Daily Tech Digest by Kannan Subbiah

October 25, 2016

Calling disruptive fintech entrepreneurs

“With the value of financial technology investments climbing dramatically over the past decade, fintech has clearly become mainstream," said Maria Gotsch, president and CEO of the Partnership Fund for New York City. “Now in its seventh year, the FinTech Innovation Lab has become embedded in the entrepreneurial and financial services ecosystem in New York City, helping drive job growth and building on its rich concentration of tech talent, financial expertise and close proximity to some of the world’s largest financial institutions. "The connections made through our programme enable tech entrepreneurs to closely engage with these top financial institutions and accelerate growth.” The success of the FinTech Innovation Lab in New York has led to the founding of three other FinTech Innovation Labs around the world in London, AsiaPacific and Dublin.

Massive DDoS attack spotlights internet choke point

The big question hovering over the incident is why go after a DNS provider that supports sites popular with millennials, according to Sirota."People aren't just trying to make millennials life a little bit hard. There must be some alternative." DDoS attacks can serve as cover for other malicious actions. It is also possible that the attack was an experiment used to test a new mode of attack. "Is the intention to just try out a new way of hijacking unattended devices, like TV monitors and turn them into zombies that drive traffic? Is the intention to use the attack as a distraction so that these companies like Shopify aren't necessarily paying attention to other parts of their infrastructure? It's hard to say," Sirota said.

Ex-NSA Contractor Hoarded Two Decades' Worth Of Secrets

U.S. authorities are still reviewing the seized information, but they allege that Martin illegally held documents he had no need to see. "The case against the Defendant thus far is overwhelming," the filing said. In addition, Martin may have done little to securely store what he allegedly stole. "Many of the marked documents were lying openly in his home office or stored in the backseat and trunk of his vehicle," the filing said. Investigators didn't mention finding any direct evidence of Martin leaking the stolen materials to hackers or a foreign government. But the court filing said he easily could have transferred the information over the internet and concealed his online communications. Attorneys for Martin have rejected the allegations that he betrayed the U.S.

60% of small companies that suffer a cyber attack are out of business within six months.

The U.S’ National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber attack. According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million. Recent events have proven that nobody is safe from the threat of cybercrime – not large corporations, small businesses, startups, government agencies or even presidential candidates. Small and mid-sized businesses are hit by 62 percent of all cyber-attacks, about 4,000 per day, according to IBM. Cybercriminals target small businesses because they are an easy, soft target to penetrate.

Social Data: Revolutionising Identity Verification

Unnecessarily long and complicated ID checks, such as Knowledge Based Authentication (KBA) like “what is your mortgage value?”, or “how much did you spend on your last phone bill” often results in incorrect answers because who can remember their mortgage details, and who pays that much attention to know their exact last phone bill? These inefficient methods often mean customers, particularly in banking and telecoms, end up having to go into branch and spend a significant amount of their little ‘free time’ finding proof of address and their passport, heading into town, queueing, and finally verifying their identity. Even consumers who order online shopping to store (be it clothes, food, electronics) have to remember to bring ID when they collect it, feeling disappointed when they forget and there is no alternative but to come back another time, driving licence in hand.

Taking a Value-Chain Perspective on Innovation

After all, any technology that requires substantially new routines, new task knowledge, or new complementary resources also will require any organization that interacts with it to change its processes, human capital, or other resources, and know-how. ERP software, for instance, was notoriously difficult to implement, requiring significant “business process reengineering” and non-trivial interruption or duplication of key internal processes. When we look at how digital technologies affect business-to-business interactions, we can see a similar potential to enable or disrupt key processes. This time, however, the processes cut across organizational boundaries. My research therefore focused on how links in the value chain — particularly, customers — might impact the behavior of leading companies at the onset of technological change.

The Toil of Technology MNC Leaders Struggle More Than Most

Technology is only as effective as the confidence of the leaders using it—on this, MNCs fall short based on a wide range of indicators, shown in the graphic on the previous page. Only 60 percent of MNC leaders are highly confident leveraging technology to improve their workforce. Technology as a mechanism for providing leaders with information to aid their decision making to channel and derive value ..., with 66 percent of leaders highly confident using data to guide decisions. Technology methods used specifically for leadership development are, at best, unproven, and, at worst, squandered. Only 1 in 20 of all MNC leaders selected mobile-accessible development as one of their top-three most effective learning methods, while social networking and self-study online learning were scarcely more effective at 11 percent and 12 percent, respectively

Hackers changing tactics, techniques and procedures

“Our Q3 2016 report confirms that hackers are relentless and constantly employing new means to penetrate networks to steal confidential data,” said Rob Kraus, Director, Security Research and Strategy, NTT Security. “Organizations’ first line of defense is to determine where and how these attacks are taking place so they can deploy the most efficient and appropriate network security solutions to minimize their exposure and liabilities.” The report cites an increase in the type and sophistication of attacks during Q3 ’16 across a broad range of industries with finance being the most affected, followed by retail and manufacturing. Further, traditional hacking is being supplemented by other, more sinister attacks such as “direct cash back” models including ransomware and Business Email Compromise (BEC) attacks.

How to prepare yourself for the next DDoS attack

Admit it: Do you even bother keeping phone numbers anymore? Many modern relationships -- especially business relationships -- exist solely online: email, Facebook, WhatsApp and so on. But imagine last week's attack had been worse, rendering some or all of those tools useless. Now what? Time to go old-school: Make sure you keep an address-book entry for the important people in your life (personal and business alike), and make sure that entry includes multiple modes of contact -- including work, mobile and/or home phone numbers. Of course I'm referring to the address book on your phone, but there's nothing wrong with keeping a print version as well. It's just one more item to keep under the you-never-know umbrella. Speaking of phones, a DDoS attack might render yours inoperable -- if it relies on voice-over-IP technology.

Unum's Lynda Fleury Navigates Changing Security Environment

“Companies want to facilitate anytime anywhere access to anything from anyone through mobile technology. And with the adoption of cloud, we are extending pieces and parts of our network to areas outside of our control,” she explains. “We have shifted from the enforcers, to becoming the trusted advisors, educating business partners and IT advisers on what the technology landscape is.” Fleury, who began her career in IT security in the banking industry, came to Unum as an IT auditor in the mid-1980s. Since then, she has been credited with growing Unum’s security organization from the ground up, increasing the size profile of the team over time. Today, Unum’s IT security organization has more than 40 professionals in it.

Quote for the day:

"In the business world, the rearview mirror is always clearer than the windshield." -- Warren Buffett

October 24, 2016

Why Measure the Value of an Organization’s Information?

