Daily Tech Digest - December 14, 2016

Public vs. Private vs. Hybrid Cloud - Exploring the use Cases

Despite some of the challenges and associated costs of the private cloud model, many bigger firms are compelled to choose private due to the security risks of public. The potential damage to a company’s brand and the loss of customer trust after a public cloud breach can exponentially surpass the costs of the private cloud. ... Implementing a private cloud securely can prove difficult unless you utilize the help of a third-party service. This is where a qualified IT consultancy such as TechBlocks can provide critical guidance on the best practices for implementation, and perhaps discuss the case for a hybrid public-private approach. ... The hybrid cloud is increasingly the path for organizations that desire a customizable approach with reduced maintenance costs and time. Pursuing a hybrid approach is often the path IT will take to convince upper management that the cloud is safe and a good option for critical data.


The mainframe is hindering application delivery

“Organisations face both business and technical challenges on the mainframe, preventing them from innovating and transforming into a digital business. To avoid issues with the mainframe, organisations are working around it, re-platforming, or modernising. However, each of these tactics creates new issues. The good news is that those companies embracing DevOps deliver faster and at a higher quality, all while fostering collaboration,” said Compuware CEO Chris O’Malley Compuware, which commissioned the study, has been aggressively leading the transformation of the mainframe into a fully Agile and DevOps-enabled platform where development, testing and operations processes can occur at the same rapid pace as they do on distributed and cloud platforms.


10 Clear Principles for the 96% that Need Culture Change

“Although it’s important to engage employees at every level early on, all successful change management initiatives start at the top, with a committed and well-aligned group of executives strongly supported by the CEO.” It is imperative for the top team to be on the same page regarding both why the change is necessary and “the particulars for implementing it.” The top leader or any member of the top team will dramatically undermine change efforts if they are directly or indirectly sending messages that are in conflict with the change effort. They must act in a different way that’s consistent with the change effort and visible to all. ... “Mid-level and frontline people can make or break a change initiative. The path of rolling out change is immeasurably smoother if these people are tapped early for input on issues that will affect their jobs.”


Advocate Congress establish a permanent joint committee on information technology

This joint committee was formed in response to both a dramatic threat and an incredible opportunity. The threat was the potential of nuclear war. The opportunity was the potential to use nuclear science to generate electricity to power cities as well as naval vessels, as well as opportunities to use nuclear science in medicine and industry. It was clear to congress at the time that success in response to the threat and success in gaining national benefit from nuclear energy would require a different way of doing things. So, the response was the United States Atomic Energy Act of 1946. For over 30 years the Joint Committee this act set up provided bi-partisan solutions broadly supported and widely credited with bringing unity of effort to many multiple complex activities.


DevOps capabilities vary widely by industry vertical

DevOps maturity varies according to the business sphere that companies occupy, and some are constrained by the characteristics of their markets -- from heavy regulation in the financial services and life sciences industries to stifling technical debt in the retail and media and entertainment sectors. Other markets, such as healthcare and transportation, face unique cultural challenges to bringing a DevOps mindset to the software development process. ... The philosophy of increased IT automation and collaboration between development and operations -- which, in some industries, are no longer separate groups at all -- is here to stay. "Consumers, empowered by rich software interactions with access to internet resources, have never had more power or choices," wrote Forrester Research analysts in their report "The State of DevOps Industry Adoption for 2016 -- Where's the Heat?"


Nine Questions to Ask to Determine IoT Device Safety

While IoT brings forth many benefits to consumers—from convenience to energy efficiency, to monitoring babies and locating lost pets—it also brings risk. ... These IoT devices were used them to take out the Dyn DNS Server this September. As a consumer, you might think… “why should I care if my device is involved in a DDoS attack? As long as it works, I don’t mind.” Well, some 20,000 residents in Finland found out the hard way why it matters, when their building’s IoT connected thermostats stopped functioning because the devices were enslaved to a botnet conducting a DDoS attack (By the way, it’s cold in Finland in November). Whether you are a consumer considering a connected device as a gift for the holidays, or a reporter about to review the next wave of IoT devices launching at CES, we have put together a list of questions you should ask before diving in:


Why soft skills outweigh hard skills for IT-business collaboration

The skills needed in IT change so frequently that businesses are more interested in finding qualified candidates with strong soft skills -- workers who can grow and adapt in a quickly changing landscape, says Palm. Qualified workers can always take a course or complete training in areas where they need more knowledge, but it's not as easy to teach someone how to be collaborative or to communicate effectively. Palm says she's seen an increase in applicants that fit this "t-shaped personality," which means "an individual has a broad set of skills, but only a few areas where the skillset goes deep." T-shaped workers are the type of employees who are "agile and able to rapidly adapt to new changes," she says. They constantly adjust to new and uncharted territory, learn new skills as needed and stay up to date on emerging trends.


Don't Like Russian Cyberspies? Tips To Stop State-Sponsored Hackers

“Customers are looking for a magical button to stop all these threats,” he said. Businesses will then buy the tools and assume they’re safe, when in reality they aren’t properly being used. For example, many businesses often fail to install security patches with their IT products -- including the antivirus software -- exposing them to hacks that otherwise could have been prevented. They may also ignore the warnings that pop up from security software, believing them to be a false positive. Or they’ll even forget to turn the software on.  However, in other cases, the businesses had limited expertise on staff to deal with the cyberthreats the security tools encountered. “If you buy the tools without hiring the right people, you are not going to solve your nation-state hacking problem,” Firstbrook said.


Blockchain – The Next Big Thing for Middleware

Fascinating new technologies are emerging these days. Everybody talks about cloud, containers, big data and machine learning. Another disrupting technology is blockchain. You might have heard about blockchain as the underlying infrastructure of Bitcoin. But Bitcoin is just the tip of the iceberg. This article explains the use cases and technical concepts behind blockchain, gives an overview about available services, and points out why middleware is a key success factor in this space. ... Welcome to the world of blockchain where smart contracts process such a scenario automatically and in a secure way. Governments in conjunction with global non-profit airline associations like International Air Transport Association (IATA), which “support aviation with global standards for airline safety, security, efficiency and sustainability,” could enforce airlines to compensate customers automatically as it is defined by law.


Google Tries To Advance IoT Security With Android Things

Android Things comes after the world got some more glimpses into how insecure many products can be. IoT devices were used to take down popular websites on the East Coast (and elsewhere) in October. Then in November, critical vulnerabilities were discovered in popular IoT cameras--a problem that repeated itself when backdoors were found in Sony's internet-connected cameras in early December. The IoT market had a bad couple of months. These issues have led to calls to improve the security of IoT devices. The problem is that many companies drag their feet in responding to problems, lack the infrastructure to push updates to devices that have already been sold, or simply don't care about the security of their products. Making sure these devices are safe for their owners and for the internet at large just isn't a priority for the manufacturers churning them out.


