Daily Tech Digest by Kannan Subbiah

October 16, 2016

10 highest-paying IT security jobs

Data breaches, DDOS attacks, hacks and threats continue to dominate the headlines, so it's no surprise that some of the most in-demand IT jobs are in the security area. And with a massive skills gap, companies are willing to pay handsomely for skilled security talent at all levels. "One area we're still seeing huge demand for is in cybersecurity, and hiring companies are willing to pay whatever it takes for talent that can help secure data and mitigate threats while simultaneously ensuring consistent and simplified accessibility from desktop to mobile devices. Companies are sending the message with their budgets: you can't put a price on that," says Jack Cullen, CEO of IT staffing firm Modis. Here are the top 10 highest-paying security roles, culled from career site Dice.com clients' job postings and median salary range data from cloud compensation solutions firm PayScale.com.

Why asking you to change your password makes it easier to hack the system

“If users are using the same or similar passwords across accounts – which a majority of respondents indicated – then they are also essentially handing the key to hackers to access their most critical information when they attack another, less important account,” the survey said. Hackers are using algorithms to check stolen passwords and simple variations of them on other accounts, Bauer said, looking for variations that simply add exclamation points, pound signs and asterisks to the end. The LastPass survey brought bad news for businesses: A third of respondents say they create stronger passwords for their personal accounts over work accounts. Experts agree on asking users not to reuse passwords but disagree on what users should do for adequately strong passwords.

You've been hacked. What are you liable for?

One of the difficulties facing organisations is that data protection legislation is vague when it comes to specifying the standards of protection required. The Data Protection Directive and the UK Data Protection Act both require the data controller to “implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access”. This concept is carried over to the new EU General Data Protection Regulation, which will be enforced throughout the EU – yes, including the UK – from May 2018. In fact, it also requires the controller to build in data protection by design and by default. ..., the ICO has not yet stipulated a particular minimum threshold for protection, but it generally penalises organisations that suffer the loss of unencrypted laptops and mobile devices.

Read more here: http://www.sacbee.com/latest-news/article108328102.html#storylink=cpy

GE CIO shares what he looks for in IT talent

We look to hire clear thinkers who are adaptive and agile. We want people with a strong sense of imagination who are also willing to take risks. Most of all I’m looking for people who have the ability to influence. Driving change is probably the hardest part of the job and influence is key. ... Another key takeaway was that the workforce is more global and diverse than ever and everyone has different needs. So, we changed our benefits package to adopt a model that allows customization for each employee. You’ve also probably seen the “Owen” commercials. We’ve been successful by being self-aware and making fun of our reputation as an “old school” company and talking honestly about how we’re evolving.

Removing the Data Divide -- Uniting People, Processes and Technologies

Raw security data and community-generated threat intelligence feeds are full of non-applicable warnings, red herrings and often don’t speak the same language – causing duplicate information. On top of this, security teams are working on disparate systems that can’t communicate about the potential threat indicators within the network. We call these issues threat fragmentation. Cleaning up the threat management mess From malware to phishing and ransomware, cyber threats take many forms, adding to the breadth of information from threat intelligence feeds and security tools that organizations must utilize in order to detect, respond to and mitigate threats. Sometimes the security personnel working to detect threats work well together – but often times they are moving quickly, causing disconnected and uncoordinated efforts.

Smarter, Faster, Stronger – The Rise of the Super Robots

Due to significant investments and research, we can mimic the process of the human brain via sophisticated, multi-level, “deep” neural networks. These networks are made possible due to the development of graphic processing units that now have enough power to accelerate deep learning algorithms for training or inference. The technology behind it all is complex, but the ability for computers to learn, write software and perform artificially intelligent tasks, is revolutionising the world we live and work in today. ... Drones that don’t just fly by remote control, but navigate their way through a forest for search and rescue; compact security surveillance systems that don’t just scan crowds, but identify suspicious activity; and robots that don’t just perform tasks, but tailor them to individuals’ habits.

What Should be on the Next President's Cyberagenda?

"We really haven't acknowledged the extent of the damage that could be done by a cyberattack on our infrastructure," Borg said. "Industrial control systems could be hijacked and cause massive physical damage. That could be done with a migrating piece of malware with no Internet connection, as was done with Stuxnet." ... However, since it's likely the United States has planted similar malware on those countries' systems, something similar to the nuclear stalemate during the Cold War exists. "I'm particularly worried about the Russians or Chinese," Borg said. "What I'm worried about is some completely irresponsible agent without any involvement in the modern economy acquiring these capabilities."

Transformation Competency: It’s Time to Get Good at It

Because the pace of change has accelerated dramatically in the digital age, and organizational complexity has skyrocketed, knowing how to change and adapt is an essential discipline for any business. If you’re a global hotel chain, you consider a response to the arrival of Airbnb. If you’re a well-established restaurant chain, what do you do when a young upstart franchise offers fresher food, simply by leveraging more modern data technologies to improve supply chain logistics? If you haven’t established a competency around the very idea of transformation, what you probably do is have a lot of unproductive, increasingly urgent meetings with costly management consultants while your competition literally eats your lunch.

What Lies Beneath – Unpacking Data Centre Risks

There is a major education challenge at play, where those with software asset management in their remit need to quickly learn how this aspect of the IT estate is presenting risk. Their role is evolving as a result. This changing role is one factor to overcome. But many organisations will find there is confusion over who owns licences in the data centre. It could be the data centre manager, it could be the IT manager, or the person with software asset management (SAM) in their remit. Is this leaving a gap, where everyone has different priorities, and are looking to each other to take responsibility? Given the data centre manager is invariably focused on the hardware and smooth running of the data centre, this is unfortunately a common scenario. If the SAM manager is responsible, the likelihood is that the metrics they are accustomed to managing is not in the data centre.

Agile Development at the Enterprise Level: Misconceptions That Jeopardize Success

Agile approach that works within their environment.It’s radically different from the waterfall method of application development and delivery, incremental in its approach and focused on just-in-timecompletion of work. ... “The Impacts Of Missed Requirements In Agile Delivery,” a recent study by Forrester, explored the root causes of missed requirements in Agile adoption and the tangible business benefits organizations could achieve with better management tools. 96 percent of respondents reported problems in software development projects due to missed requirements, and 60 percent expected increased customer satisfaction from faster delivery as a result of avoiding missing requirements. IT and business leaders need to discern between fact and fiction when it comes to making Agile work in the enterprise.