Notwithstanding the real difficulty of measuring the "value of information" so that it can take its deserved place on a company's balance sheet, Mancini's second difficulty is the crux of the problem. The "value" of information, like the value of the structured and unstructured data that underlies it, is dependent on how the information is used. Sometimes that usage is planned. Many times information usage is unplanned or serendipitous. Plus, data and information can be used to support decisions and actions with negative outcomes as well as positive outcomes. Even if we restrict our definition of "value" to economic value, we are still faced with the need to define what we mean by "information" and "data." The metrics associated with their use would have to be reliable and repeatable.

Where to find the world's best programmers

While Chinese and Russian coders perform well across many of the fifteen domains for which HackerRank poses challenges, it’s also worth noting that coders from specific countries excel in specific domains: Japanese coders are the best for artificial intelligence and Hong Kong produces the best Python programmers, while the best Ruby programmers are in Finland and Denmark is tops for SQL programmers. There are other surprises too. The best database programmers are from Switzerland, Ukraine produces the best security coders, Sri Lanka is the strongest for distributed systems, and France is tops for C++. Let's consider first why China and Russia produce such a wide range of skilled programmers. "One hypothesis is the way education in those countries is focused," says Heraldo Memelli, HackerRank's lead technical content manager.

Dyn DDoS attack highlights vulnerability of global internet infrastructure

An attack on the DNS directory system that resolves domain names into numerical IP addresses is a source of concern given it is a fundamental part of the internet’s inner workings. It highlighted just how vulnerable the internet really is, said Thomas Fischer, threat researcher and global security advocate at Digital Guardian. “It places more onus on the internet infrastructure providers to ensure their security is top of the field, and that they plan for large-scale disaster recovery scenarios,” said Fischer. Chase Cunningham, networks director at Cyber Operations, said: “It was an interesting point to see the bad guys are moving upstream for DDoS attacks on the DNS providers, instead of just against sites or applications.”

Cloud Security, AI, IoT Make List Of Hot Technologies For 2017

The Nucleus analysts pointed to the AI systems in the new HBO TV series,Westworld, or the older TV science fiction series, Humans, as representing what many people now think AI systems are capable of, or will be soon. "In practice, AI is far from reaching its potential," they warn. Vendors who actually offer AI will have it connected to machine learning and some form of human interface, whether audio, visual, or natural language. Google's AI system won the game of Go in March, a parallel IBM's Watson beating human contestants in Jeopardy! The win gave a glimpse of how far powerful AI systems can go. But there's "still a significant gap" between portrayals in science fiction and AI's accomplishments in practical settings on the ground.

AI can predict outcome of human rights trials, but should it?

According to the researchers, the language and topics of the cases were the most important predictors for determining the judgment. "The 'circumstances' section of the text includes information about the factual background to the case. By combining the information extracted from the abstract 'topics' that the cases cover and 'circumstances' across data for all three articles, an accuracy of 79% was achieved," the press release stated. The study, however, just looks at the official, text-based court statements—not the arguments in court. Toby Walsh, AI professor at the University of New South Wales, said he is "unimpressed." The outcomes, he said, are going to be predicted based on the summary of the judgement. Furthermore, even if the judgment were ignored, "the summary is going to be inherently biased towards the decision, focusing on evidence and law that supports the decision."

Everything you ever wanted to know about mobile payments [Infographic]

The world of mobile payments is a rapidly evolving one, with new players, new locations and technologies coming up faster and faster. Take Apple Pay for example. The tech giant’s payment service has only been around for two years, but its nascent OS payments, which was only launched last month, purchases made in-app and on websites via what it’s calling ‘OS-Pay’ (operating system pay) platforms will hit $8bn annually by 2018. With such rapid progress made, it’s always good to take a moment and take a snapshot of the industry and see how exactly these mobile payments work and who uses them. The infographic below, from Oberthur Technologies, does just that.

Rethinking Market Strategy In A Digital Economy

The convergence of market-oriented behaviors and new market rules are asking senior executives to reframe their overall market strategies. Knowing full well that reframing market strategies are tied to answering the questions of where the next area of growth will come from and what path they need to take to achieve growth. ... Affecting the development of market strategy is a multitude of market forces. Primarily driven by digital transformation. Movement from hosted environments to the cloud, the SMB market enabled by digital technologies to be on equal footing with large enterprises in their customer service capabilities, increase in mobile technology as a key touchpoint, an increase in executive decision-makers who want hands-on and daily interaction with critical applications – in essence becoming important users, and addressing omnichannel engagement.

Are your marketing pros ready to handle big data?

"As a marketer, it's harder than ever to get a complete picture of your audience. Their interactions are siloed by walled gardens, multiple devices per person or platforms strategically locking users in. Each one of those channels requires a customized strategy," says Platzer. The best thing a marketer can do to get around such challenges is to keep up on the latest trends, according to Platzer. He recommends that all marketers educate themselves on the most popular channels people are using on a daily basis to access content from. It's also vital to have a finger on the pulse of what the next best app will be -- like when Twitter came on the scene and completely changed the way people share and interact.

Flexible Data Architectures to Help Drive Business Needs

Some software vendors have identified the need to drive data architectures from the business and have built this capability directly into their tools, allowing users to map data entities together more easily, integrate processes, develop customized views and dashboards, etc. However, many such tools currently on the market are performing this technique using rather old hat methods. One such method is to utilize Entity Relationship Diagrams. ERDs depict the logical structure of one’s data as it would be used in a relational database. Therein lies part of the current problem – the world is slowing moving away from using relational databases for everything. NoSQL databases are on the rise. Graph databases have been in existence for some time. Unstructured data sources that utilize text extraction or natural language processing revolve more around terms and their usage within a domain of interest.

Testing for vulnerable IoT devices

Poor security is standard practice with IoT, but these devices are especially bad. Even if their web interface is used to change the default password, the devices have hard coded Telnet and SSH passwords that can not be changed. Part of yesterdays DDoS attack against DYN came from the Mirai botnet, composed of assorted hacked devices that were using default passwords. Unlike pretty much every other article on this subject, I am not going to quote a spokesperson from a security firm saying that things are really really bad. Instead, I have some hopefully useful advice, a way to test if devices in your home (or office or wherever) are vulnerable to software attacks similar to the Mirai malware. It's far from perfect, but it's a step in the right direction.

Quote for the day:

"Insulate yourself from those who bully, lie, or steal. Don't let their selfish values infect you." -- Chris Edmonds

October 23, 2016

Virtuous Machines -- How Analytics Will Underpin Artificial Intelligence

Ultimately, just like humans, AI will need to draw on a constantly-growing database of information. An intelligent program should read historical data, analyze it for patterns, and be able to classify what it sees. Without a database to learn from and then call upon this information to match with new data, a program cannot really “learn”. For most enterprises, practical use of AI is not yet feasible. The actual solutions on the market are not very accessible, by and large. A good example of AI for the masses is Google introducing machine learning to the G Suite, formerly known as Google for Work. By shaving seconds off delays at every level, Google is trailblazing user-friendly AI. Not everything need be as complex as IBM Watson!

