Daily Tech Digest by Kannan Subbiah

November 18, 2014

CIO interview: Anna Barsby, CIO, Halfords
“There’s complexity running a programme and upgrading SAP, which is pretty much at the heart of our system estate,” she says. “And it was our first move into the cloud at the same time,” she adds. “Going into the cloud with anything has its unknowns, but with SAP as our first foray it just felt risky.” “Culture was a really big one for us,” she says. “Once agreed on HP, we decided we also wanted to move from a physical server to the cloud.” Barsby says while the move to the cloud increased risk, the retailer only needed one period of downtime to complete the upgrade.

Testing Strategies in a Microservice Architecture
There has been a shift in service based architectures over the last few years towards smaller, more focussed "micro" services. There are many benefits with this approach such as the ability to independently deploy, scale and maintain each component and parallelize development across multiple teams. However, once these additional network partitions have been introduced, the testing strategies that applied for monolithic in process applications need to be reconsidered. Here, we plan to discuss a number of approaches for managing the additional testing complexity of multiple independently deployable components as well as how to have tests and the application remain correct despite having multiple teams each acting as guardians for different services.

Mega Data Breaches: Are They Here to Stay?
Current security solutions either do not have the capabilities to aggregate, analyze and correlate information from multiple sources, or cannot scale and handle the volume of data generated by the activities over a period of time. The greatest area of unmet need with conventional security solutions is effective, targeted attack prevention and breach detection. Organizations are failing at early breach detection, with more than 92% of breaches detected and notified by a third party—this is what ultimately impacts the size and cost of the data breach.

Cloud computing's not-so-secret mission
As the cloud matures, we are seeing another layer of cloud computing that promises to shake the foundation of our IT infrastructure to its core – the advent of IT-as-a-Service, which will be perhaps the cloud’s highest calling. Initially, many thought of the cloud as the successor to the web host. The next-gen data center. As someone who first became involved in web hosting in 1995 or so, I will admit that I thought that as well. The cloud is a great place to keep your web infrastructure, and it is even great to keep your apps and app infrastructure. However, the cloud is also a great place to which you can move your entire IT infrastructure as well. It took a little longer than moving websites or even apps to the cloud, but IT in the cloud has arrived.

9 Healthcare Innovations Driven By Open Data
Vinod Khosla, a leading tech venture capitalist and the former CEO of Sun Microsystems, sees the change as inevitable. He described his vision in a keynote at this past June's Health Datapalooza, an annual celebration of new developments in data-driven healthcare. Khosla predicted that "data science will do more for medicine than all the biological sciences combined" over the next two decades. One driver, he believes, will be the need to reduce medical errors by using computers for more accurate case monitoring than humans can accomplish. These new advances are made possible by two related categories of data: big data and open data.

Five winning strategies of successful CIOs
Whether CIOs are being asked to deliver or transform, Marks says they will always have to consider a digital element. Data centres, he says, are being transformed, while mobility has become crucial and software is being delivered as a service by default. "The new digital value lies in the CIO's ability to match the best combination of technologies and to negotiate the right deal for all parties,” says Marks. “Whether the CIOs of today have the experience, skills, and motivation to achieve this combination is a different matter. This is perhaps the more daunting challenge for the CIO than the march, and possibly passing trend, of the chief digital officer.”

Determining data value to reduce cloud storage risks
The value of data deals with the utility of data. Data utility requires evaluation for the value of the content in the present, along with the potential value of that same data content in the future. A useful analogy might be to consider an old photograph taken of a subject in his younger days and showing him wearing the styles of that era. At the time the picture was taken, the image provided no offense to the subject. However, the same picture many years later might cause the subject to cringe at the fashion it displays. Now consider that instead of an old, funny picture, business or personal data is on display.

CIO success is all about winning friends and influencing people
The general consensus is that these pillars of technology are last year’s news, because CIOs today should be thinking about the concepts and technologies that sound a bit left field – such as how 3D printing and the internet of things (IoT) could influence the organisations they work in. One of the keynote sessions at this year's Gartner Symposium in Barcelona was a "fire-side" chat with Oliver Bussman, CIO of UBS. During the interview, Bussman was asked about the challenges facing the banking sector. "Digital disruption has arrived in banking," he said.

More users will hire criminals to fight cyber crime
The idea of using the skills of people that were once on the wrong side of the law is one that is taking hold in a rising number of companies, according to findings from KPMG. The firm found that over half of UK firms would consider hiring a hacker or someone with a criminal record in order to improve their own defences and stay ahead of the criminals. The reason why many would recruit former criminals is because the overwhelming number (74%) recognise there is a growing cyber threat and they are struggling, in the cases of 57%, to get hold of specialised staff and then keep them.

Cisco hands over security analytics framework to open source development
Announced in a blog post on Monday, the San Jose, CA-based company said Opensoc, a framework that uses big data analytics to detect threats, is now available for businesses to integrate within their own systems. ... The OpenSOC framework integrates elements of the Hadoop ecosystem, including Storm, Kafka, and Elasticsearch. According to the firm, this means OpenSOC is capable of full-packet capture indexing, storage, data enrichment, stream processing, batch processing, real-time search, and telemetry aggregation, and also provides a platform that can "effectively enable security analysts to rapidly detect and respond to advanced security threats."

Quote for the day:

"Too many people overvalue what they are not and undervalue what they are." -- Malcolm Forbes

November 17, 2014

13 Things to Do When a Hacker Steals Company Data
If the worst happens--e.g., a hacker steals your customer records or breaks into a server--it's easy to go into a tailspin and try solve every problem all at once. Apart from the headaches this can cause, it's also not the best approach to a data breach. Orlando Scott-Cowley, the director of technology marketing at Mimecast, a company that makes a secure cloud-based e-mail service, told me about an action plan he advises.

HP Analytics blazes new trails in examining business trends from myriad data
There are 20 million SMBs in US, and we are able to build a model to predict which of these prospects are similar to the clusters we had. That’s where we were able to find customers that looked like our most profitable customers, which we ended up callingVanguards. That resulted into a tremendous amount of a dollar increment for HP. It's a good example of what you talked when you find unexpected things. We just wanted to analyze data. It led us to a journey and ended up finding a customer group we weren't even aware of. Then, we could build marketing strategy to actually go target those and get some value out of it.

James Lewis on Microservices
Johannes Thönes talks to James Lewis, principal consultant at ThoughtWorks, about microservices. They discuss microservices’ recent popularity, architectural styles, deployment, size, technical decisions, and consumer-driven contracts. They also compare microservices to service-oriented architecture and wrap up the episode by talking about key figures in the microservice community and standing on the shoulders of giants.

