Daily Tech Digest by Kannan Subbiah

October 23, 2016

Virtuous Machines -- How Analytics Will Underpin Artificial Intelligence

Ultimately, just like humans, AI will need to draw on a constantly-growing database of information. An intelligent program should read historical data, analyze it for patterns, and be able to classify what it sees. Without a database to learn from and then call upon this information to match with new data, a program cannot really “learn”. For most enterprises, practical use of AI is not yet feasible. The actual solutions on the market are not very accessible, by and large. A good example of AI for the masses is Google introducing machine learning to the G Suite, formerly known as Google for Work. By shaving seconds off delays at every level, Google is trailblazing user-friendly AI. Not everything need be as complex as IBM Watson!

An Introduction to Modern Agile

Seth Godin famously said, “People aren’t afraid of failure, they’re afraid of blame.” Blaming increases negativity and helps no one. This is why Etsy has a “blameless culture.” They understand that, rather than being the fault of a single individual or group, mistakes are usually the result of unseen problems in the environment that may have been around for some time but happened to be triggered one day by someone. Their concern is to learn blamelessly from failures and quickly improve. The same is true at Google. Once, an engineer at Google confessed, “I screwed up a line of code and it cost us a million dollars in revenue.” The code in question was part of Google’s highly profitable AdWords software. In many organizations, a mistake like that could lead to further losses, like the loss of one’s job, a loss of confidence or respect. Not at Google.

How knowing your staff will protect your business from attack

“Over the years, we’ve invested resources and money to ensure it’s hard for people to break into our systems - but the problem is that you could be hacked by someone from the inside, with valid access to some part of your system that gives you access to your digital infrastructure.” In light of the cyberattacks on actors such as Jennifer Lawrence, Creese explained how the cloud now poses a larger threat for corporations. “I now no longer have to hack 50 organisations, I hack one cloud and I get every single employee using that cloud.” Creese spoke about the struggle of not only stopping threats, but also how we identify and define an insider threat. “One of the reasons we’re not as equipped as we should be is because we’re not dealing with the people and technology in tandem,“ she continued.

Cyber security threats getting less easy to ignore

October is National Cyber Security Awareness Month — a campaign that's headed by the federal Department of Homeland Security to raise awareness on how to protect our personal information and combat fraud. But this October, the public cannot help but be hyper-aware of hackers after all the news about stolen e-mails out of the Hillary Clinton presidential campaign. We've even heard reports that hackers have targeted the voter registration systems of more than 20 states in recent months. We're likely to face phishing scams both at work and at home that try to trick us into disclosing personal information. "The e-mail can look just like it comes from a financial institution, e-commerce site, government agency or any other service or business," warned the American Bankers Association.

Defending Against Data Breaches: What Exactly they are and What to Do

Most cyber security analysts agree that the first phase of a data breach, from a criminal element, starts with research. Hackers or cybercriminals will investigate a company or institutions’ system weaknesses. This will be done by skimming social profiles online, exploiting employees or investigating company infrastructure. Once, the weakness has been a found an attack plan is put into place. The attack will usually be a network-based attack through infrastructure or a social attack where the criminal is let in through the backdoor with a malicious email or attachment. Following the attack, the data is extracted and can be used for a variety of purposes, including: blackmail, black market information sales r propaganda against the company. Not all data breaches are created equal and vary in severity, however.

'Smart' home devices used as weapons in website attack

Many of the devices involved come from Chinese manufacturers, with easy-to-guess usernames and passwords that cannot be changed by the user - a vulnerability which the malware exploits. "Mirai scours the Web for IoT (Internet of Things) devices protected by little more than factory-default usernames and passwords," explained cybersecurity expert Brian Krebs, "and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users." The owner of the device would generally have no way of knowing that it had been compromised to use in an attack, he wrote. Mr Krebs is intimately familiar with this type of incident, after his website was targeted by a similar assault in September, in one of the biggest web attacks ever seen.

Are you ready for remote project management?

If your organization is considering a transition to remote PM, having employees with the right aptitude, capabilities, focus, and dedication for working in this independent fashion is critical. If individuals lack the motivation or are individuals who require a significant amount of supervision and guidance, this may not be the best move. That said, if the remote project management drivers fit with higher-level strategic objectives, it may be necessary to still proceed in that direction, and hire individuals with the capabilities to execute projects remotely. It may also be a better option to invest in training for existing high potential employees. With either of these options, or a combination of both, make sure to carefully and properly identify the strengths and career interests of existing employees.

Yahacking: The Last Straw

“The year 2016 saw a record number of stolen account credentials up for sale on the Dark Web” is something you might have read in of our previous articles. That being said, MySpace no longer holds this record (with 360 million hacked accounts in 2008). The turn for the title is now passed on to another multinational thanks to what is better known in the media as the “Yahacking” incident. In a continuous freefall since Google first surfaced, what used to be the most popular internet portal of the year 2000 is now in a very tight spot. The company in question had announced in July that it would be bought by Verizon Wireless. However, in light of recent events, the acquisition is now at risk. Care to venture a guess of who we might be talking about?

How to Successfully Install Agile/DevOps in Asia

Value-stream mapping is a lean-management method for analyzing the current state and designing a future state for the series of events that are needed to deliver a product or service. It helps to identify the problems in the process and reduce the lead time. It also it works well for addressing the people element. ... Each process step has a lead time and a process time. By drawing this map, you can easily identify the waste in the process and find opportunities for improvements and automation. I always call all stakeholders to attend a value-stream-mapping session: developers, operations, program manager, UCD, etc. You need to ask everyone who has permission to change the process to participate in this event. Japanese culture is hierarchical. Unfortunately, devs and ops don't have power, so you need to include upper management.

Information governance: Yes, it can create ROI

"Information is an asset, just like building, equipment, staff and full-time employees,” Reeves explained the worth of an IG program stems for protecing and leveraging it as such. By ensuring trusted and reliable information, healthcare organizations can enable more timely and accurate data, with faster access to it for more nimble decision-making, she said. Reeves offered advice on how to highlight IG's value – tangible and intangible – to the C-suite. Spiraling e-discovery costs, for instance, where evidence gatherers in malpractice suits must sift through electronic data, paper records, different legacy systems from acquired practices are a common problem. An enterprise-wide IG policy, alongside process improvement initiatives, could reduce both risk and cost, she said.

Quote for the day:

"Practice isn't the thing you do once you're good. It's the thing you do that makes you good." -- Malcolm Gladwell

October 22, 2016

BMW's vision for the smart city of the future includes autonomous driving and AI

BMW is currently working with the city of Berlin, Germany, on a pilot project where three streets are being transformed into a new urban environment as residents use urban transportation for mobility. The parking areas are being transformed into green spaces to improve the quality of life. BMW is also developing ideas on how to transform city parking garages into affordable living spaces, he said. To create more ideas for urban living, BMW's MINI founded earlier this year Urban-X, which is a startup initiative to focus on engineering the city as a service. Three of the entrepreneurs who were part of the first round of participants presented their ideas at the BMW event in Santa Monica: Multimer,Brooklyness, and CTY. Each participant was in the program for 3-½ months and were able to work with BMW engineers to hone their ideas.