An Introduction to Modern Agile

Seth Godin famously said, “People aren’t afraid of failure, they’re afraid of blame.” Blaming increases negativity and helps no one. This is why Etsy has a “blameless culture.” They understand that, rather than being the fault of a single individual or group, mistakes are usually the result of unseen problems in the environment that may have been around for some time but happened to be triggered one day by someone. Their concern is to learn blamelessly from failures and quickly improve. The same is true at Google. Once, an engineer at Google confessed, “I screwed up a line of code and it cost us a million dollars in revenue.” The code in question was part of Google’s highly profitable AdWords software. In many organizations, a mistake like that could lead to further losses, like the loss of one’s job, a loss of confidence or respect. Not at Google.

How knowing your staff will protect your business from attack

“Over the years, we’ve invested resources and money to ensure it’s hard for people to break into our systems - but the problem is that you could be hacked by someone from the inside, with valid access to some part of your system that gives you access to your digital infrastructure.” In light of the cyberattacks on actors such as Jennifer Lawrence, Creese explained how the cloud now poses a larger threat for corporations. “I now no longer have to hack 50 organisations, I hack one cloud and I get every single employee using that cloud.” Creese spoke about the struggle of not only stopping threats, but also how we identify and define an insider threat. “One of the reasons we’re not as equipped as we should be is because we’re not dealing with the people and technology in tandem,“ she continued.

Cyber security threats getting less easy to ignore

October is National Cyber Security Awareness Month — a campaign that's headed by the federal Department of Homeland Security to raise awareness on how to protect our personal information and combat fraud. But this October, the public cannot help but be hyper-aware of hackers after all the news about stolen e-mails out of the Hillary Clinton presidential campaign. We've even heard reports that hackers have targeted the voter registration systems of more than 20 states in recent months. We're likely to face phishing scams both at work and at home that try to trick us into disclosing personal information. "The e-mail can look just like it comes from a financial institution, e-commerce site, government agency or any other service or business," warned the American Bankers Association.

Defending Against Data Breaches: What Exactly they are and What to Do

Most cyber security analysts agree that the first phase of a data breach, from a criminal element, starts with research. Hackers or cybercriminals will investigate a company or institutions’ system weaknesses. This will be done by skimming social profiles online, exploiting employees or investigating company infrastructure. Once, the weakness has been a found an attack plan is put into place. The attack will usually be a network-based attack through infrastructure or a social attack where the criminal is let in through the backdoor with a malicious email or attachment. Following the attack, the data is extracted and can be used for a variety of purposes, including: blackmail, black market information sales r propaganda against the company. Not all data breaches are created equal and vary in severity, however.

'Smart' home devices used as weapons in website attack

Many of the devices involved come from Chinese manufacturers, with easy-to-guess usernames and passwords that cannot be changed by the user - a vulnerability which the malware exploits. "Mirai scours the Web for IoT (Internet of Things) devices protected by little more than factory-default usernames and passwords," explained cybersecurity expert Brian Krebs, "and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users." The owner of the device would generally have no way of knowing that it had been compromised to use in an attack, he wrote. Mr Krebs is intimately familiar with this type of incident, after his website was targeted by a similar assault in September, in one of the biggest web attacks ever seen.

Are you ready for remote project management?

If your organization is considering a transition to remote PM, having employees with the right aptitude, capabilities, focus, and dedication for working in this independent fashion is critical. If individuals lack the motivation or are individuals who require a significant amount of supervision and guidance, this may not be the best move. That said, if the remote project management drivers fit with higher-level strategic objectives, it may be necessary to still proceed in that direction, and hire individuals with the capabilities to execute projects remotely. It may also be a better option to invest in training for existing high potential employees. With either of these options, or a combination of both, make sure to carefully and properly identify the strengths and career interests of existing employees.

Yahacking: The Last Straw

“The year 2016 saw a record number of stolen account credentials up for sale on the Dark Web” is something you might have read in of our previous articles. That being said, MySpace no longer holds this record (with 360 million hacked accounts in 2008). The turn for the title is now passed on to another multinational thanks to what is better known in the media as the “Yahacking” incident. In a continuous freefall since Google first surfaced, what used to be the most popular internet portal of the year 2000 is now in a very tight spot. The company in question had announced in July that it would be bought by Verizon Wireless. However, in light of recent events, the acquisition is now at risk. Care to venture a guess of who we might be talking about?

How to Successfully Install Agile/DevOps in Asia

Value-stream mapping is a lean-management method for analyzing the current state and designing a future state for the series of events that are needed to deliver a product or service. It helps to identify the problems in the process and reduce the lead time. It also it works well for addressing the people element. ... Each process step has a lead time and a process time. By drawing this map, you can easily identify the waste in the process and find opportunities for improvements and automation. I always call all stakeholders to attend a value-stream-mapping session: developers, operations, program manager, UCD, etc. You need to ask everyone who has permission to change the process to participate in this event. Japanese culture is hierarchical. Unfortunately, devs and ops don't have power, so you need to include upper management.

Information governance: Yes, it can create ROI

"Information is an asset, just like building, equipment, staff and full-time employees,” Reeves explained the worth of an IG program stems for protecing and leveraging it as such. By ensuring trusted and reliable information, healthcare organizations can enable more timely and accurate data, with faster access to it for more nimble decision-making, she said. Reeves offered advice on how to highlight IG's value – tangible and intangible – to the C-suite. Spiraling e-discovery costs, for instance, where evidence gatherers in malpractice suits must sift through electronic data, paper records, different legacy systems from acquired practices are a common problem. An enterprise-wide IG policy, alongside process improvement initiatives, could reduce both risk and cost, she said.

Quote for the day:

"Practice isn't the thing you do once you're good. It's the thing you do that makes you good." -- Malcolm Gladwell

October 22, 2016

BMW's vision for the smart city of the future includes autonomous driving and AI

BMW is currently working with the city of Berlin, Germany, on a pilot project where three streets are being transformed into a new urban environment as residents use urban transportation for mobility. The parking areas are being transformed into green spaces to improve the quality of life. BMW is also developing ideas on how to transform city parking garages into affordable living spaces, he said. To create more ideas for urban living, BMW's MINI founded earlier this year Urban-X, which is a startup initiative to focus on engineering the city as a service. Three of the entrepreneurs who were part of the first round of participants presented their ideas at the BMW event in Santa Monica: Multimer,Brooklyness, and CTY. Each participant was in the program for 3-½ months and were able to work with BMW engineers to hone their ideas.