Quote for the day:


"Most people who sneer at technology would starve to death if the engineering infrastructure were removed." -- Robert A. Heinlein

Posted by at No comments:
Labels: , , , , , , , , , , , ,

Daily Tech Digest - December 13, 2016

10 brain teasing questions to ask when interviewing IT professionals

Tech companies are notorious for asking impossible interview questions meant to stump job candidates and demonstrate how they think on their feet. Google abandoned these types of questions several years ago, and executives later admitted that even they could not solve them, but several companies continue to use them as part of the interview process. These types of questions can either hurt or harm an interview, said Jen Teague, a small business staffing and onboarding coach. "When the interviewer has good grasp of the hiring procedures and what to look for, these can be very insightful as to how a candidate thinks," Teague said. "However, when they are added for no purposeful reason, they will turn away good candidates. These are really good for STEM-related fields but not usually as appropriate for other industries."


General Data Protection Regulation: the BC/DR impact

The regulation will impact any business, whether based in the EU or not, that holds the personal data of EU citizens. Moreover, the definition of ‘personal data’ is broad and could change as consumers continue to expand their online presence. Ultimately, it means that not only must organisations intensify their data protection efforts, they must do so for a large volume of data. In turn, organisations will need to extend their BC/DR efforts to cover this greater remit. And, as the pressure rises, so too do the stakes. GDPR is driven by two serious threats: reputational damage and monetary fines. Although you could argue that the former has always existed – with plenty of organisations having endured serious backlash from consumers following a data breach – the idea of financial penalties is new.


Never Stand Alone: Collaboration In The Face Of Cyber Threats

Information Sharing and Analysis Centers (ISACs), Information Sharing and Analysis Organisations (ISAOs) and communities of cybersecurity analysts work in a similar way, built on trust and the common desire for large-scale collaboration. Members agree on the rules and principles that govern community participation, including the level of anonymity and what data should be shared at what time. Shared goals and values as well as clear, agreed boundaries encourage initial collaboration, and as trust grows and working relationships expand, the collaboration occurs organically. It is in these dynamic, responsive relationships between like-minded experts where the value of these communities is demonstrated.


Hack of Saudi Arabia Exposes Middle East Cybersecurity Flaws

The extent of the damage isn’t clear, though two people informed of the security breach said it targeted the Saudi central bank, the transportation ministry and the agency that runs the country’s airports. One bright spot is that the Saudis have been able to restore some lost data via back-ups, recovering faster than they did after the 2012 strike, said one person familiar with the clean-up.  The central bank, known as the Saudi Arabian Monetary Authority, denied that its systems were breached. The country’s General Authority of Civil Aviation said damage to its networks was limited to some office systems and employee e-mails. While the assault was similar to the one that hit Saudi Aramco four years ago, the impact was “much smaller” and didn’t disrupt transportation or aviation services, said Abbad Al Abbad


Dozens arrested in international DDoS-for-hire crackdown

The arrests targeted buyers of DDoS-for-hire services, which get paid to flood websites or internet-connected systems with traffic, forcing them to go offline. In addition to the 34 arrests, law enforcement agencies interviewed and warned another 101 individuals. Many of the suspects were under the age of 20, the European Union police agency Europol said in a Monday statement. Most buyers of DDoS-for-hire services use them to pull pranks, often in online gaming. For example, a flood of traffic can be sent to a rival player’s IP address, severing his or her internet connection to a game. But DDoS attacks can also be used for more malicious purposes. For example, hackers have used them to shut down online businesses as part of extortion schemes.


The big data ecosystem for science: Physics, LHC, and Cosmology

Large-scale data management is essential for experimental science and has been for many years. Telescopes, particle accelerators and detectors, and gene sequencers, for example, generate hundreds of petabytes of data that must be processed to extract secrets and patterns in life and in the universe. The data technologies used in these various science communities often predate those in the rapidly growing industry big data world, and, in many cases, continue to develop independently, occupying a parallel big data ecosystem for science (see Figure 1). This post highlights some of these technologies, focusing on those used by several projects supported by the National Energy Research Scientific Computing Centre (NERSC).


Top 10 developments of 2016 in autonomous vehicles

"Automated driving developments in 2016 became more concrete," said Bryant Walker Smith, an expert in legal aspects of autonomous driving, "and I expect developments in 2017 to be even more so. More and more people in the field are saying, 'just do it already'—not to full automation anytime anywhere, but rather to specific pilot projects that will start to showcase high automation under limited conditions." And according to John Dolan, a principal systems scientist in the Robotics Institute at Carnegie Mellon University, "a major trend is the more intensive application of machine learning to autonomous driving." Michael Ramsey, autonomous vehicle analyst for Gartner, also contributed to the list, pointing to the first fatality of a semi-autonomous car as one of the biggest news items of the year.


Don't let your filters become blinders

As destructive as dirty filters can be in the public square, I can personally testify that, in business, they can be devastating. Especially when a company, division or team is struggling for one reason or another, as mine once was. It was that experience, in fact, that served as the genesis of our research exploring the reasons why companies succeed and fail. It revealed that internal misalignment is the number one issue with which struggling companies must deal, and anything that exacerbates internal division makes recovery less likely. In that sense we can become our own worst enemies. Most of us have come to understand the wisdom of filtering what we say (particularly in social media). But it’s equally important to be aware of our tendencies to filter what we hear, how we’re treated, and the reasons we ascribe to both.


10 outdated security tools that need to be replaced

One of the biggest ways to shift into this new era of security involves the relationships within the organization. In what West called ‘series’ management, he stressed the need for CISOs to work closely with the operations department. “The relationship with operations is critical to the success of any CISO,” West said. “I create relationships to make security work. Five years ago, this didn’t exist. The security person has never been asked to meet with the CSO or the management community. And today that happens all the time.” West explained that involves knowing what executives do and do not understand about the technical aspects of security risks. “If I can explain to them in a few minutes in language they understand,” he continued, “we can be successful at getting funding.”


Resolving the Disconnect Between IT Security and C-Suite Executives

Organizations need to adopt a different approach to security, one which understands that the goals of both IT teams and company executives are interconnected. Security goals and the strategies to meet them need to be set by top leadership, and specific security objectives should also be built into staff performance goals and supplier performance measurements to drive behavioral change. Implementing effectively security programs and improving the security awareness of both employees and partners can help companies better protect their assets and information, and avoid the fall-out from breaches, helping them meet their business objectives as well. Bridging the Communications Divide So how can this be accomplished? To overcome the communications divide between IT and executives, there needs to be active dialogue and continuous engagement between the two parties.