ArchiMate 2.1® Poster Pack - Print Version
The ArchiMate meta-model and notation is fast becoming the de facto standard for depicting Enterprise Architecture. The ArchiMate® 2.1 Poster pack provides a quick-glance reference to both ArchiMate Concepts and ArchiMate Viewpoints.

A Primer on Measuring Employee Engagement
There are many factors that contribute to employee engagement — ranging from corporate culture to management style to competing priorities outside of work — and the pertinent factors are different for each employee. This complexity is what makes it so challenging to measure and understand engagement in an actionable way. While still in its infancy, people analytics is beginning to give organizations the data and tools to understand what drives engagement, perhaps even better than employees understand themselves.

Fitbit Data Now Being Used In The Courtroom
The lawyers aren’t using Fitbit’s data directly, but pumping it through analytics platform Vivametrica, which uses public research to compare a person’s activity data with that of the general population. Muller says the case is “unique,” and does appear to be the first known case where data from a wearable is used in court. (If other earlier cases come to light I will update this post.) “Till now we’ve always had to rely on clinical interpretation,” Muller says from his office in Calgary. “Now we’re looking at longer periods of time though the course of a day, and we have hard data.” His plaintiff will share her Fitbit data with Vivametrica for several months as part of an assessment period.

Are Asean CFOs starting to embrace the Cloud? Oracle asks
Despite the apparent advantages of Cloud computing, not all organisations are convinced that this is the best way forward as many CFOs still have their reservations about the quality of software vendors, and the possible creation of processing silos. Especially, the migration of ERP applications onto the Cloud is facilitating one of the biggest shifts in financial systems. The challenge of integrating systems and technologies remains a key barrier to adoption at many organisations; as well as the question of whether there are sufficient internal skills to make the shift.

Laser-Radio Links Upgrade the Internet
Technology that uses parallel radio and laser links to move data through the air at high speeds, in wireless hops of up to 10 kilometers at a time, is in trials with three of the largest U.S. Internet carriers. It is also being rolled out by one telecommunications provider in Mexico, and is helping build out the Internet infrastructure of Nigeria, a country that was connected to a new high-capacity submarine cable from Europe last year. AOptix, the company behind the technology, pitches it as a cheaper and more practical alternative to laying new fiber optic cables. Efforts to dig trenches to install fiber in urban areas face significant bureaucratic and physical challenges.

Data science: 'Machines do analytics. Humans do analysis'
Humans have to find the patterns, ask the right questions and make the connections in the data. "Machines do analytics," explained Sullivan. "Humans do analysis." Computers are good at detail and examining the past, but real data science requires imagination and cognitive ability. "I can take 10 tools, U.S. Census data and agriculture data and determine that people who were strangled by their bed sheets tracks cheese consumption," Sullivan said. "A human knows that makes no sense. You can't commoditize reasoning by a human." Another way to put it is that machines are used as "data janitors" to clean data and crunch numbers, but it's a small part of the overall process.

As open source goes mainstream, institutions collaborate differently
"There's a clear progression that nearly every government agency goes through, fromconsuming open source, to publishing open source (as a one-way broadcast), to collaboratingon open source," said Balter. "A similar progression is also seen from open source, to open data, and open government policy. Policymakers see the geek's tooling, realize the value of collaboration, and want to bring it into their own workflow. If your doctor takes a multivitamin every day, wouldn't you? To me, the idea of working more openly, regardless of format or form, within an organization, or with the public is the idea that we're seeing catch on. It's starting with open source, but that's just the start."

Quote for the day:

"Sometimes when you innovate,you make mistakes. It is best to admit them quickly,and get on with improving your other innovations." -- Steve Jobs

November 16, 2014

How to Become a Data Scientist in 8 Easy Steps
Our friends over at DataCamp just came out with a cool new infographic entitled “Become a Data Scientist in 8 easy steps.” This hits home to a lot of people who are trying to enter this new industry hoping to satisfy a lot of unfilled job openings. The question is how best to make this transition. The useful infographic below will help answer this question by outlining the process of becoming a data scientist ... These are all excellent tips, so examine the infographic carefully for more detail. You too can become part of the “sexiest job of the 21st Century!”

Search for Growth in Social, Mobile Fuels Tech M&A Boom
“Now it’s disruptive technology that’s in the crosshairs,” Liu said. “Consolidation involves coporations needing to catch up in a way that they are not able to do fast enough orignaically.” The aggregate global value of all publicly disclosed-value deals set a new post-dotcom era quarterly high of US$73.7 billion [b], up 41 percent sequentially and 4 percent year over year. At 923 deals in total, overall volume also set a record for any quarter since 2000, rising 6 percent sequentially and 31 percent year over year. Corporations, as opposed to private equity deals, continue to drive the growth, increasing aggregate value 40 percent sequentially and 9 percent year over year to $65.3 billion.

IoT Won’t Work Without Artificial Intelligence
The big problem will be finding ways to analyze the deluge of performance data and information that all these devices create. If you’ve ever tried to find insight in terabytes of machine data, you know how hard this can be. It’s simply impossible for humans to review and understand all of this data – and doing so with traditional methods, even if you cut down the sample size, simply takes too much time. We need to improve the speed and accuracy of big data analysis in order for IoT to live up to its promise.

What Every Business Owner Needs to Know About Data Sovereignty
Unfortunately, the laws and regulations protecting digital information can be extremely complex. They are dependent on different governments and jurisdictions, and data stored in certain countries may or may not be subject to subpoena by another country’s government. As an IT professional, you’re likely responsible for ensuring that your company’s data is fully protected. However, you need to provide your business’s owner with the basics to enable him or her to make the best decisions for the company — and the valuable data it possesses. For those who don’t work with technology all day, however, the variables can be overwhelming.

Collective intelligence, big data and IEML
There are two big problems with this landscape: The first is related to the methodology; today we use mainly statistical methods and logical methods. It is very difficult to have a semantic analysis of the data, because we do not have a semantic code, and let’s remember that every thing we analyze is coded before we analyze it. ... So you need a semantic code to have a semantic analysis. We do not have it yet, but I think that IEML will be that code. The second problem is the fact that this analysis of data is currently in the hands of very powerful or rich players –big governments, big companies. It is expensive and it is not easy to do –you need to learn how to code, you need to learn how to read statistics, is not easy.

MSSP: Integrate, NOT Outsource!
This means that for the MSSP to work well for you, process integration must be carefully planned. Here we talked about the alert response integration (and here about the SLAs), but the same applies to device management (integrate with your change management and reporting),incident response (integrate with your IR) and many other processes. This also means that this focus on integration allows you to vary the degree of security ‘outsourcing’ or externalization. If your plan – monitor – triage – respond – refine chain is well planned, you can almost painlessly engage external resources (MSSP, consultants, etc) at whatever stage: need more help with cleaning the mess? Call that IR consultant. Want to shift some perimeter monitoring duties outside? Go get that MSSP.