Clueless CIO cloud confusion continues

Ignore the jargon. It means the cloud could be next door, or it might be in the next country. With a hybrid cloud, which uses both private and public cloud resources, it may be both. IT should know the specifics of what’s where. For the ordinary Joes and Janes in accounting, the resources are just in the cloud. From their seats, the cloud is just at their fingertips, the same way the internet is. Rapid elasticity and expansion are vital. In a cloud, you don’t ask for five more servers; you go out and get them. Your computing resources are dynamically assigned, released and reassigned at your request. In the best clouds, users don’t even know they’re asking for more resources. They just get on with their job, and if their work requires more resources, the cloud simply provides them.

FinTech Is Not a Niche Anymore, It’s a Powerful and Highly Disruptive Industry

There are plenty of reasons why FinTech was able to go from being a niche in the financial services industry to a massive industry with highly disruptive potential – customer-centricity, simplicity and scalability, freedom from legacy systems and more. Explaining the FinTech revolution, the Economist has also emphasized such factors as cost efficiency, the absence of the need to protect existing business and lack of regulatory burden along with above-mentioned legacy IT systems/branch networks. The scalability advantage was possible to gain due to a clever approach to risk assessment and use of smart data to profile potential clients. Smart data represents a more sophisticated approach to data collection and analysis, focusing on meaningful pieces of information for more accurate decisions.

DDoS attack Friday hits Twitter, Reddit, Spotify and others

"Because DNS is vital to every person, business and website across the entire internet for system stability and performance, online businesses commonly outsource DNS management to third-party providers who have better and more reliable infrastructures to operate on behalf of their customers," Jeremiah Grossman, chief of security strategy at SentinelOne, told SCMagazine.com on Friday. Historically, he said, this has worked to everyone's benefit. "However, what we're now seeing is that in light of the way the infrastructure works in the security landscape, they are attractive targets for large-scale DDoS attacks – because if you take out one of these DNS service providers, you can disrupt a large number of popular online services, which is exactly what we're seeing today."

Is the AI apocalypse a tired Hollywood trope, or human destiny?

Computers think really fast. In the best-case scenario, we’ll have enough time between an AI acquiring the ability to think as well as us and its rise to super-intelligent status that we can adjust and respond. On the other hand, as Bostrom points out, when you’re dealing with a machine that can think — and therefore develop — at an almost unimaginable speed, by the time we realize what’s going on, it will already be far too late to stop it. Some readers may remember the 1970s sci-fi horror flick Demon Seed, in which an AI not only predicts that it will be shut down by its fearful creator, but employs murder and rape to ensure its survival. “If and when a takeoff occurs,” Bostrom writes, “it will likely be explosive.” Stephen Hawking has echoed this sentiment: “Once humans design artificial intelligence,” he says

How enterprise software development is changing

Technology such as Docker, to enable developers to create code that can run in their own containers, along with the ability to have short feedback loops, helps businesses to adapt more quickly. Such technology and techniques form the basis of the cultural shift that companies of all sizes need to make to enable their developer teams to become more adept at delivering software quickly, says Davis. “Culture is very easy to instil when there is a small group of people,” he says. “Hiring is key.” Davis recommends that IT leaders plan in advance, and hire people appropriate to the direction the IT strategy is taking. Russ Miles, lead engineer at Atomist, believes IT leaders can learn much from the way webscale organisations approach software development. “Organisations of any size have to compete,” he says.

Using Analytics as a Force in Business

With anticipatory analytics, predicting the future is no longer science fiction! Anticipatory analytics build on predictive analytics which tells us to analyze many attributes over many years to make the best and most informed business decisions possible. Dave made a clear distinction between companies that use anticipatory analytics versus those that rely solely on historical data. His take is that using anticipatory data can be a critical differentiator between being an innovator on the cutting edge of meeting customer demand and being completely disrupted. Consuming data in real-time and leveraging it to build a model is what companies that are innovating and disrupting are doing. Companies that rely solely on historical data are most often the ones that fail, even after rising to greatness because their competitors are more effective at using data.

Why you should devote as much time to dark data as big data

"If companies can learn how to harness this data, it can yield new insights," said Mads C. Brink Hansen, product manager at TARGIT, a business intelligence and analytics solution provider. "In one case, a company wanted to assess the efficiency of its field-based salesforce. By looking at the travel expense reports submitted by its salespersons, it was able to determine the number of meetings that each salesperson had while in the field each day and then measure this against what should normally be expected in the way of meetings. This was one way in which an HR-based reporting function (travel and expense reports) was repurposed to provide insights into how many meetings per day an in-field salesperson was likely to have, and who was hitting those targets."

CERT-In had instructed banks on October 7 to stay alert in wake of surgical strikes

CERT-In and the National Critical Information Infrastructure Protection Centre sent an email to banks regarding the rise in ATM frauds following ET’s report. "On October 20, 2016, CERT-In has sent mails to State Bank of India, Axis Bank and HDFC Bank to report an incident to CERT-In as seen in media report stating that 3.2 million debit cards have been used in ATMs that are suspected to have been exposed to malware at the back end. The incident has so far not been reported to CERT-In," said the official cited above. Not reporting the matter is in breach of the rules, said another official. "There is an RBI framework… the Information Technology Act mandates that these incidents have to be reported so of course there is a lapse on the part of the banks," he said.

Clour Services Lift IT Outsourcing Market Higher Than Expected

In the Asia-Pacific region, as-a-service contract value has surpassed that of traditional IT services deals. That’s due, in part, to the fact that cloud solutions are particularly well-suited to more volatile markets and midsize enterprises, according to Keppel. The rest of the world has yet to reach that inflection point. “There is a notable uptake in interest in the U.K. in particular,” Keppel says. “The Americas are close but we’re not ready to say that as-a-service will consistently outpace traditional sourcing in [there].” Keppel is quick to point out that the cloud-traditional services story is one of growth rather than cannibalization, noting that the overall market was in the healthy range and has been more than 60 percent of the time in recent years.

Quote for the day:

"If there's a book that you want to read, but it hasn't been written yet, then you must write it." -- Toni Morrison

October 20, 2016

AI: the greatest threat in human history?

Stephen Hawking has warned that artificial intelligence (AI) could be the greatest disaster in human history, unless humans learn to mitigate the risks posed. Of these looming threats, Hawking suggested the rise of AI could lead to the creation devastating autonomous weapons and new oppressive methods of controlling the masses. Perhaps the most distressing point from Hawking’s speech was his notion that machines could develop a will of their own. To this, a Terminator-like scenario is not inconceivable. Humans make autonomous weapons for the next stage of combat, a global autonomous arms race beings, the machines learn to think, humans get wiped out. This may sound exaggerated, but it does mimic to some extent the speech Hawking delivered, if AI’s advancement goes unchecked.