Clueless CIO cloud confusion continues

Ignore the jargon. It means the cloud could be next door, or it might be in the next country. With a hybrid cloud, which uses both private and public cloud resources, it may be both. IT should know the specifics of what’s where. For the ordinary Joes and Janes in accounting, the resources are just in the cloud. From their seats, the cloud is just at their fingertips, the same way the internet is. Rapid elasticity and expansion are vital. In a cloud, you don’t ask for five more servers; you go out and get them. Your computing resources are dynamically assigned, released and reassigned at your request. In the best clouds, users don’t even know they’re asking for more resources. They just get on with their job, and if their work requires more resources, the cloud simply provides them.

FinTech Is Not a Niche Anymore, It’s a Powerful and Highly Disruptive Industry

There are plenty of reasons why FinTech was able to go from being a niche in the financial services industry to a massive industry with highly disruptive potential – customer-centricity, simplicity and scalability, freedom from legacy systems and more. Explaining the FinTech revolution, the Economist has also emphasized such factors as cost efficiency, the absence of the need to protect existing business and lack of regulatory burden along with above-mentioned legacy IT systems/branch networks. The scalability advantage was possible to gain due to a clever approach to risk assessment and use of smart data to profile potential clients. Smart data represents a more sophisticated approach to data collection and analysis, focusing on meaningful pieces of information for more accurate decisions.

DDoS attack Friday hits Twitter, Reddit, Spotify and others

"Because DNS is vital to every person, business and website across the entire internet for system stability and performance, online businesses commonly outsource DNS management to third-party providers who have better and more reliable infrastructures to operate on behalf of their customers," Jeremiah Grossman, chief of security strategy at SentinelOne, told SCMagazine.com on Friday. Historically, he said, this has worked to everyone's benefit. "However, what we're now seeing is that in light of the way the infrastructure works in the security landscape, they are attractive targets for large-scale DDoS attacks – because if you take out one of these DNS service providers, you can disrupt a large number of popular online services, which is exactly what we're seeing today."

Is the AI apocalypse a tired Hollywood trope, or human destiny?

Computers think really fast. In the best-case scenario, we’ll have enough time between an AI acquiring the ability to think as well as us and its rise to super-intelligent status that we can adjust and respond. On the other hand, as Bostrom points out, when you’re dealing with a machine that can think — and therefore develop — at an almost unimaginable speed, by the time we realize what’s going on, it will already be far too late to stop it. Some readers may remember the 1970s sci-fi horror flick Demon Seed, in which an AI not only predicts that it will be shut down by its fearful creator, but employs murder and rape to ensure its survival. “If and when a takeoff occurs,” Bostrom writes, “it will likely be explosive.” Stephen Hawking has echoed this sentiment: “Once humans design artificial intelligence,” he says

How enterprise software development is changing

Technology such as Docker, to enable developers to create code that can run in their own containers, along with the ability to have short feedback loops, helps businesses to adapt more quickly. Such technology and techniques form the basis of the cultural shift that companies of all sizes need to make to enable their developer teams to become more adept at delivering software quickly, says Davis. “Culture is very easy to instil when there is a small group of people,” he says. “Hiring is key.” Davis recommends that IT leaders plan in advance, and hire people appropriate to the direction the IT strategy is taking. Russ Miles, lead engineer at Atomist, believes IT leaders can learn much from the way webscale organisations approach software development. “Organisations of any size have to compete,” he says.

Using Analytics as a Force in Business

With anticipatory analytics, predicting the future is no longer science fiction! Anticipatory analytics build on predictive analytics which tells us to analyze many attributes over many years to make the best and most informed business decisions possible. Dave made a clear distinction between companies that use anticipatory analytics versus those that rely solely on historical data. His take is that using anticipatory data can be a critical differentiator between being an innovator on the cutting edge of meeting customer demand and being completely disrupted. Consuming data in real-time and leveraging it to build a model is what companies that are innovating and disrupting are doing. Companies that rely solely on historical data are most often the ones that fail, even after rising to greatness because their competitors are more effective at using data.

Why you should devote as much time to dark data as big data

"If companies can learn how to harness this data, it can yield new insights," said Mads C. Brink Hansen, product manager at TARGIT, a business intelligence and analytics solution provider. "In one case, a company wanted to assess the efficiency of its field-based salesforce. By looking at the travel expense reports submitted by its salespersons, it was able to determine the number of meetings that each salesperson had while in the field each day and then measure this against what should normally be expected in the way of meetings. This was one way in which an HR-based reporting function (travel and expense reports) was repurposed to provide insights into how many meetings per day an in-field salesperson was likely to have, and who was hitting those targets."

CERT-In had instructed banks on October 7 to stay alert in wake of surgical strikes

CERT-In and the National Critical Information Infrastructure Protection Centre sent an email to banks regarding the rise in ATM frauds following ET’s report. "On October 20, 2016, CERT-In has sent mails to State Bank of India, Axis Bank and HDFC Bank to report an incident to CERT-In as seen in media report stating that 3.2 million debit cards have been used in ATMs that are suspected to have been exposed to malware at the back end. The incident has so far not been reported to CERT-In," said the official cited above. Not reporting the matter is in breach of the rules, said another official. "There is an RBI framework… the Information Technology Act mandates that these incidents have to be reported so of course there is a lapse on the part of the banks," he said.

Clour Services Lift IT Outsourcing Market Higher Than Expected

In the Asia-Pacific region, as-a-service contract value has surpassed that of traditional IT services deals. That’s due, in part, to the fact that cloud solutions are particularly well-suited to more volatile markets and midsize enterprises, according to Keppel. The rest of the world has yet to reach that inflection point. “There is a notable uptake in interest in the U.K. in particular,” Keppel says. “The Americas are close but we’re not ready to say that as-a-service will consistently outpace traditional sourcing in [there].” Keppel is quick to point out that the cloud-traditional services story is one of growth rather than cannibalization, noting that the overall market was in the healthy range and has been more than 60 percent of the time in recent years.

Quote for the day:

"If there's a book that you want to read, but it hasn't been written yet, then you must write it." -- Toni Morrison

October 20, 2016

AI: the greatest threat in human history?