Requirements Discovery and Constraints Analysis
The process of requirements discovery broadly involves elicitation of functional and non-functional requirements from business needs. A business or enterprise architect’s role in requirements discovery is wider and broader in terms of scope, responsibility and, nature and stage of engagement. ... The nature of business concerns will not be limited to problems addressable by technology solution but also include considerations such as investments, ROI (Return on Investments), business case, timelines, priorities, risks and solution strategies potentially involving an eco-system of internal and external stakeholders (e.g. technology providers).

Simulation-Based Embedded Agile Development
While simulations containing embedded software need not be developed in an agile manner, Scrum’s agile framework helps realize greater benefits from a SiS approach. One Scrum event is the sprint review, in which the development team demonstrates what was accomplished during the sprint. It can be challenging to have something visual to demonstrate with embedded software development as there is often little to “see.” We might get only a blinking light or a wiggling fin. ... When such feedback is used in the sprint review as well as daily collaboration, these collective learning opportunities allow more nimble responses to necessary changes in requirements and design.

BlazeMeter, New Relic Team Up To Deliver Richer App Performance Testing Analytics
“Data analysis is most valuable when you can understand and act upon it instantly. Testing makes it easy to trigger a symptom, but you need monitoring to identify the root problem in the first place,” Girmonsky told IDN. “Together, BlazeMeter and New Relic provide their customers a full 360-degree view of their systems. Customers can dynamically define the KPIs they want to analyze, query the application and instantly understand the specific quirks of their system,” he added. The growing BlazeMeter/New Relic partnership is also a sign of how IT is increasing its use of machine data and big data to improve their software lifecycle -- design, development, testing and operations.

Optimizing Enterprise Risk for Value Creation
With IT risk being a subset of Enterprise risk, and given the pervasiveness of technology within the business, optimizing IT risk has a direct and positive effect on the overall risk of the organization. So important is risk optimization of the Enterprise’s IT to the organization that within COBIT 5 there is not one, but two, dedicated processes - ‘Ensure Risk Optimization’and ‘Manage Risk’. The Ensure Risk Optimization process is within the Governance area of the COBIT 5 framework and is supported by 3 governance practices and 16 activities. The process ensures that the enterprise’s risk appetite and tolerance are understood and not exceeded by Enterprise IT, the impact of IT risk to enterprise value is identified and managed, and the potential for compliance failures is minimized.

Quote for the day:

"Take the first step in faith. You don't have to see the whole staircase, just take the first step." -- Martin Luther King Jr.

November 15, 2014

5 Hadoop Security Projects
While other projects attempt to improve Hadoop’s security from the inside, Apache Knox Gateway tries to do it from the outside. Apache Knox Gateway creates a security perimeter between Hadoop and the rest of the world by providing a REST API gateway for interacting with Hadoop clusters. All communication with Hadoop is done via Knox Gateway, which controls and moderates it. Knox includes the following features: LDAP and Active Directory integration, support for identity federation based on HTTP headers, and service-level authorization and auditing.

Amazon Phishing Attacks Pick Up for Holiday Shopping Season
"If you get an email with a Word attachment, don't open it, just go to the site, log into your account, and all the transaction history is right there readily available." he said. "It's always a good idea to go right to the horse's mouth." So far this month, AppRiver has quarantined more than 600,000 email messages with the subject line "Your Amazon Order Has Dispatched (#3digits-7digits-7digits)" and a return address of "amazon.co.uk." The attached Word document has a macro that installs a Trojan dropper that creates a process named "SUVCKSGZTGK.exe" and the dropper then installs a keylogger that harvests banking information, email logins, and social media accounts.

ETH Researchers Develop a Thought-Controlled Genetic Interface
Using the interface they designed, the ETH team showed a human volunteer wearing an EEG cap could use his thoughts to trigger production of a particular protein, called SEAP, in human kidney cells growing in a petri dish. He could also turn on supplies of the cells that had been implanted under the skin of lab mice. The research is interesting because it shows how futuristic brain implants might function, Folcher and company write in this week’s Nature Communications. Such devices, the ETH authors speculate, might sense a person’s feelings of pain (or perhaps oncoming epileptic seizure) and then automatically trigger brain cells to pump out a helpful biotech drug.

Facebook nudges users to take control with privacy makeover
"Over the past year, we've introduced new features and controls to help you get more out of Facebook, and listened to people who have asked us to better explain how we get and use information," wrote Erin Egan, Facebook's chief privacy officer. "Protecting people's information and providing meaningful privacy controls are at the core of everything we do, and we believe today's announcement is an important step." Facebook has had its share of privacy controversies. It has repeatedly been criticized for its privacy policies and even for the difficulty in using privacy controls.

Why bug bounty hunters love the thrill of the chase
“Having a look at the security community, we can tell that there are a lot of top-notch bug hunters who fulfill nearly all of the above points. On the other hand, there are ‘unskilled’ or new bug hunters who try to make some quick bucks by using one-click-tools and sometimes go as far as threatening the business owners. We refuse to call these people ‘bug hunters’,” they said. They enjoy bug bounty hunting because it gives them the freedom to break things whenever they want. “By submitting useful reports the chances are good that more and more companies will get the idea about responsible disclosure,” they said in calling bug bounty hunting the ultimate in crowdsourcing.

Security Skills Gap Continues to Stymie Enterprise Cyber-Defenses
"Good resources are scarce and you have to find new ways to provide needed security services," Chip Tsantes, chief technology officer of the cyber-security practice at Ernst & Young, told eWEEK. “You have to be more creative to find the skills that you need.” The lack of information-security professionals has been a common theme over the past five years. More recently, government hiring and the increase in the number of devices added to networks requiring security support has led to a continue shortfall in skilled security people, which Cisco estimates at 1 million workers worldwide.

10 Big Data Career Killers
Data scientists are in high demand. The Big Data market will grow anywhere from 20 percent to 40 percent annually through 2017, depending on the market forecast you trust most. But even an industry boom doesn't guarantee job security. Here are 10 missteps that can stop your Big Data career in its tracks. Note: Special thanks to Jack Welch, executive chairman of Jack Welch Management Institute at Strayer University. Taking poetic and editorial license, we adjusted his "10 Career-Killing Pitfalls" list to focus on the Big Data market.

