Daily Tech Digest by Kannan Subbiah

May 19, 2016

Lessons from LinkedIn data breach revelations

As mentioned, LinkedIn’s passwords were encrypted, but the company was still using a relatively weak hashing algorithm. It was also not adding random text to passwords to make it more difficult to reverse engineer the hashed or scrambled versions of the passwords. ... Creating unique passwords for every online service means that if one is compromised, none of the others are affected. However, the converse is also true. If passwords are re-used and one service is compromised, it means all others where the same password is valid are also at risk. “While LinkedIn has taken the precaution of invalidating the passwords of the accounts affected, and contacting those members to reset their passwords, the chances are that many will use the same password across multiple online accounts,” said Liviu Itoafa, security researcher at Kaspersky Lab.

Cloud security: A mismatch for existing security processes and technology

Certainly cybersecurity professionals want to leverage existing security investments and lean on well-established best practices as much as possible. So, what’s the problem? Unfortunately, existing security technologies and processes don’t always work when pointed at cloud-based workloads. In fact, 32 percent of enterprise cybersecurity and IT professionals admit they’ve had to abandon many traditional security policies or technologies because they couldn’t be used effectively for cloud security, while another 42 percent have abandoned some traditional security policies or technologies because they couldn’t be used effectively for cloud security.

IT Governance Integral Part of Corporate Governance

For any modern day business to stay agile, relevant, competitive and profitable, it has to rely and invest in IT as a major component of its business strategy. Automating a company's functions, apart from requiring significant financial investments, also requires the incorporation of powerful internal control mechanisms into computers (hardware), software and networks to manage operational IT risks. In view of the above, IT governance is now considered as a bread and butter issue for businesses to thrive. The emerging trend is that IT governance and corporate governance can no longer be separated. IT governance now constitutes a key component of every company's strategic plan and consequently it has become a standing agenda item at board meetings.

Ransomware attacks force hospitals to stitch up networks

Once ransomware is on the networks, hospitals were forced to resort to finding and using paper copies, fax machines, phones, and any other non-connected devices, while network administrators hastened to get their systems up and running. The result of these activities has made a lasting impact on operations: in some instances doctors even had to reschedule high-risk surgeries. The lessons to be drawn from these recent incidents is the need for hospitals to develop and implement a strong cyber resiliency plan that incorporates incident response as well recovery operations from such attacks. The threat of ransomware demonstrates the need for hospitals, as well as all organizations, to identify critical information and properly store it on backup systems that are independent of the main network. While we can’t necessarily predict when attacks against us will occur, we can always be prepared to respond to them once they do.

Digital transformation trips: advice from CIOs

Unsurprisingly, lack of investment from the business is a barrier to digital transformation, with 50 per cent of those studied saying this was one of the biggest downsides. When asked what the major barriers are to digital transformation projects, the top answer was the lack of funds available for technology provision. Adding to complexity, corporate culture is often change-averse, according to 43 per cent of CIOs studied. If they are to encourage investment in digital, CIOs must now convince the board of the area's ability to drive business change. A financial sector CIO explains: "Gain board level sponsorship, so the initiative is perceived as a business led change programme, rather than a technology led one."

Google Has Built Its Own Custom Chip for AI Servers

TPU gets its name from TensorFlow, the software library for machine intelligence that powers Google Search and other services, such as speech recognition, Gmail, and Photos. The company open sourced TensorFlow in November of last year. The chip is tailored for machine learning. It is better at tolerating “reduced computational precision,” which enables it to use fewer processors per operation. “Because of this, we can squeeze more operations per second into the silicon, use more sophisticated and powerful machine learning models and apply these models more quickly, so users get more intelligent results more rapidly,” Jouppi wrote.

Make the bed, enterprise OpenStack deployment is moving in

The increased adoption of OpenStack is part of a changing perspective of open source in general, where more enterprises view it as a way to get faster top-level development, rather than relying on the roadmap of one proprietary entity, according to Nelson. "There's been a big shift from a bunch of developers getting in a room and dreaming of the future to something that has become a lot more real, and adopted by commercial vendors and looked at seriously by a lot of large enterprises," she said. The next step in OpenStack adoption is likely companies that are not interested in putting whole development teams in place to put the upstream code into production. Instead, the next round of adoption will likely involve a deployment from a vendor -- companies such as Canonical, Red Hat or Mirantis -- to do it hands-off, so it feels like rolling out Linux.

SEC says cyber security biggest risk to financial system

The SEC, which regulates securities markets, has found some major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced, SEC Chair Mary Jo White told the Reuters Financial Regulation Summit in Washington D.C. "What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks," she said. "As we go out there now, we are pointing that out." White said SEC examiners were very pro-active about doing sweeps of broker-dealers and investment advisers to assess their defenses against a cyber attack. "We can't do enough in this sector," she said.

New Federal HIPAA Guidance Targets Data Security Incidents

The new guidance defines how business associate agreements should specify the terms of how and for what purposes protected health information will be used, and create reporting mechanisms that cover instances in which protected information is disclosed in a way not authorized under contracts. The new rules put the onus on BAs to report incidents to covered entities. ... OCR recommends that business associate agreements contain requirements that BAs and subcontractors report a breach or a security incident even if it did not cause a breach. The information should include BA or subcontractor name and contact information, a description of the incident, date of the incident and date of discovery, types of unsecured PHI involved in the incident, and steps being taken to further investigate the incident and avoid future incidents.

Role of Business Analysis in Agile

Great business analysts are now more aware of the customer and their journey with the software. They’re interested in understanding not only why the business want the product built, but what the problem is that the product is trying to solve and how their customers will use it. The business analyst is also in a fantastic position to influence team dynamics. They’re working closely with the product owner, working closely with the development team, being able to drive consensus on decisions that are being made is a great way to ensure that the whole team feels they have ownership of the product. This also helps establish a shared goal that the whole team can work towards. So you can see, there’s heaps of different paths a business analyst can take to be T-shaped and provide further value to their teams.