Quote for the day:

"Cunningham's Law: The best way to get the right answer on the Internet is not to ask a question, it’s to post the wrong answer." -- @Tech_faq

October 14, 2016

Don't Be Sure Big Tech Breakthroughs Are Behind Us

Technology that makes these thing cheaper will make the business world more efficient, just like cheaper steel makes manufacturing cars more efficient. And it’s here, in the realm of white-collar work, where I believe the technologies bow under development have the potential to create huge productivity gains. A lot of effort right now is being poured into machine learning and artificial intelligence, thanks in part to technical advances in the field, and also thanks to the availability of large amounts of data to train machines. In a recent interview with Lee, venture capitalist Marc Andreessen explained why he thinks machine learning is the next transformative technology. Essentially, machine learning allows machines to do your thinking for you.

How Blockchain Can Benefit IT Outsourcing

Initially, the technology will be used to monitor the delivery and usage of IT equipment with a sensor that embeds information into the blockchain. Ultimately, that information would then trigger automated invoicing and payment processes between the two companies. If service providers and their customers were to tie their payment systems and SLAs together on a blockchain in that way, it would increase the efficiency of outsourcing contract management a great deal, says Ferrusi Ross. In this case, the bank might have a business rule on its engine that on the 4th of the month launches a validation of the SLAs and initiates a payment to IBM based on those results without any human intervention. The smart contract approach also offers the promise of increased transactional security. “If it can do that, it will become widely used,” says Susan P. Altman, partner in the commercial transactions and outsourcing practice at law firm K&L Gates.

Amid security concerns, Google's Allo virtual assistant is still worth a look

You might have heard that Edward Snowden has warned users to not install or use Allo. Why? The concern is simple— that conversations will be retained on servers. There is another, more disconcerting issue. Allo was supposed to employ end-to-end encryption for messages. That is, unfortunately, not happening. At least not out of the box. You can, however, start a chat in Incognito mode to encrypt your chats (this should be the default). But what about Assistant? Will these conversations between user and AI be encrypted, or vanish from the Google servers once they've served their purpose? It seems the answer to these questions are "no" and "until the user deletes them." Good news: the deletion of Assistant chats is a really simple task.

Security spending to top $100 billion by 2020

IDC analyst Sean Pike noted that enterprises fear becoming the next cyberattack victim and boards of directors are demanding security budgets be used wisely. Indeed, our CXO 2017 spending planner noted that network security is the No. 2 priority for the year ahead with securing networks and data the No. 1 challenge. Not surprisingly, banking is investing the most into security for 2016 with $8.6 billion, followed by discrete manufacturing, government, and process manufacturing. Those industries account for 37 percent of annual security spending. Healthcare will be the fastest growing area for security over the next five years with a compound annual growth rate of 10.3 percent. By model, services will account for 45 percent of all security spending. Managed security services account for much of that spending.

Why Physical Security Should Be as Important as Cybersecurity

In addition to having a staff member in a building’s lobby monitoring who gets access to a company’s offices, security technology expert Robert Covington, the founder and president of togoCIO, writes in Computerworld that “systems requiring a proximity card for entry are now quite common, and with good reason.” Such systems are important and should be used more than they are, he says, because they “provide tight granularity of access control for individual doors and a detailed audit trail.” Yet, as Covington notes, badges or badge data can be stolen by thieves or malicious actors. Ralph Goldman, a security industry veteran and lead writer for the Lock Blog, tells CIO that wireless communication technology is now enabling businesses to deploy “smart locks” that can let firms add barriers to doors and unlock the doors remotely via wireless protocols.

People Are The New Security Perimeter

Insider threats like these have become a considerably more prominent issue in the past few years. And you only need to look so far as your organization’s favorite coffee shop or the connected devices in every home to see how easy it could be to accidentally share confidential or proprietary information to prying eyes and ears. In the past, we could rely on technology to protect your confidential information and protect your workforce. But more and more users bypass these security measures, and these problems will only expand as the internet of things continues to grow. You can no longer expect your workforce to refrain from interacting with the world outside of your organization’s security precautions. If controls hinder employees’ activity, they can stifle business innovation altogether.

1 billion reasons to care about cyber due diligence

The legal, financial and reputational risks involved in these sorts of large scale data security incidents are firmly on the agendas of boardrooms around the world. A recent Mergermarket report, Testing the Defenses: Cybersecurity Due Diligence in M&A, highlights an IBM survey which found that the average cost of a data breach in the United States in 2015 reached US$3.79 million, an increase of 7.6% from 2014. Given the ever increasing risks in this area, companies are asking themselves how they can reassure boards and shareholders that what appears to be an attractive takeover target won’t end up being a poisoned chalice. While Mergermarket reported that in the majority of cases cyber security issues were not enough alone to cause buyers to walk away from a deal, deal timelines and deal value can be significantly affected by cyber security issues.

Critical Strategies to Prepare for the Future with All-flash Storage

Because of the internet, technology has rapidly accelerated in the last 20 years. Making all this possible is a myriad of connected infrastructures that are the vital foundation that keep technology running. If we look back when the computer was first introduced mainstream, the entire back-end of it would be in the same room as the user. Today, the massive amount of data a computer produces and stores are far more likely to be in a datacenter on the other side of the country. While it may be out of sight – it should never be out of mind. Today’s modern datacenter needs to support the dynamic nature of modern businesses, including seamlessly scaling with growth and demand, delivering superior user experience so employees don’t see any downtime, and supporting the need for businesses to be agile in response to changing market requirements.

Rolling into the digital age: inside Rolls-Royce’s tech transformation

The IT function is focusing on product data and document management; integrated design, simulation and verification; lean engineering; and enabling IT capabilities such as high-performance computing and fast technical engineering PCs. This IT vision is allowing the company to move towards a completely digital design-and-test process for the aircraft engines it builds. Simulating the fan-blade-off test, for example, has provided more insight, helped the environment and reduced engine development time and costs, as well as the number of physical engines required to be tested. Rolls-Royce’s digital aspirations spread far and wide. The creation of a digital twin for the physical engine is allowing the company to move from engine health monitoring – which it has done for many years – to the merger of that data and other data on the aircraft to provide value-added services to airlines.

Google takes on IoT with Brillo and Weave

In addition to Brillo, Google is also fielding Weave, an IoT-oriented communication protocol. Weave is the communication language between the device and the cloud. Google Brillo is the OS for IoT products and Weave is built right in, explained Hanwook Kim, product manager for both. "Our vision is to make every device connected, smart, accessible and secure," he said. With something like 1.4 billion devices already running Android, Kim said Google Brillo and Weave are natural extensions. "We want to make it easy for developers to build connected devices in an open ecosystem," he said. "If you're building a new product from scratch or find that your current OS isn't providing the flexibility you need, Brillo could be a good fit." On the other hand, he added, if you're already using an OS or have an existing product, Weave can still be used to provide a way to connect your device to the cloud and other Google products.