Quote for the day:


"We are all pretty bizarre, some of us are just better at hiding it, that's all." -- Andrew Clark

Posted by at No comments:
Labels: , , , , , , , , , , , ,

Daily Tech Digest - December 12, 2016

Improving security, efficiency, and user experience in digital transformation

With the costs of password protection—in time, risk, and dollars—mounting, enterprises are looking to implement flexible risk-based approaches: requiring user authentication at a strength that is commensurate with the value of the transaction being requested. Fortunately, as shown in figure 3, various technologies are emerging that can be combined in a way that satisfies enterprise risk tolerance and user flexibility at the same time. Emerging technologies such as blockchain17 are positioned to replace the vulnerability of the single password with multiple factors. Having multiple, cascaded gatekeepers fortifies security by requiring additional checkpoints. The more different proofs of identity required through separate routes, the more difficult it is for a thief to steal your identity or to impersonate you.


6 network and security trends you can expect in 2017

One trend that is appearing is the emergence of memory-resident malware. These ephemeral infections will not survive a reboot and be particularly difficult to forensically detect, but as more people leave their computers continuously running, this may be a successful attack technique. As malware defenses on enterprise and personal laptop computers becomes more prolific, the attackers will again shift their techniques. It is not difficult to predict that more attackers will shift to mobile malware. ... The IoT world has the problem of having a wide variety of protocols and standards, enterprises that lack skills with IoT systems, overly complex architectures, products with weak security features, weak security measures and operational immaturity. All of that leads to more security issues. We have already seen immense DDoS attacks sourced from vulnerable IoT devices, and it wouldn’t be going out on a limb to predict even more in 2017.


Goldilocks, serverless and DevOps: Five predictions for IT in 2017

Service-oriented architectures are nothing new. Service-based applications allow large, complex applications to be owned and managed by a distributed development and operations teams, often used hand-in-hand with DevOps organisational models.  However, two questions that have long plagued service oriented architectures are: how large should your services be, and how many should your application use? If you make your services too large, you miss out on many of the advantages of these scalable distributed architectures. Too small, and your inter-service architecture becomes unwieldy.  What this means is that, in recent years, there has been a trend to build applications using microservices. The idea being the smaller the service, the easier it is to maintain, and the more distributed development teams can be.


Teenage DDoS users targeted by international law enforcement operation

"Today's generation is closer to technology than ever before, with the potential of exacerbating the threat of cybercrime. Many IT enthusiasts get involved in seemingly low-level fringe cybercrime activities from a young age, unaware of the consequences that such crimes carry," says Steven Wilson, head of Europol's European Cybercrime Centre. "One of the key priorities of law enforcement should be to engage with these young people, to prevent them from pursuing a criminal path, helping them understand how they can use their skills for a more constructive purpose." The operation took place from 5 December to 9 December 2016 and involved Europol working alongside law enforcement from Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom, and the United States.


Singapore’s ‘city brain’ project is groundbreaking -- but what about privacy?

A city's traffic management system, perhaps years old, could be matched, sliced and diced with air pollution readings running in a separate silo, for example. Such a system could be set to permit the most congested traffic artery associated with the worst pollution to be freed up by giving green lights to the cars that are waiting the longest and are pumping out the most carbon dioxide pollutants. However, the state of the art with city brain technology is not yet that advanced. Most city officials would be happy simply to be able to monitor what's going on in disparate areas of a big metropolis more or less in real time, instead of waiting days or weeks to hear about conditions from various public works department heads.


Juniper CIO: Cloud Migration ‘Inevitable’

You have to understand there’s a tipping point where at a certain scale it might be cheaper to run on premise than in the cloud. Offsetting that risk may require new skill sets in IT. For us, one has always been around vendor management. With cloud computing, you have to be really careful with those monthly bills and acknowledge and invest in the skills necessary to review the monthly bills and keep your usage charges appropriate. So there’s an investment of time and effort there. ... We’ve been saying for years that IT is moving from an organization that used to build things to an organization that now integrates things. If you’re in the business of integration, that implies you have some piece of middleware or piece of technology that stitches all of this together and delivers it seamlessly to the end users. That skill set and technology is the center point of our solution and our approach.


5 enterprise-related things you can do with blockchain technology today

On the internet, famously, no one knows if you're a dog, and on the internet of things, identity can be similarly difficult to pin down. That's not great if you're trying to securely identify the devices that connect to your network, and it's what prompted the U.S. Department of Homeland Security to fund a project by Factom to create a timestamped log of such devices in a blockchain, recording their identification number, manufacturer, available device updates, known security issues, and granted permissions. That could all go in a regular device-management database, but the DHS hopes that the immutability of the blockchain will make it harder for hackers to spoof known devices by preventing them from altering the records.


The human attack surface, counting it all up

The path of least resistance for black hats are non-technical hacks that rely on tricking humans into revealing their login credentials and passwords. With that in hand, cyber thieves proceed to steal personal identities and money. How many humans are we talking about? Microsoft estimates that by 2020 4 billion people will be online — twice the number that are online now. The 500 largest U.S. corporations by revenues which appear on the Fortune 500 employed 27 million people in total last year - about 17 percent of the nation's workforce. The world's 2,000 largest publicly traded companies which appear on the Forbes Global 2000 account for approximately 87 million employees. Employees at large corporations are especially attractive to hackers who are after personal identities, which can be sold in black markets on the dark web.


Malware, Hacking Is A Serious Game, But Security Experts Warn Against Panic

Advances in technology also advance the methods security teams use to uncover hidden issues. Such efforts have lead Qualcomm and HackerOne to collaborate on bounty program, which will employ white hat hackers and award up to $15,000 to those who can penetrate systems run by Qualcomm-based chipsets and modems to uncover vulnerabilities and report their findings. With several headsets now on the market, virtual reality and augmented reality are expected to be among the top trends of 2017, and as a result could also represent the next frontier in cyber vulnerabilities. ... “We can say with certainty that there will be vulnerabilities that people haven't thought of yet,” Rice said. “It's important to continually approach it with that mindset of ‘there's something here that we've overlooked, let's be vigilant, let's be ready for it.’”


The 7 Most Sensational Breaches Of 2016

Remember when mega-breaches of hundreds of millions of people's credit card numbers seemed to be the worst attackers could throw at enterprises. What a quaint time that was. This last year has seen a drastic drop in those kinds of wholesale breaches. Nowadays the numbers don't look nearly as dramatic, but the implications of breaches are actually much more serious. In 2016 the most impactful hacks and exposures directly lead to tens of millions in fraudulent money transfers, potentially impacted national elections, and got enterprise executives sacked from their jobs.  Ericka Chickowski specializes in coverage of information technology and business innovation.