Next-Generation Robot Needs Your Help
“It is very good idea,” says Bilge Mutlu, an assistant professor at the University of Wisconsin, Madison, who researches the interaction between humans and robots. “It’s a lot more flexible and adaptable to day-to-day environments.” Human-robot collaboration is already increasing in industrial settings (see “Increasingly, Robots of All Sizes are Human Workmates”). Finding ways for machines to collaborate in other settings could hasten the development of a new generation of service robot. “I am 100 percent sure that if people embraced robots with limitations we would have them in our homes as we speak,” Veloso says.

Chief data officer: My mixed and nuanced musings on the need for one
When people say that "data is the new oil," they're usually making a general statement on how deeply modern organizations depend on data to drive transactions, analytics and processes in general. It's not a statement about public sector institutions but about organizations of any sort. It's in that context that many organizations decide to appoint something called a chief data officer (CDO) to oversee this precious resource. If you want a deep dive into what the CDO role entails, I strongly urge you to download this excellent whitepaper from the IBM Center for Applied Insights.

Fifty Quick Ideas to Improve Your User Stories
Teams often struggle selling stories as small chunks of work that need to fit into a sprint. Business stakeholders simply don't care about that (fully justified), because this is purely technical. We end up coming back to organising things that are easy to develop, not that are valuable to a stakeholder. Small stories are good not because they fit into a sprint, but because an organisation can quickly get feedback from them. A story is supposed to deliver something valuable to a stakeholder, and if so, we should be able to decide if the work is really done or not from a business perspective, learn from that delivery and get ideas for future work.

Quote for the day:

"Ninety-nine percent of all failures come from people who have a habit of making excuses." -- George Washington Carver

November 14, 2014

With $100 Million, Entrepreneur Sees Path to Disrupt Medical Imaging
The imaging system is being developed by Butterfly Network, a three-year old company that is the furthest advanced of several ventures that Rothberg says will be coming out of 4Combinator, an incubator he has created to start and finance companies that combine medical sensors with a branch of artificial-intelligence science called deep learning. Rothberg won’t say exactly how Butterfly’s device will work, or what it will look like. “The details will come out when we are on stage selling it. That’s in the next 18 months,” he says. But Rothberg guarantees it will be small, cost a few hundred dollars, connect to a phone, and be able to do things like diagnose breast cancer or visualize a fetus.

Solving the information and big data challenge with Artificial Intelligence
Semantic Understanding uses a linguistic approach to make sense of the text and locate key content in the email text body. For example, if it finds the phrase “I don’t want to cancel the contract”, it applies linguistic intelligence and recognises the whole sense of the communication and understands it is about a contract non-cancellation. In contrast, a rule based system would only pick up the word ‘cancel’ and understand Cancel Contract and then act on it contrary to the customer’s wishes. This is great stuff, also used by SIRI, Google NOW and the likes.

New iOS social engineering exploit reminds us to keep alert
The vulnerability has been confirmed to exist in iOS 7.1.1, 7.1.2, 8.0, the current iOS 8.1, and the 8.1.1 beta -- both on jailbroken and non-jailbroken devices. Each app on the App Store has a so-called bundle identifier, a numeric name that makes the normal-language name of the app superfluous. If a malware app is given the same bundle identifier as a standard App Store app, it can be installed over it if the user can be enticed to click on a link on a website or email message. This means that a carefully designed and targeted link to an app download could be sent to an executive or politician, with a socially engineered message "from" an associate meant to entice a user download of a "new game" or some other innocuous app.

Three information infrastructure myths debunked
The Information Management keynote session at IBM Insight 2014 brought new product offerings, memorable stories and answers to some common information infrastructure myths. Beth Smith, general manager of IBM Information Management, accompanied by special guest Grant Imahara of former Mythbusters fame, and a slew of IBMers led the audience on a systematic journey to debunk three specific misconceptions about information infrastructure one by one.

How to create a realistic enterprise strategy for cloud computing
"If you understand that this is just a platform change, it's not so scary," he said. "We have all moved to new technology … with cloud; we are just using things we don't own that sit on the open Internet." In some cases, that is certainly a nerve-wracking proposition. But it makes sense in others. For example, retailers that need to scale up or down quickly or expand storage at low cost find the cloud to be a good option and should develop a strategy for cloud computing.

Android 5.0 deep-dive review: Exploring Lollipop's many layers
Everything has been recreated to match the Lollipop look, right down to the Contacts (formerly known as "People") and Downloads apps -- although curiously, in the case of the latter, I'm seeing a version of the app on my Nexus 6 review unit that doesn't quite match the one on my Nexus 9. Given that the Nexus 9 received a software update prior to its consumer launch, I'm guessing that the Nexus 6 will soon be brought up to parity. The visual overhaul isn't just within Android itself, either; it's across Google as a whole. Though the desktop evolution is still underway, Material Design has slowly but surely been creeping into Google's various apps and services for a while.

Virtual Reality Aims for the Mobile Phone
Mobile seems a logical platform for the technology. When you find yourself fully immersed in a virtual realm, the illusion is compromised by the dim awareness that you remain attached to a PC via a cat’s cradle of wires. Mobile devices, theoretically, offer a more liberating experience. They’re not only self-contained but also cheaper to buy and run. And yet there are significant technological hurdles to overcome before the Gear VR, or its successors, can become mass-market products. “Heat is our primary issue,” says Cohen. “When you run a mobile phone’s CPUs and GPUs at maximum, the device heats up really quickly, and it needs to either cut the speed by throttling or shut down entirely.”

Automakers Agree on Guarding Car Computers From Hacking
The accord, to be announced today, calls for heightened security for information such as driver location and behavior, according to the Alliance of Automobile Manufacturers and the Association of Global Automakers, Washington-based groups whose members include General Motors Co. (GM:US) and Toyota Motor Corp. (7203) “As modern cars not only share the road but will in the not-too-distant future communicate with one another, vigilance over the privacy of our customers and the security of vehicle systems is an imperative,” John Bozella, president and chief executive officer of Global Automakers, said in a statement.

Chip Industry's IoT Facelift Comes With Security Wrinkle
Europe is already ahead of the US and most of the world in building out the infrastructure for the cloud and connectivity, according to Ploss, thanks to the infrastructure it has in place from its leadership in smartphones. Rick Clemmer, executive director, president, and CEO of NXP, was more emphatic regarding Europe's advantage, particularly with respect to security for IoT. "US is a leader in the Internet, but is a third-world country in security," he said. Still, said Clemmer, usability is a key issue for IoT devices, especially, as Bozotti pointed out, when the users themselves are becoming older as part of a general aging of the population, which creates even more pull for smarter cities -- based on easy-to-use devices.