Quote for the day:

"Make your mistakes, take your chances, look silly, but keep on going. Don’t freeze up." -- Thomas Wolfe

October 13, 2016

What have we learned from the Yahoo breach?

What have we learned from this or similar cybersecurity data breaches? And how much impact can a data breach cost an enterprise? According to the Ponemon Institute Study, the cost of a data breach varies by industry and the average per capita cost was $221 in the US with average total organizational cost at $7.01 million. The more records that are lost forces the departure of customers. In addition, the post data breach response costs go higher including helpdesk activities, communications, investigation, remediation, legal expenditures along with pressure from regulatory body interventions to review the cybersecurity preparedness and identify the gaps that resulted into the successfully data breach.

Number of women working in IT to rise by 2020

In future, IT departments will need to employ people with a wider range of skills, opening up new opportunities for women, Kris van Riper, practice leader at CEB told Computer Weekly. “There will be more people in the IT team with marketing background, maybe digital marketers; more people with customer experience background; more people who are business analysts, who are getting requirements from customers; and project managers,” she said. The trend follows a shift in the role of the IT department from a department that drives IT projects for business, to a department that acts as an advisor for other parts of the business that want to adopt digital technology. Research shows that companies with a more equal balance between male and female employees, particularly at senior levels, are more successful than those that are more male dominated.

Michael Dell Tells IT Leaders All They Need To Know About The New Dell Technologies

Cloud is a way of doing IT. Again, a little pattern recognition. If you go back to the mid 1990s where people were talking about the Internet, the questions were: What's your Internet strategy? Where's is your Internet product division? Where's your vice president of the Internet? Where is all that now? Well, it turns out that the Internet is everywhere. It's in everything, that's just how we do stuff. We get it, it's like oxygen. The cloud is actually like that, too. And this is why it's a bit of a confounding topic, because cloud is not just a place, it's a way of doing things. Within our family, of course, we have VMware, which has 500,000 customers who are all on this journey to some form of a private cloud, a hybrid cloud, a multi-cloud world where they're connecting all these things together.

Hackers abusing a 12-year-old flaw to attack the internet of insecure things

The IoT devices are being used to mount attacks “against a multitude of internet targets and internet-facing services, such as HTTP, SMTP and network scanning,” as well as to mount attacks against internal networks that host the devices. In many cases, there are default login settings such as “admin” and “admin” or other lax credentials to get to the web management console. Once attackers access the web admin console, they can compromise the device’s data and sometimes even take complete control of the machine. The attack itself is not new, but Akamai Technologies has seen a surge in SSHowDowN Proxy attacks in which IoT devices are being “actively exploited in mass scale attack campaigns.”

Security convergence in a utility environment

Organizations have begun to acknowledge the importance of detecting and preventing insider threats. Just as it is vital to have methods to detect external threats, it’s also important to protect your organizations assets and systems from unauthorized insider misuse or destruction. Physical security networks and IT infrastructures have been running as separate networks in years past. Since video monitoring systems and access control systems started using the TCP/IP open network, however, IT is being applied to the realm of physical security more often. Access control, such as card and biometric recognition, along with visitor management programs, all use an IT platform. Similarly, video management technologies (cameras, thermal observation units) gunshot detection, and intrusion alarms use related IT systems.

With IoT data, sometimes less is more

With so many IoT devices, apps, and services coming to market, more and more personal info is being captured, transmitted, and stored, yet much of this data is unnecessary to support the functionality of the device or service. You may think this is not a big deal, but the more personal data you have, the more resources your company will have to devote to protecting it. If there is a breach, the bad guys can extract a large amount of personal information about customers. The potential consequences range from identity theft and fraud of your customers to significant financial damage to your company’s brand. Once a month I get an email from my thermostat service, telling me how I compared to the previous month, to my neighborhood, and what external factors may have caused my energy use to change.

Why Insurance Companies Want to Subsidize Your Smart Home

In Madison, Wisconsin, insurer American Family has a 600-square-foot model home, complete with furniture, where it is testing out water sensors, cameras, and other devices. The company already offers a discount for customers who install the Ring video doorbell, because it acts as a deterrent to burglary. Sarah Petit, a director of business development, says that the company wants to expand the number of smart home devices it supports. So far, insurers’ dreams of rewiring how we look after our homes have been hampered by questions about privacy and security, as well as by incompatibilities between smart devices from different companies. Petit says the head of the Illinois Department of Insurance recently told her of concerns that data collected from consumers’ homes could be misused. And defining what counts as misuse can be difficult.

The combination of human and artificial intelligence will define humanity’s future

While we’re starting with HI+AI in health diagnosis, transportation coordination, art and music, our partnership is rapidly extending into co-creation of technology, governance and relationships, and everywhere else our HI+AI imagination takes us. .... Our connection with our new creations of intelligence is limited by screens, keyboards, gestural interfaces and voice commands constrained input/output modalities. We have very little access to our own brains, limiting our ability to co-evolve with silicon-based machines in powerful ways. Relative to the ease and speed with which we can make progress on the development of AI, HI, speaking solely of our native biological abilities, is currently a landlocked island of intelligence potential. Unlocking the untapped capabilities of the human brain, and connecting them to these new capabilities, is the greatest challenge and opportunity today.

CIO's move to chief customer officer role signals trend

The new role requires is a far more white-glove approach that provides personal attention. Lillie is "mapping" the journey for Equinix’ 8,000-plus customers, recommending appropriate services and modifying processes or IT systems to satisfy customers' business needs. If a customer recommends changes to a product, Lillie loops in Baack. "I make sure that that voice of the customer gets to Sara for inclusion in the product roadmap," Lillie says. Lillie says he anticipates facing challenges such as when an Equinix business line and its customer are at odds over product functionality. “I’m going to have to get them to see that that’s not how the customer sees it,” Lillie says. Forrester Research analyst Sharyn Leaver says the practice of promoting CIOs to chief customer officers may accelerate in the tech industry, where it’s common for IT leadersto purchase products from dozens to hundreds of vendors.

In Nokia city Espoo, robot buses now cruise the streets

After the pilot in Espoo, the buses will move to Tampere, central Finland, before the trials are put on hold for the winter months. The robot buses will return to the streets in the spring with the pilots continuing until 2018. The Finnish robot bus pilot comes as the race heats up to bring autonomous vehicles on the streets. ... The Finns see this wide interest in automated transportation as a major opportunity for the country. Traffic legislation in Finland is among the world's most permissive when it comes to testing autonomous vehicles, as a driver is not required to be inside the vehicle. Tommi Arola, ministerial adviser at the Finnish Ministry of Transport and Communications, says, unlike many countries, Finland's legislation doesn't define where a driver should be in a vehicle or require that their hands are on the wheel at all times.