Quote for the day:

"Diligence is the mother of good fortune." -- Miguel de Cervantes,

May 18, 2016

Your Business’ Network Needs IPS and IDS – Here’s Why

If you are simply looking for IDS, which is intrusion detection services, then what you want to do is have the devices working out of the direct line of your traffic flow so that you can detect abnormalities on different scales. However, if your focus is on IPS, which is intrusion prevention services, then you want to put the device that is sorting through your traffic in line with your network so that it can be the barrier your network needs to stay safe. ... Some of the different streams that are used for intrusion pose a larger threat than others, and this is worked into the device itself that you are using. Your device will detect the intrusion, figure out what type of intrusion it is, and evaluate the information that it can get from the intrusion. From there, you will be able to get a rating as to just how much potential danger your network is in, and decide on what type of steps you want to take next, such as blocking that type of intrusion,

On Blockchain Disillusionment and Bitcoin's Big Bad Wolves

For all the investment, it remains increasingly unclear exactly how banks will use blockchain technology or distributed ledgers, or if the areas where it seems most effective will be lucrative or interesting enough for incumbent financial firms to pursue. As noted by Coin Sciences CEO Gideon Greenspan in a recent CoinDesk opinion piece, shared ledger efforts have hit a roadblock when it comes to confidentiality, as every institution operating in such environments today sees every transaction. "This turns out to be a huge issue, both in terms of regulation and the commercial realities of inter-bank competition," Greenspan writes. "While various strategies are available or in-development for mitigating this problem, none can match the simplicity and efficiency of a centralized database managed by a trusted intermediary."

DevOps model, a profile in CIO leadership, change management

Proponents tout the many benefits of DevOps, the practice of putting software developers and the IT operations together so that building, testing and releasing software can happen very quickly, frequently and more reliably. They say this approach (or culture or movement, as some call it) produces faster delivery of features, more stable operating environments and better quality products. They also say that the DevOps model means continuous software delivery and faster resolutions of problems, which lead to more satisfied users. Results like that get attention, said Donnie Berkholz, research director for the development, DevOps, and IT ops channel at 451 Research. In fact, he points out that 40% of the 568 infrastructure professionals his firm recently surveyed are using DevOps somewhere in their organizations.

10 most in-demand Internet of Things skills

Insufficient staffing and lack of expertise is the top-cited barrier for organizations currently looking to implement and benefit from IoT, according to research from Gartner. "We're seeing tech companies around the globe getting organized and creating IoT strategies, but where they're struggling is they don't have the processes and talent in-house to make these things happen," says Ryan Johnson, categories director for global freelance marketplace Upwork. By tracking data from Upwork's extensive database, Johnson and his team have identified the top 10 skills companies need to drive a successful IoT strategy. Data is sourced from the Upwork database and is based on annual job posting growth and skills demand, as measured by the number of job posts mentioning these skills posted on Upwork from October 2014 to December 2015.

SAP Technology Targets Inequity in Workplaces Around the World

“Diverse teams are high performing teams,” said Mike Ettling, president of SAP SuccessFactors.* “We’re always looking at how innovative HR technology can improve people’s work lives. Our HCM solutions simplify and standardize HR processes for organizations across the globe. Addressing inequity fits into our focus on built-in intelligent services and recommendations. Today’s innovations, and those to come, are designed to help companies find and address opportunities to build inclusive cultures, prompting managers and HR professionals to make intentional decisions as they attract, hire, develop, reward and promote people.” The use of technology to tackle workplace issues like gender inequity has not grown at the same pace as that of the digital economy.

Cloud security and compliance concerns rise as investment grows

“As organisations look to cloud computing to reduce IT costs, increase agility and better support business functions, security of data and applications in the cloud remains a critical requirement,” says Holger Schulze, founder of the 300,000-member Information Security Community on LinkedIn. “The 2016 Cloud Security Report indicates that as organisations increase investments in cloud infrastructure, they are seeking a similar level of security controls and functionality to what’s available in traditional IT infrastructures. “However, they are finding traditional security tools ineffective in the cloud. In a shared responsibility model, this is an opportunity for organisations to implement effective cloud security solutions to strengthen their security posture and capitalise on the promise of cloud computing”.

Towards a whole-enterprise architecture standard – 6: Training

In short, training only make sense in those parts of the context that map to the left-side of that boundary. To the right, we’re going to need real skills, which in turn arise only from some form of education or self-education. The vertical axis on SCAN is an arbitrary scale of the amount of time available for assessment and decision-making before action must be taken – the latter indicated by the ‘NOW!’ as the baseline, with time-available extending ever upward towards an infinite future relative to the ‘NOW!’. The green dotted-line across that axis represents a highly-variable yet real transition from theory to practice, or from plan to action. For humans at least: above the boundary, there is time for considered or ‘complicated‘ evaluation, and plans and decisions are rational – or may seem so, at least; and below the boundary, there is time only for simple evaluation in real-time, and plans and decisions are emotional

How to manage workers in the gig economy

HR has developed into a department that is devoted to employee engagement and company culture. "As companies shift from having traditional paper pushing HR departments to becoming more focused on the employee experience, a PEO system can create a huge benefit allowing HR to focus on their talent brand vs compliance," says Harris. PEO models can also help minimize the workload and paperwork associated with gig workers, who are in and out of the company like a revolving door, says Harris. These systems take away a lot of the grunt work associated with onboarding employees, as well as managing their benefits, compensation and even seeing them out of the company once they move on. PEO systems are freeing up HR so they can focus on ensuring gig workers are engaged, feel a part of the culture and aren't treated any differently than typical full-time workers.

Cybersecurity in 2020: The future looks bleak

Scenario planning or scenario thinking started in military intelligence circles as a way to create flexible long-term plans. "Scenario planning may involve aspects of systems thinking, specifically the recognition that many factors may combine in complex ways to create surprising futures,"according to Wikipedia. "The method also allows the inclusion of factors that are difficult to formalize, such as novel insights about the future, deep shifts in values, unprecedented regulations, or inventions." ... Wearables will track more than heart rate and the number of steps taken. "With devices monitoring hormone levels, facial expressions, voice tone, and more," suggest Weber and Cooper, "the Internet is now a vast system of 'emotion readers,' touching the most intimate aspects of human psychology. These technologies allow an individual's underlying mental, emotional, and physical state to be tracked—and manipulated."

Global Lenders on Edge as Cyber Attacks Embroil More Banks

While Swift has for decades made sure its own financial messaging network was secured, less attention was paid to the security surrounding how member banks -- each with their own codes and varying levels of technology -- were connecting. Even today, when it discusses the cyber attacks, Swift emphasizes that its own network wasn’t breached and says its members are responsible for their own system interfaces. Some U.S. banks are pushing to open discussions with Swift about whether it should have responded more quickly to the breaches and should now help member banks better secure their systems, according to one of the people familiar with the thinking within a large U.S. bank. BITS, the section of the Financial Services Roundtable aimed at combating cyberfraud and other technological issues, could be tapped to broker those discussions, the person said.