What CIOs Can Learn From the Biggest Data Breaches
The worst data breaches are sometimes left unsolved, but security professionals can sometimes piece together the root cause. Idan Tendler, the CEO of security analytics company Fortscale, says it's possible, based on unconfirmed reports, that the JP Morgan Chase breach of 83 million customers' persona data happened after hackers obtained a list of the applications that run on the bank's internal servers. Once hackers had the list, they searched for known vulnerabilities for each application until they found a way to break in. They then obtained administrative privileges to gain access to the servers.

Quote for the day:

"The key element in good business management is emotional attitude. The rest is mechanics." -- Harvey Geenan

November 13, 2014

Are You Sweeping Big Data Privacy Under the Carpet? 5 Things to Do Instead
Admit it: When you read or hear about big data privacy, you’re ready to move onto the next topic or swipe to the next screen. Or sweep it under the carpet. You know the discussion is important, but let’s be honest: it’s not exciting, it’s sometimes creepy, and it’s not easy to navigate its complexities. ... There’s no question that we all play multiple roles—i.e., that of a consumer, citizen, private sector employee and/or government worker—and that our time is limited, so what can we do? For starters, I suggested five options during my presentation. Here’s the Cliff Notes version:

Software Defined Networking - What's New?
This presentation will give a look at the Open Data Center Alliance rev 2.0 software defined networking (SDN) usage model that incorporates network function virtualization, and five new usage scenarios. SDN is no longer considered an emerging technology; the technology is proven, although it is still at an early stage in its life cycle. In comparison, NFV is at an earlier stage of development, but because the technology effectively complements SDN and is important to service providers, NFV is likely to be widely adopted across the industry. To improve evaluations and decision making, IT departments and cloud subscribers will require standard features and defined metrics.

Expired Antivirus Software No. 1 Cause Of Unprotected Windows 8 PCs
“Running expired antivirus software can give people the impression that it is still protecting them even if it hasn't downloaded updates in a while,” says Tim Wilson, director of cybersecurity and cloud strategy at Microsoft. “However, data from our latest report indicates that running expired antivirus software is nearly as unsafe as having no protection at all,” Wilson said in comments emailed to Dark Reading. The malware infection rates on Windows 8 clients with expired antivirus tools were almost as high as the infection rate in PCs with no protection at all, the Microsoft researchers discovered.

Global Banking and Big Data: The Challenge of Anti-Money-Laundering Compliance
A series of high-profile decisions by the U.S. Department of Justice against BNP Paribas, JP Morgan Chase, Barclays, and other large, global banks resulting in multi-billion-dollar fines has brought anti-money-laundering (AML) to the top of the financial services industry’s priority list. While the first wave of investment in big data tools and technology has heretofore been targeted at the identification and prevention of nefarious activities that lead to direct costs for banks, payment processors, and their customers, spending in the near term may likely be related to compliance with three key pieces of AML regulation

Top 10 tech conspiracy theories of all time
The appeal of the conspiracy theory is rooted in its own essential slipperiness. In terms of technical definition, a conspiracy refers to multiple persons or groups working together toward some kind of shady result. But in popular culture, conspiracy theories can be plausible or impossible, true or discredited -- and everything in between. Here we take a look at the 10 most infamous conspiracies and conspiracy theories that have made the rounds in the world of high tech.

7 Trends That Can Define the Future of Cloud Computing
There are two big reasons that leaders across every industry are gung-ho about the Cloud. One reason for this huge confidence in Cloud computing is that it is one of the most disruptive technologies to have emerged on the scene in the last decade. The second and what I think is a far more critical reason is what the Cloud, its adoption and application promises for the future. It is when business owners “foresee the future” of the Cloud that they say to themselves, “Yes, this is the technology that I want to tie my business fortunes to”.

Microsoft's Answer To Death By Email: Meet Clutter
Clutter relies on Office Graph, a machine learning technology that maps the user's relationship with people, events, documents, projects, and other types of information. Office Graph allows Clutter to recognize that a user has ignored a co-worker's email about his new cat but read and responded to another colleague's message about an upcoming campaign, for example. Observations such as this help Clutter determine which messages to prioritize. From the user's perspective, Clutter operates something like Gmail's importance ranking, but in reverse; whereas Gmail partitions emails it deems "important" into a secondary folder instead of in the main feed, Clutter puts the important messages front and center, with less important content relegated to a "Clutter" folder.

Unlock Your Computer and Websites with a Glance
The Myris is a squat, palm-sized cylinder that connects to your PC with a USB cable. Its underside has a small mirror in the center with a small camera lens next to it. Any time you meet a login screen after the device has been set up, you hold up the Myris in front of your face so that both eyes are visible in its mirror. A few seconds later, a green ring lights up to signal that you’ve been recognized, and the device’s companion software will log you in without your having to touch a key. You can do that for websites, for desktop applications, or to log in to your user account on a computer.

Are Legacy Vendors Pulling OpenStack in the Wrong Direction?
Over the past couple of years, OpenStack has turned from a small skunkworks effort to build Amazon Web Services-like clouds but open source into a movement backed by some of the IT industry’s biggest legacy vendors. It’s not uncommon nowadays to hear that OpenStack has become the de facto standard for building cloud infrastructure. Such mainstream support, however, comes at a cost, threatening to detract from the project’s original goal. That’s according to Jim Morrisroe, CEO of Piston Cloud Computing, a San Francisco-based startup co-founded by Joshua McKenty (one of OpenStack’s founding fathers) that helps customers stand up OpenStack clouds of their own.

Introducing Essence#: A Smalltalk-based Language for .NET
The Essence# compiler generates DLR dynamic call site for each and every message send, regardless of the receiver. The compiler does not and cannot know the type of the object that is receiving a message, so it just emits a DLR CallSite for all message sends, and the CallSite for a message send is always an instance of the ESMessageSendBinder class. An ESMessageSendBinder figures out, at run time, how to implement the message send. That’s done one way in the case of native Essence# objects, done another way in the case of the CLR primitive types, done yet another way for any non-essence# objects that implement the IDynamicMetaObjectProvider interface

Quote for the day:

"You can, you should, and if you’re brave enough to start, you will." -- Stephen King

November 12, 2014

Open-source .NET, free Visual Studio, support for Linux, Mac, Android and iOS
As part of the change, Microsoft will give developers the ability to use the .NET runtime and framework to make server- and cloud-based applications for Linux and Mac. Microsoft is also releasing a new, full-featured version of Visual Studio 2013 that will be available at no cost to independent developers, students, small companies and others not making enterprise applications. And the company is releasing a preview of Visual Studio 2015 and .NET 2015 with new features for building applications that run on platforms including Windows, Linux, iOS and Android.