Quote for the day:

"The lurking suspicion that something could be simplified is the world's richest source of rewarding challenges." -- Edsger W. Dijkstra

October 12, 2016

Shielding your company from cyber enforcement

In order to protect themselves, organizations need to develop cyber frameworks and internal security environments that are living, breathing and constantly evolving, both to adequately protect against outside threats and in order to meet the increasing demands of regulators. They must also ensure their cyber insurance policies provide sufficient coverage for regulatory proceedings and associated penalties. When controls fail and security incidents occur, it goes without saying that investigations and fines are close behind. A review of the FTC’s cyber enforcement actions, demonstrate that regulatory enforcement is not limited solely to Fortune 500 companies – there are many “smaller” companies included on that list.

How Learning and Development Are Becoming More Agile

Organizations depend more on freelancers because they are more available and accessible as a result of platforms like Toptal, and because they lack the in-place talent needed to complete critical projects. As a senior tech leader at Wal-Mart put it, “It often just takes too long to recruit, hire and on-board full-time staff.” These agile talents are matched to projects typically for 3 to 6 months. In past, these individuals were often kept at arm’s length, and treated as marginal to the “real” team. That’s changing – slowly, but clearly. For example, Qualcomm includes its agile talent when the team is in training. So does ScanDisk and Shire. This is an important shift for both the organization and for the agile talents themselves.

How artificial intelligence is changing online retail forever

An online shopper, who often knows what they are looking for, is faced with the task of coming up with the right search terms, or scrolling through many pages of inventory to find it. Attempts at augmenting the keyword search experience with natural language have not made a major difference yet, partly because of the fact that shopping, for most users, is a very visual experience. Deep learning can be of help here, too! Auto-encoding features of images in an inventory based on similarities and differences brings about a rich model of what is available in the inventory, and the model is surprisingly close to how we as humans perceive shoppable items. The model alone, of course, is not enough: We need a way to understand a shopper’s preferences as they interact with the inventory.

Upskilling staff through disruptive times

The only constant is change, and one of the major untold challenges for enterprises across the globe is the underlying need to ramp up the capabilities of staff so they can operate in a whole new way. It is critical to not only embrace new people, ideas and methodologies, but also to tap into the wisdom and culture of the more experienced workforce to create an effectively trained organization. In an era where reinvention and some form of technology refresh seemingly happens every year, companies that offer pathways to help their employees build skillsets to to meet the needs of tomorrow will find themselves ahead. Perhaps the most prominent example of this in recent times is AT&T. Its competitors were once other phone companies. Now? It also competes in the cloud and internet space against other carriers as well as the web-scale giants.

Best Practices for Loosely Coupled Classes

One best practice (which I've discussed elsewhere) is to follow the Interface Segregation principle: Organize the members of the "other class" into a series of interfaces that contain all -- and only -- the members that particular clients need. This ensures that a client only needs to be changed if a member in the interface it uses changes (and, ideally, that change is forced by the client changing its requirements -- see the same article for a discussion of the Dependency Inversion principle). Following these principles gives you some flexibility in how the other class can be enhanced without impacting every client that uses it. When you follow the Interface Segregation principle, code in the client only refers to the other object using an interface. It's the difference between the client having this code:

4 strategies for curtailing insider fraud

“Oftentimes a perpetrator is not necessarily someone you might expect,” Ostwalt said. “It is four times more likely to be someone well-respected than someone who has a lower reputation, and generally it’s someone who is characterised as working well with others.” One key to preventing fraud is to understand why employees steal from their companies in the first place. The KPMG study found that 66% commit fraud for personal gain or greed. Another 27% stole from their employer because the systems in place enabled access. ... “Most are going after something that will enrich them or put them in a position to meet objectives inside or outside the organisation,” Ostwalt said. “Lots of times it’s just because they can – because they have access to the systems because the control was not tight enough.”

How tech vendors can boost IT's business acumen

If you are like most CIOs, you have an IT organization that is good at many things, but when it comes to understanding how its own work in IT drives business value, the team has room for improvement. That was the situation that Guy Brassard faced when he joined Southwire, a $4.8 billion electrical-wire, cable and cord manufacturer. The company's management team set a strategy for growth and operational excellence, which put increased pressure on IT. Several acquisitions and transformational activities later, Brassard saw that his IT team had many of the skills necessary to support the company's growth strategy, but not the business acumen and knowledge required to step into newly created global business-facing positions.

Will Facebook Workplace help or sideline workers?

"Companies don't want to have their workers get lost in social networks on work time, and their fear is that this is the first step in that direction. There could be a need for this if Facebook can thread the needle correctly." Judith Hurwitz, an analyst with Hurwitz & Associates, agreed that making deep inroads into the enterprise won't be easy for Facebook. "Very sophisticated security is mandatory," she said. "I am not sure that [Facebook] has put an emphasis on this. Obviously, the pricing model is established to get a massive amount of signups, but the question is, what is next? How do you manage users? How do you prevent a former employee from remaining on the network? How do you make sure that information on this environment meets regulatory requirements? There are a lot of questions."

There's no easy way to do IoT management

The mobile industry coalesced to two operating systems: iOS and Android. Both use APIs that have high overlap, so management vendors can now let IT manage all these devices from a single panel of glass using a consistent set of controls. The variability and exceptions are thus now quite manageable -- even if you add Windows 10 and MacOS computers to the equation (they use similar APIs). We won't see that level of consolidation in the IoT world. Even if every type of device ended up being dominated by one or two providers, the huge diversity of devices would still mean hundreds of providers. The chances of them agreeing to a common set of APIs is close to zero.

Bank of the future – How AI, big data and fintechs could save the big banks

“So if you’re a very large bank and starting from scratch it’s not something that is entirely straight forward and the view has always been do I really need to do it. There’s hasn’t been much of a burning platform until recently.” That has changed, there is a burning platform and the sharks are circling underneath. Banks have to change and if they want to see things like a 45% increase in profitability then they will need to look at technology. This is where the idea of the cognitive bank comes in. IBM is one of the companies pushing this notion of a bank’s systems and processes being more intelligent, mainly with the help of Watson.