The Benefits of Semantic-Based Data Modeling in the Smart Data Lake Era

With semantic-based data modeling in a smart data lake, all your data can be neatly organized using business models that the user defines, based on human-readable, standardized terms that allow you to link and contextualize information regardless of where it came from. And all this smart data can then be used to automatically create data extracts, ETL, and ELT jobs for quick and efficient analysis. Because the data model has been created with a semantic approach, that model can be queried endlessly. Analysts can ask the model where data came from, what it means, and what conservation happened to that data. Bringing the data together from various sources, combining it together in a database using a customized domain model, and then conducting analytics on that combined data set creates a huge benefit and freedom to analysts, and to the organization.

Organizational Culture of Fear and Innovation Assassination

There are innovation-obliterating assassins lurking in all parts of your organization. Frighteningly, the biggestinnovation assassins are often wearing a disguise. So many high-level executives will earnestly (and with a straight face) wax poetically about how important it is to change the organizational culture, catalyze innovative thinking throughout all ranks of the company, and dismantle the power and comfort of the status quo. ... So why the discrepancy between what such executives say and what they actually do? They typically aren’t “lying” for the sake of deceit or other callous intentions; but instead, their self-contradictory statements and behaviors are usually due to fear. As stated in Robert’s Rules of Innovation II, “Sometimes, it is pure fear. Fear of failure. Fear of the unknown. Fear of criticism. Fear of change. Fear of being terminated.”

Survey On Consumer Attitudes Toward Fintech Spells Trouble For Banks

As for a takeaway for banks, Blumberg says, “Banks need to adapt, adopt or hasta la vista, baby. Banks cannot continue to do what has made them successful for the last 50 or 100 years. We are at a fundamental changing point because of big data, cloud infrastructure, mobile telephony, social media, artificial intelligence, machine learning, etc. That combination of new technologies have unleashed incredible power from the bottom up. Yes, some of it is used for hedge funds for sophisticated trading, but the business-to-consumer portion of our portfolio is focused on helping to level the playing field, helping Joe Lunch Pail do better in their finances. Traditionally, that’s only been available for the wealthy. Fintech makes it cheaper and easier to distribute those tools of algorithms, that advantage, to average people.”

Apple Pay at two years: Not much to celebrate (yet)

"People ask, 'What's the benefit?'" Ranta added. "For someone who's not tech savvy, they have probably tried it once and said, 'What's the big deal with this? Opening up my wallet and swiping my card wasn't a big deal to me, so why do I need to get rid of that habit? Instead of relying on some weird, wireless thing -- screw that. I have a physical card that I can put in a terminal." Not everybody feels that way. The biggest users of mobile wallets are under age 35, according to various surveys,including one in May by The Pew Charitable Trusts. Smartphone users will pay for goods over the internet or through an app without entering a store, but in-store mobile payments are not as popular. "We're still at the early-adopter stage," said Bryan Yeager, an analyst at eMarketer.

In a colocation provider, look for security, a solid SLA

There are warning signs that a colocation provider may not meet its SLA. For example, unexpected or frequent changes to the SLA can suggest that the provider is struggling to meet responsibilities. Internal company instabilities, such as acquisitions and mergers, can also indicate that an SLA will change or service a larger customer base. Use SLA monitoring tools, such as IDERA Uptime Infrastructure Monitor or Mindarray Systems' Minder. But first, talk to your colocation provider to make sure these tools can integrate with your provider's APIs or monitoring hooks. You can also test colocation services by occasionally triggering their support function to determine response time and quality.

Big data is eating the world – but it’s not eating the data scientist

The missing piece is visionary leadership. McKinsey predicts that by 2018 there will be a shortage of 140,000 to 190,000 people with analytical experience and a staggering 1.5 million shortage of managers with adequate skills to make critical big data decisions. Hiring a couple of PhDs will reap a few rewards, but without direction and support from the top, the highly paid data scientists may end up being glorified (and overpaid) analysts, who make a few SQL queries followed by the odd Tableau visualisation. Management needs to clearly define the key business questions that need to be answered and create roadmaps for the medium to long term – showing what software needs to be built or bought, and who needs to be hired along the way.

Why Poor Cyber Hygiene Invites Risk

Despite a growing awareness of the threats that target them, some organizations still aren’t practicing some of the fundamental steps of cybersecurity to ensure the level of resiliency needed to endure current threats. It is imperative for organizations to prioritize addressing the problem of aging infrastructure and systems. ... The time has come for organizations to realize that they must move away from products that are no longer supported and can’t be upgraded to meet today’s security challenges. Modern cybersecurity is about risk management - that is, eliminating and mitigating risks where possible, and knowingly accepting those that remain. Poor cyber hygiene — not patching, keeping outdated solutions in place, etc. - puts the overall resilience of an organization into jeopardy.

Stupid encryption mistakes criminals make

Writing secure code can be challenging, and implementing cryptography correctly in software is just plain hard. Even experienced developers can get tripped up. And if your goal is to swindle people quickly, not to wow them with the quality of your software, there are sure to be serious crypto mistakes in your code. ... Malware authors may provide significant lessons in how not to implement cryptography. Such was the upshot of research by Check Point’s Yaniv Balmas and Ben Herzog at the recent Virus Bulletin conference in Denver. Malware authors may be more likely to insert crypto doozies in their code than developers working on legitimate software because they may not care as much about code quality or design, said Balmas and Herzog.

Secret Service cybersecurity audit shows 'unacceptable' flaws

According to the cybersecurity audit report, the USSS has little room for error in its primary mission of "protecting the president, other dignitaries and events, and investigating financial [crimes] and cybercrimes to help preserve the integrity of the nation's economy." "USSS has much work to do to make IT a priority. This requires establishing and implementing an IT governance framework that addresses, at a minimum, the IT organizational and management deficiencies identified in this report," the report read. "It also requires that USSS leadership fully understand and address the potential for insider risks, not only from system administrators and inadequately managed IT contractors, but also from employees and business partners."

Quote for the day:

“If you don’t have a competitive advantage, don’t compete.” -- Jack Welch

October 19, 2016

Knowledge workers demand intelligent search!

In most businesses, knowledge workers are frustrated by the information search and retrieval experience, whether it is on their company intranet or in critical business applications such as a CRM system. This frustration is made worse when they have to repeat the same searches with mixed results across multiple disconnected data repositories. ... Fortunately there have been incredible advances in machine learning, natural language processing, artificial intelligence and cognitive computing. Modern day search platforms are a lot more powerful, automated, and easy to implement. Cloud big data solutions such as Hewlett Packard Enterprise Haven OnDemand don’t require any investment in servers or platform administrative staff— solutions can simply be built and implemented in hours or days, rather than weeks or months.