Stephen Hawking has warned that artificial intelligence (AI) could be the greatest disaster in human history, unless humans learn to mitigate the risks posed. Of these looming threats, Hawking suggested the rise of AI could lead to the creation devastating autonomous weapons and new oppressive methods of controlling the masses. Perhaps the most distressing point from Hawking’s speech was his notion that machines could develop a will of their own. To this, a Terminator-like scenario is not inconceivable. Humans make autonomous weapons for the next stage of combat, a global autonomous arms race beings, the machines learn to think, humans get wiped out. This may sound exaggerated, but it does mimic to some extent the speech Hawking delivered, if AI’s advancement goes unchecked.

The Benefits of Semantic-Based Data Modeling in the Smart Data Lake Era

With semantic-based data modeling in a smart data lake, all your data can be neatly organized using business models that the user defines, based on human-readable, standardized terms that allow you to link and contextualize information regardless of where it came from. And all this smart data can then be used to automatically create data extracts, ETL, and ELT jobs for quick and efficient analysis. Because the data model has been created with a semantic approach, that model can be queried endlessly. Analysts can ask the model where data came from, what it means, and what conservation happened to that data. Bringing the data together from various sources, combining it together in a database using a customized domain model, and then conducting analytics on that combined data set creates a huge benefit and freedom to analysts, and to the organization.

Organizational Culture of Fear and Innovation Assassination

There are innovation-obliterating assassins lurking in all parts of your organization. Frighteningly, the biggestinnovation assassins are often wearing a disguise. So many high-level executives will earnestly (and with a straight face) wax poetically about how important it is to change the organizational culture, catalyze innovative thinking throughout all ranks of the company, and dismantle the power and comfort of the status quo. ... So why the discrepancy between what such executives say and what they actually do? They typically aren’t “lying” for the sake of deceit or other callous intentions; but instead, their self-contradictory statements and behaviors are usually due to fear. As stated in Robert’s Rules of Innovation II, “Sometimes, it is pure fear. Fear of failure. Fear of the unknown. Fear of criticism. Fear of change. Fear of being terminated.”

Survey On Consumer Attitudes Toward Fintech Spells Trouble For Banks

As for a takeaway for banks, Blumberg says, “Banks need to adapt, adopt or hasta la vista, baby. Banks cannot continue to do what has made them successful for the last 50 or 100 years. We are at a fundamental changing point because of big data, cloud infrastructure, mobile telephony, social media, artificial intelligence, machine learning, etc. That combination of new technologies have unleashed incredible power from the bottom up. Yes, some of it is used for hedge funds for sophisticated trading, but the business-to-consumer portion of our portfolio is focused on helping to level the playing field, helping Joe Lunch Pail do better in their finances. Traditionally, that’s only been available for the wealthy. Fintech makes it cheaper and easier to distribute those tools of algorithms, that advantage, to average people.”

Apple Pay at two years: Not much to celebrate (yet)

"People ask, 'What's the benefit?'" Ranta added. "For someone who's not tech savvy, they have probably tried it once and said, 'What's the big deal with this? Opening up my wallet and swiping my card wasn't a big deal to me, so why do I need to get rid of that habit? Instead of relying on some weird, wireless thing -- screw that. I have a physical card that I can put in a terminal." Not everybody feels that way. The biggest users of mobile wallets are under age 35, according to various surveys,including one in May by The Pew Charitable Trusts. Smartphone users will pay for goods over the internet or through an app without entering a store, but in-store mobile payments are not as popular. "We're still at the early-adopter stage," said Bryan Yeager, an analyst at eMarketer.

In a colocation provider, look for security, a solid SLA

There are warning signs that a colocation provider may not meet its SLA. For example, unexpected or frequent changes to the SLA can suggest that the provider is struggling to meet responsibilities. Internal company instabilities, such as acquisitions and mergers, can also indicate that an SLA will change or service a larger customer base. Use SLA monitoring tools, such as IDERA Uptime Infrastructure Monitor or Mindarray Systems' Minder. But first, talk to your colocation provider to make sure these tools can integrate with your provider's APIs or monitoring hooks. You can also test colocation services by occasionally triggering their support function to determine response time and quality.

Big data is eating the world – but it’s not eating the data scientist

The missing piece is visionary leadership. McKinsey predicts that by 2018 there will be a shortage of 140,000 to 190,000 people with analytical experience and a staggering 1.5 million shortage of managers with adequate skills to make critical big data decisions. Hiring a couple of PhDs will reap a few rewards, but without direction and support from the top, the highly paid data scientists may end up being glorified (and overpaid) analysts, who make a few SQL queries followed by the odd Tableau visualisation. Management needs to clearly define the key business questions that need to be answered and create roadmaps for the medium to long term – showing what software needs to be built or bought, and who needs to be hired along the way.

Why Poor Cyber Hygiene Invites Risk

Despite a growing awareness of the threats that target them, some organizations still aren’t practicing some of the fundamental steps of cybersecurity to ensure the level of resiliency needed to endure current threats. It is imperative for organizations to prioritize addressing the problem of aging infrastructure and systems. ... The time has come for organizations to realize that they must move away from products that are no longer supported and can’t be upgraded to meet today’s security challenges. Modern cybersecurity is about risk management - that is, eliminating and mitigating risks where possible, and knowingly accepting those that remain. Poor cyber hygiene — not patching, keeping outdated solutions in place, etc. - puts the overall resilience of an organization into jeopardy.

Stupid encryption mistakes criminals make

Writing secure code can be challenging, and implementing cryptography correctly in software is just plain hard. Even experienced developers can get tripped up. And if your goal is to swindle people quickly, not to wow them with the quality of your software, there are sure to be serious crypto mistakes in your code. ... Malware authors may provide significant lessons in how not to implement cryptography. Such was the upshot of research by Check Point’s Yaniv Balmas and Ben Herzog at the recent Virus Bulletin conference in Denver. Malware authors may be more likely to insert crypto doozies in their code than developers working on legitimate software because they may not care as much about code quality or design, said Balmas and Herzog.

Secret Service cybersecurity audit shows 'unacceptable' flaws

According to the cybersecurity audit report, the USSS has little room for error in its primary mission of "protecting the president, other dignitaries and events, and investigating financial [crimes] and cybercrimes to help preserve the integrity of the nation's economy." "USSS has much work to do to make IT a priority. This requires establishing and implementing an IT governance framework that addresses, at a minimum, the IT organizational and management deficiencies identified in this report," the report read. "It also requires that USSS leadership fully understand and address the potential for insider risks, not only from system administrators and inadequately managed IT contractors, but also from employees and business partners."

Quote for the day:

“If you don’t have a competitive advantage, don’t compete.” -- Jack Welch

October 19, 2016

Knowledge workers demand intelligent search!