Quote for the day:


"Life isn't about finding yourself. Life is about creating yourself." -- George Bernhard Shaw

Posted by at No comments:
Labels: , , , , , , , , , , , ,

Daily Tech Digest - December 11, 2016

Why Deep Learning is Radically Different From Machine Learning

There is a lot of confusion these days about Artificial Intelligence (AI), Machine Learning (ML) and Deep Learning (DL). There certainly is a massive uptick of articles about AI being a competitive game changer and that enterprises should begin to seriously explore the opportunities. The distinction between AI, ML and DL are very clear to practitioners in these fields. AI is the all encompassing umbrella that covers everything from Good Old Fashion AI (GOFAI) all the way to connectionist architectures like Deep Learning. ML is a sub-field of AI that covers anything that has to do with the study of learning algorithms by training with data. There are whole swaths (not swatches) of techniques that have been developed over the years like Linear Regression, K-means, Decision Trees, Random Forest, PCA, SVM and finally Artificial Neural Networks (ANN). Artificial Neural Networks is where the field of Deep Learning had its genesis from.


What is fog computing and what does it mean for IoT?

Fog computing refers to decentralized computation at the edges of the network, as opposed to being centralized in data centers. By distributing computing to the edges, the results will be sent to the cloud, not the raw data itself. This shift in paradigm will tremendously reduce the need for increased bandwidth and computational power in the cloud. Centralized computing in the cloud has provided several benefits for enterprises. Scalability, easy pricing schemes and minimal upfront cost are among the big ones. However cloud computing have certain disadvantages. Foremost latency and delay jitter, as well as there being a higher probability for security breaches when large amounts of data is moved through networks. Fog computing greatly reduces the amount of data being sent to and from the cloud, reducing latency as a result of local computation while minimizing security risks.


How Can Community Banks Keep Up With Customer Demands?

Customers expect that they can carry out even quite complex queries and transactions on their own terms. AI advances allow sophisticated Natural Language Processing and continuous improvement through Machine Learning. This will be the subject of future post because I consider this to be one of the most exciting and promising technology areas for community banks. Benefits include greater customer satisfaction, deeper relationships, cross-selling opportunities, and reduced personnel expense. ... Robadvisors are becoming sophisticated enough to be highly valued assistants for financial advisors. Community banks that offer wealth management and investment advisory services will benefit significantly. They will see increased customer interaction and deeper advisory abilities.


Are You Driving Your WAN? Learn to Embrace SDN

More is needed. No fork-lift upgrades, no more proprietary “boxes.” True SDN will be provided as software running on standard servers or virtualized only. The addition of SDN will be in a non-disruptive manner to allow partners to move as quickly or as slowly as their need determines. All current systems will be unaffected by the additions of SDN. Whether or not all these systems will be needed after implementing SDN, will be a decision that can be made at a future time. SDN offerings need to be flexible as well in implementation objectives. Both Layer 2 and layer 3 products should be available to address all possible scenarios and when used in conjunction can address not only major location connectivity, but also connectivity for road-warriors, work-at-home, the Internet of Things (IoT), and supervisory control and data acquisition (SCADA). This ensures a holistic approach — the SDN offering must have options for office locations and individual devices.


A Strategic Perspective On Blockchain And Digital Tokens

Digital tokens and blockchains, two distinct but complementary technologies, waste cheap storage to give data the continuity of real-world assets. Bitcoin is just the first application. The technologies are far from mature, but if scalability limitations are overcome, they will have long-term disruptive potential in complex transaction networks such as trade, health care, and the Internet of Things. And it is by no means obvious that traditional intermediaries will be able to control them. This essay outlines how the economics of transaction costs and trust could be reshaped by tokens and blockchains and by the stacked architecture on which they are built. The aim is not to prescribe exactly what leaders should do (every business is unique, and the devil is in the details) but to provide a strategic context to help executives frame the right questions.


Smart Cities of the Future: An Innovation or Intrusion?

An interconnected city grid of traffic and pedestrian cameras offers a wealth of actionable Big Data. As an example, in the Dutch city of Rotterdam, “the traffic authority monitors about 22,000 vehicle movements every morning, while the regional environment agency produces hourly data about air quality from sensors across greater Rotterdam resulting in over 175,000 observations per year.” In addition to better managing traffic and public transit, as well as controlling pollution, proponents highlight the ability of such data to enable enhanced policing, crowd control, and even public sentiment monitoring. However, others express grave concerns about the potential for abuse in such systems, especially given the integration of smartphones into connected apps utilized by many smart cities.


12 Interesting Big Data Careers That Everyone Should Know

A study says that data science is going to open up as much as 10 million jobs in this decade. Now, since you already know there are many opportunities, how do you leverage your skills to tap into it? First and foremost look at what skills define you. Is it your expertise, your visualization skills or managing skills that you not only demonstrate but also enjoying working? Once you're through with it, work towards it and learn from the different software languages that are trending in the industry and are in high demand. Take up certification courses that can give the much-needed edge. After your build, your portfolio with technical skills, a broad range of data job profiles can help you settle in and earn a six figure salary. Beyond software industries, many industries like retail, manufacturing are turning to big data to ease the process of making efficient systems.


Managing Cultural Differences in your Distributed Team

Dutch are very open, however, people in Asia tend to be less open, especially when authority is involved, i.e., “I’m not going to contradict my boss or project manager”. That may be seen as disrespectful. If the boss is in the West and I’m in the East, then my Western boss in turn will keep asking me to be more open or proactive. And I might get confused, because I’m not used to being allowed or even stimulated to voice my ideas. If my boss tells me “This is the way to do it,” I’d rather do that exactly, even if I think it’s a crazy idea. This behavioral difference impacts most of the agile ceremonies. For example, in sprint planning if a product owner asks 'Can you take more user stories?', regardless of the possibility, people in some Asian cultures tend to say "Yes" always, which defeats the whole purpose of doing planning


Here are some best practices for preventing DDoS attacks

"While DDoS attack prevention is partly a technical issue, it is also largely a business issue," said Rachel Kartch, analysis team lead at the CERT Division of SEI, a federally funded research and development center sponsored by the US Department of Defense and operated by CMU, and author of the DDoS post. In general, organizations should begin planning for DDoS attacks in advance, Kartch noted in the post. "It is much harder to respond after an attack is already under way," she said. "While DDoS attacks can't be prevented, steps can be taken to make it harder for an attacker to render a network unresponsive." To strengthen resources against a DDoS attack, it's important to make the architecture as resilient as possible, Kartch said. "Fortifying network architecture is an important step not just in DDoS network defense, but in ensuring business continuity and protection from any kind of outage or disaster situation," she said.