Dealing With the KPI Terminology Problem
And remember, ‘KPI’ is just one of the many performance management terms that does not have a standardised, universally accepted definition. I have no idea how this problem of varying terminology is going to be resolved, and that’s not the intent of this article. The intent of this article is to give you a contextual framework to make sense of where ‘KPIs’ – or performance measures, or whatever you call those quantitative pieces of evidence of our performance results – should fit. So let me tell you my definition of these terms, and then you can map your own terms to my meanings and thus avoid distraction and confusion when you try to make sense of your own strategy.

Alcatel-Lucent pins growth on R&D, enterprise
"Our customers need a network that can scale quickly, and break down silos in between the different technologies,' Combes said. "SDN [software-defined networking] makes network resource as easily consumable as compute and storage. We strongly believe that the answer to complexity is around NFV [network functions virtualisation] and SDN combined." Although Alcatel-Lucent was reducing its size globally, investment in the company's Bell Labs research division remains at €2.2 billion year on year, Combes said, with divisions opening in Israel and the UK. "You can expect a very strong Bell Labs in the next few years because that is a key differentiator for us," he said.

IT still not ready for IoT
Despite the benefits of connected devices, more than half (51%) of respondents believe the biggest challenge regarding the Internet of Things is increased security threats, while a quarter (26%) are concerned about data privacy issues. Two-thirds (68%) admit they are very concerned about the decreasing level of personal privacy. More than a quarter of respondents say the general public’s biggest concerns about connected devices should be that they don’t know how the information collected on the devices will be used (28%) or they don’t know who has access to the information collected (26%).

Update now, Windows users: Microsoft patches critical (and old) security flaw
Microsoft has issued emergency patches for a flaw that affects all supported versions of Windows. It’s a nasty one – a vulnerability in Windows’ implementation of the protocols for encrypting internet communications. The critical flaw lies in Secure Channel (Schannel), a security package – used by Internet Explorer — that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. While there’s no evidence of its exploitation yet, it allows attackers to remotely execute code on the target’s machine and take it over, so it is imperative that all Windows users run an update immediately.

IndependenceIT: 'Switzerland' Of Virtualized Desktops
IndependenceIT is trying to make it practical to provision and sustain virtualized end-users, a goal that has tended to recede about as fast as many companies have approached it. Implementing virtual machines for end-users who have varied needs, little tolerance for slow-functioning desktops, and a likelihood of being mobile at some point has complicated the deployment of virtual desktops and, in many cases, delayed it. Individualized desktops that each need to be stored drive up storage costs. Power end-users require a delivery protocol that prevents jitter in the multimedia and video they view. When the end-user disconnects from the corporate network, what then?

SDN meets the real world, part two: SDN rewrites the WAN manual
Wide-area networking (WAN), the part of the enterprise network between applications and end-users, is traditionally slow, expensive, and inflexible — and hence, ripe for innovative new approaches. SDN is broadly applicable to other parts of the networking requirement, so offering up a pool of resources that can be programmatically controlled by software should be explored in different contexts and settings. This report lays out a conceptual approach whereby SDN can be applied to the WAN to drive cost savings, agility, and flexibility for enterprise customers.

Samsung And SAP Partner On Mobile Devices For Business
“Increasingly, our customers are away from the desk and require a fundamentally new way to interact with the enterprise applications to align with how they work today,” said Steve Lucas, president, Platform Solutions Group, SAP, in a statement. “The applications that match the current trends in mobility must work to create a seamless experience as the work modality embraces mobile devices, wearables, Internet of Things and other alternative forms of mobile computing. Through our partnership with Samsung, we are working on plans to offer a premium mobile enterprise experience for customers.”

Lack of in-house skills stymies IaaS migration, says report
Reconnix CTO Steve Nice noted a “clear desire for business to move away from traditional environments and towards IaaS providers”. “It’s natural for many businesses to err on the side of caution, but this conservative approach can mean that many are missing out on the transformative benefits of the cloud,” said Nice. “It’s clearly a confidence issue, and the challenge is for IT departments to take the necessary steps to prepare themselves for inevitable change. “By failing to take action now, they risk putting themselves at a technological disadvantage to competitors, or being caught blindsided and forced to rush through a migration that could end up costing over the odds.”

Don’t Surround Yourself With Smarter People
Freedom is therefore implicitly freedom to win in a specific sense. This is not an accident. Any time you define freedom in terms of capacity for action (intrinsic and situational), you’ve defined freedom in a finite-game (Carse) way. Increasing freedom becomes a matter of increasing your capacity for victory over increasingly capable opponents, until you’ve defeated them all. Stated another way, freedom to win is freedom to get smarter in the sense of a given finite game. Freedom in a finite-game sense is always freedom-to-win (and therefore, freedom to stop playing at some point).

Quote for the day:

"Look for people who will aim for the remarkable, who will not settle for the routine." -- David Ogilvy

November 11, 2014

Big Data Survey: Trouble Brewing For IT
Enterprises are faltering in their ability to comprehensively analyze big data, and IT has opted to walk away. Look, for years IT organizations have been told they don't own enterprise data, the business does. Lately we've heard about the rise of the CMO and how it takes that mindset to really know what data matters and how to mine it. So the message too many IT teams seem to be taking away: "This isn't an IT problem. We build the systems, keep the lights on, try to keep attackers out. We don't own big data. Our input isn't wanted."

Rackspace Launches Azure Services From Data Centers
Microsoft's partnership with Rackspace looks a lot like VMware's moves in the same hybrid cloud space. It launched its own vCloud Air data centers, offering VMware-compatible public cloud services. But it also commissioned a wide variety of regional providers to offer vCloud services, calling it the vCloud Air Network (versus Microsoft's Cloud OS Network). At the same time, Rackspace's adoption of private cloud packaging inside its cloud data centers is another step back from the brink. In May, it hired Morgan Stanley to act as an agent to explore the possibility of being acquired or taking on a tight partner relationship.

Are fingerprints PINs or physical artifacts?
“Courts are essentially wrong distinguishing between various methods of encryption and decryption,” said Rasch. “They are all, at their core, a mechanism for protecting the privacy and security of data. Indeed, a person encrypting a drive with a biometric would have cause to believe that this was more secure, and that they had a greater expectation of privacy in the biometric than they do in a simple four-digit PIN. To say that announcing the numbers ‘2580’ as a password is testimonial incrimination, but handing over a complex PGP key, or causing a complicated mathematical calculation based upon a biometric is not testimonial misses the point.

Why Your 2015 Plan Needs To Include Data & Analytics Governance
An extremely important aspect of a centralized data governance group is representation from various stakeholders across the organization. Even the word “analytics” means very different things across the different groups within your organization. Finance, web, marketing, customer and business teams all generate and use data in very different ways, and often these data sets can end up living in isolated silos. And, beyond your own organization, keep in mind that there are typically many third parties and agencies you’re working with, and often organizations will choose to bring in an external specialist or consultant to provide insight into trends and new opportunities in the data & analytics space.

