Daily Tech Digest by Kannan Subbiah

March 28, 2016

8 Reasons To Consider Insights-As-A-Service

Insights-as-a-Service providers are quick to mention their ability to improve business outcomes because that's the entire point of insights. For example,Capgemini provides Data-as-a-Service, Analytics-as-a-Service, and Insights-as-a-Service options. Data-as-a-Service provides raw data upon which analytical applications are built, Analytics-as-a-Service provides outputs of analyses, and Insights-as-a-Service is linked to tangible outcomes such as revenue increase or cost savings. "I consider them a progression in terms of sophistication and value, and fundamentally what the '-as-a-Service' unit of measure is," said Goutham Beliappa, a leader in the Business Information Management Data Integration and Reporting Practice for Capgemini North America, in an interview.

How Advanced Analytics Is Changing B2B Buyer Expectations

As information continues to fuel and be fueled by new online channels, we most often hear about the impact this has on the B2C sales world. But as anyone in the B2B space will tell you, this evolution is far reaching and certainly relevant. Similar to B2C buyers, B2B buyers feel empowered by their access to data. As a result of the rise of e-commerce in B2B and the general availability of data on the Internet, B2B pricing and product information is significantly easier to find and compare than before. This is enabling buyers to be armed with more information going into a price negotiation than was previously possible. This also means that buyers now expect companies to have relevant and convenient product and pricing information on their websites.

Data lake governance: A big data do or die

Data lakes or data hubs -- storage repositories and processing systems that can ingest data without compromising the data structure -- have become synonymous with modern data architecture and big data management. The upside to the data lake is that it doesn't require a rigid schema or manipulation of the data to ingest it, making it easy for businesses to collect data of all shapes and sizes. The harder part for CIOs and senior IT leaders is maintaining order once the data arrives. Without an upfront schema imposed on the data, data lake governance, including metadata management, play vital roles in keeping the data lake pristine, according to experts.

Trump's Incomprehensible 'Cyber' Policy: 'Make Cyber Great Again'

First off, we’re so obsolete in cyber. We’re the ones that sort of were very much involved with the creation, but we’re so obsolete, we just seem to be toyed with by so many different countries, already. And we don’t know who’s doing what. We don’t know who’s got the power, who’s got that capability, some people say it’s China, some people say it’s Russia. But certainly cyber has to be a, you know, certainly cyber has to be in our thought process, very strongly in our thought process. Inconceivable that, inconceivable the power of cyber. But as you say, you can take out, you can take out, you can make countries nonfunctioning with a strong use of cyber. I don’t think we’re there. I don’t think we’re as advanced as other countries are, and I think you probably would agree with that. I don’t think we’re advanced, I think we’re going backwards in so many different ways.

Aetna CISO talks about threat intelligence and enterprise risk management

Third party governance programs must evolve to offer more continuous methods for risk assessment and management vs. one and done annual on-site assessments. More and more services are offered through cloud providers that host sensitive information and determining online vulnerabilities on a 24 x 7 basis will become more of the norm for any enterprise interested in managing third-party risk. The other fundamental change in third-party risk is a migration from compliance driven assessments (compliance to a standard) to a risk-driven assessment where risks are identified and managed. Adherence to a standard or framework based on standard practices is better than nothing but not sufficient to manage risk effectively given the evolution of cloud computing.

Is digital experience management the new social business?

Probably the key question to ask at this point is do these two overarching digital frameworks play well side-by-side or do they need to be integrated for companies to get the fullest benefits of both? Digital/customer experience is a relatively new phenomenon in terms of realized products and services to support it, so until recently it's been hard to say. But with the maturity of both approaches, I'm now beginning to see digital engagement practitioners have to routinely deal with both frameworks. The result? They find in general that CEM platforms tend to underserve social business needs, while social business frameworks and products often neglect many key aspects of digital experience. This lack of integration leads to more work, lower impact, and a fragmented approach to digital, which is what we were trying to resolve in the first place.

9 Cost-Effective and Critical Security Tips for Startups

When big names fall victim to data breaches, its big news, making smaller companies believe they aren’t likely to be a target. However, according to Greg Sullivan, CEO of Global Velocity, smaller companies should be on the offensive. “The issue is that SMBs wrongly assume that their size or small influence does not merit attention from hackers or do not educate themselves about potential exploits in their infrastructure,” he says. “While SMBs are not as big as companies like Target and Home Depot, they are the majority of victims at the hands of cyber thieves seeking easy targets. The Verizon 2013 Data Breach Investigations Report found that 62 percent of breaches impacted smaller organizations, likely a conservative figure since not all small organizations are reporting breaches.”

IPSec Policies

IPSec encrypts data information contained in IP datagrams through encapsulation to provide data integrity, data confidentiality, data origin authentication, and replay protection. The two main IPSec components that are installed when you install IPSec are the IPSec Policy Agent and the IPSec driver. The IPSec Policy Agent is a service running on a Windows Server 2003 computer that accesses IPSec policy information. The IPSec Policy Agent accesses the IPSec policy information in the local Windows registry or in Active Directory. The IPSec Policy Agent then passes this information to the IPSec driver. The IPSec driver performs a number of operations to enable secure network communications such as initiating IKE communication, creating IPSec packets, encrypts data, and calculates hashes.

The Role of a Data Scientist in 2016

Whilst the role of a data scientist crosses over with more conventional data analysis positions, there are some stark differences. A data analyst or architect can extract information from large sets of data. Yet they are bound by the SQL queries and analytics packages used to slice these datasets. Through an advanced knowledge of machine learning and programming/engineering, data scientists can manipulate data at their own will uncovering deeper insight. They are not bound by these programmes. Whilst your typical data analyst looks to the past and what’s happened, a data scientist must go beyond this and look to the future. Through application of advanced statistics and complex data modelling they must uncover patterns and make future predictions.

Insight: The disruptive side of disruptive innovation

Nothing can stop innovation and as long as this technology brings value then it is here to stay. Traditional ojek may eventually have to become app-based or at least adapt to using their cellphones to get customers rather than wait passively at their posts for passengers. Long-time drivers of established meter taxi companies are not that easy to adapt, with their livelihoods having been tied to a regulated system for so long. The democratized application of Uber is actually unfair competition for them, so it is easy to understand their — and especially the companies’ owners’ — resistance to this innovation. In the end, it would be a new government regulation that decides the fate of Uber and that of public transportation as a whole.

Quote for the day:

"Man is a reasoning rather than a reasonable animal" -- Alexander Hamilton

March 27, 2016

Australian Government Seeks End to Double Taxation of Bitcoin

The government wants to ease rules for investors and startups in the FinTech space, the latter of whom would be afforded flexibility within a "regulatory sandbox" approach. An advisory group dedicated to FinTech issues has also been formed, chaired by Westpac Bank director Craig Dunn. “Removing the ‘double taxation’ treatment for GST on digital currencies and applying adequate anti‑money laundering and counter‑terrorism financing rules may facilitate further developments or use in the future,” the government said. The country’s anti-money laundering regulator, the Australian Transaction Reports and Analysis Centre, voiced its support for blockchain technology in a statement included in the policy release, stating that it believes the tech could "significantly reduce the costs of compliance and regulation imposed on reporting entities".