In most businesses, knowledge workers are frustrated by the information search and retrieval experience, whether it is on their company intranet or in critical business applications such as a CRM system. This frustration is made worse when they have to repeat the same searches with mixed results across multiple disconnected data repositories. ... Fortunately there have been incredible advances in machine learning, natural language processing, artificial intelligence and cognitive computing. Modern day search platforms are a lot more powerful, automated, and easy to implement. Cloud big data solutions such as Hewlett Packard Enterprise Haven OnDemand don’t require any investment in servers or platform administrative staff— solutions can simply be built and implemented in hours or days, rather than weeks or months.

Digital Today, Cognitive Tomorrow

Cognitive systems are already transforming everything from the world-changing to the everyday. For example, cognitive oncology is a reality thanks to technology developed in partnership with Memorial Sloan Kettering Cancer Center in New York City that helps oncologists identify personalized, evidence-based treatment options based on massive volumes of data. This breakthrough technology is now helping scale access to knowledge at Bumrungrad International Hospital in Thailand, Manipal Hospitals in India, and more than 20 hospitals in China. Cognitive assistants are at work helping build more intimate, personalized relationships at the Brazilian bank Banco Bradesco, the insurance company GEICO, and the retailer The North Face. Dublin-based Medtronic plc, a global health care solutions company, is creating a cognitive app for people with diabetes to predict a hypoglycemic event hours in advance.

Some Hadoop vendors don't understand who their biggest competitor really is

With Forrester projecting that "100% of all large enterprises will adopt [Hadoop and related technologies such as Spark] for big data analytics within the next two years," the chances are pretty high that your enterprise is in the midst of a decision, or has already made it: Which Hadoop vendor do I pick? Though this will change over time, "currently there is no absolute winner in the market," Forrester pointed out, and it's easy to get confused trying to parse differences between the different stacks. The Hadoop vendors themselves, however, give us clues as to who they think is winning, as Ovum analyst Tony Baer highlighted. All you have to do is look at who they position themselves against in their marketing literature.

Gartner 2017 CIO Agenda: Digital Ecosystems, Interoperability, Bimodal IT

There's a significant shift underway in terms of where CIOs are opting to invest, according to the report, which was presented at the 2017 Gartner Symposium/IT Expo 2016, Oct. 16-20 in Orlando, Fla. But there's much more to it than simply following the money. Let's start with the digital ecosystem. What's that all about? According to the report, "Gartner defines digital ecosystem as an interdependent group of actors (enterprises, people, things) sharing standardized digital platforms to achieve a mutually beneficial purpose." What does that mean for the bottom line? "A digital ecosystem amplifies the reach of a company. It enables scalable connections between known partners and customers, but also provides a platform for unknown parties to connect with one another," said Andy Rowsell-Jones

Running an Open-Source and Upstream-Oriented Team in Agile Mode

The atmosphere you set up with your team will also forge the outcome of your team work. Run your team with trust, peace, and humor (remember, I'm on the team!) and awesome things will happen. Run your team with fear, pressure, and finger-pointing, and nothing good will happen. There's little chance that when a team is built, everyone will be on the same level. We were no exception. We had more and less experienced engineers. But the most experienced engineers took the time needed to invest and mentor the less experienced. That also helped to build trust and communication links between members of the team. In the long run, everyone is getting more efficient; the less experienced engineers are getting better and the more experienced can delegate a lot of stuff to their fellows.

Nothing Brings Banks Together Like A Good Hack

Banks, in other words, will start to look less like isolated fortresses and more like open-border platforms hosting numerous apps and services, like Google’s Android system. While digitization may be the future, it poses a major security migraine. “Every time there is a new app or a new channel opened, that provides criminal opportunities,” says Jamie Saunders, the director of the U.K. National Cyber Crime Unit. “Banks are taking enormous care to design security into their apps, but as the technology evolves, the criminal will evolve, too, and vulnerabilities will open up.” By then, Oerting plans to be drawing strength from his networking push and the next generation of cyberdefenses. He helps select and mentor promising startups in the accelerators that Barclays runs in Tel Aviv, London, and other cities.

Can the Data Centre be Defended from a Data Breach?

Why are the odds of being able to protect a data centre so poor? There are a number of important factors. First of all, the reality is that a motivated attacker will be able to get into any given network. There are far too many ways for an attacker to get in, particularly by way of compromising a user’s computer or account. Getting in is a certainty, and this is a hard notion for security professionals to accept. Gartner and most crime-fighting organisations around the world agree on this point: attackers will get in. Most of the attempts of breaking into a network can be successfully defended—perhaps upwards of 95 or even 99 percent—but that leaves open the possibility that a dedicated attacker will find a way in through the balance. Attackers can have a nearly unlimited number of attempts of breaking in.

Hack-proofing ID and access management

With a gap in communication between HR and the IT department, many of these user accounts remain open. While it may not seem like a major problem, these single accounts can begin to add up with hundreds or thousands of dormant accounts within an organization — creating a serious vulnerability. The biggest problem is these past users can still gain entry into the system or a criminal can use these dormant, unsecured accounts to gain the same amount of access as the previous account holder. According to a recent Clearwater Compliance analysis on risk ratings, user control review and user permission review controls are only partially in place or missing about 71 percent of the time — despite urging from the U.S. Department of Health and Human Service Office of Civil rights for organizations to make it a priority.

Digital Risk Monitoring, Q3 2016

Digital channels are now ground zero for cyber, brand, and even physical attacks. Cybercriminals use a variety of tactics to weaponize social media, impersonate or embed malware into mobile apps, deface websites, collude in dark channels, and cause financial, reputational, or physical harm. Digital risk monitoring tools combat these methods by deploying a variety of data-gathering and advanced risk analysis techniques. They aggregate data via open-source intelligence (OSINT), technical intelligence (TECHINT), human intelligence (HUMINT), and even covert human intelligence (CHIS). Then they analyze the collected data with data classifiers, machine learning, and risk scoring algorithms to determine the most likely and most threatening risk events in a quick and efficient manner.

Hackers Create More IoT Botnets With Mirai Source Code

Hackers have been taking advantage of the Mirai malware's source code, following its role in launching a massive DDOS (distributed denial-of-service) attack that took down the website of cybersecurity reporter Brian Krebs. Unlike other botnets that rely on PCs, however, Mirai works by infecting internet-connected devices such as cameras and DVRs that come with weak default usernames and passwords. Since Mirai's source code was released, hackers have been developing new variants of the malware, according to Level 3. It has identified four additional command-and-control servers associated with Mirai activity coming online this month. About half of the infected bots Level 3 has observed resided in either the U.S. or Brazil. More than 80 percent of them were DVR devices.