SaaS: The dilemma of visibility and control
The supply of SaaS solutions is increasing and will continue to do so at an ever increasing pace. According to Forrester Research (Application Adoption Trends: The Rise Of SaaS) SaaS spending accounts for the 23% of the application software budget. However, it grew a whopping 53% over the previous year (4Q 2012-4Q 2013). In addition to customer relationship management (CRM), SaaS adoption is strong in human resources management, collaboration tools, and e-procurement. Forrester is also seeing a dramatic increase in SaaS interest in business intelligence (BI) and several other application categories.

Here's what your tech budget is being spent on
Andrew Horne, managing director at CEB, said IT departments are introducing more flexible budgeting and making better use of cloud computing which allows them to reallocate budget to innovation. The CIO's attitude towards innovation is often tempered by a big dose of caution, so much so that they have started to lose responsibility for innovation projects to other managers. Meanwhile, IT chiefs are finally waking up to the threat coming from shadow IT, where other execs have been getting more interested in developing their own digital projects outside of the control of the CIO.

10 bad technology decisions that can come back to haunt you
As organizations build their tech roadmap for the years ahead, the wrong choices and strategies could have unfortunate repercussions. Here are some pitfalls to watch out for. A bad strategic or tactical move can unleash an avalanche of negative effects on your organization, some lasting for years to come. Here are some of the worst of the worst -- and a few suggestions on how to avoid them.

Cures For The Common Help Desk Headaches
With all three of the most common help desk headaches, though, you need to go beyond technology and look to training and cross-departmental collaboration to really build skills into your corporate cultures. Defining a technological skillset matrix for your team will reveal gaps in knowledge. A simple "X skills needed, Y people on the team with a 1-, 2-, or 3-rating per block" will show where you need to provide more training and where you can hold a related session in a conference room each month.

Why Hire Veterans? They Bring a Lot to the Table, Say CompTIA Members
Veterans do bring a lot to the table, agreed Aaron Woods, director of USSP relationship and partner programs for Xerox Corp.’s Global Customer Service Delivery and a six-year veteran of the U.S. Army. “All veterans have attained a number of skills while in the military that would fit the needs of any employer,” Woods said, citing teamwork, leadership, discipline and the ability to follow a chain of command. IT companies should consider the specific traits that veterans possess, like being team-focused and disciplined with a strong drive to complete a task. “The ability to work in a team environment is one of the most important attributes a veteran will bring to an IT company,” he said.

Hire Self-Motivated People — the Single Smartest Thing a Hiring Manager Can Do
A self-motivated recruiting prospect, candidate, or employee is an individual with a track record of having the internal drive and motivation to begin and continue tasks without external prodding or extra rewards. You don’t have to identify why they are so driven. Just be satisfied with the fact that it is something in their character, upbringing, training, or attitude that drives them to work without any external stimulus or threat. Once you bring this recruiting approach to any hiring manager’s attention, they almost instantly appreciate its value. But if you are cynical, I have listed below some of the many benefits that come from hiring self-motivated people.

Quote for the day:

"Everything you want is just outside your comfort zone." -- Robert Allen

November 10, 2014

Google releases tool to test apps and devices for SSL/TLS weaknesses
The tool includes a client component for Android and Linux systems that tells the MitM component what specific tests to run. The client is also important for tracking which applications that run on the tested systems opened certain SSL/TLS connections, something that can be hard to determine just from the MitM side. Nogotofail can check for weaknesses like vulnerabilities in third-party SSL/TLS libraries, susceptibility to attacks that strip the SSL/TLS or STARTTLS encryption and improper certificate validation, a widespread problem in applications.

How enterprises will use the cloud for big data analytics
Compatibility, security, and performance concerns have kept enterprise organizations from being completely comfortable with the idea of moving their complex core applications to the cloud. Without a seamless application migration blueprint, the project can seem more like a headache — and a risk — than it’s worth. This report, which is based on a survey by Gigaom Research and sponsored by Cazena in September 2014, reviews the different considerations when moving some or all big data-analytics applications to the cloud. The report is will give guidance to CxOs, IT and business leaders, and decision-makers at software as a service (SaaS) companies and cloud service providers.

Linux Foundation: Open Source is Eating the Software World
There is a wholesale shift in the enterprise software world from using a little bit of open source code here and there to an 80-20 split, where 80 is the open source portion, he said. The reason for the shift is quite simple: software has become a way for an enterprise to add value, and open source is the best way to use a lot of software. “There is too much software being written for any organization to write that software on their own,” Zemlin explained.

Become a great listener
To succeed in today’s business world, leaders must be proactive, skilled listeners. Leaders who make themselves accessible for conversation and listen regularly are well-informed of the goings on in their workplaces. They better understand others’ opinions and attitudes and are able to take this information into consideration when making decisions. There are other benefits to listening well. One is building trust. Effective listening conveys a sense that the leader cares about her people, their thoughts, opinions and concerns. A leader also builds stronger commitment within others when people feel that she cares about them personally as well as in how they fit within the organization.

The Half-Life of Data [INFOGRAPHIC]
Radioactive substances have a half life. The half life is the amount of time it takes for the substance to lose half of its radioactivity. Half life is used more generally in physics as a way to estimate the rate of decay. We can apply exactly the same principle – the rate of decay – to business information. Like natural materials, data is subject to deterioration over time. In science, the half life of a given substance could be milliseconds. It could be many thousands of years. The half life of data has been measured, and it may be shorter than you were expecting.

Security Think Tank: Guidelines for dealing with Shellshock
It is useful to know that there are many other shells that may be utilised in Unix deployments. However, bash is the default shell for both Linux and Mac OS X. The use of both of these operating systems is popular for enterprise and home applications. This vulnerability has been present in Bash for around 22 years. Chet Ramey a senior technology architect at Case Western Reserve University in Ohio, has been maintaining the Bash open source project and believes Shellshock dates back to a new feature introduced in 1992.

Emerging tech under standards scrutiny
We want the standard to support that sort of rapid development. In the public cloud, you can spend small amounts of money to get a prototype working, and then think about rollout and production – that's the point at which you should be thinking about long-term interoperability and questions like ownership and data recovery." In every aspect of the Open Platform 3.0, security is a concern, along with related topics of identity and privacy. Says Harding: "Security is a key concern, and so is identity. You need a framework to identify who owns the data, who is trying to access it.