Fintech Lessons From a Troubled Bridge Over New York’s Waters

Fintech is becoming too hyped in certain areas. Even though venture funding cooled in Q4, 2015, deal activity remains high, as do valuations, especially on the consumer side of fintech. Accelerators, incubators and now start-up factories have cropped-up to participate in the global fintech boom. Many of these initiatives are crucial, since they compensate for the lack of financial services innovation in the years leading up to the financial crisis. Unfortunately, half-baked business models, me-too companies and fintech “tourist” investors looking for a quick trade seem to be on the rise as well. Some large incumbents are riding the fintech wave without a plan. Just as politicians, commissioners and contractors jumped on the Manhattan Bridge project over a century ago, it now seems that every major incumbent is getting fintechier. Although some large banks, payments companies, insurers and asset managers are making solid progress, others seem to be grasping.

Uflex becomes first company in India to deploy Bluetooth Low Energy Beacon

The Low Energy Bluetooth beacon is a battery powered mini appliance transmitting and receiving two- way information. The BLE Beacon has a shelf life of 3 years on a single cell. The beacon transmits its presence and with its inbuilt sensors captures other parameters like temperature, pressure etc. Since it facilitates two way information gathering, the embedded LED can also light up when it gets a request. "The strength of the Beacon varies with distance and this helps us triangulate the coordinates and track the movement as well as the current location across the warehouse and production lines," he states. The BLE Beacon can add on sensors to get more data captured such as collision impact detection , automate batch creation in ERP using the object to feed data as it approaches the processing plant or exits a plant .

DevOps and IT Projects in the Real World

The sponsor spent a lot of money and will never see a return on the investment ever. The developers are upset because nobody is going to use their solution. The project manager is depressed because it didn’t really matter how well the project was managed. The user base is absolutely irritated, don’t know what to use the new solution for and after a week they stop trying. ... If you can leverage DevOps culture and practices you don’t buy into a success guarantee. Everyone still needs to do their work diligently and it’s not less work if you apply DevOps. However with these practices in mind, you shift the threshold of “what”, “how”, and “ok” significantly to establish a better collaboration baseline between the separated realms of development teams and operational staff.

The Dawn of the IoT Architect

There are two modes of operation for an IoT Architect. The first mode is to help the organization solve various business problems by building discrete IoT solutions. This requires a certain skill set including: collaborating with business leaders to determine their top business problems, architecting an IoT solution that will solve the problem, building a business case to justify the ROI, building an IoT solution prototype and selecting vendors, and finally, deploying the solution — at scale — across the enterprise. The second mode is much more broad. The IoT architect must take responsibility for setting and communicating the overall IoT vision, message, — and most importantly — architecture. Why? Well, it’s likely that organizations will have multiple IoT projects. Without an IoT architect — who can build, communicate and drive a cohesive, centralized IoT architecture

Big Data, IoT and Blockchain: Ready to Follow the Yellow Brick Road?

How disruptive technologies can be used to advance business and provide a competitive edge. Take Big Data and the Internet of Things (IoT). Both rank highly on the list of disruptive technologies. As with most technologies, there are areas of great synergy that ultimately provide a yellow brick road to real business value. ... Perhaps the most interesting thing about blockchain is that there's no central authority or single source of the database. Which means it exists on every system that's associated with it. Yes, every system has its own complete copy of the blockchain. As new blocks are added, they're also received by every system - for the ultimate distributed database. If you lose your copy, no problem. By rejoining the blockchain network you get a fresh new copy of the entire blockchain.

Japan looks to kickstart 'fintech' revolution

Japan's financial industry regulator hopes relaxed rules on investing in financial ventures, and a new system for regulating virtual currency exchanges will pass through parliament by May - a first step in kickstarting the fintech revolution in the world's third-biggest economy. "The law changes aren't a goal, but a first step," Norio Sato, a senior official at the Financial Services Authority (FSA), told Reuters. "Fintech will have a big impact on financial services." The changes, which will allow banks to buy stakes of up to 100 percent in non-finance-related firms, will free up Japan's three megabanks to enter into tie-ups with fintech ventures developing services including robotic investment advisory and blockchain, the decentralized ledger technology behind the bitcoin digital currency.

Viewpoints and Integrated Enterprise Architecture

Enterprise Architecture may depict the whole of the enterprise or a part of it at any given point in time. Architecture for enterprises consists of multifaceted data driven maps. From the different perspectives of the many parts involved in any enterprise, from planning, design and management to executive and stakeholder’s levels, there are always many concerns that need to be addressed, and hence the need for many different types of blueprints. The viewpoint is a blueprint of how the stakeholders view the whole system or enterprise. ... Enterprise Evolver (“Evolver”) supports multiple viewpoints templates to jumpstart the architecture creation. Provided below are descriptions of each viewpoint template supported in Enterprise Evolver . By describing and mapping these viewpoints in the Evolver, you will be able to create an integrated enterprise architecture to support any transformation initiative.

Barry University CIO: Managing The Mobile Security Load

Londono doesn't want to do anything unnecessary to stifle the creativity and innovation of the faculty. "On the faculty side, we mostly let them do what they want to. There's a recognition that any progress comes from a place where you're not so structured," he said. "If you leave people with a little bit of freedom, they tend to be very creative." On the other hand, students can be very heavy consumers of the campus bandwidth. "In terms of bandwidth, the shift isn't so much from faculty -- they're careful about moving instruction to streaming -- but the younger generation of kids moving to streaming content," Londono said. And the reality of the new classroom means that the university can't use basic tools to deal with the bandwidth issue.

Understanding Quality and Reliability

Generally, having fewer errors and a higher MTTD is associated with better overall quality. While having the highest quality possible may not always be a primary concern for stakeholders, the reliability of the project must meet some minimum standards before it can be shipped to the customer. For example, experience has shown that, at delivery, most projects are about 95 percent defect free after running for about a day without crashing. Another good rule of thumb is that the software typically will be of minimum acceptable reliability when testers are finding fewer than 20 errors per month. This applies to both large and small applications. In other words, the product will run about an eight-hour workday. Of course this rule of thumb is mostly applicable for commercial IT applications. Industrial and military embedded applications require a higher degree of reliability.

Quote for the day:

"We don’t have time for blame and shame. We need dignity, understanding and solutions." -- @smaxbrown

March 26, 2016

App economy research shows how poorer countries are losing again

The transition to the era of the smartphone and mobile internet has allowed two companies — Apple and Google — to establish market dominance with their own proprietary ecosystems, including their respective app stores. As the new distribution model for software and digital content, the app stores have centralised the vast majority of mobile revenue streams within Apple’s and Google’s platforms. This change from the open web to privately managed walled gardens is amplifying global power imbalances, resulting in lower rates of participation and value capture by producers from marginalised geographies and socio economic backgrounds. The result: polarised opportunity between high- and low-income countries, with lower-income countries only earning an estimated 1% of global app economy revenues.