Quote for the day:

“The common question that gets asked in business is, ‘why?’ That’s a good question, but an equally valid question is ‘why not?’” -- Jeff Bezos

May 17, 2016

Critical Flaw in Symantec Antivirus Engine Puts Computers at Risk of Easy Hacknig

The worst part about it is that the Symantec AVE unpacks such files inside the kernel, the highest privileged region of the OS. This means that successful exploitation can lead to a full system compromise. "On Linux, Mac and other UNIX platforms, this results in a remote heap overflow as root in the Symantec or Norton process," Ormandy said in an advisory. "On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel, making this a remote ring0 memory corruption vulnerability -- this is about as bad as it can possibly get." Symantec has rated the vulnerability with a 9.1 severity score out of 10 in the Common Vulnerability Scoring System.

An Update On The Megatrend of Cloud Computing

There are seven key MegaTrends driving the future of enterprise IT. You can remember them all with the helpful mnemonic acronym CAMBRIC, which stands for Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics, Internet of Things, CyberSecurity. In this post we dive deeper into the first of these trends, Cloud Computing. We succinctly describe Cloud Computing as the scalable delivery of computational resources. Models of cloud compute include public clouds, private clouds and blends in between. Architectures are in place now that leverage tiers of clouds that can exist in multiple sizes and locations, including homes, businesses and datacenters.

Stealthy malware Skimer helps hackers easily steal cash from ATMs

"One important detail to note about this case is the hardcoded information in the Track2 -- the malware waits for this to be inserted into the ATM in order to activate," the Kaspersky researchers said. "Banks may be able to proactively look for these card numbers inside their processing systems, and detect potentially infected ATMs, money mules, or block attempts to activate the malware." Skimer is just one of several malware programs designed to infect ATMs that were discovered in recent years, suggesting that this method of attack is becoming increasingly popular among cybercriminals. The way in which malware programs have been installed on ATMs in the past has varied. In some cases it was installed by insiders. In others it was installed by booting from a CD drive after opening the ATM's front case using special keys.

How big data is going to help feed nine billion people by 2050

The power of farming data is insurmountable, and it is also dangerous. If someone knows the data of an operation, they also know when and where the crops are, how much yield, how much it costs, and the farm's profits. The overwhelming fear is that it falls into the wrong hands, be it a neighbor, a seed retailer, a fertilizer company, or a big ag corporation. And then that data is used against the farmer by being sold to a competitor or undercutting a neighbor for a better deal on land prices. Farmers and big ag companies are racing to find the holy grail of precision agriculture. Precision technology is a farming management concept that measures and responds to field variability for crops, often using satellites and GPS tracking systems. It has become more and more prevalent in recent history because of the advanced technology systems available on farms.

If These Predictions Are Right, We Will Lose Millions Of Jobs To Computers

The application of machine learning to the ever-increasing amounts of data being produced throughout the world will change everything when it comes to our jobs. Yes, these new technologies will make jobs easier for many people — but they also may make many of those jobs obsolete. Algorithms can now answer our emails, interpret medical images, find us the legal case to win, analyze our data, and more. Machine learning relies on algorithms that “learn” from past examples, thereby relieving the programmer from having to write lines of code to deal with every eventuality. This ability to learn, coupled with advances in robotics, cloud computing and mobile technology, means that computers can now help humans perform complex tasks faster and better than ever before.

The Importance Of A Personal Business Continuity Plan

People’s knee-jerk response is often to assume their data is automatically backed up to the cloud. While this is a good fallback, it is often presumptuous. If a cloud backup of your computer or your phone is your fallback strategy, you should look and see what is actually being backed up and whether it is current. When I recently examined my personal business continuity plan and looked at my iPhone iCloud backup, I discovered only 10 of my 129 applications were backed up to the cloud. If the cloud were my Plan A, I’d be in trouble. The reality is that you never, ever want to lose your data. It is your most valuable asset, and you need to do everything possible to protect it. The Disaster Recovery Journal explains that a personal business continuity plan is all about having a methodology in place to recover your data and help you return to full productivity as soon as possible.

Orchestration and Automation: The Enterprise’s Best Kept Secret

The IT organization simply defines a set of policies using templates. Those templates are then used to automatically provision all the infrastructure resources required by any given application workload. The end result is a much more agile IT organization capable of dynamically responding to any and all new application requirements. Once that automation capability is in place the IT organization gains the ability to holistically orchestrate sets of infrastructure services that function as a cloud; right down to being able to define what infrastructure resources can be made available to a specific application. In the truest sense of a cloud IT organizations can even allow developers to self-service their own IT infrastructure requirements within a set of well-defined guidelines defined by the IT organization.

Martin Van Ryswyk on DataStax Enterprise Graph Database

Datastax Enterprise (DSE) Graph is part of a multi-model platform that supports key-value, tabular, and Document models in addition to graph. Rather than use multiple vendors for handling polyglot implementations that demand different data models, the users can use one vendor and get different data models in the same product. DSE Graph includes additional capabilities like security, built-in analytics, enterprise search, visual management monitoring and development tooling. Also, DataStax Studio now comes with a new web-based solution to visualize graphs and write & execute graph queries. InfoQ spoke with Martin Van Ryswyk, EVP of Engineering, DataStax, about the graph data model support in Datastax.

Publisher's cloud strategy improves uptime and agility with PaaS

By embracing the Cloud Foundry PaaS, Springer Nature initiated "a big change in the working relationship between operations and development," Otte said. For example, changes to Springer's primary business channel, SpringerLink, once meant downtime. With PaaS, however, Springer Nature was able to dramatically improve uptime by empowering development teams to self-serve. According to Otte, "By embracing PaaS, we let dev teams own their applications in production without worrying about the operational hassles." This also resulted in "simplified operations and reduced costs across the board." This fits 451 Research's survey data that concluded IT increasingly worries about improving agility, rather than simply shaving pennies off hardware and software costs:

ONC Task Force: No ‘Show-Stopping’ Barriers to API Requirements

“We recognize implementation of such a framework may require Congressional action; however, using its role as advisor for all things health IT, ONC should seek to harmonize conflicting, redundant and confusing laws that govern access to health information,” the task force said. As part of that oversight framework, ONC should coordinate with the relevant agencies a single location for all API actors to access in order to become educated and to ask questions about the oversight and enforcement mechanisms specific to patient-directed health apps, as well as their specific rights, obligations and duties. For instance, the task force said, patients should have one place to access in order to log complaints regarding an app’s behavior, and app developers should have one place to access in order to log complaints that could launch investigations regarding a provider or an EHR API developer’s behavior regarding information blocking.

Survey: No Cure In Sight for Healthcare Data Breaches

“The fact that healthcare is bearing the brunt of cyberattacks is no surprise, given the unique black market value of the complete sets personal information sitting in electronic medical records, including patient names, family history, Social Security Numbers, and billing information,” commented Dylan Sachs, director of identity theft and anti-phishing for security vendor BrandProtect. “What is remarkable, however, is the level of sophistication these cyber criminals have achieved. We’ve recently witnessed a wave of elaborate attacks designed specifically to penetrate healthcare organizations. It seems clear that security measures must evolve to include aggressive, proactive monitoring for suspicious activities outside traditional security perimeters.” The College of Healthcare Information Management Executives similarly has raised a red flag about the epidemic of data breaches.