Digital Today, Cognitive Tomorrow

Cognitive systems are already transforming everything from the world-changing to the everyday. For example, cognitive oncology is a reality thanks to technology developed in partnership with Memorial Sloan Kettering Cancer Center in New York City that helps oncologists identify personalized, evidence-based treatment options based on massive volumes of data. This breakthrough technology is now helping scale access to knowledge at Bumrungrad International Hospital in Thailand, Manipal Hospitals in India, and more than 20 hospitals in China. Cognitive assistants are at work helping build more intimate, personalized relationships at the Brazilian bank Banco Bradesco, the insurance company GEICO, and the retailer The North Face. Dublin-based Medtronic plc, a global health care solutions company, is creating a cognitive app for people with diabetes to predict a hypoglycemic event hours in advance.

Some Hadoop vendors don't understand who their biggest competitor really is

With Forrester projecting that "100% of all large enterprises will adopt [Hadoop and related technologies such as Spark] for big data analytics within the next two years," the chances are pretty high that your enterprise is in the midst of a decision, or has already made it: Which Hadoop vendor do I pick? Though this will change over time, "currently there is no absolute winner in the market," Forrester pointed out, and it's easy to get confused trying to parse differences between the different stacks. The Hadoop vendors themselves, however, give us clues as to who they think is winning, as Ovum analyst Tony Baer highlighted. All you have to do is look at who they position themselves against in their marketing literature.

Gartner 2017 CIO Agenda: Digital Ecosystems, Interoperability, Bimodal IT

There's a significant shift underway in terms of where CIOs are opting to invest, according to the report, which was presented at the 2017 Gartner Symposium/IT Expo 2016, Oct. 16-20 in Orlando, Fla. But there's much more to it than simply following the money. Let's start with the digital ecosystem. What's that all about? According to the report, "Gartner defines digital ecosystem as an interdependent group of actors (enterprises, people, things) sharing standardized digital platforms to achieve a mutually beneficial purpose." What does that mean for the bottom line? "A digital ecosystem amplifies the reach of a company. It enables scalable connections between known partners and customers, but also provides a platform for unknown parties to connect with one another," said Andy Rowsell-Jones

Running an Open-Source and Upstream-Oriented Team in Agile Mode

The atmosphere you set up with your team will also forge the outcome of your team work. Run your team with trust, peace, and humor (remember, I'm on the team!) and awesome things will happen. Run your team with fear, pressure, and finger-pointing, and nothing good will happen. There's little chance that when a team is built, everyone will be on the same level. We were no exception. We had more and less experienced engineers. But the most experienced engineers took the time needed to invest and mentor the less experienced. That also helped to build trust and communication links between members of the team. In the long run, everyone is getting more efficient; the less experienced engineers are getting better and the more experienced can delegate a lot of stuff to their fellows.

Nothing Brings Banks Together Like A Good Hack

Banks, in other words, will start to look less like isolated fortresses and more like open-border platforms hosting numerous apps and services, like Google’s Android system. While digitization may be the future, it poses a major security migraine. “Every time there is a new app or a new channel opened, that provides criminal opportunities,” says Jamie Saunders, the director of the U.K. National Cyber Crime Unit. “Banks are taking enormous care to design security into their apps, but as the technology evolves, the criminal will evolve, too, and vulnerabilities will open up.” By then, Oerting plans to be drawing strength from his networking push and the next generation of cyberdefenses. He helps select and mentor promising startups in the accelerators that Barclays runs in Tel Aviv, London, and other cities.

Can the Data Centre be Defended from a Data Breach?

Why are the odds of being able to protect a data centre so poor? There are a number of important factors. First of all, the reality is that a motivated attacker will be able to get into any given network. There are far too many ways for an attacker to get in, particularly by way of compromising a user’s computer or account. Getting in is a certainty, and this is a hard notion for security professionals to accept. Gartner and most crime-fighting organisations around the world agree on this point: attackers will get in. Most of the attempts of breaking into a network can be successfully defended—perhaps upwards of 95 or even 99 percent—but that leaves open the possibility that a dedicated attacker will find a way in through the balance. Attackers can have a nearly unlimited number of attempts of breaking in.

Hack-proofing ID and access management

With a gap in communication between HR and the IT department, many of these user accounts remain open. While it may not seem like a major problem, these single accounts can begin to add up with hundreds or thousands of dormant accounts within an organization — creating a serious vulnerability. The biggest problem is these past users can still gain entry into the system or a criminal can use these dormant, unsecured accounts to gain the same amount of access as the previous account holder. According to a recent Clearwater Compliance analysis on risk ratings, user control review and user permission review controls are only partially in place or missing about 71 percent of the time — despite urging from the U.S. Department of Health and Human Service Office of Civil rights for organizations to make it a priority.

Digital Risk Monitoring, Q3 2016

Digital channels are now ground zero for cyber, brand, and even physical attacks. Cybercriminals use a variety of tactics to weaponize social media, impersonate or embed malware into mobile apps, deface websites, collude in dark channels, and cause financial, reputational, or physical harm. Digital risk monitoring tools combat these methods by deploying a variety of data-gathering and advanced risk analysis techniques. They aggregate data via open-source intelligence (OSINT), technical intelligence (TECHINT), human intelligence (HUMINT), and even covert human intelligence (CHIS). Then they analyze the collected data with data classifiers, machine learning, and risk scoring algorithms to determine the most likely and most threatening risk events in a quick and efficient manner.

Hackers Create More IoT Botnets With Mirai Source Code

Hackers have been taking advantage of the Mirai malware's source code, following its role in launching a massive DDOS (distributed denial-of-service) attack that took down the website of cybersecurity reporter Brian Krebs. Unlike other botnets that rely on PCs, however, Mirai works by infecting internet-connected devices such as cameras and DVRs that come with weak default usernames and passwords. Since Mirai's source code was released, hackers have been developing new variants of the malware, according to Level 3. It has identified four additional command-and-control servers associated with Mirai activity coming online this month. About half of the infected bots Level 3 has observed resided in either the U.S. or Brazil. More than 80 percent of them were DVR devices.

Quote for the day:

"Be honest - Without objectivity and honesty, the project team is set up for failure, even if developing iteratively." -- @JamesSaliba

October 18, 2016

Most businesses vulnerable to cyber attacks through firmware, study shows

According to the survey, 63% of the individuals who consider their organisations to be fully compliant with firmware audits reported higher levels of effectiveness of their patch management processes. On the other hand, more than half of those that did not receive any feedback (51%) in this audit category had no controls for firmware integrity monitoring and flaw remediation. “With firmware maintenance being considered an operations function rather than a security concern, the chance for exploited vulnerabilities persists,” said Christos Dimitriadis, ... “It is time to underline the importance of firmware security in our risk assessments, and embed prioritised controls based on the threat model of each organisation, whether this includes espionage, transaction integrity loss or business disruption.”