The Working Programmer - How To Be MEAN: Robust Validation with MongooseJS

Mongoose uses some interesting terminology for what’s essentially a two-step process to defining a JavaScript object model on top of the MongoDB database API. First, we define a “schema,” which looks like a traditional class from a more traditional class-based language (C#, C++, Java or Visual Basic). This schema will have fields, define types for these fields and optionally include some validation rules around the fields for when assigning values to the fields. You can also add some methods, instance or static, which I’ll get to later. Then, once the schema object is defined, you “compile” it into a Model, which is what will be used to construct instances of these objects.

Here's how the FBI plans to crack terrorist's iPhone

"They're not going to talk to the jailbreak crowd," Zdziarski said, referring to hackers who look for iOS vulnerabilities that can be exploited to let users add unsanctioned apps to an iPhone. He said that he and other reputable researchers had been turned away by the FBI when they volunteered to help. If they met a blank wall, jailbreak artists would have gotten nowhere, he reasoned. Other avenues, such as "de-capping," a term used to describe a tear-down of the iPhone's processor using acid and lasers, were also out, Zdziarski said, because they risked destroying the very thing the FBI claimed it needed, the data on Farook's phone.

The promise of big data: bringing technology and the economy together

The payoff comes from insights gleaned from collecting large amounts of various kinds of data and analysing them to uncover hidden patterns, correlations and other insights. Machine learning software can drill down into the data to discover and analyse factors determining the profit and loss for a product, supplier, and their customers. We can also see into the future, making better predictions and decisions. The result is that “quantitative change becomes qualitative”, as described by Steve Lohr in his best selling book Data-Is m”. Big data brings technology and the economy together. The benefits of a data-driven economy are obvious enough that we should all embrace the concept. For both technology companies and business firms, the market is just around the corner.

Roboadvisors stand at the vanguard of human-machine collaboration

Vanguard's financial simulation software, essentially a predictive analytics tool that runs 10,000 simulations in under than a second, forecasts future returns and generates a set of outcomes over many time horizons. The client monitors the performance of their assets as well as progress toward their goals; the human advisor reviews and rebalances their portfolio to keep them aligned with those goals. While some software robots learn by inference, their improvisational capabilities remain limited. That's where the humans come in. Marcante says the advisor also helps clients avoid making trading errors during emotional times and volatile markets, often "talking them off the ledge when the markets are down and they're supposed to be holding long-term."

Tracking the Data Science Talent Gap

How big is the data science skills gap? There are several ways to attack that problem, and a number of smart people at renowned organizations have attempted to put numbers to the problem. Back in 2012, the research firm Gartner said there would be a shortage of 100,000 data scientists in the United States by 2020. A year earlier, McKinsey put the national gap in data scents and others with deep analytical expertise at 140,000 to 190,000 people by 2017, resulting in demand that’s 60 percent greater than supply. In 2014, the consulting firm Accenture found that more than 90 percent of its clients planned to hire people with data science expertise, but more than 40 percent cited a lack of talent as the number one problem.

How developers can take advantage of machine learning on Google Cloud Platform

TensorFlow is on the academic or research side of machine learning at Google. Machine learning APIs are on the opposite side of that spectrum and require much less understanding of machine learning to implement within an application. Cloud Machine Learning, announced Wednesday, is in the middle and can extend to either side. Ferraioli said developers can use Cloud Machine learning "When you have a customized problem that you want to solve." Cloud Machine Learning is a fully managed service, and developers can train it using a custom TensorFlow graph. It offers batch and online prediction at scale and an integrated Datalab experience, but regression and classification are its two primary tasks.

Experts say Internet of Things is edging into maturity

A smart home will have between 100 and 200 connected devices. How are you going to power them all? You can’t give each a battery. You’ll need energy harvesting for this. The markets are evolving so chipsets can use energy harvesting, but that’s not available to Bluetooth yet. ... Top-down creation of a smart city may be a bit too ambitious. But building a smart home, and extending the conversations of the intelligence washing machine and solar panels with the utilities, so they interact with the grid and the sewage systems with maximum efficiency, could be a way of building a smart city by increments, from the bottom up. ... The APIs that the manufacturers will have to offer in order to create interoperability will open the gate to all that information.

The anatomy of an Android security flaw

One is that if fast and reliable ongoing updates are important to you -- and, let's be honest, they probably should be -- you should pick a phone that's known to provide that feature. Google's Nexus devices are the safest bet, as they receive software directly from Google without any third-party interference or delays. Whether we're talking about security or broader system-level improvements, that's an extremely valuable assurance to have. Second, as we've been discussing, remember that updates on Android really aren't the same as updates on other platforms. Google knows about the challenges created by its open source setup, and that's why it's taken steps to create all the other methods of reaching users directly -- both via the security-oriented paths we've been discussing and via the company's ongoing deconstruction of Android.

The Four Concerns That Must Be Addressed Before the IoT Can Really Take Off

It won’t just be fridges; we’ll see home energy systems, security devices, entertainment products, games, interactive wearables -- the list goes on and on. The question is, is it really going to happen? And shouldn’t we be seeing greater market penetration than we already do? While the IoT is a hot topic right now, we don’t have the sort of everyday uptake internet experts have predicted. In the grand scheme of things, there really aren’t very many connected watches, thermostats, or accessories. ... This article will look at the things the IoT needs to be on the forefront of the consumer experience, including the value to the consumer, the necessity of a centralized IoT platform, a set of international communication protocols, user education and greater security.

Quote for the day:

"Bad companies are destroyed by crisis, good companies survive them, great companies are improved by them." -- A Grove

March 25, 2016

Should You Worry That Your Car Will be Hacked?

Consumers, however, should stay informed about the capabilities of their cars, just as they would about most connected devices they own -- from PCs to smartphones to smart home appliances -- especially considering that vehicles are much a more complex and "dangerous tool," Menting said. "So it is perhaps even more important to understand the risks," she added. Egil Juliussen, director of research at IHS Automotive Technology, said other than gaining notoriety, there really isn't much of an incentive for hackers to break into your vehicle's electronic systems. In fact, the only business case for hackers to break into a vehicle is to extort money from owners or automakers. "They have to earn money on it; otherwise, it doesn't pay for them to do it," Juliussen said.

As Silicon Valley chills, Europe’s tech gets hotter

Silicon Valley is indeed undergoing a chill, while tech in Europe is growing, purposefully, confidently and across a broad front of geographical hubs and industries. Currently, France is leading Europe in investments so far this year. CB Insights shows that the absolute number of funding rounds for early-stage companies — what’s called Series A rounds — in the U.S. appear to have peaked in 2014 ... In Europe, Series A investments only really started to ramp from 2014, and the number of local companies hitting this funding milestone continues to rise. 2015 was a record year for Europe — up 12 percent from the year before. In January and February so far this year, A rounds are up 38 percent year-over-year.

SDNs come to the branch office, with risks

Despite the benefits of SD-WAN, Shaffer says that he still worries about the viability of startups such as Viptela in such an immature market: "I'm relying on something they have and what happens if they go away or get acquired and some company buries their product?" Shaffer says. "You may have time to get out, but you've invested the time and it's not what you wanted." While there is no crystal ball to help Shaffer see whether Cisco Systems or some other player decides to gobble Viptela, Shaffer says he believes the company is well-positioned for growth based on its funding and commercial track record. Viptela in 2014 raised $33.5 million from Sequoia Capital and counts Gap as one of its customers. Last month Verizon began selling a hosted SD-WAN service powered by Viptela.