Quote for the day:

"Technological innovation is indeed important to economic growth and the enhancement of human possibilities." -- Leon Kass

May 16, 2016

Is The Fintech Industry The Next Tech Bubble?

Many experts believe that since banks offered such a wide multitude of services, they have lost their focus and have over extended themselves. This is why many Fintech startups started in the last decade are starting to give banks a run for their money. Most of these fintech startups specialize in one particular field and focus on customer experience and convenience. For instance, PayPal started offering online payments as a service for merchants when checks were becoming irrelevant for e-commerce transactions. This immediately made PayPal a household name and the company was able to gain significant market shares in a sector that was gravely neglected by banks. DealSunny, a company that specializes in special offers and coupons, devised a neat infographic exposing some of the facts about the amazingly fast growing Fintech industry.

The End Of IT: More Questions, Some Answers

Companies will not become digital until the employees, including the executives, adopt digital-age attitudes and techniques. The question is, "How?" In many instances, this will be a Darwinian process. Those CEOs who think digitally and who understand disruption will naturally lead their organizations to better places. In other cases, boards and directors will select new CEOs, perhaps those who have demonstrated an understanding of both business and the new digital age. ... Too frequently, the consultant doesn't take into account the business environment, or the consultant doesn't spend adequate time assessing conditions before applying the framework. This process is a little like a painter who shows up and doesn't clean the existing painted surface or apply primer. That new coat of paint is going to peel off sooner rather than later.

Courting the Internet of Things: Legal issues to weigh

Take the most basic question: Who owns the data smart devices produce and send forth over the Internet? Right now it depends on the contractual relationship between the parties. So if someone is buying, say, a refrigerator that can monitor its contents and send out orders to replenish dwindling supplies of milk, eggs or Pop Tarts, "there ought to be fine print in that purchasing agreement which talks about the data and the right of the manufacturer of the product to use that data and their ability to disseminate it," Foley said. Some data, like healthcare, finance and student aid information, is regulated, so there are rules limiting what organizations can do with it.

How to define the evolving role of data scientist

Businesses should also avoid being data-greedy -- because the idea of too much of a good thing, certainly can apply to data. "They may be collecting more data than they have the capacity to explore and assess the value of. One way to solve this problem -- is to be more selective about what data you analyze," says Rattenbury. And because data is such a new concept in business, Rattenbury recommends a flexible approach to a data strategy -- one that considers what should change as you move along with a new data initiative. This way, businesses can consider what's working, what's not working, who the key players are and the value tied to specific data points. However, prioritizing data this way isn't just a task for data scientists, he says, it's a task that needs to include everyone in the company.

The reality of android soldiers and why laws for robots are doomed to failure

One reason for the unreasonable level of expectation around autonomous weapons is the belief that AI is far more capable than it really is, or what Sharkey describes as the "cultural myth of artificial intelligence that has come out of science fiction." Researchers working in the field assert that AI is working on projects that are far more mundane (if useful) than building thinking humanoid robots. "Every decade, within 20 years we are going to have sentient robots and there is always somebody saying it, but if you look at the people on the ground working [on AI] they don't say this. They get on with the work. AI is mostly a practical subject developing things that you don't even know are AI — in your phone, in your car, that's the way we work."

Outsourcing Software Development to a Global Talent Pool: World of Help or World of Hurt?

Client success requires that your vendor understand the politics, administration, paperwork, red tape, tax and banking systems of the countries where they have established dev centers. For an outsource vendor, this if often the biggest challenge to overcome. Does your vendor employ someone on-site at their offshore dev center(s) to ensure they are able to successfully meet this challenge? The role of an on-site international business manager has the primary function to manage and navigate the processes specific to countries outside the U.S. Your vendor needs to ensure their employees, their facilities, and your code is safe, accessible, and stable. Regardless of outsource destination, your vendor needs to have a plan to address potential issues with electrical outages and other unpredictable factors related to utilities.

Google Ending Automatic Chrome Support For Flash

"While Flash historically has been critical for rich media on the web, today in many cases HTML5 provides a more integrated media experience with faster load times and lower power consumption," Anthony LaForge, technical program manager for Chrome at Google, wrote in an online posting explaining the switch. "This change reflects the maturity of HTML5 and its ability to deliver an excellent user experience." LaForge also noted that Google would continue to work closely with Adobe and other browser vendors to keep moving the Web platform forward, in particular paying close attention to Web gaming. Flash has been widely criticized for its security holes and susceptibility to new vulnerabilities. The late Steve Jobs published a 1,500-word letter in 2010, essentially calling the platform a relic from the bygone era of PCs and mice.

Identity Startup Netki to Launch SSL Certificate for Blockchain

Netki will seek to act as a certificate authority similar to how Symantec sells SSL certificates to domain name holders. When a MSB acquires a digital identity certificate for itself and its users, the name, address and verification level (aligned to the risk or value of the transactions) is built into the certificate. When a transaction is made, the MSBs on both sides send identity certificates and compare the information through their own AML checks. If both sides have a small green lock, the transaction is secure and compliant. Newton explained that one certificate would contain both the MSB and client information, but in the future, there would be a separate certificate for the MSB and client. But not storing information on a public ledger is also necessary for the world that Newton believes is coming.

Centralizing Security for Decentralized Environments

Both DDoS and web application security are important in today’s high-stakes, high volume game of “protect the application.” Bringing both together in a single, cloud-based solution addresses the need to centralize security whilst establishing appropriate app-centric perimeters regardless of where that app may be deployed. It’s infeasible to establish those app-centric perimeters on-premises. The architectural drawbacks of doing so outweigh the operational advantages. But moving that same concept to the cloud, as a cloud-based service, not only affords the same operational advantages innate to centralization but is an architecturally sound principle, as well. A cloud-based solution has access to greater bandwidth, which means it can withstand a deluge of network and application attack floods.

7 Deadly Career Mistakes Developers Make

Your expertise in one stack may make you invaluable to your current workplace -- but is it helping your career? Can it hurt to be too focused on only one stack? MediaMath’s Donohue doesn’t pull any punches on this one: “Of course it is -- there’s no modern software engineering role in which you will use only one technology for the length of your career. If you take a Java developer that has been working in Java for 10 years, and all of a sudden they start working on a JavaScript application, they’ll write it differently than someone with similar years of experience as a Python developer. Each technology that you learn influences your decisions. Some would argue that isn’t a good thing -- if you take a Java object-oriented approach to a loosely typed language like JavaScript, you’ll try to make it do things that it isn’t supposed to do.”