IoT in the Cloud: The Next Phase of Enterprise Infrastructure

While cloud-based IoT infrastructure is usually viewed as the next phase in tech-savvy markets, many developing nations are looking at it as a way to propel their economies into the 21st century without having to recreate decades’ worth of data center infrastructure. Systems developers like Fujitsu are hoping to tap these markets with turnkey solutions that allow organizations to launch full-scale IoT environments with relative ease and low start-up costs. The Fujitsu Cloud IoT Platform provides a broad set of APIs and a user-friendly dashboard to enable a high degree of customization and continuous development as technologies and markets evolve. Fujitsu also has a large managed services portfolio that focuses on providing solutions to clients rather than loading them up on technology.


Quote for the day:


"You never change things by fighting the existing reality. To change, build a new model that makes the existing model obsolete." -- @JamesSaliba

Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

Daily Tech Digest - December 10, 2016

Three Ways To Reinvent For The Fourth Industrial Revolution

Education institutions at all levels need to adopt an inclusive growth mindset that embraces change. New curriculums are needed that teach technological literacy, equipping students with the skills needed to succeed in this new era of digitally computer assisted design and manufacturing. Programming, technology- and user-experience design, and equipment operation and management will be valued skills, along with cognitive abilities like creativity and logical reasoning. This extends beyond the classroom. Needed skills will continue to evolve throughout a person’s career. As more jobs are automated, employers must commit to providing their employees the tools and on-the-job access to learning that are necessary for future success.


IoT Is A Security Mess And Regulators Are Paying Attention

The next generation of IoT devices will probably have better security and privacy protection baked in, but there will still be billions of insecure devices out there from before – devices like smart doorbells, with longer life cycles than mobile phones – which are easy pickings for hackers looking to gain entry to a network, LeBlanc said. And in toto the data that can be pulled from ubiquitous sensors is also far more comprehensive and personal than what can be obtained from online browsing behavior. “It’s true that you can track everywhere someone goes on the web, but with IoT you can track where someone works, what food they eat, how long they exercise for, how much electricity they consume,” said Heather Zachary, a partner at law firm WilmerHale. “It’s a full picture of your entire life and that’s only going to become more the case.”


Usability and security key to payments via the Internet of Things

It is not realistic to expect device manufactures to equip all devices with bank-grade security. However, it is still essential to secure payments and money movement activities from the devices connected to the Iot. Doing so will require securing the device itself, apps on the device as well as creating layers of security beyond the device – such as into the cloud – as part of a multi-layered approach to security. To break this down, we can think about the two primary ways payments are initiated via the IoT – by a person or by the device itself. If a person initiates a payment from a device it is quite possible they are using an app intended for the purpose of making payments – accessing online banking from their connected car to make a bill payment, for example.


Changing enterprise architect role opens new doors, closes others

The enterprise architect role is particularly important in businesses with a hybrid cloud strategy, he said. "The enterprise architect must provide the vision on how to maintain a consistent approach to delivering IT services across all these platforms, while providing a unified approach to foundational IT components," Carroll said. This will also include providing secure, consistent access to these applications. Carroll said he envisions the new enterprise architect functioning essentially as a cloud and mobile services leader for the business, choosing the appropriate platforms and creating a clear vision for the use of cloud and mobile technology.


The future of AI is humans + machines

From being able to scan information ranging from school records to social media posts and then pulling the information into an initial pass/no-pass decision to weed through candidates is only the first step. Intelligent agents will eventually be able to look at a mass of available candidates and rank order them against existing job requisitions ranking them by whether they are internal or external, by education and experience, and by personality and work ethic. Thereby, the top three that you actually interview or recruit will not only meet the hard qualifications of experience and education, but the soft qualifications of personality and ethics.  This isn’t just about selecting the employee, it is about monitoring them and their interaction with management.


Many organisations falsely equate IT security spending with maturity: Gartner

Explicit security spending is generally split among hardware, software, services (outsourcing and consulting) and personnel. However, any statistics on explicit security spending are inherently "soft" because they understate the true magnitude of enterprise investments in IT security, since security features are being incorporated into hardware, software, activities or initiatives not specifically dedicated to security. Gartner's experience is that many organizations simply do not know their security budget. This is partly because few cost accounting systems break out security as a separate line item, and many security-relevant processes are carried out by staff who are not devoted full-time to security, making it impossible to accurately account for security personnel.


6 Cyberthreats Keeping CIOs Up At Night

In a distributed denial-of-service (DDoS) attack, an attacker sends a massive amount of requests to a target computer or network resource, from multiple, distributed devices across the internet — for example, sending seemingly legitimate HTTP requests to a website. The traffic overwhelms the resources available to the web server or application, making it inaccessible to customers. DDoS attacks often use botnets — thousands of devices connected to the internet of things (IoT) — to amplify the scale of these attacks. These attacks can hit retail sites particularly hard in the pocketbook, preventing customers from doing business. Hackers may also use DDoS attacks to distract IT while they simultaneously try to compromise other parts of a company’s network, Barbounis said.


China’s Cybersecurity Law: Game over for foreign firms?

The new law formalises several key requirements, namely: That a potentially wide range of companies censor ‘banned’ information, and demand real name registration of their users – that is, for services like instant messaging – in order to restrict online anonymity; “Critical information infrastructure operators” must store “personal information and other important business data” inside China. This need only be data related to Chinese operations, but the terms remain vague enough for them to apply to a wide range of data and companies. Those wanting to transfer data outside China need to pass an additional security assessment; Organisations monitor and report any “network security incidents” and provide “technical support” to help in investigations. This could mean providing the authorities with access to communications and so on.


Reinforcing cyber security strategies with cyber insurance

Cyber insurance can help to strengthen comprehensive cyber security strategies to minimise the impact of disruptive events. Most of these policies cover liability and the costs associated with dealing with a breach or attack. These include the cost of restoring data; business interruption; dealing with privacy breaches such as identity theft and payment fraud; network breaches; public relations expenses; and even money paid to cyber extortionists or cyber terrorists. Policies may even cover legal liability to third parties, including fines and penalties. Despite its usefulness, cyber insurance remains relatively unknown among businesses of all sizes. Further, many security professionals are unaware it exists.


Electronics-sniffing dogs: How K9s became a secret weapon for solving high-tech crimes

Similar to drug or arson detection dogs, electronics detection dogs are trained to recognize a chemical odor, and to sit when the odor is present, in order to alert their handler. When the dog correctly identifies an odor, he or she gets food. Officers begin training the dogs to identify large amounts of the compound, eventually using less and less. They place devices with the odor in different boxes, and expand the training into different rooms. The Connecticut program spends five weeks imprinting the dogs with the odor and teaching them how to do their job, and then six weeks training them to work with their handlers, Real said. "We teach them everything from searching people, boxes, bags, vehicles, outside," Real said. "Anywhere these dogs might be asked to search, we train them to work in that environment."