The Evolution of today’s enterprise applications

In the old days, corporate IT departments built networks and data centers that supported computing monocultures of servers, desktops and routers, all of which was owned, specified, and maintained by the company. Those days are over, and now how you deploy your technologies is critical, whatone writer calls “the post-cloud future.” Now we have companies who deliver their IT infrastructure completely from the cloud and don’t own much of anything. IT has moved to being more of a renter than a real estate baron. ... At the same time, the typical endpoint computing device has gone from a desktop or laptop computer to a tablet or smartphone, often purchased by the end user, who expects his or her IT department to support this choice. The actual device itself has become almost irrelevant, whatever its operating system and form factor.

Are electronic medical records worth it?

The value of the technology has been heralded as improved diagnosis and treatment through better information access and sharing. Researches, however, have found that the vast majority of providers don’t share electronic patient data outside their own practice. According to a study by the Agency for Healthcare Research and Quality, just 14 percent of providers were sharing data with other providers in 2013 Psychology Today notes that many medical centers’ outpatient systems cannot “talk” to their inpatient hospital systems; and actually accused “One of the bigger “providers” of electronic health records” of creating data silos that prevent the sharing of their records with outside organizations unless a high fee is paid. This current state of affairs argues for strong action by the government and even stronger action by healthcare organizations.

Quantum Networkers, Watch Out: Twisting Light Slows IT Down

By putting a twist on beams of light and changing how they travel through space, engineers can create another variable for encoding information. Each kind of twist creates a different corkscrew pattern, and theoretically there's no limit to the number of patterns that can be created, said University of Ottawa Assistant Professor Ebrahim Karimi, who led the research team. With that extra form of encoding, networks could carry as much as four times as much data as they do now, just using fiber already in the ground, Karimi said. More advanced fiber could allow for many more times the data. Twisted light may also play a role in quantum computing, the fledgling field of number-crunching using more than just binary zeroes and ones.

Australia can't afford to miss the 'blockchain' revolution

Financial services is the largest and also the fastest-growing sector in the Australian economy, according to the recent UBS/FSC State of the Industry report. The broader services sector is the key contributor to employment growth, making up for weaker figures in other sectors, according to the RBA. Think about things like international tourism, wealth management and natural energy. It is in the services industry that blockchain technology can be most transformative. We do need to catch ourselves before we go running away with all the possibilities of the blockchain. On the one hand, the technology has the potential to reduce fraud because of the transparency among users. On the other hand, there are still open questions about how secure the system is, which has obvious implications for something described, ironically enough, by The Economist as "the trust machine".

9 Myths Surrounding Blockchain Smart Contracts

Historically, the concept was first introduced by Nick Szabo in 1994. Smart contracts then had a long gestation period of inactivity and disinterest, because there was no platform that could enforce them, until the advent of blockchain technology in 2009. Now, smart contracts are entering their prime, especially since Ethereum has popularized them further by making their programming a basic tenet of their blockchain's power. Like any new buzzword, the more a term gets popular, the more it spreads around. The more it will get used, but also misused and abused. It will mean a lot of different things to different people. Here’s a list of 9 misconceptions about smart contracts, and my efforts to debunk and explain away those misconceptions:

Interactive Intelligence Doubles Down on Cloud Computing

Each microcomponent processes one transaction at a time. If processing completes successfully, it moves to the next, and so on. If a transaction fails, that transaction might be lost, but another version of the microcomponent is activated to go on processing other transactions of the same sort. Thus any failure is isolated and has limited impact. If the number of transactions is higher than expected, this can be handled in one of two ways; either the system calls on AWS to provide more processing resources, or more instances of the microcomponent can be activated. The architecture also impacts how bugs are fixed or new capabilities are added. In both cases a new microcomponent is developed, and once tested, it takes over from an existing one or is activated to provide new capabilities.

Security vs. privacy: Evaluating the government’s case

Clearly, the government couldn’t compel the terrorist to reveal the key, since he is dead. So instead, it had to reveal its own blundering by taking this to court. I can only assume that, by choosing this case to push its agenda, the government is either desperate, feigning desperation or just staggeringly inept. I don’t find comfort in any of those scenarios. If the government is truly desperate, it has to know that it is losing the “crypto wars” and this is a last-ditch attempt to try to extract victory from the jaws of defeat. If it is merely feigning desperation, it is trying to lull us back into thinking our systems are more secure than they really are — meanwhile, it has developed or is developing some post-Snowden means of obtaining our data. And if it’s just staggeringly inept — then God save us.

Quote for the day:

"If you're not prepared to be wrong, you'll never come up with anything original.” -- @SirKenRobinson

March 24, 2016

University IT departments struggle to stay always open, always secure

If IT "cannot be agile enough in its review and implementation of cloud services, the path of least resistance for users may be to go it alone, without institutional IT involvement," Juckiewicz said. In the process, users can unwittingly put institutional or individual data at risk. Often called "shadow IT," the tendency to look beyond the central IT department for software and other technology became more widespread in organizations once people started bringing smartphones and tablets to work and using them to accomplish work tasks. Cloud applications available over the Internet, software as a service, made it even easier for departments outside IT to get whatever they wanted. It has happened in every industry, and higher education is no exception.

IAM is the future for managing data security

IAM systems prevent hackers from escalating privileges and gaining access to sensitive applications and data once they have compromised an employee’s credentials. They can also mitigate the reach of malicious insiders. IAM also helps to achieve regulatory compliance. Auditors are getting smarter about enforcing regulatory compliance. IAM helps to satisfy compliance mandates around separation of duties, enforcing and auditing access policies to sensitive accounts and data, and making sure users do not have excessive privileges. It can also improve employee productivity and reduce helpdesk costs. Good IAM processes and tools alleviate employee and customer frustration by letting users log in faster, such as by using single sign-on (SSO).

The Power of Next-Generation Profitability Analytics

A well-built, multidimensional profitability solution becomes a solid finance foundation, especially when coupled with a single, integrated analytic data platform or similar cloud-based business intelligence platform. Technologies such as these not only help define and run your profitability model, but they also offer the ability to make changes quickly, run ad-hoc analyses, manage very large data sets and provide reporting and dashboarding beyond what’s available with ERP solutions. What’s more, this type of finance foundation can ultimately serve as the single source for all of the diverse types of analytics performed within the CFO department, because there is a direct link back to the General Ledger.

What Everyone Should Know About Cognitive Computing

The goal of cognitive computing is to simulate human thought processes in a computerized model. Using self-learning algorithms that use data mining, pattern recognition and natural language processing, the computer can mimic the way the human brain works. While computers have been faster at calculations and processing than humans for decades, they haven’t been able to accomplish tasks that humans take for granted as simple, like understanding natural language, or recognizing unique objects in an image. Some people say that cognitive computing represents the third era of computing: we went from computers that could tabulate sums (1900s) to programmable systems (1950s), and now to cognitive systems.

Are you ready for an SDN deployment?

The principal motivation behind SDN deployments and hyper-convergence is the need for a responsive and nimble IT organization. While it's definitely the future, not all are ready for it. The shift can be too drastic for enterprises still struggling with the basics of managing an efficient infrastructure. Are you saddled with technical debt? Could your policies, standards and procedures use work? Do you have staffing challenges? The first steps toward deploying an SDN or SDDC strategy should include a phased design, with an analysis of the current environment addressing any gaps that are barriers to the future road map.