Quote for the day:

"Great effort springs naturally from a great attitude." -- Pat Riley

May 15, 2016

Towards a whole-enterprise architecture standard – 5: Practices and toolsets

What do we do when we’re doing whole-enterprise architecture? How do we choose what to do, when, in what order? And how do we record what happens, the outcomes, the results? Perhaps the core to all of this is the ‘Start Anywhere’ principle, and the focus on overall effectiveness of the enterprise. Yes, the potential scope of whole-enterprise-architecture might at first seem impossibly huge: anything, anywhere, in any aspect or domain of the entire enterprise, and even beyond. Yet the crucial twist is that the enterprise is seen as an ecosystem, or ecosystem-of-ecosystems: whichever way we look at it, it’s always oneintegrated whole, deeply interdependent, deeply interwoven. In which case, it doesn’t matter where we start: if everything’s connected to everything else, then we connect with everywhere eventually.

Can IT keep up with big data?

When IT deals with big data, the primary arena for it is, once again, large servers that are parallel processing in a Hadoop environment. Thankfully for the company at large, IT also focuses on reliability, security, governance, failover, and performance of data and apps—because if it didn't, there would be nobody else internally to do the job that is required. Within this environment, IT's job is most heavily focused on the structured transactions that come in daily from order, manufacturing, purchasing, service, and administrative systems that keep the enterprise running. In this environment, analytics, unstructured data and smaller servers in end user departments are still secondary.

Ransomware: How high will the demands go?

"Once inside a network, attackers can identify high-value files, databases, and backup systems and then encrypt all of the data at one time," the report suggested -- and pointed to malware families such as SamSa which can be deployed manually into an infected system. As ransomware becomes more dangerous, researchers fear that cybercriminals will use its increased power to extract higher ransom payments from victims. Currently, the majority of ransomware perpetrators demand between $200 and $500 -- usually in bitcoin -- before they release the victim's system. ... "If attackers are able to determine that they have compromised a system which stores valuable information, and that infected organization has a higher ability to pay, they will increase their ransoms accordingly," the researchers said.

How to Simplify Enterprise Architecture Messaging for Stakeholders

A second practice to kill EA complexity is to take a more selective approach to recording and managing data. This approach is often referred to as, 'Just Enough' Enterprise Architecture. It seems obvious when working with tangible ‘things’ - the more things you own, the more difficult it is to control and maintain the ones you want. Yet with data, this logic and reasoning is often lost. To kill EA complexity, Enterprise Architects should adopt a more vigilant approach in managing their data. Additionally, what EA’s choose to record should be more deeply considered. A ‘Just Enough’ approach to Enterprise Architecture has been championed by leading analysts - including Gartner - for some time, and for this exact reason. Maintaining data that provide value to your initiative is in essence, choosing to increase your own workload, and decreasing your productivity.

High-tech hiring and the malleable modern career

Mike Germano is partially in charge of cultivating the corporate culture that's helped Carrot Creative secure the prestigious title two years in a row. When seeking candidates, Carrot Creative's hiring managers take care to do things differently. Germano says the company prefers to avoid recruiters, utilizes social media diligently, focuses on relationships with educational institutions, and puts candidates for tech positions through a variety of tests to ensure both cultural fit and technical expertise. ... "Candidates meet with not only technical managers, but also members throughout departments to discuss various aspects of the job and [the company itself]. We put a lot of emphasis on the candidate’s natural excitement and drive, not only for what they do, but also for trying and learning new things."

Robots won’t just take jobs, they’ll create them

We all know how great it is when technology works — and how frustrating it is when it doesn’t. Even sophisticated technology companies haven’t eliminated their human customer support teams, because when something goes wrong, it is often a human who needs to fix it. There will always be a need for on-site, human labor and expertise when we deal with machines. Robots will have glitches, need updates and require new parts. As we rely more and more on mechanized systems and automation, we will require more people with technical skills to maintain, replace, update and fix these systems and hardware. We see this starting already. IT departments have sprung into existence because of digital technologies. Network administrator, field service technician and web developer are job titles that didn’t exist 30 years ago.

Big Data Processing with Apache Spark - Part 4: Spark Machine Learning

The spark.mllib package contains the original Spark machine learning API built on Resilient Distributed Datasets (RDDs). It offers machine learning techniques which include correlation, classification and regression, collaborative filtering, clustering, and dimensionality reduction. On the other hand, spark.ml package provides machine learning API built on the DataFrames which are becoming the core part of Spark SQL library. This package can be used for developing and managing the machine learning pipelines. It also provides Feature Extractors, Transformers, Selectors, and machine learning techniques like classification and regression, and clustering.

Seven Principles of Enterprise Architecture

With the break of digital Transformation, discipline of Enterprise Architecture, EA, is shaken on its bases. A questioning is more than necessity. Large consulting firms, carriers of miracle solution, are reduced to simplistic recommendations (bimodal IT) attacked by competitor gurus (see the debate), without real proposal on the bottom. Confronted on the one hand with an immense IT heritage, and on the other hand with this multiform disruption, Enterprise, CIO, do not know by which end take the problem. One claims to see cleavages everywhere: between the IT into bimodal, between the SQL and NoSQL, between intern and external Information Systems… But, clearly, these dichotomies does not function, because the value chain do not divide thus.

Insights On IT Governance

In today’s business situation with its complexity, required to be responsive, the costs to an organization can be important to stay competitive and meet business initiatives and challenges. An organization might face challenges and business problems like Global competition, product development costs, regulatory compliance, new business opportunity, and lack of skilled staff. While addressing any of these issues, the organization must be sure that the value of the business internally and the value provided to its customers is maintained or improved. This influences the executives to focus on how they can grow, sustain, change, and manage the organization to meet these challenges pertaining to corporate policies, processes, and IT infrastructure and systems that are required.

Lean vs. Traditional IT Governance

Traditional governance strategies often prove to be both onerous and ineffective in practice due to the focus on artifact generation and review. For example, delivery teams will often produce required artifacts, such as requirements documents or architecture documents, solely to pass through the quality gate. ... The result is a governance façade that often injects risk, cost, and time into the team efforts: the exact opposite of what good governance should be about. Lean IT governance, on the other hand, is a lightweight approach to IT governance that is based on motivating and enabling IT professionals to do what is best for your organization. Lean IT governance strives to find lightweight, collaborative strategies to address governance areas.