Quote for the day:


"The most successful people are those who are good at Plan B." -- James Yorke

Posted by at No comments:
Labels: , , , , , , , , , ,

Daily Tech Digest - December 09, 2016

Most embedded software has been traditionally written by hardware companies that only developed their code because they had to in order to make their product useful in the first place. For most device manufacturers, software development is a cost centre, not a revenue generator. As such, software development will often be pushed to the bottom of the pile in an effort to limit overall costs. The end result is that most manufacturers are happy to sell their devices to wholesalers or retailers and then forget all about them – they rarely continue to provide long-term support. At best, consumers may be lucky enough to find an appropriate firmware update in some obscure corner of the manufacturer’s website, which frankly only the most technical consumers will really know how to install.


Unsupervised learning is how an algorithm or system analyzes data that isn’t labeled with an answer, then identifies patterns or correlations. An unsupervised-learning algorithm might analyze a big customer data set and produce results indicating that you have 7 major groups or 12 small groups. Then you and your data scientist might need to analyze those results to figure out what defines each group and what it means for your business. In practice, most model building uses a combination of supervised and unsupervised learning, says Doyle. “Frequently, I start by sketching my expected model structure before reviewing the unsupervised machine-learning result,” he says. “Comparing the gaps between these models often leads to valuable insights.”


Customers today have more choice and opportunity to engage with banks and non-traditional banks than ever before. How the traditional banks respond to this new world of digital banking will define whether they sink or swim. All of them want to be digital banks, but does this resonate with their customers? Findings from SAP’s 2016 Australian Digital Experience Report show the banking industry has more consumers that are unsatisfied than are delighted with the digital experiences provided. The business outcome of getting digital interaction right in Australia is huge, as customers delighted with the digital experiences are five times more likely to remain loyal over those unsatisfied and more willing to share personal information such as buying preferences. Customer insight and understanding are where the business is; and using this data to better personalize only comes with accurate, appropriate, and timely information.


According to the agreement, upon a referral being received, the FCA or HKMA both intend to "assist the innovator businesses in understanding the regulatory regime" that they oversee and explain "how such regimes may be relevant" to those companies. The agreement also confirms that the FCA and HKMA intend to "share information about innovations in financial services in their respective markets", such as on emerging trends and regulatory issues pertaining to innovation. The FCA and HKMA may also pursue "joint innovation projects on the application of novel financial technologies", share expertise and knowledge, and facilitate staff secondments to one another, under the new cooperation agreement.


The totality of the BlackBerry solution is called BlackBerry Secure and is grounded in the company''s mobile software security platform. It helps companies manage and secure their mobile devices and connected things and secures communications for all messaging and file types - ultimately opening up new markets for BlackBerry where multiple endpoint mobile security management and applications are critical. For example, BlackBerry''s platform helps to prevent hackers from penetrating devices and computers, provide intelligence for highly secure supply chain communications, ensure patient confidentiality in healthcare and safeguard assets in the financial industry. 


When faced with transformation initiatives, the path of least resistance can often be to adapt existing processes to that change, without taking the opportunity to identify efficiencies or cost savings, as the scale of reviewing all processes and the impacts on both operations and customer deliverables are too great. I speak with many government agencies that are in the process of ’transforming’ and they have simply replaced a paper process with ‘handraulic’ electronic processes that pass through many hands, eyes and email inboxes due to compliance requirements or governance policies. A good example of this is when information has to leave your organizational silo, either as part of a joint responsibility across multiple government agencies, or when content based approvals must be sought from outside of your organisation. 


“Companies are going to need to invest in more technology to protect them from security threats,” said Brendan Jacobson, co-founder of NetGain Technologies. “It is just going to get worse.” It’s not necessarily that the attack tools are getting smarter; it’s the manner in which they are being used. Malicious players don’t even have to be highly tech savvy, said Cody Shackelford, systems engineer with Data Strategy, which acquired Louisville-based boice.net this year. Basic malware or ransomware packages are readily available on the black market or dark web, he said. Attackers today are succeeding by researching a target company or agency to determine a weak link 


Often lacking sufficient budget and headcount, security staff are overburdened. Given all the pressure to “get everything done,” sometimes things just don’t get done correctly. Misconfiguration of a tool and neglecting to follow security policies to the letter are regular mistakes. So is spinning up a certain service, such as a container, a proxy or monitoring tool, but forgetting to secure it. Still another consequence of time pressures can be forgetting to update security patches or not updating them on time. About half of IT professionals see outdated security patches as a problem and cite human error and patch management as stumbling blocks to making web apps totally secure. Cutting corners may sometimes be a good way to get the job done quickly, but it also makes way for poor security. Security managers must keep their teams on their toes. 


The industry's main effort to bend the technology to its will -- the R3 consortium -- recently saw the departure of several banks, including founding members Goldman Sachs and Banco Santander, and reportedly reduced its fundraising target. Charley Cooper, managing director of R3, explained that initial expectations were unreasonably high, blaming the "hype cycle" on tech firms and their dreams of disruption. Now, R3 has unveiled its new platform: Corda, a decentralized database that does not use a blockchain, as its technical whitepaper specifically points out. In a blog post, R3 architecture consultant Ian Grigg argues that Corda will become a formidable opponent to the two most popular blockchain technologies, Bitcoin and Ethereum, because it is the only solution that "asked the users what they want."


NativeScript supports Angular 2 and allows for true native performance on mobile applications – without having to learn multiple native languages. By using native components, the framework offers a native look, which give users the experience they both expect and demand. When it comes to developing, think of how much work you’d have to do to build simple Android and iOS apps using traditional native development approaches. In the case of a button, you’d have to take multiple steps across Android and iOS to accomplish what you need to. But with NativeScript and Angular 2, you can build that same button in a few lines of code; write the code in JavaScript/TypeScript; place the button in an Angular 2 component; style that button with CSS; install JavaScript modules to help you out from npm; and at the end of the day, there is only one code base to maintain.


Quote for the day:


"Winning by helping others succeed scales much better than winning at another's expense." -- @ThisIsSethsBlog

Posted by at No comments:
Labels: , , , , , , , , , ,

Daily Tech Digest - December 08, 2016

OpenStack enterprise adoption still awaits full embrace

Every one of those critical area points -- image placement, compute distribution and load -- are fundamental things you figure would just work," Berisha said. Ultimately, Berisha decided on a managed services engagement with VMware Integrated OpenStack. Whether it is a vendor distribution or managed OpenStack cloud, the financial benefits of the open source cloud computing software might not always pan out, because the vendor distributions that eliminate the complexity may also diminish the anticipated cost savings. "A lot of these distros are incredibly expensive," Forrester's Nelson said. She pointed to a recent request for proposal for 30,000 VMs that required $4 million for software licensing.