FBI, Apple battle may leave lasting legacy

"Never before have I seen encryption being in the public eye so much," said Rod Schultz, vice president of product at Rubicon Labs. "Time magazine, John Oliver -- if you told me this would happen a year ago, I would think it was impossible." The case has become an opportunity to educate the public about encryption and privacy, he said. "I think customers and the public are becoming very very savvy," he added. "For me, that's the best outcome right now." When combined with the recent memory of the Snowden leaks, he added, it makes for a strong argument against giving governments backdoors around encryption and weakening security. And the battle over unlocking Rizwan Farook's phone was just the tip of the iceberg, said Harvey Anderson, chief legal officer at AVG Technologies

DDoS attack threat cannot be ignored

One of the reasons why DDoS is such a significant threat is the relative simplicity of arranging an attack. There have been reports of a DDoS attack being hired as a ‘service’, sometimes for as little as £10. The distributed nature of DDoS attacks, combined with the anonymous nature of the internet, means the instigators are rarely caught. To have an appropriate level of planned safeguards in place for a DDoS attack, companies need to assess how much of their revenue is generated through their website. This revenue can range from orders taken online or appointments being booked, through to sales of digital goods and ordering of online services. Naturally, the ratio of digital revenue to physical sales will determine the appropriate level of response and preparation. As a worst-case scenario, companies should also plan how they would continue to operate if their website went down.

The Challenge of Monitoring Containers at Scale

Application functionality is becoming more granular and more independently scalable and resilient, which is a challenge for traditional monitoring solutions. If a single component within a microservice architecture fails, there may be no business impact, and so the severity of alert should match this fact. The traditional monitoring tool approach of testing whether something is 'up' or 'down' falls short, and accordingly some organisations are building their own monitoring systems. The transient nature of containers also presents new challenges with monitoring, especially when combined with the emerging popularity of scheduling and orchestration systems, such as Kubernetes, Mesos and AWS ECS.

How FinTech is shaping Financial Services

New digital technologies are in the process of reshaping the value proposition of existing financial products and services. While we should not underestimate the capacity of incumbents to assimilate innovative ideas, the disruption of the financial sector is clearly underway. And consumer banking and payments, already on the disruption radar, will be the most exposed in the near future, followed by insurance and asset management. ... The investment industry is also being pulled into the vortex of vast technological developments. The emergence of data analytics in the investment space has enabled firms to hone in on investors and deliver tailored products and automated investing. Additionally, innovations in lending and equity crowdfunding are providing access to asset classes formerly unavailable to individual investors, such as commercial real estate.

The Networked World

"Today when we virtualize some functions, whether it's load balancing or a policy engine or whatever we can do in an SDN construct, we can do it because we can virtualize those functions without giving up performance. We couldn't do that 10 years or even six years ago,” Mehra says. "We are in the middle of this software-defined revolution, but it was made possible by multiple pieces all falling in place: advancements on the semiconductor side, advancements with other hardware, and advancements related to how we can consume software in the networking world." This coalescence of new developments is, in fact, what is enabling the Internet of Things: advances in sensors, in wireless networking, in software control, in distributed intelligence, and in big data tools that make it possible to extract actionable intelligence from a plethora of data points.

Quote for the day:

"The aim of life is self-development. To realize one's nature perfectly - that is what each of us is here for." -- Oscar Wilde

March 20, 2016

Cyber-Insurance: Is It Right for Your Business?

As a result of actual and threatened events, the insurance market has responded with a new product to protect businesses from data breaches: cyber-insurance. Traditionally, businesses sought coverage for losses of data breaches under commercial property, commercial general liability, and business interruption policies for first-party losses, and under commercial liability and directors and officers liability policies for third-party losses. However, in the late 1990s, insurers began offering cyber-insurance in the form of standalone policies. Yet, despite recent data breaches, only 20 to 30 percent of American firms purchase cyber-insurance. The case law interpreting these policies is scarce, as courts struggle to define the parameters of cyber-liability. Courts are increasingly allowing plaintiffs to file creative claims against businesses in the wake of data breaches.

The future of computing

Moore’s law was never a physical law, but a self-fulfilling prophecy—a triumph of central planning by which the technology industry co-ordinated and synchronised its actions. Its demise will make the rate of technological progress less predictable; there are likely to be bumps in the road as new performance-enhancing technologies arrive in fits and starts. But given that most people judge their computing devices on the availability of capabilities and features, rather than processing speed, it may not feel like much of a slowdown to consumers. For companies, the end of Moore’s law will be disguised by the shift to cloud computing. Already, firms are upgrading PCs less often, and have stopped operating their own e-mail servers.

Big Data for Governance - Implications for Policy, Practice and Research

This predicted growth is expected to have significant impact on all organizations, be it small, medium or large, which include exchanges, banks, brokers, insurers, data vendors and technology and services suppliers. This also extends beyond the organization with the increasing focus on rules and regulations designed to protect a firm’s employees, customers and shareholders as well as the economic wellbeing of the state in which the organization resides. This pervasive use and commercialization of big data analytical technologies is likey to have far reaching implications in meeting regulatory obligations and governance related activities.

XGIMI projects innovation in Android entertainment

The device is ideally suited for a number of use-cases including families or students that are space-constrained or cannot accommodate a permanently wall-mounted television. It incorporates a 700 ANSI Lumens OSRAM LED projector element which is fully capable of both 1080p and 4K output, and can render 3D video, with up to a 300" diagonal width projection area. The device can also act in a "Business" mode where data from a cloud storage service or from local USB can be presented using a built-in Microsoft Office-compatible viewer. Of course, with Office 365 for Android, it's also possible to run the real thing, provided you have the right packages installed. In its pre-production configuration the device was shipped to me with a modified version of Android 4.3 using AOSP-based sources. The device uses a 1.5Ghz quad-core ARMv7-based SoC, which is comparable to that which might be used in a high-end smartphone.

Beyond Bitcoin: The blockchain revolution in financial services

Interest in the technology exploded when it became clear that blockchain can be used to document the transfer of any digital asset, record the ownership of physical and intellectual property, and establish rights through smart contracts, among other applications. By reordering and automating complex, labor-intensive processes, the technology can enable organizations to operate both faster and more cheaply. Financial institutions are exploring a variety of opportunities to use blockchain, including applications to improve and enhance currency exchange, supply chain management, trade execution and settlement, remittance, peer-to-peer transfers, micropayments, asset registration, correspondent banking and regulatory reporting.

Who Are the Bad Guys and What Do They Want?

Recent breaches at the Internal Revenue Service are a stark reminder that cyber crime is alive and well. According to Center for Strategic and International Studies, cyber crime and cyber espionage cost the global economy between $375 billion and $575 billion annually, or roughly 1% of global income. So who are those guys and what do they want? Based on interviews with several cyber security experts, this O’Reilly report provides a concise and highly informative look into various actors who populate this murky world. You’ll explore some of their methods and motivations, as well as new approaches from the both US government and private sector to help organizations manage cyber security more aggressively. ... Get a copy of this report and find out what your organization can do to deal with this ongoing threat.