Quote for the day:

"Once a new technology rolls over you, if you're not part of the steamroller, you're part of the road." -- Stewart Brand

May 14, 2016

Q&A with Shawn Callahan on Putting Stories to Work

The first thing you need to do to develop your storytelling skills is to find some stories, preferably about things that have happened to you. Then you must work out the lesson or insight that is contained in a story, share the story, and see what happens. Here are two tips that will help enormously. First, never use the word ‘story’ when you share your story. Don’t start by saying, ‘Hey guys, I want to share a story with you …’ Instead, start with the insight that is contained in the story. For example, your story might be about persistence, about just how important it is to stick with something. So you might start by saying, ‘You know what, a lot of success comes from persistence. A few years ago …’ And away you go. People will listen intently because they want to know the insight that’s based on your experience.

The UK builds a 'fintech bridge' to Singapore

The co-operation agreement enables the UK regulator to refer fintech firms to its counterpart, and vice versa, making it easier for fintechs to scale between countries. Both countries want to be global fintech hubs amidst growing competition from the US and China. A booming fintech industry is desirable for two reasons: it helps the national economy, and it promotes competition and growth in the financial services industry. But while both Singapore and the UK boast advantages for fintechs, they are relatively small markets — the UK has under 70 million people, while Singapore has around 6 million. The partnership will create opportunities for fintechs to scale beyond the countries' borders, making it easier for startups that choose to launch in these countries to attract investment.

Culture and Technology Can Drive the Future of Openstack

“OpenStack in the future is whatever we expand it to,” said Red Hat Chief Technologist, Chris Wright during his keynote at the OpenStack Summit in Austin. After watching several keynotes, including those from Gartner and AT&T, I attended other sessions during the course of the day culminating in a session by Lauren E Nelson, Senior Analyst at Forrester Research. Wright’s statement made me wonder about what lies in store for OpenStack and where the OpenStack Community—the “we” that Wright referred to—would take it in the future. Several sessions in the Analyst track called out the factors that explain the increased adoption of OpenStack as well as the technological challenges encountered.

15 Google Doc Features You Didn't Know Existed

While the capability to edit and make changes in a document is great, there are times when you only want to suggest changes -- without actually making any. That's where "Suggesting" mode in Google Docs comes in handy. It works a lot like Comments in Microsoft Word. First, switch from "Editing" mode to "Suggesting" mode by clicking the pencil icon at the top right of an open document, and then choosing "Suggesting." ... Want to comment on a document and get a specific person's attention? You can do that by tagging them in your comment. All you have to do is add an @ or a + sign, and then begin typing their name or email address. Google Docs will give you a couple options based on your Gmail contacts, and once you've submitted the comment, it'll notify that person you mentioned by sending them an email.

Blockchain technology will revolutionize the world, enthusiasts say

Blockchain could disrupt transactions the way the internet did for communication. Any information that can be encrypted and stored in digital form can be transmitted — everything from real estate deals to medical records to transferring concert tickets. Blockchain is a “distributed ledger” invented by the mysterious person or group known as Santoshi Nakamoto that is accessible by everyone, but controlled by no one. It’s searchable and public making it more traceable than cash but encrypted and anonymous to maintain privacy. Picture it as a communal record-keeping system — the kind small communities kept in the 16th century to keep track of births, marriages, property transfers, anything of importance—but on a massive global scale. Blockchain is seen as the next great disintermediation.

10 Ways Virtual Reality is Disrupting Industries

Most of all virtual reality are helping teachers bridge the gap between what’s taught in the classrooms and what’s out there in the real world. Putting it into practice recently, British Museum partnered with Samsung and hosted a Virtual Reality Weekend. Families got a chance to view the museum antics using Samsung Gear VR. In fact, children above 13 were given a VR tour of the Bronze Age where they could experience a 3D depiction of life as it was back then. While this is just the beginning, Google seems to be planning for a Magic School Bus experience with its Expeditions Pioneer Program. Expeditions is a virtual reality platform which allows teachers to take kids on virtual field trips to places where buses can’t go. The program currently has more than 100 VR panoramas including those of Coral Reefs and US Financial Centers.

Going Through the Scrum Motions as Opposed to Being an Agile Jedi

Doing Scrum and not being Agile is more challenging to discern. It occurs in organizations adopting Scrum as their preferred Agile approach. The astute observer will notice team behavioral patterns that suggest mechanical adoption rather than assimilation. The psychological pattern is that of introjection – similar to chewing on a mouthful of dry biscuits not being able to swallow. Similar to other managerial process, it is easy to adopt the Scrum ceremonies rather than their intent. We have seen it occur previously with Six Sigma, Total Quality Control, and other managerial processes. Achieving the intent requires a cultural change; cultural change requires organizational change; organizational change requires buy in from key stakeholders which in turn requires people championing the new process across the organization.

Road to Efficiency, Part 1

The responsibility for resiliency and access may move to the cloud solution provider, but if data is deleted (inadvertently or intentionally) or corrupted on a logical level (and we know applications never corrupt data, don’t we?), it doesn’t matter on which infrastructure it runs. Furthermore, most businesses typically require more than just the most recent point in time copy of data. Finally, remember that these requirements apply equally to IaaS, PaaS, and SaaS solutions. ... In the end, we need to enhance the value of the data itself. One way is by providing insight into all data, regardless of whether it resides on-premises or in the cloud, on primary storage or as part of data protection solution. Once we can gather and identify all data, the key is unlocking its value. Global search, hold and discovery are just some of the initial use-cases.

Security in a hybrid world: You can’t protect what you can’t see

There are two parts to enforcing the new normal; bringing your entire estate into compliance, and enforcing the use of this new baseline. Once you have determine a need for change: patching, configuration files, applications, you name it, you need to act quickly and across your entire environment. Automation is faster, less error prone, and helps you reliably perform required actions across your entire estate. No matter how good you and your team are, and no matter how good your tools are, someone will always try to run older unpatched code. And someone will, if you don’t have the automated policies in place to confirm and approve code execution based on software versions, configuration file settings, registry settings, etc. One easy way to limit your exposure is to scan snapshots and live VMs for policy compliance.

Snowden interview: Why the media isn’t doing its job

A lot of people laud me as the sole actor, like I’m this amazing figure who did this. I personally see myself as having a quite minor role. I was the mechanism of revelation for a very narrow topic of governments. It’s not really about surveillance, it’s about what the public understands—how much control the public has over the programs and policies of its governments. If we don’t know what our government really does, if we don’t know the powers that authorities are claiming for themselves, or arrogating to themselves, in secret, we can’t really be said to be holding the leash of government at all. One of the things that’s really missed is the fact that as valuable and important as the reporting that came out of the primary archive of material has been, there’s an extraordinarily large, and also very valuable amount of disclosure that was actually forced from the government, because they were so back-footed by the aggressive nature of the reporting.