The State of the Chief Information Security Officer

It is not surprising given the lower expectations and results that some well-intentioned and seasoned cyber security professionals go from CISO to Chief Scapegoat Officer in short order. Part of the problem is that even after nearly 30 years, the purpose and promise of the CISO is still very much unsettled. Some believe CISOs are not powerful enough or properly positioned in the organization to accomplish the job they have been asked to do. There are long-standing arguments over the proper reporting relationship of the CISO. If the CISO reports to the chief information officer (CIO), he/she can have direct impact to the IT organization and a seat at the table, but many CISOs continue to believe that such a relationship removes “independence” from the CISO’s agenda.

How to improve your odds of landing great talent

"We see there clearly are very different conversion rates depending on the source of a candidate; proactively sourced hires -- where a recruiter goes out and tracks down exactly the skills and experience needed for the role -- and referrals are such strong sources of hires because it increases the chances of a candidate having that cultural alignment with your company, as well as the hard skills they need," Srinivasan says. ... "A referral doesn't have to mean only someone a candidate knows well or has worked directly with. It could be something like, 'I've heard of this person by reputation in my field,' or 'I know such-and-such was a total rockstar developer at my last job,' and then recruiters can reach out on that basis," she says.

Critical flaws found in open-source encryption software VeraCrypt

The audit, which was performed by French cybersecurity firm QuarksLab and was sponsored through the Open Source Technology Improvement Fund (OSTIF), found eight critical vulnerabilities, three medium risk vulnerabilities and 15 low-impact flaws. Some of them are unpatched issues previously found by an older TrueCrypt audit. Many flaws were located and fixed in VeraCrypt's bootloader for computers and OSes that use the new UEFI (Unified Extensible Firmware Interface) -- the modern BIOS. TrueCrypt, which serves as the base for VeraCrypt, never had support for UEFI, forcing users to disable UEFI boot if they wanted to encrypt the system partition. VeraCrypt's UEFI-compatible bootloader -- a first for open-source encryption programs on Windows -- was released in August and is the biggest addition to the TrueCrypt code base made by VeraCrypt's lead developer,

8 digital life skills all children need – and a plan for teaching them

Educators tend to think children will pick up these skills by themselves or that these skills should be nurtured at home. However, due to the digital generation gap, with generation Z being the first to truly grow up in the era of smartphones and social media, neither parents nor teachers know how to adequately equip children with these skills. Young children are all too often exposed to cyber risks such as technology addiction, cyberbullying and grooming. They can also absorb toxic behavioural norms that affect their ability to interact with others. And while most children encounter such challenges, the problematic exposure is amplified for vulnerable children, including those with special needs, minorities and the economically disadvantaged. They tend to not only be more frequently exposed to risk, but also face more severe outcomes.

Abu Dhabi Securities Exchange uses blockchain for e-voting

“Adopting blockchain technology in our projects comes in alignment with the digital transformation of Abu Dhabi’s government services as we constantly strive to introduce ways that ease the process of doing business in the United Arab Emirates,” said ADX CEO Rashed Al Blooshi. “This step comes as we aspire towards becoming a fully digital exchange, with our strategic objectives aligned with Abu Dhabi’s vision for building a knowledge-based sustainable economy that constantly evolves,” he added. ADX expects the service to cut costs, save time and increase stakeholder involvement in decision making at listed companies. The blockchain service is one of the new services offered by ADX as part of its electronic platform. Other services include an initial public offering management system and rights issue management system.

The SAM Pattern: Lessons Learned Building Functional Reactive Front-End Architectures

SAM recommends factoring the business logic underlying a graphical user interface along three concepts: actions, model and state. Actions propose values to the model, which is solely in charge of accepting them. Once accepted, the state certifies that all subscribers are notified, especially the view (which is considered the “state representation”). Every event is processed as a “step”, which consists of a propose/accept/learn flow. This concept provides a stronger foundation to deal with event ordering and effects (such as back-end API calls). SAM is framework agnostic and several members of the community that formed around the pattern [1] went on to build a series of developer tools and code samples using different Frameworks, ranging from Vanilla JavaScript to AWS Lambda and pretty much anything in between.

Side-Channel Attacks Make Devices Vulnerable

“The industry is waking up to security and there are constantly articles in the news about some hack, breach or network problems related to malicious attacks,” says Angela Raucher, product line manager for ARC EM processors at Synopsys. “It is a focus for anyone developing SoCs right now because they have learned that just adding security in the network or in the device or the platform is not good enough. You have to start at the SoC level or there will continue to be vulnerabilities in the system.” Michael Chen, director of early stage programs in the System Level Engineering division of Mentor Graphics, explains that “people are doing a fairly simply power or differential power analysis. There are lots of side channels, not just power. It is any way to extract information from a device. This is usually done using some sort of microwave power reading antenna and is done post silicon.”

Companies Try Out Selfies as Password Alternatives

The authentication process typically starts with an app that asks users to snap a photo of themselves every time they do something online like make a purchase or file their taxes. Software uses the photo to make thousands of facial measurements, such as the width of the nose or the curve of the jaw, and converts them into a string of numbers to create a unique ID code. Then, it compares the code to a reference photo that the person has left on file. A highly probable match verifies the person’s identity. The technology’s accuracy is far from perfect. Shadows, low lighting or facial hair can confuse the software. Underscoring the shortcomings of facial recognition, Alphabet Inc.’s Google unit sparked an outcry last year after its Photos app misidentified two black people as “gorillas.” Google apologized and said it was tweaking its algorithms to fix the problem.

IT attrition could help address the cybersecurity skills shortage

It’s certainly true that if you need a highly experienced cybersecurity professional, you have no choice but to pull someone away from their current job, but this is a zero-sum game from a total employment perspective. So, what else can we do? Well, there’s another disruptive force happening within IT called cloud computing. Simply stated, as organizations move workloads to public cloud providers such as Amazon Web Services, IBM SoftLayer and Microsoft Azure, they no longer need as many infrastructure administrators to babysit Intel servers, storage arrays or data center switches. As it turns out, these uprooted IT folks are a natural fit for cybersecurity jobs. According to the ESG/ISSA research, more than three-quarters (78 percent) of cybersecurity professionals moved from IT jobs to cybersecurity jobs as part of their career progression.