Quote for the day:

"Be honest - Without objectivity and honesty, the project team is set up for failure, even if developing iteratively." -- @JamesSaliba

October 18, 2016

Most businesses vulnerable to cyber attacks through firmware, study shows

According to the survey, 63% of the individuals who consider their organisations to be fully compliant with firmware audits reported higher levels of effectiveness of their patch management processes. On the other hand, more than half of those that did not receive any feedback (51%) in this audit category had no controls for firmware integrity monitoring and flaw remediation. “With firmware maintenance being considered an operations function rather than a security concern, the chance for exploited vulnerabilities persists,” said Christos Dimitriadis, ... “It is time to underline the importance of firmware security in our risk assessments, and embed prioritised controls based on the threat model of each organisation, whether this includes espionage, transaction integrity loss or business disruption.”

The State of the Chief Information Security Officer

It is not surprising given the lower expectations and results that some well-intentioned and seasoned cyber security professionals go from CISO to Chief Scapegoat Officer in short order. Part of the problem is that even after nearly 30 years, the purpose and promise of the CISO is still very much unsettled. Some believe CISOs are not powerful enough or properly positioned in the organization to accomplish the job they have been asked to do. There are long-standing arguments over the proper reporting relationship of the CISO. If the CISO reports to the chief information officer (CIO), he/she can have direct impact to the IT organization and a seat at the table, but many CISOs continue to believe that such a relationship removes “independence” from the CISO’s agenda.

How to improve your odds of landing great talent

"We see there clearly are very different conversion rates depending on the source of a candidate; proactively sourced hires -- where a recruiter goes out and tracks down exactly the skills and experience needed for the role -- and referrals are such strong sources of hires because it increases the chances of a candidate having that cultural alignment with your company, as well as the hard skills they need," Srinivasan says. ... "A referral doesn't have to mean only someone a candidate knows well or has worked directly with. It could be something like, 'I've heard of this person by reputation in my field,' or 'I know such-and-such was a total rockstar developer at my last job,' and then recruiters can reach out on that basis," she says.

Critical flaws found in open-source encryption software VeraCrypt

The audit, which was performed by French cybersecurity firm QuarksLab and was sponsored through the Open Source Technology Improvement Fund (OSTIF), found eight critical vulnerabilities, three medium risk vulnerabilities and 15 low-impact flaws. Some of them are unpatched issues previously found by an older TrueCrypt audit. Many flaws were located and fixed in VeraCrypt's bootloader for computers and OSes that use the new UEFI (Unified Extensible Firmware Interface) -- the modern BIOS. TrueCrypt, which serves as the base for VeraCrypt, never had support for UEFI, forcing users to disable UEFI boot if they wanted to encrypt the system partition. VeraCrypt's UEFI-compatible bootloader -- a first for open-source encryption programs on Windows -- was released in August and is the biggest addition to the TrueCrypt code base made by VeraCrypt's lead developer,

8 digital life skills all children need – and a plan for teaching them

Educators tend to think children will pick up these skills by themselves or that these skills should be nurtured at home. However, due to the digital generation gap, with generation Z being the first to truly grow up in the era of smartphones and social media, neither parents nor teachers know how to adequately equip children with these skills. Young children are all too often exposed to cyber risks such as technology addiction, cyberbullying and grooming. They can also absorb toxic behavioural norms that affect their ability to interact with others. And while most children encounter such challenges, the problematic exposure is amplified for vulnerable children, including those with special needs, minorities and the economically disadvantaged. They tend to not only be more frequently exposed to risk, but also face more severe outcomes.

Abu Dhabi Securities Exchange uses blockchain for e-voting

“Adopting blockchain technology in our projects comes in alignment with the digital transformation of Abu Dhabi’s government services as we constantly strive to introduce ways that ease the process of doing business in the United Arab Emirates,” said ADX CEO Rashed Al Blooshi. “This step comes as we aspire towards becoming a fully digital exchange, with our strategic objectives aligned with Abu Dhabi’s vision for building a knowledge-based sustainable economy that constantly evolves,” he added. ADX expects the service to cut costs, save time and increase stakeholder involvement in decision making at listed companies. The blockchain service is one of the new services offered by ADX as part of its electronic platform. Other services include an initial public offering management system and rights issue management system.

The SAM Pattern: Lessons Learned Building Functional Reactive Front-End Architectures

SAM recommends factoring the business logic underlying a graphical user interface along three concepts: actions, model and state. Actions propose values to the model, which is solely in charge of accepting them. Once accepted, the state certifies that all subscribers are notified, especially the view (which is considered the “state representation”). Every event is processed as a “step”, which consists of a propose/accept/learn flow. This concept provides a stronger foundation to deal with event ordering and effects (such as back-end API calls). SAM is framework agnostic and several members of the community that formed around the pattern [1] went on to build a series of developer tools and code samples using different Frameworks, ranging from Vanilla JavaScript to AWS Lambda and pretty much anything in between.

Side-Channel Attacks Make Devices Vulnerable

“The industry is waking up to security and there are constantly articles in the news about some hack, breach or network problems related to malicious attacks,” says Angela Raucher, product line manager for ARC EM processors at Synopsys. “It is a focus for anyone developing SoCs right now because they have learned that just adding security in the network or in the device or the platform is not good enough. You have to start at the SoC level or there will continue to be vulnerabilities in the system.” Michael Chen, director of early stage programs in the System Level Engineering division of Mentor Graphics, explains that “people are doing a fairly simply power or differential power analysis. There are lots of side channels, not just power. It is any way to extract information from a device. This is usually done using some sort of microwave power reading antenna and is done post silicon.”

Companies Try Out Selfies as Password Alternatives

The authentication process typically starts with an app that asks users to snap a photo of themselves every time they do something online like make a purchase or file their taxes. Software uses the photo to make thousands of facial measurements, such as the width of the nose or the curve of the jaw, and converts them into a string of numbers to create a unique ID code. Then, it compares the code to a reference photo that the person has left on file. A highly probable match verifies the person’s identity. The technology’s accuracy is far from perfect. Shadows, low lighting or facial hair can confuse the software. Underscoring the shortcomings of facial recognition, Alphabet Inc.’s Google unit sparked an outcry last year after its Photos app misidentified two black people as “gorillas.” Google apologized and said it was tweaking its algorithms to fix the problem.

IT attrition could help address the cybersecurity skills shortage

It’s certainly true that if you need a highly experienced cybersecurity professional, you have no choice but to pull someone away from their current job, but this is a zero-sum game from a total employment perspective. So, what else can we do? Well, there’s another disruptive force happening within IT called cloud computing. Simply stated, as organizations move workloads to public cloud providers such as Amazon Web Services, IBM SoftLayer and Microsoft Azure, they no longer need as many infrastructure administrators to babysit Intel servers, storage arrays or data center switches. As it turns out, these uprooted IT folks are a natural fit for cybersecurity jobs. According to the ESG/ISSA research, more than three-quarters (78 percent) of cybersecurity professionals moved from IT jobs to cybersecurity jobs as part of their career progression.