Quote for the day:

"When human judgment and big data intersect there are some funny things that happen." -- Nate Silver

October 11, 2016

Russian group that hacked DNC also nearly destroyed French TV channel, report says

The attackers defaced the TV5Monde website and placed an image of a disguised jihadist with a black-and-white checked keffiyah and the words “Cyber Caliphate,” a group set up by the Islamic State. “We saw this as the first foray into an active false flag operation,” Galante said, using the espionage term for one side in a conflict disguising itself as a different party. “This was not long after the Charlie Hebdo shooting in Paris, and it served as a laboratory.” Galante, who previously held posts in the State and Defense departments, said Russian President Vladimir Putin sought to regain glory for a powerful Russia and that the state-backed hacking teams sought to cause political damage and rifts between Western countries that might stymie Russian interests.

Blockchain publications that should be on your reading list - How many can you check?

Agreed that it is a powerful technology which has potential to change the end-to-end business processes, networks and trust models. Beyond that, blockchain could potentially be viewed as a design thinking paradigm because it compels one to un-learn the way things have always been done and embrace new ways in which collaboration with trust is the new normal. Blockchain is also a catalyst to re-imagine, re-define and re-create experiences for the end user as it enables peer-to-peer exchange of assets of value in a reliable, cost-effective and pragmatic manner. It is interesting to note that blockchain has applications across all industries and is at the interplay of business, process, technology and people, so it can potentially transform the current normal in more than one way.

Read more here: http://www.mcclatchydc.com/news/nation-world/national/national-security/article107321047.html#storylink=cpy

National cybersecurity strategy aims to make Smart Nation safe: PM Lee

The first pillar is meant to step up protection of the Republic’s essential services in key sectors such as emergency services, e-Government, banking and finance, utilities, transport and healthcare, according to the Cyber Security Agency of Singapore (CSA). To do so, it is looking to expand the National Cyber Incident Response Team and National Cyber Security Centre. It is also looking to equip IT security professionals by mounting multi-sector exercises to test cooperation and where the scope of responsibilities overlap. Last May, CSA held its first cybersecurity table-top exercise, CyberArk IV, for the finance and banking sector, which was witnessed by the Minister-in-Charge of Cyber Security Yaacob Ibrahim. Additionally, there are plans to strengthen the country’s existing cybersecurity governance and legislative framework.

The two CAs will be separated and their CEO will be replaced

The company said that the decision to backdate certificates was taken to help desperate customers in China who could no longer obtain SHA-1 certificates and were having trouble supporting the millions of computers in the country that still use Windows XP with Service Pack 2. Chinese Internet security company Qihoo 360, which owns a majority stake in WoSign and implicitly in StartCom, has stepped in and decided to separate the two CAs. "360’s Corporate Development team has been notified to execute the process to legally separate Wosign and Startcom and to begin executing personnel reassignments," the company said. "StartCom’s chairman will be Xiaosheng Tan (Chief Security Officer of Qihoo 360). StartCom’s CEO will be Inigo Barreira (formerly GM of StartCom Europe). Richard Wang will be relieved of his duties as CEO of WoSign."

Shellshock Anniversary: Major Security Flaw Still Going Strong

Right at the onset, we observed a significant increase in focused attacks leveraging these vulnerabilities — over 2,000 security events within 24 hours of the Shellshock bug disclosure. To get an idea of the magnitude of this activity, there were just over 7,500 Shellshock security events for the entire month of August 2016, according to IBM MSS data. When a zero-day vulnerability surfaces, especially a high-profile one that can affect many systems, the corresponding exploit is usually disclosed promptly. With Shellshock, an exploit targeting the first vulnerability was publicly disclosed a mere 28 hours after the zero-day vulnerability emerged. As news of this vulnerability and its ease of exploitation spread, the number of attackers opting to leverage and exploit it increased tremendously.

The Impact of Smart Machines on the Workforce

Smart machines that are connected to IoT infrastructure are becoming more common in every industry. Whether we look at automated checkouts at supermarkets, self-serve check-in machines at airports and train stations, or even ATM machines, we are seeing examples of how smart machines have, at least in some part, taken over functions previously performed by human workers. Does this mean that people would naturally be accepting of an automated, machine driven future? It’s possible, but not necessarily the case. Gartner Research surveyed influential CEO’s in 2013, asking whether they considered that machines would be capable of taking over millions of jobs within the next 15 years. Surprisingly, 60% of these CEO’s said no, and referred to the situation as a ‘futurist fantasy’.

Considerations for Successful SDN Deployments

Starting with an immediate problem and looking for an SDN solution to fix it is very tempting for the resource-starved enterprise. It’s no surprise that in many organizations, SDN starts with a proof-of-concept or testing of some point solutions. For example, in a data center, microsegmentation offers a solution to the security issue of east-west traffic, which is a problem for most enterprises.Revamping an aging and old hybrid WAN infrastructure provides a compelling business use case as well. Obviously, it’s expected that businesses will address such immediate issues, and there is nothing wrong with considering SDN-based solutions. The problem is when such point SDN solutions are considered without the context of a broader IT or network strategy.

The Middle East is Waking Up to Possibilities of Fintech Market

A consensus is emerging among financial institutions and governments that nurturing fintech startups is beneficial for the region. In particular, the UAE is already showing signs of supporting fintech industry, as well as several early success stories. Abu Dhabi aims to be the Middle East’s fintech hotspot. Recently, Abu Dhabi’s Financial Services Regulatory Authority has proposed building a framework that will enable fintech startups to conduct their activities in a cost-effective and controlled environment. To encourage fintech growth, the Middle East and North Africa (MENAset up a Regulatory Laboratory(RegLab). The aim of RegLab is to cater for the unique requirements and risks of fintech companies. There are various fintech companies that have emerged in the Middle East.

Robo-advisory in banking: do you trust a robot’s financial advice?

As part of its long awaited Retail Distribution Review (RDR), the FCA approved the use of robo-advice as an alternative to costly face-to-face advisors, which help to reduce costs for investors. The desire to increase the availability of robo-advisors is part of a policy to expand the financial advice market. The view of the FCA is that the market currently delivers high-quality solutions for those investors that can afford full advice. However, not every potential investor requires or wants a personal recommendation for every decision – in this context, robo-advisors have an important role to play. Robo-advisors should be viewed as a service that compliments traditional wealth management advice rather than one that seeks to replace it – they each address different client needs and goals.

Internal Tech Conferences - How and Why

Internal tech conferences can help people to build relationships and discover more about things that are going on in a friendly environment and non-threatening context, so that they have the confidence to wholly participate and know that others will be able to get in step with them to help make new ideas happen. ... There is no ‘right way’ to run an internal tech conference - it depends on what your team, department or organisation needs. An important thing to consider early on is the audience: who should we invite? Who would benefit most from the conference? The answers to those questions should help to frame your conference planning: as the attendee list grows the focal point of discussions stretch to fit the audience, whereas a compact group allows the focus and aims of the conference to remain tight and on track.