Backdoor Accounts Found In 80 Sony IP Securtity Camera Models

Sony was informed about the issue in October and released firmware updates for all affected camera models on Nov. 28. Users are advised to install these updates as soon as possible, because security cameras have recently been an attractive target for hackers. "We believe that this backdoor was introduced by Sony developers on purpose (maybe as a way to debug the device during development or factory functional testing) and not by an 'unauthorized third party' like in other cases," the SEC Consult researchers said. The affected cameras can be attacked over the local network or over the internet if their Web interfaces are publicly accessible. A search via the Censys.io search engine revealed around 4,000 Sony security cameras connected to the Internet, but these are likely not all of them and it's unclear how many are actually vulnerable.


The world in 2045, according to Pentagon researchers

"Imagine a world where you could just use your thoughts to control your environment," Sanchez said. "Think about controlling different aspects of your home just using your brain signals, or maybe communicating with your friends and your family just using neural activity from your brain." According to Sanchez, Darpa is working on neurotechnologies that can enable this to happen. There are already some examples of these kinds of futuristic breakthroughs in action, like brain implants controlling prosthetic arms. Just last week Darpa demonstrated this amazing tech for the first time and gave a paralyzed man back the sense of touch — with brain implants that provided the feeling "as if his own hand were being touched," he reported. The future has more than just brain implants. Many other exciting things could change the buildings and other objects around us, says Stefanie Tompkins, a geologist and director of Darpa's Defense Sciences Office.


CIOs assess how Apple and Google approach enterprise apps

Google has a fairly robust strategy, whereas Apple's approach is designed to meet specific business objectives, according to Wiora. "I think what technology leaders are looking for is a platform that integrates easily and is secure," he says. "Both companies have historically had their challenges and overcome a lot of them." Many IT professionals are receptive to Android and Google, but businesses should be cautious about overreliance on Google partners because the company could eventually follow Microsoft's lead and supplant some third-party services with its own, Wiora says.  Apple's approach to enterprise development works best for large companies that require a more formalized program or have existing relationships with Apple's current partners.


The Digital Shift: Embracing New Technology and Engaging Your Employees

There are three main reasons why some companies find it difficult to leverage more digital technology within their organizations. First, “new and improved” to some people can feel like “change and work” to others. When digital aspects are introduced into a job function that has existed for years without them, the benefits to users aren’t always obvious. For instance, rolling out instant messaging, which is supposed to make collaboration easier, may feel like just another thing to monitor and respond to that didn’t exist before. Some employees are simply set in their ways. Putting tools like document management systems or portals in place to automate or simplify common tasks takes time. Tagging and uploading a document to SharePoint or Dropbox — so everyone in your company has access to it anywhere


While Circle Pivots Away from Bitcoin, Blockchain Doubles Down on the Digital Currency

In an interview with the Wall Street Journal, Circle CEO Jeremy Allaire claimed the company’s fiat-denominated payments are growing many times faster than bitcoin payments on their platform. Allaire also claimed Bitcoin has not evolved quickly enough to support common, everyday payments, and he pointed to what he perceives as development gridlock among Bitcoin Core contributors as the main cause of this lack of progress. Although Allaire is frustrated with the Bitcoin Core development community, the reality is that they released their main scalability improvement,Segregated Witness, this past October. While Circle has continued their pivot away from bitcoin, Blockchain is doubling down on the digital currency.


Microsoft to turn millions of PCs and tablets into smart 'home hubs' 

'Home Hub is designed to run on Windows 10 PCs, mainly All-In-Ones and 2-in-1's with touch screens, but can work on any Windows 10 machine.,' it is claimed. As well as giving access to Microsoft's Cortana AI assistant, it will allow families to more easily create share accounts. 'There will also be a 'family account' that is always logged in,' Windows Central says. That account can see everything the 'family' is supposed to see, such as specific apps, calendar appointments, to-do's, and more. The new software will also be able to control smart home devices, including lights, doors, locks and more. It will use Microsoft's Cortana to allow voice control - much like Apple's siri HomeKit integration.  The firm is also expected to work with theird parties to create dedicated home hub devices, with talks already underway with HP and Lenovo.


Bluetooth 5 Is Out: Now Will Home IoT Take Off?

With Bluetooth 5, BLE matches the speed of the older system, and in time, manufacturers are likely to shift to the low-power version, he said. Range has quadrupled in Bluetooth 5, so users shouldn’t have to worry about getting closer to their smart devices in order to control them. Also, things like home security systems – one of the most common starting points for smart-home systems -- will be able to talk to other Bluetooth 5 devices around the house, Parks Associates analyst Tom Kerber said. Another enhancement in the new version will help enterprises use Bluetooth beacons for location. BLE has a mechanism for devices to broadcast information about what they are and what they can do so other gear can coordinate with them. Until now, those messages could only contain 31 bytes of information.


Where does India Stand in the Impact of Digital Technology on Businesses?

According to Sunil Mangalore, Managing Director, CA Technologies India, “India is at the cusp of a major revolution, as we see digital technologies being at the centre of business strategy for leading businesses. ... The need however for Indian CXOs, is to collaborate with a strategic partner and ensure adoption of digital technologies and practices that helps them grow their business revenues while enhancing customer satisfaction and retention.” ... Digital advancement in any field, least of all in businesses, can’t take place without sufficient supply of energy for daily living, for the industries and for the digital technology to function. India has to resolve this issue seriously, if it wants to make an overall transition to a completely digitised business model at par with the completely industrialised countries.


Cyber-insurance: What will you be able to claim for and is it worth it?

At the moment, CLIC can cover costs relating to the management of an incident, the investigation, the remediation, data subject notification, call management, credit checking for data subjects, legal costs, court attendance and regulatory fines. It can cover third-party damages, where these might include specific defacement of a website and intellectual property rights infringement. And would even cover losses due to a threat of extortion, and professional/legal fees related to dealing with the extortion. And the same goes for costs related to data lost by third-party suppliers and costs related to the theft of data on third-party systems. Simultaneously, some companies are attempting to provide a ‘guarantee scheme' of sorts, which promises to pay a specified amount of money should their product fail and a data breach was to occur.