Quote for the day:

"Nothing will ever be attempted if all possible objections must first be overcome." -- Samuel Johnson

October 17, 2016

Evolving DCIM market shows automation, convergence top IT's wish list

IT also needs to do more with less. Data volumes double every few years, but IT budgets are increasing at low, single-digit rates. As a result, data center managers are having trouble keeping up with the volumes of information. Consequently, users want DCIM products to be more than just monitoring tools; they want to weave them into the data center tapestry. Combining a DCIM tool with change management software creates new automation possibilities. For instance, a company could automatically generate a work order, which indicates the rack and position where an add-on device can be installed, specifies the devices and ports that will be connected -- such as power, LAN and cables -- and links that information to relevant applications.

How to hire your employer

When we find ourselves stuck in unhappy careers—and even unhappy lives—it is often the result of a fundamental misunderstanding of what really motivates us. As we discussed in our book How Will You Measure Your Life, just because you’re not dissatisfied with your career path, doesn’t mean you’re satisfied with it. The things that you might easily put on your resume or talk about at a cocktail party, such as your job title or how big your office is, are not what really motivates most people in the long run. Instead, we’re driven by what we call “intrinsic’’ factors. They’re more difficult to see when you’re sizing up a job opportunity, but extremely important. Instead of simply asking about the perks and benefits of a new job, try asking yourself

Bringing security back to the top of the boardroom agenda

Security needs to be part of the design from the start and not bolted on afterwards. Too often security and compliance are an afterthought, once solutions have already been built and the projects have started. Security needs to be part of the foundations of IT. Building it into the core platform throughout your business allows for much faster transactions to market, as fewer things need to be altered when moving from development, to testing and finally to production. Having a software-defined architecture for security, built into the fabric of the IT infrastructure from the data centre to the device, is needed to embrace security in every phase of IT from the outset.

How to Design the Optimal Business Intelligence Dashboard

Unclear goals can dampen the impact of any IT project, and BI implementation is no exception. You need to consider your departmental goals and how they relate to broader business goals, and keep these goals in mind when designing your dashboards. Ask the bigger questions - How will these dashboards help achieve goals? What sort of metrics should we display that will improve our sales/costs/efficiency/customer satisfaction? IT cannot build a BI platform based on what they feel users will want, they need input from the actual user base. For some companies, the challenge comes on the back end, in terms of the technical troubles with integrating multiple disconnected data sources into the BI solution. They might have the right dashboard in place and know what metrics they want to examine, but the flow of data simply isn’t there.

Don't get burned by data center hot spots

Some computer room air conditioning units have insufficient knowledge of how air really moves in a data center, causing even worse cooling conditions. In modern designs, redundant units run simultaneously with normal units, but at reduced speed, so you don't realize added servers are stealing redundant capacity until a cooling unit fails or is turned off for maintenance. Thankfully, servers can tolerate a higher operating temperature for several days with little negative effect. ASHRAE's allowable thermal envelope goes up to 32 degrees Celsius or 89.6 degrees Fahrenheit in emergencies, but marginal redundancy -- combined with poorly planned computing hardware additions -- can cause serious overheating and thermal shutdowns within a short time after a cooling unit has quit.

Slack CEO describes 'Holy Grail' of virtual assistants

You might scour your email or document-management systems, using such search terms as "term sheet," and pull up a handful of emails or files. Once you find the dates you might go to separate financial reporting tool to look up the revenue information. Such a process could take you as much as 45 minutes. Now imagine a tool -- a bot network operating as one if you will -- that could find the information in disparate apps, cross-reference it and generate the correct answer in seconds. Butterfield estimates that such a system would result in productivity gains of anywhere from 10 percent to 30 percent. “That is the knowledge worker equivalent of giving a ditch digger a backhoe instead of a shovel," Butterfield says. "I would love it if we were successful building something like that," Butterfield says.

Learn Actionable Insights & practical guidance from COBIT

COBIT can be complex or simple, depending on the perspective from which it is read, understood and implemented. COBIT philosophy can complement and supplement a professional’s practical experience. However, fundamental understanding of core principles and philosophy of COBIT makes it easier to understand and implement. COBIT is easy to implement if one understands the rationale of design of COBIT. This will help in de-mystifying the structure and enable users to navigate and select relevant contents of COBIT knowledge repository from practical perspective of governance, assurance, risk and compliance as required from macro or micro perspective. The best way to enhance COBIT expertise is to implement it in real-life situations and scenarios.

Threat Response Automation: The Next Frontier for Cybersecurity

Roughly speaking, we could divide cybersecurity software evolution into two waves. The first wave was dominated by rule-based deterministic solutions. A classic example is the firewall. Firewalls apply simple policies, such as blocking inbound traffic, ports or protocols. The second wave of solutions consists of “fuzzy” rules and heuristics. We could perhaps mark the beginning of this wave of solutions with the first Intrusion Detection System (IDS). These solutions employed ML algorithms to spot anomalies and detect malicious activity. In fact, most contemporary cybersecurity vendors take pride in how their solutions utilize ML. Fraud analytics, web gateways, endpoint protection solutions and network sniffers, all utilize ML in their offerings.

Cut to the Chase: How a Data-Driven Culture Fosters Success

“About a year ago, we got the opportunity to use the Domo platform,” he said. At first he just gave licenses to his growth leaders around the country. “Then I decided that maybe I should dig deeper into this, which was one of the best things I could have done.” That’s when his conversations with national teams took a sharp turn, and for the better. “It allowed me to cut through a lot of the data, and cut through to the information that would really help me manage the group. Domo actually allows me to get a view into those offices like I never had before.” The end result, he said, was a significant transformation in how quickly and effectively he and his team could identify new opportunities, and solve otherwise challenging client issues.

Don’t fall behind when it comes to migrating to the cloud

Security is also a strong benefit of cloud storage. While many assume that opening up a company’s database to online storage may run a higher risk of security breaches, in fact the opposite is often true. Because of their large scale and intensive client security requirements, cloud hosting providers often have better security than is reasonably maintained in-house by small and medium size businesses. Off-site backups, 24/7 monitoring, and enterprise-grade security audits are typically out of the price range of smaller organizations. It’s also important to note that not every application is right for the cloud. While migrating an internal communications tool, like a social intranet makes practical sense for the cloud, highly regulated and sensitive data like credit card information or health care records may not be suitable.