Quote for the day:

"The greatest thing is, at any moment, to be willing to give up who we are in order to become all that we can be." -- Max de Pree

October 10, 2016

Software Fail Watch 2016, Quarter Three

Ultimately it doesn’t matter if you are a restaurant, a legal firm, a plastic manufacturer, or an investment bank: your software is your brand. As such, every unexpected error message, forced restart, or failed update is a ding against your brand’s shiny reputation. We’ve said it before and we’ll say it again: software may come and go, but software testing is here to stay. ... As per usual, the first place for most-software-bugs in Quarter 3 goes to the Government sector, with 41 stories. Transportation comes in second with 20 incidents, another not-so-surprising figure given how travel related bugs always seem to emerge just in time for vacation. The surprise this quarter has been the uptick in finance related software fails. In our experience, software fails in the finance industry are hard to come by. It is not that the industry does not have software fails – rather, they simply seem to be reported less.

Payments & Marijuana: Different Ways The Blockchain Is Being Used Today

Everyone from Brazilian software developers waiting for payrolls that never arrive to legal marijuana dispensaries in Colorado, blockchain solutions are in use today. When you think about international payments, you might think about guest workers sending a remittance home to a family member in Mexico, or payroll for call center employees in the Philippines, or perhaps a large invoice payment to a manufacturer in China. Those are all interesting scenarios, but Brazil turns out to be one that had some surprising obstacles. Paying developers there can cost 4% to 8% of the total pay, take up to fifteen days, and it isn’t unheard of for wire payments to simply vanish. How did a blockchain change this?

The smart credit card designed for preventing fraud

However, having the security code in digitised form establishes a potential problem that needs to be answered: can the card itself be hacked? If it now has a digital display, can this be compromised externally? David Emm, principal security researcher at Kaspersky told Information Age that this is “possible, of course. But the attackers would have to gain access to the providers’ systems and steal the algorithm used to generate the one-time generated codes. This happened to RSA in 2011. However, this was almost certainly not done to commit fraud against consumers.” He went on to suggest that this technology will only “add security for cases where the card *details* have been stolen. It will not help where the card itself has been stolen.” However, Emm did also mention that MotionCode will reduce the ‘window of opportunity’ available to a criminal to use a stolen card number.

Even the US military is looking at blockchain technology—to secure nuclear weapons

The case for using a blockchain boils down to a concept in computer security known as “information integrity.” That’s basically being able to track when a system or piece of data has been viewed or modified. DARPA’s program manager behind the blockchain effort, Timothy Booher, offers this analogy: Instead of trying to make the walls of a castle as tall as possible to prevent an intruder from getting in, it’s more important to know if anyone has been inside the castle, and what they’re doing there. A blockchain is a decentralized, immutable ledger. Blockchains can permanently log modifications to a network or database, preventing intruders from covering their tracks. In DARPA’s case, blockchain tech could offer crucial intelligence on whether a hacker has modified something in a database, or whether they’re surveilling a particular military system.

How to keep IT security together in a company that's gone bankrupt

The supply chain upon which modern multinational commerce depends was thrown into chaos earlier this year when South Korea's Hanjin Shipping filed for bankruptcy. Dozens of container ships with hundreds of crew and thousands of pounds of cargo onboard were essentially stranded at sea, as ports barred the ships' entry for fear that they wouldn't be able to pay for docking services. If you're working for a company that's filed for bankruptcy, the consequences probably won't be as dramatic—you'll be able to stay on dry land, for one thing. But you're definitely going to encounter choppy waters when it comes to maintaining tech security. We talked to IT pros who have been through it to find out the best ways to cope.

Five top tips for making agile development work for you

"We use many of the principles associated to agile, such as visualising, stand-ups, and co-location, in how we run the business day-to-day," says Harding. "There are people in the call centre, for example, using daily stand-ups to analyse their metrics and customer satisfaction scores." The aim, he says, is to create a flexible, fluid environment that allows people across the organisation to work to the best of their abilities. Here, Harding provides five best-practice tips for business leaders looking to make the most of an iterative way of working. ... "Waterfall tends to lead to an environment in which everyone goes away, works on their document individually, and then passes it around. Agile really suits people that like to think on their feet and solve problems in a collaborative way," he says.

Singapore: a nation united on its digital future

The restructure reflects the blurring of lines between IT and media. The Singaporean government hopes the organisation will help businesses, workers and the local community ride the current global transformation wave, where digital technology is being adopted by consumers, governments and businesses. In a separate but intrinsic announcement, the Singapore government has announced GovTech, a new department focusing on government IT that will attempt to transform the delivery of public services by creating citizen-friendly digital government services and managing the government’s IT infrastructure. Both this and the IMDA support Singapore’s ambitions to become a smart nation.

Principles for strengthening our data infrastructure

Data infrastructure connects together different parts of our society and economy. Weather data is being used by everyone from farmers to the transport industry to individual citizens. Mapping data is created and shared by the public sector and then built on by diverse organisations, from Google to construction companies to the home insurance industry. People buying a home might use a service that combines data on house prices, schools, transport times and insurance premiums. Data is infrastructure for our cities, nations and globally across each and every sector. ... Data infrastructure should be as easy to use as our road networks. The time and effort that goes into fixing data infrastructure when the equivalents of potholes, toll booths and missing intersections are discovered would be better spent building services that improve our lives.

Smartwatches banned from UK Cabinet as EC plans IoT security standards

The move by the UK government coincides with heightened concerns about cyber espionage, with US officials claiming that a Russian cyber espionage campaign started more than a year ago has targeted Republicans and Democrats whose work is strategically important to the Russian government, reports NBC News. On 7 October 2016, the Obama administration finally blamed Russia publicly for cyber espionage against the Democratic National Committee, but US officials said the campaign targeted both parties by accessing private email accounts. The Russian government has denied any involvement. ... The UK government is not alone in being concerned about the security risks of IoT devices. The EC is reportedly planning to introduce laws that will require device makers to meet tough security standards and undergo a certification process to guarantee privacy.

A Quick Primer on Isolation Levels and Dirty Reads

A phantom read can occur when you perform a query using a where clause such as “WHERE Status = 1”. Those rows will be locked, but nothing prevents a new row matching the criteria from being added. The term "phantom" applies to the rows that appear the second time the query is executed. To be absolutely certain that two reads in the same transaction return the same data, you can use the Serializableisolation level. This uses “range-locks”, which prevent new rows from being added if they match a WHERE clause in an open transaction. Generally speaking, the higher your isolation level the worse your performance is due to lock contention. So to improve read performance, some databases also support Read Uncommitted. This isolation level ignores locks (and is in fact called NOLOCK in SQL Server). As a result, it can perform dirty reads.