Defend against ransomware with 3 easy steps

The fight to secure your business is a never-ending battle. Ransomware is a particular strain of malware that quietly works in the background to encrypt user documents with a secret cryptographic key kept at a remote location and threatens to only release this key upon payment to the perpetrators. This type of malware has mostly changed in its increasing sophistication and prevalence, as well as the use of robust encryption schemes that offer little hope of undoing by the time its nefarious encrypting work is completed. According to Software Advice, businesses are taking note of the risks surrounding this malware. Sixty-seven percent of business decision-makers claim they'd never pay a ransom to regain access to infected files, yet only 23 percent say they're "very confident" their data is secure from ransomware attacks.

Spark in Action Book Review & Interview

Project Tungsten is one of these efforts under “get Spark as close to bare metal as possible” umbrella, where the goal is to remove any general-purpose software between Spark and the operating system (Tungsten allows Spark to bypass JVM and do memory management by itself). Tungsten makes a lot of sense, mainly because it makes a large class of JVM-related problems go away, garbage collection being the main one. Since end users are not managing memory manually, there’s no risk of getting segmentation fault errors, so the full potential is there to give Spark arbitrary large chunks of off-heap memory with significant performance improvements without any down sides that would be visible from the end user perspective.

Why Central Banks Should Start Issuing Electronic Money

The Bank of England currently issues central bank money reactively: it issues banknotes in whatever quantities are needed to meet demand from the public, and issues central bank reserves in order to meet demand from the banks. It could choose to issue digital cash in the same way, by providing the infrastructure for Digital Cash Accounts but letting the public determine how to split their holdings of money between bank deposits and digital cash. ... Alternatively, by taking a proactive approach to issuance, the Bank of England could use digital cash as a monetary policy tool to stimulate aggregate demand and influence the economy. If every citizen had a Digital Cash Account at the Bank of England (either directly or indirectly), then it would be a simple process for the Bank of England to make small and occasional ‘helicopter drops’ of newly created digital cash to every citizen.

What Should Data Scientists Know About Psychology?

How data is collected informs what we can conclude from that data. Many methodological confounds exist in relation to what can be extrapolated from data to maximize the ecological validity of what can be accurately concluded. Implementing quality assurance in collecting data, such that what is supposed to be measured is indeed being measured requires manipulation checks, quality testing and research. Then how the data is coded and quantified creates another lens of possible distortion. Poor measurement cannot be fixed post-hoc in already collected data. Furthermore, because statistics requires the calculated assumption of error (unlike formal mathematics) how one implements data mining/management decides on appropriate statistical analysis and interprets the results is of utmost importance in a field of scientific inquiry.

Quote for the day:

"Only those who attempt the absurd will achieve the impossible." -- M.C. Escher

March 19, 2016

How to Connect Cisco Nexus 9396PX to 40G Network

The traditional network usually used a three tier network architecture. However, with the migration of 40/100G, a new architecture is taking place of the traditional one with great advantages. This is known as spine-leaf architecture. ... In spine-leaf network architecture for 40G application, the connections between the spine switches and leaf switches are 40G, while connections between the leaf switches and servers are usually 1/10G. Thus these 40G QSFP+ ports can be used to connect the spine switch and the 1G SFP/10G SFP+ are suggested to connect servers and routers. To accomplish the whole spine-leaf connection, optics and cables or DAC (direct attach cable) should be used. The following picture shows a 40G spine-leaf architecture with Cisco Nexus 9396PX being used in the leaf layer and the fiber cabling choice for Cisco Nexus 9396PX switch in this architecture.

HPE IaaS reference architecture for SAP Business Applications

The solution blueprint outlined in this paper provides an Infrastructure as a Service (IaaS) Cloud infrastructure for SAP Business Applications under both traditional and SAP HANA In-Memory databases as the Cloud service. The platform provides the ease of use and flexibility needed to minimize the effort to bring legacy platforms to SAP HANA performance levels and addresses future needs coming with SAP’s newest software generation S/4HANA. The configurations are based on Hewlett Packard Enterprise servers, storage, networking and software. For customers that need maximum and dedicated database performance, this white paper describes a high performance configuration optimized for SAP HANA bare metal deployments and SAP Business Applications based on virtualization layers.

FlexPod and UCS – where are we now?

Recent announcements around the Gen 3 UCS Fabric Interconnects have revealed that 40GbE is now going to be the standard for UCS connectivity solutions, and the new chassis designs show 4 x 40GbE QSFP connections, totaling 320Gbps total bandwidth per chassis, this is an incredible throughput, and although I can’t see 99% of customers going anywhere near these levels, it does help to strengthen the UCS platform’s use cases for even the most high performance environments, and reduces the requirement for Infiniband type solutions for high throughput environments. Another interesting point, and following on from the ACI ramblings above, is that the new 6300 series Fabric Interconnects are now based on the Nexus 9300 switching line, rather than the Nexus 5K based 6200 series.

Jive prescribes collaboration software as best DNA match for healthcare

The theory here is: better collaboration could improve information, could improve patient care, could improve the fight against the nursing shortage the USA currently being experienced. According to a press statement, "Built on the cloud-based Jive-n interactive intranet, this solution improves the accessibility of nursing curriculum, best practices, specialised knowledge and peer-to-peer feedback amongst nursing educators, professionals and students." Oregon was the first US state to implement a statewide, multi-campus consortium approach for nursing education and OCNE's collaborative online community is claimed to be the first of its kind.

Getting Started with Blockchain

Blockchains are going to be useful wherever there is a need for a trustworthy record, something which is pretty vital for transactions of all sorts whether it be in banking, for legal documents or for registries of things like land or high value art works etc. Startups such as Stampery are looking to use blockchain technology to provide low cost certification services. Blockchain is not just for pure startups however. Twenty-five banks are part of the blockchain company, called R3 CEV, which aims to develop common standards around this technology. R3 CEV’s Head of Technology is Richard Gendal Brown an ex-colleague from IBM.

Open Blockchain

OBC is a modular-based protocol for recording and accessing transactions on a private ledger. Transactions, in this context, can have a wide definition, ranging from data to assets, instructions, and identities. A system that combines both the transactional processing protocol and the information store is a big advantage for multiple domains. For example, the protocol is modular so network administrators can define their own constraints and then set the protocol accordingly. This open source fabric allows infinite sets of unique actors to create their own networks. Communities create a permissioned network, where validating and non-validating nodes are operated by known whitelisted entities. These identities are granted access by an issuing authority on the network. This model is substantially different from current blockchains.

Identity theft, fraudsters, and what to know to prevent an attack

One of the pitfalls to keeping up with security trends, Platt said, "Is that there is a certain pace that organizations work at and putting changes in place can be difficult. You have to be able to make changes immediately, so you always want systems that can be changed and modified at the pace of fraud not at the pace of IT organizations." The pace of attacks has increased through technology, and according to Platt, "Some studies say that up to one-third of all traffic online is non-human." Innovation is driving change at a rapid pace, but while the technology available to people in the security industry is fast, it is changing just as fast for the bad guys. Platt said, "The pace of innovation is helping all of us so that every new attack can be identified and stopped."

