Have some apps that would easily convert to the cloud, as well as other legacy apps that wouldn’t be quite so easy to virtualize? A hybrid approach could be the right answer. As with many things in life and in business, the answer to the cloud computing architecture question is, “It depends.”

Through microservices, a renewed push for simplicity and IT minimalism
So what are microservices, and is there anything new about them? It feels like deja vu all over again. Microservices are, in essence, finely grained services, deployed without middleware or brokers -- such as an enterprise service bus. There are shades of Jim Webber's "Guerrilla SOA," which he advocated a number of years back as a way to quickly build and deploy services for tactical quick hits. APIs and RESTful services also fit this mold. Gruman and Morrison suggest that MSA is all of these things, with an emphasis on taking a minimalist approach to services:

Service model driving cyber crime, says Europol report
"The inherently transnational nature of cyber crime, with its growing commercialisation and sophistication of attack capabilities, is the main trend identified in the IOCTA,” said Rob Wainwright, director or Europol. “It means issues concerning attribution, the abuse of legitimate services, and inadequate or inconsistent legislation are among the most important challenges facing law enforcement today," he said. EU home affairs commissioner Cecilia Malmström said the fact that almost anyone can become a cyber criminal is putting ever-increasing pressure on law enforcement authorities.

Report: Crime-as-a-Service tools and anonymization help any idiot be a cyber-criminal
Almost any idiot with malicious intentions can jump into the cybercrime arena thanks to 'Crime-as-a-Service' tools that lower the entry barriers into cybercrime; wannabe cyber-criminals who lack technical expertise can simply buy the tools and skills needed. In fact, “Crime-as-a-Service business models” and anonymization have helped many traditional organized crime groups move to cybercrime, according to the 2014 Internet Organized Crime Threat Assessment (iOCTA) published today.

Trust in cloud security at all-time low: Execs still betting on the cloud
BT says this trust drop (82 percent in the US, 76 percent globally) is "a substantial increase of 10 percent globally from previous research in 2012." With recent news of serious cloud security breaches, such as the Xen bug forcing Amazon to reboot its EC2 instances, and Xen making Rackspace do the same this weekend, plus consumer fears fanned by the "celebrity nudes iCloud hack" -- it's no wonder IT is losing its faith. But with cloud security trust as rock bottom, is enterprise IT nuts for putting its data security into cloud and SaaS?

Quote for the day:

“If we did all the things we were capable of, we would literally astound ourselves.” -- Thomas A. Edison