Quote for the day:

"If everyone has to think outside the box, maybe it is the box that needs fixing." -- Malcolm Gladwell

May 13, 2016

The Blockchain is the new Google

The blockchain cannot be described just as a revolution. It is a tsunami-like phenomenon, slowly advancing and gradually enveloping everything along its way by the force of its progression. Plainly, it is the second significant overlay on top of the Internet, just as the Web was that first layer back in 1990. That new layer is mostly about trust, so we could call it the trust layer. Blockchains are enormous catalysts for change that affect governance, ways of life, traditional corporate models, society and global institutions. Blockchain infiltration will be met with resistance, because it is an extreme change. Blockchains defy old ideas that have been locked in our minds for decades, if not centuries. Blockchains will challenge governance and centrally controlled ways of enforcing transactions.

AWS Discovery Service Aims To Ease Legacy Migration Pain

AWS executives have come to view the mixed legacy environment as one of the barriers to cloud adoption. Even when the IT staff wants to move to the cloud, it is expensive and time-consuming to unravel the legacy application code in order to figure out how many pieces are involved and which data sources are necessary to migrate. AWS Application Discovery Service can not only map application dependencies, it can also draw up a performance profile that indicates what resources they will need. With AWS Application Discovery Service, a customer has to install a lightweight agent on an application host, where it maps the running apps and the identity of the operating system on which they depend. The service currently will work with Ubuntu 14, Red Hat 6-7, CentOS 6-7, and Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

Don’t make poets become programmers

The future workforce is going to require more than the ability to code -- we also need people who are able to craft the next round of transformational products and services. For example, Uber’s success stems from effective use of technologies aimed at a product that is the poster child for disruption. It connected underutilized resources (drivers and cars) with users who were impatient with a locked down and highly regulated market. The Uber stack is essential, but the innovation that drives it is less the code base and more the product. When we hear people suggesting things like, “Uber for dry cleaners,” we understand that they’re suggesting a direct and flexible relationship between customer and server; they are not talking about code.

Petya ransomware is now double the trouble

In previous versions, if Petya failed to obtain administrator privileges, it stopped the infection routine. However, in such a case, the latest variant installs another ransomware program, dubbed Mischa, that begins to encrypt users' files directly, an operation that doesn't require special privileges. "There is nothing a ransomware developer hates more than leaving money on the table and this is exactly what was happening with Petya," said Lawrence Abrams, the founder of the tech support forum BleepingComputer.com, in a blog post. "Unlike Petya, the Mischa Ransomware is your standard garden variety ransomware that encrypts your files and then demands a ransom payment to get the decryption key."

Milagro: A distributed cryptosystem for the cloud

“Apache Milagro (incubating) is an opportunity to fix what ails the internet and leverage the power of the open source community to fundamentally evolve the security underpinnings of the web for how it’s used today,” says Brian Spector, CEO of cryptography and cybersecurity firm MIRACL. “The code and distributed trust model we are committing to Apache Milagro (incubating) is built for blockchain applications, cloud computing services, mobile and containerized developer applications by eliminating the need for any central trust authority.” Milagro’s M-Pin protocol, and its existing open-source MIRACL implementation on which Milagro is built, is already in use by Experian, NTT, Ingram Micro, and Gov.UK and rolled out to perform at Internet scale for zero password multi-factor authentication and certificate-less HTTPS / secure channel.

IT transformation is difficult, if not impossible, without cloud

In order for CIOs to build trust for transformation, they need to get the basics under foot. This statement is non-negotiable. Fundamental functions like email, phone systems, file sharing need to work without incident. These solutions are becoming more complex, but not business differentiating for any given organization. Yet many IT organizations continue to insist on running these functions internally. Sadly, many of the reasons given for this approach no longer hold true. At the same time, mature cloud-based alternatives exist that provide greater stability, function and agility. Not only does running commodity functions create a distraction for the organization from business-differentiating functions, it also creates an incredible amount of risk to basic business functionality. Unfortunately, failures to get the basics right will continue to plague the CIO and rest of the IT organization by extension.

Next-generation endpoint security market bifurcation

It seems to me that the next-generation endpoint security market represents a disconnect between supply and demand. For example, ESG found that about 75 percent to 80 percent of enterprises were purchasing new tools for advanced threat prevention, while the remaining 20 percent to 25 percent of the market opted for advanced endpoint detection and response tools (EDR). This raises an obvious question: Is this purchasing behavior a function of an immature market that will consolidate over time? If so, it would be safe to assume that future innovation will lead to next-generation endpoint security product suites that span across advanced prevention, endpoint security controls, and advanced detection and response. This aggregation is already happening, as several established vendors and startups alike offer one-stop-shop endpoint security products.

Clarifying the uses of artificial intelligence in the enterprise

From a business perspective, companies wouldn’t simply “buy” an AI solution. Rather, they would likely leverage one or more of the subfields of AI and buy software packages like R, Python, SAS, and MATLAB for statistical analysis. But new technology is pushing beyond traditional statistics, and machines are acting more intelligently than ever — they’re not just doing the analysis, machines are now finding patterns in data and figuring out how systems “work”… often without any human intervention. Let me stop here for a quick, yet important, PSA — neither artificial intelligence nor machines will replace all of our jobs. This is perhaps the biggest misconception about AI. Everything under the AI umbrella — including machine intelligence and machine learning — is data-driven, but requires human expertise to apply answers and discoveries to solve problems.

Origami Robot May Operate From Inside The Body

Once in the stomach, the robot doesn't have to work its way out of the capsule it was swallowed in. The capsule itself is designed to dissolve, automatically freeing the robot. The robot, rectangular in shape, is designed with accordion-like folds with a magnet on one of the folds that responds to magnetic fields outside the body. Using that magnet, doctors could manipulate the motion of the robot, moving it to where it needs to go. So what is this robot made of? It's built of the same dried pig intestine that is used in sausage casings, according to MIT. "We spent a lot of time at Asian markets and the Chinatown market looking for materials," said Shuguang Li, a postdoc student at MIT working on the project, in a statement.

Why the growth of SaaS means end users lose control

There is a lot to be said for design. Good design goes unnoticed, bad design is criticized, and great design receives awards—most often from other designers. Compromise is inevitable, it is not possible to be everything to everyone. In the past, this used to be mitigated by usability testing and focus groups, before the final product was completed and published. This was in a time when people bought software in a physical store. Those days are over—and so too, apparently, are the days of design being "complete." Seemingly everything exists in a state of permanent beta, leaving end users subject to the whims of experimenting developers.