BPM tools now used for complex event processing architecture

The events in the context of BPM can be internal events defined, generated or processed within the BPM tool. Examples include the instantiation or completion of a dynamic case or service levels. For example, when an assigned task is late, it is a temporal event that needs to be handled through escalation. The temporal aspect is extremely important in event processing, especially the occurrence and relationship of multiple events in a temporal window. Events can also be external, such as financial transaction events, device or machine-monitoring events and social media events. "Core intelligent complex event capabilities are becoming part of the unified BPM platform that supports intelligence holistically," Khoshafian said.

The Enterprise Architect is no Project Manager though it can be

The architect structures the description of the enterprise, establishes principles for change and evolution, standards for technologies, the roadmap... with the final aim to enable change, decision making and manage, if not reduce, the unnecessary and costly complexity and variation in the enterprise. The PM, having been given the architecture, dependencies, roadmap, risks, the work breakdown, skills and resources necessary and deliverables and acceptance criteria has to come up with a project plan and iterate it until the schedule, resources and costs are all coming together. The PM has then to monitor and report progress, bottlenecks, risks eventuation, organise meetings..

How Cognitive Computing Can Get Businesses Up And Running After Disasters

In the cognitive era, the continuous availability of data, systems, applications and business processes is essential. Organizations will take for granted that these services are “always on.” By applying advanced analytics and automation to predict potential issues, companies can correct systems in advance. At IBM, we are investing in new capabilities to help clients move from reactive business continuity and disaster recovery planning to a cognitive and predictive resiliency program. The goal is to avoid the impact of a disaster before it occurs. What if we could crunch weather data to predict the potential impact of severe weather and prompt appropriate action?

Quote for the day:

"Technological innovation is indeed important to economic growth and the enhancement of human possibilities." -- Leon Kass

March 16, 2016

10 Ways Virtual Reality is Disrupting Industries

Today we have different types of equipment or gears which facilitate our experience of this simulated environment. Take, for instance, the Google Cardboard, Oculus Rift, HTC Vive, Sony Morpheus VR headset or Samsung Gear VR. All these head mounted display (HMD) devices have magnified the mass interest and hype around virtual reality, bringing it out of animated series or video games, and into our living rooms. Today, this technology and its applications are proving revolutionary for almost every industry, and the world as a whole! Let’s understand the enormous ways in which VR is transforming the world and disrupting many different industries.

Is this the end of the API economy?

A gateway like this is an important element in API-focused service strategy. You can use it to handle user authentication, and then once user tokens have been exchanged, route calls to an appropriately provisioned endpoint. Is a user a subscriber, and at what level? If they're paying for a service, check how many calls they've made from their allocation, and deliver an appropriate error message if they've used their allocation so they can purchase more or upgrade a subscription to account for changes in user patterns. That doesn't mean returning a 200 OK message, it means delivering an appropriate and documented JSON response to ensure that applications are able to report errors to users.

TechUK to spotlight cyber threat intelligence

“The bottom line is that threat intelligence is only as good as the countermeasures that it informs, and that has got to be our ultimate goal,” Young said, calling on security organisations to join the Cyber Threat Alliance (CTA). A key part of informing countermeasures, said Rajab, is applying human intelligence and experience once the technology has sifted through the data to identify what needs further investigation. Similar to the CTA, TechUk considers it very important that threat intelligence is shared in the information security community for the benefit of all. “We have set up Trusted Agents Forum, which enables TechUk members to share threat intelligence and analysis. It is only through sharing threat intelligence and best practice that companies can better protect themselves,” said Rajab.

Debating Disruptive Innovation

It is critical that boards of directors and senior management understand when following accepted principles of good management (such as paying attention to your best customers and focusing investments where you can increase profit margins) leads to failure. Christensen demonstrated that those accepted management principles are only situationally appropriate. That insight can be used not only to avoid failure but also to go on offense to displace competitors. Identifying and harnessing disruptive innovations to avoid failure and to grow shareholder value became far more attainable once Christensen identified the essential elements of a disruptive innovation — a phenomenon previously unnoticed.

How Businesses and Governments Can Capitalize on Blockchain

While blockchain is the core technology that enables the Bitcoin crypto currency to operate, it can be used for entirely different purposes. It’s a distributed ledger shared via a peer-to-peer network that maintains an ever-expanding list of data records. Each participant has an exact copy of the ledger’s data, and additions to the chain are propagated throughout the network. Therefore, all participants in an interaction have an up-to-date ledger that reflects the most recent transactions or changes. In this way, Blockchain reduces the need for establishing trust using traditional methods. ... For blockchain to fulfill its full potential, it must be based on non-proprietary technology standards to assure the compatibility and interoperability of systems.

The downside of relying on social network providers for authentication

Relying on the social media giants helps both users and application developers. Users don't need to create yet another account and remember yet another set of credentials (my 1Password vault already has 176 entries in it). Application developers can skip implementing authentication, identity and password management. However, relying on a third-party identity service such as Facebook or Twitter also has its downsides. The application developer must make an assumption that the user has an account with those systems. The developer also must take it for granted that the third-party system is stable and reliable.

The Future of Jobs in a Machine World

Unlike the disruptions of yesteryear where technologies replaced simple repetitive Blue Collar job functions near the bottom of the Skills and Complexity Pyramid they’re now starting to replace White Collar knowledge workers near the top. The result is an increasingly nervy global workforce and for the first time ever a squeezed middle who are becoming increasingly worried about their lack of specialisms and skills. The technologies that will have the greatest impact and influence on the job markets can be divided into two groups. “Individual Emerging Technologies” such as Artificial Intelligence, Machine Vision and hardware and software based Robots and “Aggregated Emerging Technologies” that combine different technologies together to create platforms that include Autonomous Vehicles, Avatars, Cloud, Connected Home, the Internet of Everything, Smarter Cities, Wearables and Telehealth.

The 9 Challenges of an Industrial IoT Implementation (Part 1)

While industry reports provide some guidance, there is no straightforward answer as to which of these areas will yield the most short or mid-term benefits and should take priority. To name just a couple, Consultancy McKinsey, in its 2015 Report, Unlocking the potential of the Internet of Things, suggests that manufacturers stand to gain the most in making industrial processes more efficient. On the other hand, research firm Forrester, in its August 2015 paper The Internet of Things Has the Potential to Connect and Transform Businesses, counsels companies not to focus too heavily on potential efficiency gains from IoT, lest they “miss out on the potential of IoT to transform business models”. While there is no one size fits all, the answer to the question of where to start can be found by each company through a diligent and coordinated approach.

Chinese hackers behind U.S. ransomware attacks - security firms

"It is obviously a group of skilled of operators that have some amount of experience conducting intrusions," said Phil Burdette, who heads an incident response team at Dell SecureWorks. Burdette said his team was called in on three cases in as many months where hackers spread ransomware after exploiting known vulnerabilities in application servers. From there, the hackers tricked more than 100 computers in each of the companies into installing the malicious programs. The victims included a transportation company and a technology firm that had 30 percent of its machines captured. Security firms Attack Research, InGuardians and G-C Partners, said they had separately investigated three other similar ransomware attacks since December. Although they cannot be positive, the companies concluded that all were the work of a known advanced threat group from China, Attack Research Chief Executive Val Smith told Reuters.