Quote for the day:

"The primary cause of unhappiness is never the situation but your thoughts about it." -- Eckhart Tolle

October 09, 2016

IBM launches industry first Cognitive-IoT ‘Collaboratory’ for clients and partners

German industrial heavyweight and one of the world’s leading automotive and industrial suppliers, has signed a multi-year strategic partnership agreement with IBM to accelerate the digital transformation of its entire operations and customer solutions using Watson’s cognitive intelligence and insight from billions of sensors. Schaeffler’s goal is to be the world’s leading manufacturer of cognitive solutions which keep the world moving. Tapping the connectivity and analytics capabilities of IBM’s cloud technologies and Watson IoT platform, Schaeffler will analyze huge amounts of data from millions of sensors and devices across its operations and provide insight to help it to be more flexible, make faster decisions and optimize the performance of equipment in the field.

Russian hacking crisis tests Obama's nerve

“What we cannot do is have a situation in which suddenly, this becomes the wild, wild West, where countries that have significant cybercapacity start engaging in unhealthy competition or conflict through these means,” Obama said. There is no evidence that Obama has taken punitive cyber action in response to several major cyber breaches in the past few years, although by its nature cyber war is often invisible to outsiders. After the government of North Korea hacked Sony’s email servers in 2014, for instance, Obama issued a stern condemnation of North Korea’s actions but took no visible action beyond adding modestly to the long list of sanctions against that rogue state.

Data Science – The MUST KNOW to become a successful Data Scientist!

Data Science / Data Analytics / Business analytics is all about analyzing the data, which is getting generated through multiple sources. Sources range from traditional databases to satellite signals to sensors in Internet of Things, and the list will go endlessly. Easier asked question is, “Where is data not getting generated?” Also the technological advancements are happening at a pace, which will leave us dumbstruck. With these advancements, comes new data, which gets generated relentlessly, for e.g., wearable devices are tracking your heart rate, sleeping pattern (data being generating even while we sleep!), calories consumed, etc. Analyzing such wide variety of data, which is getting generated at a rapid continuous pace, requires extraordinary reasoning and skills.

Digital IDs will revolutionize your health and banking

Having a digital ID would put the power back in your hands, where it belongs. With a digital ID, you control your own personal information, and you decide who to share it with. You retain control over your identity and your health, financial, demographic and other personal data. All this sounds great — and even better, it’s becoming possible. Earlier this week, I attended the Distributed: Health conference, focusing on blockchain technology’s impact on the health industry. When you create a digital ID with blockchain, you get a private key and a public key that you use to securely exchange money or data. Your digital ID can even indicate that certain information about you can be disclosed if you are incapacitated. Blockchain is really just a sequential, irrefutable ledger of encrypted digital events that is shared between parties.

Data management for cybersecurity: Know the essentials

If your cybersecurity program focuses primarily on keeping intruders out of your networks, that needs to change. The answer isn’t to build higher walls and tighter controls around our information infrastructures. The answer is to have threat deterrence that works even against determined, targeted threats. You have to have visibility into network activities and the ability to rapidly detect and trace attacks. That requires strong data management in cybersecurity. Security teams generally haven’t needed to have a deep data science background, so they tend to underestimate the importance of data management in security analytics. As with any function or application, weak data leads to weak results. In cybersecurity, that means too many false positives for overburdened security analysts, higher risk of successful breaches, and greater losses from each breach.

How blockchain can change the music industry

In the music industry, the blockchain could transform publishing, monetization and the relationship of artists with their communities of fans. First, music can be published on the ledger with a unique ID and time stamp in a way that is effectively unalterable. This can solve the historic problem of digital content being downloaded, copied and modified at the leisure of users. Each record can store metadata containing ownership and rights information in a transparent and immutable way for everyone to see and verify. This will ensure that the correct people will get paid for the use of the content. Blockchain technology can also revolutionize the monetization of music. The infrastructure is based on smart contracts, programs that can be run on the blockchain along with the payment transactions.

The Internet of Things and security: smart business requires smarter security in IoT

There needs to be a mandate coming from the boardroom, where CSOs, CISOs, CIOs and data experts should get a place around the table (and increasingly do get one) and where the money and message needs to come from, to embed security everywhere, steer away from developing new solutions with a mindset of just maximal profit (leaving investments in key security controls out), go for security by design and not just talk the talk but also walk the walk when it boils down to mitigating the risks of that key business asset, called data, which in the end, along with process automation, is what the Internet of Things is all about. This boardroom aspect is also mentioned in another article on The Register, covering an event where the IoT and security/privacy issue was tackled, again with the ‘Krebs case’ in mind.

IoT, sensors, and all things digital: can we handle it all?

The interesting question here is: How will our life-world and behavior change when sensors are present everywhere? With the omnipresence of sensors and devices that sense locations and other types of human agency, we find ourselves in an environment that is not only tracked by living beings, but also by highly interconnected technological devices. You could even one day say that walls, streets, or cars have eyes in the most literal sense possible. Sensing is not a concept only about living organisms anymore. Rather, it’s a ubiquitous property of our life-world. This will deeply change how we act and interact with each other – but more important, it will transform how we engage with objects. Our life-world is altered by the Internet of Things as objects sense and communicate among themselves. The impact of this technological development has yet to be estimated and described.

6 Growth Tips From America's Most Valuable Fintech Startup

The company in question is Social Finance -- the San Francisco fintech company commonly known as SoFi (I invested in SoFi in December 2014) -- valued at $4 billion in its latest round of fund-raising. SoFi provides student loans, mortgages, and other services to Millennials whom it believes have the brains and discipline to use those services to achieve financial success. SoFi generates fees from selling bundles of loans. More specifically, it sells loans to third-party investors via securitizations or whole loan sales. ... SoFi has expanded considerably along other dimensions as well. It now has over 600 employees with offices in San Francisco, Healdsburg, Calif, Utah, Montana, and New York. And it has made about $12 billion worth of student loans mortgages and others -- serving 175,000 members.

Financial markets face disruption from artificial intelligence

One of the risks for individual and professional investors is that those investment companies that start to build AI into their processes will start to outperform other investors, making those investors increasingly reluctant to trade. "Disruption is likely to come from an uprising of disenfranchised investors around the world who are losing to technology. As taxi drivers feel disenfranchised by Uber, fund managers and investors will feel disenfranchised by other fund managers who have access to AI," Mr Sicilia said. "They will stop trading. Why play the game when you are always going to lose? This is all uncharted territory," he said. Looking further ahead, markets face even greater disruption as intelligent computers trade against each other and, having studied the same patterns, want to buy and sell the same security at the same time, potentially causing trading to stop altogether.