Quote for the day:

"To be successful, you have to have your heart in your business, and your business in your heart." --Thomas Watson

May 12, 2016

Popular messaging apps present real enterprise threat

Messaging apps including Line and WhatsApp are commonly used in enterprise, but that doesn't mean all consumer apps are well-suited for business use, according to Raul Castanon-Martinez, a senior analyst at 451 Research. "Consumer apps will have an advantage given that users might already be familiar with the [user interface] but otherwise will be in the same position as other enterprise messaging apps," he says. "I don't believe consumer apps transitioning into the enterprise have a significant advantage over enterprise apps like Slack or HipChat." Corporate workers can use a tool such as Slack to interact with colleagues and business applications just as easily as they can transition from using Facebook Messenger for talking to friends to using it for work, Castanon says.

Ways to craft a better enterprise IT security roadmap

The first step is to identify and classify your resources. Most people have done half of that, not all of that. In other words, they may do a pretty good job classifying and identifying physical resources, things like laptops and [hardware] servers, but they tend not to have a good system for classifying resources, for example, virtualized resources like workloads, and also things like licenses and intangible assets. One of the things you really want to do is [ask], "What is it that we need to protect?" That can be anything from intellectual property (i.e., blueprints of the next-generation airplane that you're designing) to licensing information, to information about your customers that's above and beyond PCI information. Information itself becomes an asset that you want to protect.

Why a Marriage Between the Cloud and Internet of Things Is Inevitable

In moving to agile, cloud-based infrastructure, companies must master a few basic steps – data capture, integration and analytics, and a modern day dev-ops approach. This last step is critical because it helps to make sure that resources and tools are available to engineers in an agile way so they may rapidly deploy small- and large-scale applications to the market. They are likely to take advantage of new, open-source platforms such as Hadoop, incorporate concepts such as data lakes, and engineer architectures that are oriented to micro-services. This will effectively enable software engineers and data scientists to quickly standup applications that can quickly be adapted to feedback in an agile way via rapid iterations.

Busting the 7 myths of cyber security

For most organisations, the basic implementation of the five controls identified by CESG as Cyber Essentials basics would prevent the vast majority of all straightforward attacks. They will not deal with the very sophisticated or prolonged, targeted attacks but most organisations (particularly smaller ones) are not facing these types of threats. These five controls implemented effectively, then regularly monitored and updated, are the ones everyone should be doing, and Cyber Essentials should be a basic starting point for all security. Businesses have to accept that simply trying to keep the bad guys out is no longer good enough – although still very important. They need to work towards a much more proactive defence whereby unauthorised activity within a network is quickly identified and appropriate actions taken to deal with it.

Will blockchain drive the fourth Industrial Revolution?

Tomorrow’s machines will produce the informational equivalent of several Libraries of Congress every day. Imagine reading every book in the Library of Congress, only to be told you must summarize what you learned in 10 pages and instantly communicate your findings to thousands of others. The task isn’t just monumental — it’s ludicrous. I remember at Yahoo!, we couldn’t physically rack machines fast enough to keep up with the data coming off our website, and that was back in 2004, pulling data from hundreds of millions of users, let alone hundreds of billions of machines. The true wonder of the fourth industrial revolution won’t be the data produced; it will be intelligent machines’ capacity to analyze those data and communicate their findings within a network of similarly intelligent machines. Then, each connected machine will act, altering its processes to be more efficient and communicating those changes back to its network.

Yahoo Mail and Google App Engine banned over malware concerns

The ban on Yahoo Mail access suggests that some House of Representatives workers accessed Yahoo mailboxes from their work computers. This raises the questions: are House workers using Yahoo Mail for official business, and, if they're not, are they allowed to check their private email accounts on work devices? If they use the same devices for both personal and work activities, one would hope that there are access controls in place to separate the work and personal data. Otherwise, if they are allowed to take those devices outside of the House's network, they could just as easily become infected there, where the ban is not in effect. "The recent attacks have focused on using .js files attached as zip files to e-mail that appear to come from known senders," the House's Technology Service Desk said. "The primary focus appears to be through Yahoo Mail at this time."

Korea Exchange Talks Top-Down Approach to Blockchain Innovation

"KRX is aiming at providing services in the private market positioning in between K-OTC and K-OTCBB," Lee said, referring to South Korea’s platform for unlisted stocks and the computer system that provides price quotes for these assets. Lee explained that the Korea Financial Investment Association, a regional self-regulatory organization, now operates both K-OTC and its bulletin board service (K-OTCBB), but that bids and offers are executed on the systems differently. "In K-OTC Market, orders are executed automatically by trading systems, but K-OTCBB only provides bulletin board service, where bids and offers are manually executed," he explained. KRX has indicated it believes this will ease the ability of market participants to find partners while cutting costs. The decision comes after the exchange similarly moved into clearing OTC derivatives trades in 2014.

6 Ways Data is Taking Over Retail

Retailers now swim in more data than they know what to do with. And they’re working overtime to digest that data — collected from e-commerce transactions and via merchandising, CRM and POS systems — to glean useful insights. Many are turning to predictive analytics in an effort to use cutting-edge data science to forecast trends and personalize messaging. Data even plays a role in brick-and-mortar stores, where new metrics allow retailers to study in-store behavior at a level of detail never before possible, says Andy Wong, a partner at digital retail consultancy Kurt Salmon Digital. “As we build up more behavioral data on both customers and associates in-store, we’ll continue to find new ways to dynamically optimize the in-store experience and new levers for engagement and conversion,” he says.

Traditional security is dead -- why cognitive-based security will matter

Maximizing enterprise data security requires a series of actions, increasingly difficult but increasingly necessary. Detection is the process that has been around the longest and which most organizations concentrate on by deploying anti-virus and similar on-client apps. But it’s really just a first step and should not be an end by itself. Investigating the internal workings of the threat is next, leading to an understanding of the workings of the threat necessary to cope with the danger. This offers an improvement in overall security, but it’s not enough to stop here. It’s important that we continuously learn about the intricacies of the threat and any changes it may undergo in the real world, as well as the goals of its implementer. This is not easy but security companies are concentrating on this task.

IBM Watson Brings AI Wonders to Cybersecurity

Watson is also designed to ingest research papers, blog posts, news stories, media reports, alerts, textbooks, social media posts, and more to build up knowledge about all the latest cyber threats. Students at the partnering schools will help input and annotate this so-called unstructured data (meaning data that’s not easily machine readable) to train the system. IBM believes there is a business opportunity in helping computer security pros make sense of the universe of literature and data surrounding cybersecurity. The company is banking on Watson being able to reduce the rate of false positives that turn up in corporate security operations centers, and being able to help address a shortage of talent in the industry.

Quote for the day:

"To be able to lead others, a man must be willing to go forward alone." — -- Harry Truman