Quote for the day:


"Great minds discuss ideas; Average mind discuss events; Small mind discuss people" -- Eleanor Roosevelt

Posted by at No comments:
Labels: , , , , , , , , , ,

Daily Tech Digest - December 07, 2016

Macbook Pro vs Surface Book i7

The Surface Book is essentially a business user's dream. You get just enough ports to keep you connected to a desktop station without needing any dongles, adapters or converters. ... It's lightweight enough to tote around, at 1.21 pounds, but it's meant to just sit on your desk, keeping cords tucked away and waiting for you to connect. The Macbook Pro isn't as limited in ports as the Macbook, which made a statement at its release by only including one USB-Type C port on the entire device, but the Pro still doesn't offer the same flexibility as the Surface Book for business users. On the 2016 Macbook Pro, you'll find four Thunderbolt 3 ports that also act as a USB-Type C port -- they use different connection standards but the port is the same shape and size.


Data Virtualization and Sandboxes: Filling the DevOps Data Gap

The Data Gap is the fact that provisioning production-like data effectively for developers and testers is one of the most challenging aspects of standing up the environments that are so critical to enabling DevOps. Let's back up a bit to understand the context of this. DevOps is all about building, testing, and releasing software at speeds that are orders of magnitude faster than traditional methods. Enterprises used to release software (or products) on yearly or quarterly basis. Today's application based economy is forcing them to move to monthly, weekly, or daily releases. DevOps aims to transform companies' cultures, processes, and tools to enable high velocity, continuous deployments of software. In speaking about this goal, DevOps guru and Phoenix Project author Gene Kim says,


Skills to look for in a threat hunter

Security analysts need a solid understanding of networking devices and computer operating systems. Hunt analysts constantly review raw system & network logs as well as packet captures. Analysts should have a deep understanding of the technology and software producing the logs to provide context to abnormalities. ... Endpoint analysis provides greater context in security threats and activity. This type of analysis can include memory dumps, I/O activity, user activity, etc. This stage of the hunt can provide more conclusive evidence on what is happening at the host and user level. Hunt analysts should be able to navigate OS logs and explore local endpoints with relative ease.


Companies Are in Short Supply of Cybersecurity Talent

“The deficit of cyber security talent is a challenge for every industry sector. The lack of trained personnel exacerbates the already difficult task of managing cyber security risks,” according to the CSIS report. The current shortage of cyber security skills is concerning for companies in all industries. One in four of the IT professionals surveyed said their organizations had been victims of cyber theft because of their lack of qualified workers. It is estimated that by 2019, between one to two million cyber security positions will be left unfilled. In the United States alone, 209,000 cyber security positions in 2015 sat vacant because of the shortage of cyber security skills. Hackers are taking notice of this gap. Worryingly, 33% of respondents to the Intel Security-CSIS survey said their organization was a target for hackers who knew their cyber security was not strong enough.


FCC Looks To Increase Security Regulations On Internet Of Things

FCC Chairman Tom Wheeler acknowledged the governing body’s interest in beefing up the security protocols for connected devices in a letter to Virginia Senator Mark Warner. “We cannot rely solely on the market incentives of ISP to fully address the risk of malevolent cyber activities," Wheeler wrote, arguing that a combination of market-based incentives and regulatory oversight are necessary to establish basic cybersecurity protections for internet-connected consumer devices. The message from Wheeler, published on Monday, was prompted by a letter from Senator Warner dated Oct. 25 of this year. Warner’s initial correspondence was prompted by the Mirai botnet attack that managed to take down a number of major websites. The attackers primarily utilized unsecured IoT devices to perform massive distributed denial of service (DDoS) attack.


Automated phishing campaigns increase profits for hackers

This is alarming given that phishing is the starting point for most network and data breaches. With this in mind, Imperva researchers deconstructed a phishing campaign initiated in mid-June, 2016. Among the most surprising findings was the low cost of launching a phishing campaign and the high projected return on investment for cyber-criminals. Imperva researchers browsed the darknet marketplace to estimate the cost of phishing campaigns and to get a clear picture of the business model. They observed the ease of purchase and low cost of Phishing-as-a-Service (PhaaS) campaigns. In addition, they saw that hackers were easily able to hijack compromised web servers for their campaign, which further lowered the investment needed.


Navigating the Five Stages of Threat Hunting

Hunting for the unknown requires patience, persistence and more effort. This is because unknown threats often tend to be more sophisticated, well-hidden and harder to detect. However, these adversaries leave indicators of their movement around your network. They will try to mimic the normal activity of authorized users to stay under the radar. If you are vigilant, eventually they will reveal themselves as an outlier – primarily by taking actions that reveal their precise targeting and IT savvy ... There’s a wealth of information in your logs! You’d be surprised what can be revealed simply by correlating information. By baselining a particular activity within your environment, and noting how often it occurs, you will start to see things pop up that are worthy of closer scrutiny. Patterns of suspicious behavior will emerge over the course of 30 days or even a couple of weeks.


Building a Secure, Fast Microservices Architecture From NGINX

With the transition from having all of the functional components of your application running in memory and being managed by the VM, to working over a network and talking to each other, you’ve essentially introduced a series of problems that you need to address in order for the application to work efficiently. One, you need to do service discovery. Two, you need to do load balancing between all the different instances in your architecture. And three, you need to worry about performance and security. For better or worse, these issues go hand in hand and you have to balance them together. Hopefully, we’ll have a solution that addresses all of them.


Microsoft Office, Google Docs beware: This open-source startup is after your users

Bannov contrasts those points with OnlyOffice having cloud and server versions and desktop and mobile apps on the same code base. "Our editors also show the highest compatibility with Microsoft Office formats," he says. As of now, OnlyOffice has more than two million users worldwide, with most of them using the free products. However, it is being used by one Oracle department in UK, and also by Unisys. The office suite also has a foot in the door of many educational institutions. Clients include the University of Brunswick, Karlsruhe Institute of Technology, University of Paris-Sud, and the Luxembourg Institute of Science and Technology. Public organizations use OnlyOffice as well. For example, the French Red Cross and Germany's Social Democratic Party.


How to merge IT and product development into one department

Why bring product and technology together? "Take our device protection product: when your device is stolen or lost, we can replace it typically in less than 24 hours," Vandevier says. "That product involves consumer websites, agent tools, mobile apps, supply chain, and repair operations — a whole host of systems, applications and products. The product has to roll up to one team that supports device protection end-to-end rather than to a bunch of people in different departments.” If Vandevier and his colleagues hadn't pulled those teams together, the device protection product would have suffered from a lack of clarity and unhappy customers. "When you have product and technology in separate groups, you wind up leaving out critical requirements and scrambling to squeeze in features late in the delivery cycle," he says.


Quote for the day:


"You always believe in other people. But that's easy. Sooner or later you have to believe in yourself." -- Gary, The Muppets

Posted by at No comments:
Labels: , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)