Quote for the day:

"Liberty is always dangerous, but it is the safest thing we have." -- Harry Emerson Fosdick

October 16, 2016

10 highest-paying IT security jobs

Data breaches, DDOS attacks, hacks and threats continue to dominate the headlines, so it's no surprise that some of the most in-demand IT jobs are in the security area. And with a massive skills gap, companies are willing to pay handsomely for skilled security talent at all levels. "One area we're still seeing huge demand for is in cybersecurity, and hiring companies are willing to pay whatever it takes for talent that can help secure data and mitigate threats while simultaneously ensuring consistent and simplified accessibility from desktop to mobile devices. Companies are sending the message with their budgets: you can't put a price on that," says Jack Cullen, CEO of IT staffing firm Modis. Here are the top 10 highest-paying security roles, culled from career site Dice.com clients' job postings and median salary range data from cloud compensation solutions firm PayScale.com.

Why asking you to change your password makes it easier to hack the system

“If users are using the same or similar passwords across accounts – which a majority of respondents indicated – then they are also essentially handing the key to hackers to access their most critical information when they attack another, less important account,” the survey said. Hackers are using algorithms to check stolen passwords and simple variations of them on other accounts, Bauer said, looking for variations that simply add exclamation points, pound signs and asterisks to the end. The LastPass survey brought bad news for businesses: A third of respondents say they create stronger passwords for their personal accounts over work accounts. Experts agree on asking users not to reuse passwords but disagree on what users should do for adequately strong passwords.

You've been hacked. What are you liable for?

One of the difficulties facing organisations is that data protection legislation is vague when it comes to specifying the standards of protection required. The Data Protection Directive and the UK Data Protection Act both require the data controller to “implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access”. This concept is carried over to the new EU General Data Protection Regulation, which will be enforced throughout the EU – yes, including the UK – from May 2018. In fact, it also requires the controller to build in data protection by design and by default. ..., the ICO has not yet stipulated a particular minimum threshold for protection, but it generally penalises organisations that suffer the loss of unencrypted laptops and mobile devices.

Read more here: http://www.sacbee.com/latest-news/article108328102.html#storylink=cpy

GE CIO shares what he looks for in IT talent

We look to hire clear thinkers who are adaptive and agile. We want people with a strong sense of imagination who are also willing to take risks. Most of all I’m looking for people who have the ability to influence. Driving change is probably the hardest part of the job and influence is key. ... Another key takeaway was that the workforce is more global and diverse than ever and everyone has different needs. So, we changed our benefits package to adopt a model that allows customization for each employee. You’ve also probably seen the “Owen” commercials. We’ve been successful by being self-aware and making fun of our reputation as an “old school” company and talking honestly about how we’re evolving.

Removing the Data Divide -- Uniting People, Processes and Technologies

Raw security data and community-generated threat intelligence feeds are full of non-applicable warnings, red herrings and often don’t speak the same language – causing duplicate information. On top of this, security teams are working on disparate systems that can’t communicate about the potential threat indicators within the network. We call these issues threat fragmentation. Cleaning up the threat management mess From malware to phishing and ransomware, cyber threats take many forms, adding to the breadth of information from threat intelligence feeds and security tools that organizations must utilize in order to detect, respond to and mitigate threats. Sometimes the security personnel working to detect threats work well together – but often times they are moving quickly, causing disconnected and uncoordinated efforts.

Smarter, Faster, Stronger – The Rise of the Super Robots

Due to significant investments and research, we can mimic the process of the human brain via sophisticated, multi-level, “deep” neural networks. These networks are made possible due to the development of graphic processing units that now have enough power to accelerate deep learning algorithms for training or inference. The technology behind it all is complex, but the ability for computers to learn, write software and perform artificially intelligent tasks, is revolutionising the world we live and work in today. ... Drones that don’t just fly by remote control, but navigate their way through a forest for search and rescue; compact security surveillance systems that don’t just scan crowds, but identify suspicious activity; and robots that don’t just perform tasks, but tailor them to individuals’ habits.

What Should be on the Next President's Cyberagenda?

"We really haven't acknowledged the extent of the damage that could be done by a cyberattack on our infrastructure," Borg said. "Industrial control systems could be hijacked and cause massive physical damage. That could be done with a migrating piece of malware with no Internet connection, as was done with Stuxnet." ... However, since it's likely the United States has planted similar malware on those countries' systems, something similar to the nuclear stalemate during the Cold War exists. "I'm particularly worried about the Russians or Chinese," Borg said. "What I'm worried about is some completely irresponsible agent without any involvement in the modern economy acquiring these capabilities."

Transformation Competency: It’s Time to Get Good at It

Because the pace of change has accelerated dramatically in the digital age, and organizational complexity has skyrocketed, knowing how to change and adapt is an essential discipline for any business. If you’re a global hotel chain, you consider a response to the arrival of Airbnb. If you’re a well-established restaurant chain, what do you do when a young upstart franchise offers fresher food, simply by leveraging more modern data technologies to improve supply chain logistics? If you haven’t established a competency around the very idea of transformation, what you probably do is have a lot of unproductive, increasingly urgent meetings with costly management consultants while your competition literally eats your lunch.

What Lies Beneath – Unpacking Data Centre Risks

There is a major education challenge at play, where those with software asset management in their remit need to quickly learn how this aspect of the IT estate is presenting risk. Their role is evolving as a result. This changing role is one factor to overcome. But many organisations will find there is confusion over who owns licences in the data centre. It could be the data centre manager, it could be the IT manager, or the person with software asset management (SAM) in their remit. Is this leaving a gap, where everyone has different priorities, and are looking to each other to take responsibility? Given the data centre manager is invariably focused on the hardware and smooth running of the data centre, this is unfortunately a common scenario. If the SAM manager is responsible, the likelihood is that the metrics they are accustomed to managing is not in the data centre.

Agile Development at the Enterprise Level: Misconceptions That Jeopardize Success

Agile approach that works within their environment.It’s radically different from the waterfall method of application development and delivery, incremental in its approach and focused on just-in-timecompletion of work. ... “The Impacts Of Missed Requirements In Agile Delivery,” a recent study by Forrester, explored the root causes of missed requirements in Agile adoption and the tangible business benefits organizations could achieve with better management tools. 96 percent of respondents reported problems in software development projects due to missed requirements, and 60 percent expected increased customer satisfaction from faster delivery as a result of avoiding missing requirements. IT and business leaders need to discern between fact and fiction when it comes to making Agile work in the enterprise.

Quote for the day:

"Cunningham's Law: The best way to get the right answer on the Internet is not to ask a question, it’s to post the wrong answer." -- @Tech_faq

October 14, 2016

Don't Be Sure Big Tech Breakthroughs Are Behind Us

Technology that makes these thing cheaper will make the business world more efficient, just like cheaper steel makes manufacturing cars more efficient. And it’s here, in the realm of white-collar work, where I believe the technologies bow under development have the potential to create huge productivity gains. A lot of effort right now is being poured into machine learning and artificial intelligence, thanks in part to technical advances in the field, and also thanks to the availability of large amounts of data to train machines. In a recent interview with Lee, venture capitalist Marc Andreessen explained why he thinks machine learning is the next transformative technology. Essentially, machine learning allows machines to do your thinking for you.