Security via the cloud can ease digital transformation by reducing IT headaches

The rise of cloud-based services is coming at a time when many firms have been struggling to attract and retain skilled cyber security staff. Mistry from Trend Micro said this is particularly true for smaller firms, where IT staffing budgets can be very limited, thus making the ability to outsource cloud security especially appealing. “For businesses that have a limited headcount, in an environment where IT professionals are required to wear multiple hats, this allows some of the maintenance tasks to be reduced,” he said. “This includes network appliances such as firewalls, and also the full-time employee (FTE) staffing costs for the upkeep of security infrastructure. With security as a service, organisations can now use security software without the headache of maintenance. SMEs also favour security as a service for the reasons outlined."

Quote for the day:

"Great leaders are almost always great simplifiers." -- Colin Powell

March 15, 2016

Information security and the art of business enablement

For any business, decisions about what actions need to be taken from a security perspective should be based on risk, as opposed to an ad hoc approach to prioritizing fixes. For example, TLS 1.0, a web cryptography protocol, has a vulnerability allowing it to be exploited by the POODLE attack. That being said, it is not considered a critical exposure for most organizations. The PCI Security Standards Council for instance, is not requiring the removal of TLS 1.0 for existing installations until June, 2016. Were I assessing risks for an organization, this would probably not be the top item on my list. When using a risk-based approach to vulnerability management, the challenge is in properly assessing the business risk of a given vulnerability. This is where a CISO with knowledge of the business side as well as the technology side comes in.

How to Respond to Ransomware Threats

Ransomware is obviously analogous to kidnapping, and dealing with the perpetrators can feel much like negotiating with a jumper standing on the edge of high-rise roof.The Institute for Critical Infrastructure Technology recently released a report that in part describes how to deal with criminals when they are holding your data hostage. The report talks of what to do once a breach has been found. ICIT says the proper response will depend on the risk tolerance of the organization, the potential impact of the hostage data, the impact on business continuity, whether a redundant system is available, and regulatory requirements.

Is cloud computing facilitating poor security practices?

The single most common mistake users of public cloud make is to not read their contracts and understand where their responsibilities truly lie. Often people are unclear as to when and how the creation of a server in the cloud moves from the care and security of the provider to them. I’ve run into folks who mistakenly thought their cloud provider was patching servers through some back door for them. They weren’t; and the servers went unpatched for months. Often organisations will forget that the layer of management given to them by the cloud provider will also need some security. The administrative users and rights used to configure and control the cloud systems will need to be treated just as carefully as any other privileged users in their systems.

Embracing open source - An expert look at the cutting edge of corporate technology

Variety speaks to how open source used to be confined to software – programming that could be improved or adjusted to fit different business needs – but has now evolved into hardware IP, like specs, servers, and data center designs. Volume speaks to the amount of open source content that's available, which has grown astronomically in the past few years. Major growth in volume is largely due to the fact that open source IP isn't just created by individuals anymore – it's created by huge corporations, too. Open source also must be viewed in terms of velocity, or how quickly it develops everyday use-cases. Duet says that open source is now fully permeated in technology, and points to the rise of the Internet of Things – made possible by the ability to analyze disparate data sets on a massive scale – as a triumph of open source philosophy.

Change Management: Building a Case for Cloud-Based ERP

If moving to public cloud or hosted services seems intimidating by adding another factor into the mix amid or replacing on-premise infrastructure, a paradigm shift is in order – necessary to stay competitive and lean in a world shifting to accommodate more outsourced options and the agility found in the cloud. Complicating things further, those now making the move are presented with options – options that improve the quality of cloud overall, but create an initial dilemma as leaders oscillate between service providers and products, debating which areas of their business to migrate when and where. Meanwhile, more and more applications build upon on another within increasingly complex and intricately interdependent environments.

Will WebSocket survive HTTP/2?

The browsers opens several HTTP 1.x connections in parallel to speedup the page loading. Browsers have different limits on maximum concurrent connections they can open on a domain but they generally support around 6 different connections. To overcome this limitation, techniques such as Domain sharding can be used to distribute resources across several domains. These techniques (that we can consider as hacks) including concatenating JavaScript and CSS files, spriting images and resource inlining will be counter-productive in a HTTP/2 world. This is probably one of the main impacts when considering to switch to HTTP/2: eliminate optimization/hacks made during several years. When trying with HTTP/2, we see the browser use a single multiplexed connection with a much faster load time.

What can your ISP really see and know about you?

Some high-profile ISPs were not pleased after the FCC proposed rules (pdf) to give broadband consumers more privacy. To dispute the notion that ISPs are “somehow uniquely positioned in the Internet ecosystem,” AT&T wants you read Georgia Institute of Technology professor Peter Swire’s paper titled “Online Privacy and ISPs: ISP Access to Consumer Data is Limited and Often Less than Access by Others.” Although Swire’s paper may be used to assist the FCC as it decides how to handle broadband privacy, the same paper was criticized for technical inaccuracies by Princeton professor Nick Feamster before Feamster revised his statement to say Swire’s paper skips over “important additional facts that should be considered by policymakers.”

Project Management Gloassary

The project management field spans 10 interconnected knowledge areas and incorporates the use of 47 processes organized into five process groups (initiating, planning, executing, monitoring and controlling and close-out) -- making it a complex field to understand and navigate. As project management is applied within small businesses to large multi-national organizations and to virtually any industry in some form, anyone from the CEO of a large international organization to employees within a small business can benefit from understanding these PM terms. Since project management involves careful planning, execution and management of people, processes, timelines, deliverables, technologies and other resources in a way that aligns with overall strategic objectives, successfully executing a project, can be almost impossible absent the understanding of these PM terms.

IoT “plug and pray” all over again, says security consultant

The unwillingness of manufacturers to address security issues, he said, is illustrated by Trane, which was alerted to serious security flaws in its ComfortLink II thermostat in April 2014, including hard-coded SSH passwords, and yet this particular issue was only fixed a year later, and the company took a further eight months to address the remaining vulnerabilities. “When [Trane] eventually did fix the vulnerabilities it did not alert customers, so this is a classic example of the problems people are facing, where they have these devices, they don’t know they are insecure, and they are not made aware when is a software update to make them secure,” said Alexander. He also pointed out consumers should be aware that there is money to be made from data, and that electronics manufacturers have found a way to make consumers pay to put devices in their homes that will give the device makers data that will make them money.

Data traffic jam? Top performance requires worldwide Internet intelligence

If your customers in Berlin are experiencing performance problems with your service it could be an issue at a local ISP or CDN you are using. It could be a more general problem in Berlin. It could be a lot of things. You can then use Dyn's information on where the problems actually are to direct your traffic through alternatives until the trouble passes. Obviously such problems occur all the time, some from mistakes, some from equipment failure, some from malicious action like a DDOS. In all cases, the first action to take is to route around the problem. Very often, existing services and practices use geolocation and hops as a proxy for latency in order to determine best route. But what if you actually had the latency numbers?

Quote for the day:

“Presence emerges when we feel personally powerful, which allows us to be acutely attuned...” -- Amy Cuddy