Quote for the day:

"Nothing will ever be attempted if all possible objections must first be overcome." -- Samuel Johnson

October 17, 2016

Evolving DCIM market shows automation, convergence top IT's wish list

IT also needs to do more with less. Data volumes double every few years, but IT budgets are increasing at low, single-digit rates. As a result, data center managers are having trouble keeping up with the volumes of information. Consequently, users want DCIM products to be more than just monitoring tools; they want to weave them into the data center tapestry. Combining a DCIM tool with change management software creates new automation possibilities. For instance, a company could automatically generate a work order, which indicates the rack and position where an add-on device can be installed, specifies the devices and ports that will be connected -- such as power, LAN and cables -- and links that information to relevant applications.

How to hire your employer

When we find ourselves stuck in unhappy careers—and even unhappy lives—it is often the result of a fundamental misunderstanding of what really motivates us. As we discussed in our book How Will You Measure Your Life, just because you’re not dissatisfied with your career path, doesn’t mean you’re satisfied with it. The things that you might easily put on your resume or talk about at a cocktail party, such as your job title or how big your office is, are not what really motivates most people in the long run. Instead, we’re driven by what we call “intrinsic’’ factors. They’re more difficult to see when you’re sizing up a job opportunity, but extremely important. Instead of simply asking about the perks and benefits of a new job, try asking yourself

Bringing security back to the top of the boardroom agenda

Security needs to be part of the design from the start and not bolted on afterwards. Too often security and compliance are an afterthought, once solutions have already been built and the projects have started. Security needs to be part of the foundations of IT. Building it into the core platform throughout your business allows for much faster transactions to market, as fewer things need to be altered when moving from development, to testing and finally to production. Having a software-defined architecture for security, built into the fabric of the IT infrastructure from the data centre to the device, is needed to embrace security in every phase of IT from the outset.

How to Design the Optimal Business Intelligence Dashboard

Unclear goals can dampen the impact of any IT project, and BI implementation is no exception. You need to consider your departmental goals and how they relate to broader business goals, and keep these goals in mind when designing your dashboards. Ask the bigger questions - How will these dashboards help achieve goals? What sort of metrics should we display that will improve our sales/costs/efficiency/customer satisfaction? IT cannot build a BI platform based on what they feel users will want, they need input from the actual user base. For some companies, the challenge comes on the back end, in terms of the technical troubles with integrating multiple disconnected data sources into the BI solution. They might have the right dashboard in place and know what metrics they want to examine, but the flow of data simply isn’t there.

Don't get burned by data center hot spots

Some computer room air conditioning units have insufficient knowledge of how air really moves in a data center, causing even worse cooling conditions. In modern designs, redundant units run simultaneously with normal units, but at reduced speed, so you don't realize added servers are stealing redundant capacity until a cooling unit fails or is turned off for maintenance. Thankfully, servers can tolerate a higher operating temperature for several days with little negative effect. ASHRAE's allowable thermal envelope goes up to 32 degrees Celsius or 89.6 degrees Fahrenheit in emergencies, but marginal redundancy -- combined with poorly planned computing hardware additions -- can cause serious overheating and thermal shutdowns within a short time after a cooling unit has quit.

Slack CEO describes 'Holy Grail' of virtual assistants

You might scour your email or document-management systems, using such search terms as "term sheet," and pull up a handful of emails or files. Once you find the dates you might go to separate financial reporting tool to look up the revenue information. Such a process could take you as much as 45 minutes. Now imagine a tool -- a bot network operating as one if you will -- that could find the information in disparate apps, cross-reference it and generate the correct answer in seconds. Butterfield estimates that such a system would result in productivity gains of anywhere from 10 percent to 30 percent. “That is the knowledge worker equivalent of giving a ditch digger a backhoe instead of a shovel," Butterfield says. "I would love it if we were successful building something like that," Butterfield says.

Learn Actionable Insights & practical guidance from COBIT

COBIT can be complex or simple, depending on the perspective from which it is read, understood and implemented. COBIT philosophy can complement and supplement a professional’s practical experience. However, fundamental understanding of core principles and philosophy of COBIT makes it easier to understand and implement. COBIT is easy to implement if one understands the rationale of design of COBIT. This will help in de-mystifying the structure and enable users to navigate and select relevant contents of COBIT knowledge repository from practical perspective of governance, assurance, risk and compliance as required from macro or micro perspective. The best way to enhance COBIT expertise is to implement it in real-life situations and scenarios.

Threat Response Automation: The Next Frontier for Cybersecurity

Roughly speaking, we could divide cybersecurity software evolution into two waves. The first wave was dominated by rule-based deterministic solutions. A classic example is the firewall. Firewalls apply simple policies, such as blocking inbound traffic, ports or protocols. The second wave of solutions consists of “fuzzy” rules and heuristics. We could perhaps mark the beginning of this wave of solutions with the first Intrusion Detection System (IDS). These solutions employed ML algorithms to spot anomalies and detect malicious activity. In fact, most contemporary cybersecurity vendors take pride in how their solutions utilize ML. Fraud analytics, web gateways, endpoint protection solutions and network sniffers, all utilize ML in their offerings.

Cut to the Chase: How a Data-Driven Culture Fosters Success

“About a year ago, we got the opportunity to use the Domo platform,” he said. At first he just gave licenses to his growth leaders around the country. “Then I decided that maybe I should dig deeper into this, which was one of the best things I could have done.” That’s when his conversations with national teams took a sharp turn, and for the better. “It allowed me to cut through a lot of the data, and cut through to the information that would really help me manage the group. Domo actually allows me to get a view into those offices like I never had before.” The end result, he said, was a significant transformation in how quickly and effectively he and his team could identify new opportunities, and solve otherwise challenging client issues.

Don’t fall behind when it comes to migrating to the cloud

Security is also a strong benefit of cloud storage. While many assume that opening up a company’s database to online storage may run a higher risk of security breaches, in fact the opposite is often true. Because of their large scale and intensive client security requirements, cloud hosting providers often have better security than is reasonably maintained in-house by small and medium size businesses. Off-site backups, 24/7 monitoring, and enterprise-grade security audits are typically out of the price range of smaller organizations. It’s also important to note that not every application is right for the cloud. While migrating an internal communications tool, like a social intranet makes practical sense for the cloud, highly regulated and sensitive data like credit card information or health care records may not be suitable.

Quote for the day:

"Liberty is always dangerous, but it is the safest thing we have." -- Harry Emerson Fosdick

Tech Bytes - Daily Digest: October 25, 2016

Tech Bytes - Daily Digest: October 24, 2016

Tech Bytes - Daily Digest: October 23, 2016

Tech Bytes - Daily Digest: October 22, 2016

Tech Bytes - Daily Digest: October 20, 2016

Tech Bytes - Daily Digest: October 19, 2016

Tech Bytes - Daily Digest - October 18, 2016

Tech Bytes - Daily Digest: October 17, 2016