How Blockchain Can Benefit IT Outsourcing

Initially, the technology will be used to monitor the delivery and usage of IT equipment with a sensor that embeds information into the blockchain. Ultimately, that information would then trigger automated invoicing and payment processes between the two companies. If service providers and their customers were to tie their payment systems and SLAs together on a blockchain in that way, it would increase the efficiency of outsourcing contract management a great deal, says Ferrusi Ross. In this case, the bank might have a business rule on its engine that on the 4th of the month launches a validation of the SLAs and initiates a payment to IBM based on those results without any human intervention. The smart contract approach also offers the promise of increased transactional security. “If it can do that, it will become widely used,” says Susan P. Altman, partner in the commercial transactions and outsourcing practice at law firm K&L Gates.

Amid security concerns, Google's Allo virtual assistant is still worth a look

You might have heard that Edward Snowden has warned users to not install or use Allo. Why? The concern is simple— that conversations will be retained on servers. There is another, more disconcerting issue. Allo was supposed to employ end-to-end encryption for messages. That is, unfortunately, not happening. At least not out of the box. You can, however, start a chat in Incognito mode to encrypt your chats (this should be the default). But what about Assistant? Will these conversations between user and AI be encrypted, or vanish from the Google servers once they've served their purpose? It seems the answer to these questions are "no" and "until the user deletes them." Good news: the deletion of Assistant chats is a really simple task.

Security spending to top $100 billion by 2020

IDC analyst Sean Pike noted that enterprises fear becoming the next cyberattack victim and boards of directors are demanding security budgets be used wisely. Indeed, our CXO 2017 spending planner noted that network security is the No. 2 priority for the year ahead with securing networks and data the No. 1 challenge. Not surprisingly, banking is investing the most into security for 2016 with $8.6 billion, followed by discrete manufacturing, government, and process manufacturing. Those industries account for 37 percent of annual security spending. Healthcare will be the fastest growing area for security over the next five years with a compound annual growth rate of 10.3 percent. By model, services will account for 45 percent of all security spending. Managed security services account for much of that spending.

Why Physical Security Should Be as Important as Cybersecurity

In addition to having a staff member in a building’s lobby monitoring who gets access to a company’s offices, security technology expert Robert Covington, the founder and president of togoCIO, writes in Computerworld that “systems requiring a proximity card for entry are now quite common, and with good reason.” Such systems are important and should be used more than they are, he says, because they “provide tight granularity of access control for individual doors and a detailed audit trail.” Yet, as Covington notes, badges or badge data can be stolen by thieves or malicious actors. Ralph Goldman, a security industry veteran and lead writer for the Lock Blog, tells CIO that wireless communication technology is now enabling businesses to deploy “smart locks” that can let firms add barriers to doors and unlock the doors remotely via wireless protocols.

People Are The New Security Perimeter

Insider threats like these have become a considerably more prominent issue in the past few years. And you only need to look so far as your organization’s favorite coffee shop or the connected devices in every home to see how easy it could be to accidentally share confidential or proprietary information to prying eyes and ears. In the past, we could rely on technology to protect your confidential information and protect your workforce. But more and more users bypass these security measures, and these problems will only expand as the internet of things continues to grow. You can no longer expect your workforce to refrain from interacting with the world outside of your organization’s security precautions. If controls hinder employees’ activity, they can stifle business innovation altogether.

1 billion reasons to care about cyber due diligence

The legal, financial and reputational risks involved in these sorts of large scale data security incidents are firmly on the agendas of boardrooms around the world. A recent Mergermarket report, Testing the Defenses: Cybersecurity Due Diligence in M&A, highlights an IBM survey which found that the average cost of a data breach in the United States in 2015 reached US$3.79 million, an increase of 7.6% from 2014. Given the ever increasing risks in this area, companies are asking themselves how they can reassure boards and shareholders that what appears to be an attractive takeover target won’t end up being a poisoned chalice. While Mergermarket reported that in the majority of cases cyber security issues were not enough alone to cause buyers to walk away from a deal, deal timelines and deal value can be significantly affected by cyber security issues.

Critical Strategies to Prepare for the Future with All-flash Storage

Because of the internet, technology has rapidly accelerated in the last 20 years. Making all this possible is a myriad of connected infrastructures that are the vital foundation that keep technology running. If we look back when the computer was first introduced mainstream, the entire back-end of it would be in the same room as the user. Today, the massive amount of data a computer produces and stores are far more likely to be in a datacenter on the other side of the country. While it may be out of sight – it should never be out of mind. Today’s modern datacenter needs to support the dynamic nature of modern businesses, including seamlessly scaling with growth and demand, delivering superior user experience so employees don’t see any downtime, and supporting the need for businesses to be agile in response to changing market requirements.

Rolling into the digital age: inside Rolls-Royce’s tech transformation

The IT function is focusing on product data and document management; integrated design, simulation and verification; lean engineering; and enabling IT capabilities such as high-performance computing and fast technical engineering PCs. This IT vision is allowing the company to move towards a completely digital design-and-test process for the aircraft engines it builds. Simulating the fan-blade-off test, for example, has provided more insight, helped the environment and reduced engine development time and costs, as well as the number of physical engines required to be tested. Rolls-Royce’s digital aspirations spread far and wide. The creation of a digital twin for the physical engine is allowing the company to move from engine health monitoring – which it has done for many years – to the merger of that data and other data on the aircraft to provide value-added services to airlines.

Google takes on IoT with Brillo and Weave

In addition to Brillo, Google is also fielding Weave, an IoT-oriented communication protocol. Weave is the communication language between the device and the cloud. Google Brillo is the OS for IoT products and Weave is built right in, explained Hanwook Kim, product manager for both. "Our vision is to make every device connected, smart, accessible and secure," he said. With something like 1.4 billion devices already running Android, Kim said Google Brillo and Weave are natural extensions. "We want to make it easy for developers to build connected devices in an open ecosystem," he said. "If you're building a new product from scratch or find that your current OS isn't providing the flexibility you need, Brillo could be a good fit." On the other hand, he added, if you're already using an OS or have an existing product, Weave can still be used to provide a way to connect your device to the cloud and other Google products.

Quote for the day:

"Make your mistakes, take your chances, look silly, but keep on going. Don’t freeze up." -- Thomas Wolfe

Tech Bytes - Daily Digest: October 23, 2016

Tech Bytes - Daily Digest: October 22, 2016

Tech Bytes - Daily Digest: October 20, 2016

Tech Bytes - Daily Digest: October 19, 2016

Tech Bytes - Daily Digest - October 18, 2016

Tech Bytes - Daily Digest: October 17, 2016

Tech Bytes - Daily Digest: October 16, 2016