Raids cast doubt on integrity of TOR
This makes it unclear whether these authorities have broken Tor to the point that it can no longer mask the location of its infrastructure or whether they found them using other intelligence. Tor relies on volunteers who host nodes of the network. Traffic bounces around within Tor in order to disguise where it comes from, but exit nodes and entrance nodes would yield the most useful information about actual IP addresses connecting to Tor. “Law enforcement could try to get in that first layer and see the sources and therefore try to reduce the anonymity as much as possible,” says Ben Johnson, chief evangelist at Bit9+Carbon Black.

Look out OpenDaylight, there's a new open source SDN controller
"It's a distributed core that runs on multiple servers," Appalaraju said. "Each instance is identical and they cooperate together to form a single system. If you need more control plane capacity, you add more servers. It also has high availability. If an instance fails, the workload is seamlessly distributed to other systems." ONOS also has carrier-grade persistence. The state of the entire control plane is stored on every instance at once, which enables hitless updates. Like OpenDaylight, the southbound abstraction layer of ONOS uses multiple protocols, including OpenFlow, to interact with network infrastructure.

Leveraging Three Tiers of Health Data
With Meaningful Use, you have to be able to email patients and share data among and between other physicians, et cetera. People are getting certified for MU, but if you actually look at the rules they don't say you have to do it 100 percent of the time. They say you have to have an electronic medical record with a problem list on x number of patients, and that keeps escalating over the years. The same is true with with email. I think we're about halfway there. In my experience it's not there, but I know what MU is about and that people are getting certified.

Quote for the day:

"The best strategy for building a competitive organization is to help individuals become more of who they are." -- Marcus Buckingham

November 09, 2014

How Your Clients Can Use COBIT and BiSL to Manage Their Information
Most of BiSL’s guidance addresses the first point, whereas COBIT is stronger in the second area. Many COBIT practices apply to business information management and contribute to providing assurance that business information management processes are executed effectively. Business information managers who want to use COBIT key practices, to assure themselves and stakeholders that the information systems (in the broadest sense of the word) are under control, can use BiSL to help them decide how to implement the key practices. BiSL does not provide specific guidance as to how to comply with the key practices, but gives an extensive description of the content of the processes.

Agile and SaaS – Lessons for Value Realization
SaaS and Agile combine to enable more nimble project governance. Business leaders are able to steer the project in two-week increments to gain maximum benefit by focusing resources on features that yield immediate value, while deferring “nice-to-have” features for future deployments. As well, business leaders gain the confidence to manage the project in this way, knowing that the Agile approach means that Release 1 will indeed be the first of many value-adding deployments in a multi-release program.

TGF: Impact of the Internet of Things Version 1.0
The latest wave of developments takes interworking still further by incorporating objects of all sorts into the network of IT services, information, organizations and people. This is the Internet of Things (IoT) that provides the potential for e-devices to be commonly built into infrastructure such as roads, vehicles, localities (e.g. smart cities), homes, livestock and even people (e.g. for measuring bodily functions). Many organizations, including governments, are realizing that there are financial, social and other benefits that are emerging though the use of networks of e-devices for the collection of data (e.g. the monitoring of people and their environment for health purposes) or raising alerts (e.g. when river levels rise).

5 Steps to Actionable Key Performance Indicators
A KPI (Key Performance Indicator) should immediately inform the reader how the business is performing which in turn should suggest what actions need to be taken. And if we are measuring the effectiveness of a website, the KPIs need to inform us how the site is doing in driving our business objectives. But most don’t. Too many organizations create Top-10 lists: Top-10 pages, downloads, videos, keywords, referrers, etc. Is it important to know which documents were downloaded the most, or what keywords drove the most traffic to your site?

List of sample KPIs in 5 perspectives of BSC
Here is a general list of key performance indicators which are divided into categories. This list should not be viewed as a must have set of indicators, but it is based on the experiences of many companies and researches related to scorecards. ... t is often reasonable to evaluate not only the efficiency of some production processes and operations at a given moment, but also assess the potential of these indicators, and the opportunities to improve them in order to increase production output and broaden production line.

Agile Enterprise Architecture Increases IT Relevance
Five years ago, Cisco started on an enterprise architecture journey to unify business strategy with IT investments. Today, all of our planning and decision-making is based on an agile, well-defined architecture-based framework.We make it real by ensuring that everything we do in IT is based on business architecture. We understand what our clients are doing and what they need, and then translate that into technology architecture and roadmaps that deliver capabilities to meet their needs. ... Enterprise architecture is a springboard for cultivating consistent communication and transparency between IT and the business. It’s a mechanism for helping our users across Cisco derive strong business value from IT.

Architecturally Significant Requirements
As you progress in your career you will learn that architectural requirements are hard to determine, primarily because they need to be gathered so early in the lifecycle before anything is really known. We know that architects should start early in project lifecycles based on when an architect engages in a project, with the end goal being integration into the innovation and project funding lifecycle itself. Hopefully, your organization has learned that getting an architect engaged before the project kickoff will not only save you money but is at the root of incremental innovation. Either way at some point the solution architect will be faced with a business case and business architecture

KeyStone Security and Architecture Review
This presentation will cover architectural and procedural security concepts within KeyStone, specifically Trusts or Delgations, AMQP Security with KeyStone and integration with a Corporate LDAP for single source of truth. Given the distributed nature of OpenStack KeyStone plays a major role in binding all of the Projects together but not much is mentioned about how to do this with KeyStone or what the pitfalls and dangers of hooking up a centralized Security System to the rest of the cloud will be. Not only do you have to be wary of the services that connect to KeyStone but you also have to be cautious of the kinds of input and data you give to KeyStone from external sources.

Testing the Internet of Things: The Human Experience
“Human Experience” testing has the following components of human interaction with the device. We should test all things physical, including sizes, shapes and genders of the users. We should also include sensory reactions including sight, sound, and touch. Orientation or the interaction with human movement is an incredible crucial part of the test. We must plan for testing in various geographical locations, different weather conditions and contexts. Finally we must consider value and most thoroughly test in terms of the users’ perceptions, mindsets, biases and emotions when interacting with the device.

Stewardship Models of IT Governance: Beyond

Agency TheoryAgency theory assumes that the interests of owners and managers are inherently in conflict and that defensive activities are necessary by owners to protect these interests. Stewardship theory points out that these assumptions aren't always true. A series of theoretical propositions concerning the stewardship model were made by Davis, Schoorman and Donaldson. Their ideas, in conjunction with ideas on best practices in IT governance from Weill and Ross provide an explanation for variance in the effectiveness of a varietv of governance models. Application of the stewardship model results in several novel approaches to IT governance and technology management, especially with regard to post implementation value delivery

Quote for the day:

"If the rate of change on the outside exceeds the rate of change on the inside, the end is near." -- Jack Welch