Qoute for the day:

"Your success will be the degree to which you build up others who work with you. While building up others, you build up yourself." -- James Casey

October 08, 2016

How Companies Can Deal With Insider Data Theft

"Inadvertent leakage is also a big problem," said Salim Hafid, product manager for Bitglass. Cloud-based applications and bring-your-own-device policies have only made it easier to accidentally share or publish confidential data, he said. As a result, more corporate data is getting out of company networks and into personal smartphones and file-sharing systems. "A huge number of organizations that have cloud applications deployed have no means to identify these careless activities and no way to mitigate the threat," Hafid said. Companies like Bitglass sell services to fill those gaps. Security vs. Privacy. To solve the problem, security firms are also coming up with products that can monitor access to a company's most sensitive files.

On-premise IT still the only way to run certain tasks

A hybrid cloud that incorporates cloud bursting will allow you to take a workload and spin it up on the private cloud, but if the workload needs more resources, it can be seamlessly moved out to the public cloud and easily work with data sources, no matter where they are – in the cloud or on-premise. Cloud bursting is therefore a great way for businesses to handle peaky demand patterns, such as e-commerce providers with big peaks in sales at Christmas, or news and sports websites with steady demand that spikes when something big happens, for example the World Cup or the Olympics. Cloud bursting can also be a useful tool for businesses that need to carry out analysis on large datasets, and for traditional applications such as month-end accounting runs where the demand is predictable but requires servers and storage to sit idle most of the time.

Beware of “spear phishing”

The scammer sends an e-mail to an employee at the company, often from a hacked or “spoofed” e-mail address or an address that closely resembles the company’s e-mail format. For example, if a company’s e-mail format is user@321company.com, a scammer might use user@321company.co, or user@321compny.com. Spear phishing is often more profitable than a basic phishing scam. First, scammers research a company to convincingly impersonate the target’s boss or co-worker. People are more likely to be victimized because the e-mail appears to come from a trusted source. Second, spear phishers may use the information they obtain to steal the identities of every employee at a business and file thousands of fake tax returns. By filing fake tax returns or selling private information to other criminals, spear phishers can make a lot of money very quickly, even if only one person falls for the scam.

What will happen to blockchain in 2017?

For blockchain to truly function properly, its builders need to fully comprehend the entire ecosystem. A great example of this is Blythe Masters and her company Digital Asset Holdings. They’re completely changing public capital markets, not just one piece of the market, but every cog in the public capital markets machine. For that, the company needed to make sure it had the sector expertise it needed to ensure on implementation its product would work, and the company has both Nasdaq and the Australian Stock Exchange in its corner to demonstrate that. No other blockchain provider has had this level of success. In 2017, many of the blockchain companies that want to enter the business application sector will not survive beyond their concept stage.

Security concerns rising for Internet of Things devices

Indeed, when LIFX found out about the Wi-Fi credentials flaw, they patched it right away. Because there are so many small companies making IoT devices, the problem won’t go away anytime soon. Foeckl says IT departments need to start including IoT devices in their security monitoring efforts and certification and testing processes, and that they should work with their vendors to make sure these devices are patched, tracked, and protected. “Another important task is the development of privacy policies that inform users about the collected information and guide them to maintain a security good practice, advising on changing passwords, reporting unusual activity,” says Foeckl. “A well informed user represents a great premise to prevent data breaches regardless of the threat vector.”

A CTO's IT spending strategy for a fast-growing platform startup

"Every business has to maintain that delicate balance between reinforcing the old and creating the new," she said. "They need to be ambidextrous: exploiting their existing infrastructure and the capabilities which they have already built while simultaneously exploring new opportunities and innovating for the future." Morgan said he didn't lose sight of how the technology needed to support business objectives and strategic goals. His early re-engineering work, in addition to correcting problems, allowed for the addition of new functions that could drive company growth. As part of his strategy for the growth, Morgan said he moved his team away from a monolithic design toward a client front-end model, exposing APIs which led the team into building out its enterprise portal.

Password Guidance: Simplifying Your Approach

The death of the password was predicted some ten years ago. It was assumed that alternative authentication methods would be adopted to control access to IT infrastructure, data, and user material. But since then, password use has only risen. This increase in password use is mostly due to the surge of online services, including those provided by government and the wider public sector. Passwords are an easily-implemented, low-cost security measure, with obvious attractions for managers within enterprise systems. However, this proliferation of password use, and increasingly complex password requirements, places an unrealistic demand on most users. Inevitably, users will devise their own coping mechanisms to cope with ‘password overload’.

Business transformation proves to be a catalyst for cybersecurity spending

Pescatore agrees: “Increased use of SaaS and IaaS is definitely causing breakage in security approaches. It is causing a shift in spend from security software and hardware to actually more skills on the security staff side,” he says, adding that it’s common for SANs to hear such challenges from large enterprises. The reason for this, Pescatore explains, is that “SaaS means you cannot use security agents or appliances except the big SaaS services, such as Outlook365, Google at Work, Salesforce, and so on. They have security features and APIs that can be used to extend security policies to the SaaS app -- but that takes a higher level of skill in the security staff. Similarly, in IaaS you can use software and virtual appliances,” he says.

When a Payment is More Than a Transaction

One of the most important implications of electronic payments (whether domestic or international remittances) is the opportunity for disadvantaged groups of population to plug into the global financial system. A notable example of the way electronic payments are put to benefit the developing world is the joint effort by Stellar, the Stripe-backed open-source payment network, and Oradian, a cloud-based software provider for microfinance institutions in developing countries. Those companies have developed a payment-transfer network inside Oradian – built on top of Stellar’s platform – that allows 300,000 Nigerians (90% of them women) to cheaply transfer money between microfinance institutions over the Stellar network. International remittance services by FinTech startups are another case.

Information sharing still a heavy lift

Raskin said her department, “encourages a lot of sharing of information. We would like institutions to feel that they can benefit just as much from receiving information as giving information.” She added a failure of security in the banking system would lead to a different breakdown of trust – trust from depositors that their assets are safe. “Potential exploitation has the effect of undermining trust,” she said. “Our ultimate objective should be to reinforce the public's trust in the resiliency of the financial product, service, or institution.” McCabe, interviewed by Walter Isaacson, president and CEO of Aspen, admitted there is resistance “throughout the private sector” to allowing the FBI to monitor their systems in real time, even though he said that would let the agency notify an organization much sooner in the event of an attack.

Quote for the day:

"The future belongs to those who believe in the beauty of their dreams." -- Eleanor Roosevelt

Tech Bytes - Daily Digest: October 16, 2016