Daily Tech Digest by Kannan Subbiah

May 21, 2016

Organizing the Test Team

It's hard to continuously improve when you have to do the same thing all the time. We tend to think of standards more like a straightjacket than a wedge. We see standards as valuable when they emerge from practice and are more like guidelines than rules. For example, one of our clients requires evidence that testing occurs periodically, with a preference for executable examples. Each team selects how often this will happen, how to capture those examples, what and if should be automated. Management has delegated a technical leader to work with the teams to see if that evidence is sufficient. Understanding the problem helped guide the choice of innovation and creative chaos or getting more standard.

Fintech – disruptive technology

Some recent developments in the fintech space, however, point to weaknesses in fintech companies. LendingClub, the poster boy company for P2P lending has seen its shares tumble, wiping out about a third of its market value. This came as it faces scrutiny after its founder and CEO resigned following an investigation into improper loan sales. The US Treasury has released a report criticising the P2P lending business, recommending it to be more tightly regulated. Some commentators are liking P2P lending to the early days of the sub prime mortgage bubble of 2006-07. It is more likely though that the experiences of fintech in mature markets like China and the US will serve as good guides as to how this business will grow in this part of the world, with the requisite regulations put in place.

Bridging the divide between CISOs and IT decision makers

All security professionals will agree that the insider threat is a reality in any business. But it seems that CISOs, CIOs and other ITDMs have not aligned on the scope and magnitude of the threat or the threat vectors. Sixty-four percent of CISOs and CIOs believe that insider data security threats will increase in the next twelve months. Only 50% of other ITDMs agree with them. Is the view from the top—with a focus on protecting the organization and brand—skewing reality? Or, with the day-to-day liaison between ITDMs and employees, could it simply be that ITDMs lack the proactive (instead of traditional detective) tools required to provide real-time situational awareness? Even so, if they haven’t aligned on the threat vectors, the probability is very high that ITDM’s aren’t aligned on what to measure or monitor.

Bimodal IT: Do It Right, or Don’t Do It at All

By promising to quickly deliver the benefits of a digital innovation center without having to face the challenge of addressing IT’s legacy organization and processes, bimodal IT almost seems too good to be true. For technology organizations considering investing in a significant performance improvement initiative, I have prepared a comparison of the relative merits of the siloed bimodal approach typically espoused by consultants with a more holistic enterprise-wide Lean/Agile transformation approach, in which bimodal IT is a transitional state in the journey to becoming a high-performance organization. First let’s consider the benefits of Bimodal IT. Bimodal IT is attractive to IT organizations facing problems with speed and responsiveness, and the approach can deliver modest benefits, at least for the Mode-2 portion of the portfolio.

MIT CIO: Cooperation vs. competition in the digital ecosystem

The theme of "coopetition" -- collaboration among rivals for the greater good -- played big at the Cambridge, Mass., gathering of CIOs and other executives, from the work on standards for new technologies like blockchain, the distributed ledger digital currency bitcoin is based on, to regulators and individual corporations all doing their shares to protect privacy and security as mammoth amounts of data are more easily processed, analyzed and acted on. "They need each other's data, but at the same time they're trying to take market share," said Jason LaVoie, director of technical solutions and operations at mobile marketing startup SessionM, in Boston's Seaport, an area known for its young tech companies, booming construction and as the future home for a new old giant, GE. "It's fascinating, but it's where the world needs to go."

New IoT security certification aims to make the world safer

A lot of the products that go through testing like this are patchable either in software or firmware. However, the one missing piece appears to be a rigorous auditing process so that if an exposure is introduced post certification the certification can be removed until the problem is corrected. Otherwise the owner of the product is likely to believe the product is still safe when it may not be. That’s the problem with patchable products, any testing applies only to the product as it existed when the product was tested, as soon as it is patched the certification may no longer be valid and entire classes of these products to get patched often. On the other hand, things like sensors and cameras rarely get patched so they should remain relatively consistent with the certification and they likely represent the highest volume of devices expected to be deployed.

Hybrid cloud: How you can take advantage of the best of both worlds

Both of these technologies enable IT to set up their DNS addressing so that applications in the cloud continue to appear as part of your local IT data center. What about identity? You’ll want your users to access applications without having to re-enter credentials again – of course. Single sign-on (SSO), a capability provided by Azure Active Directory, is the final piece in your virtual data center. AAD allows you to synchronize identities with your on-premises Active Directory; and thus your users log on to the (virtual) network once and are transparently provided access to corporate applications without regard to their hosting location. Even before you begin migrating applications, you can take advantage of the hybrid cloud.

The Volcano - Prioritize Work for Multiple Teams & Products

The Volcano is vertically divided into ”swim lanes”, one for each product it should support. The width of the ”swim lane” is used to steer capacity allocation between the products. A narrow ”swim lane” indicates low capacity allocation, while a wide ”swim lane” indicates high capacity allocation. ... The work flows out of the volcano and into the team’s respective kanban boards. When a team has completed a work item and a ”swim lane” is free (capacity available), a new work item is fetched from the volcano into a free ”swim lane” as anongoing activity. It works best if the work items are of approximately the same size. We use stories (represented by ”larger” stickies). When the team starts to work with a story, they usually call for a planning meeting to break it down into tasks (represented by ”smaller” stickies) that then flows through their kanban board.

IoT and Machine Learning are invading our lives. Is it a good thing?

While all of this is good and necessary, I find the idea of a machine doing all the thinking in my place quite disturbing. I look at my own junior days and remember all the small trials and challenges that made me the man I am today. The time I forgot my set of keys inside the house and ended up being locked out for several hours; the day when I almost set the house on fire by forgetting to turn off the stove; the experience I had with a magazine-and-card store owner who asked me if I lived in a barn because I’d left the door open on a chilly winter day. I’m quite fond of those memories and they happen to be some of the most valuable lessons I’ve learned. The future generations won’t be experiencing any of that. They won’t meet many of the mind and social challenges that we’ve faced in our lives because the thinking is being done for them by machines that have been learning about them even before they were even born.

The Internet Is Broken

Clark argues that it’s time to rethink the Internet’s basic architecture, to potentially start over with a fresh design – and equally important, with a plausible strategy for proving the design’s viability, so that it stands a chance of implementation. “It’s not as if there is some killer technology at the protocol or network level that we somehow failed to include,” says Clark. “We need to take all the technologies we already know and fit them together so that we get a different overall system. This is not about building a technology innovation that changes the world but about architecture – pulling the pieces together in a different way to achieve high-level objectives.” Just such an approach is now gaining momentum, spurred on by the National Science Foundation.

Quote for the day:

"Reduce the layers of management.They put distance between the top of an organization and the customers." -- Donald Rumsfeld

May 20, 2016

10 steps to becoming cyber resilient

Just like risk management generally, many of the steps needed to minimise risk have to be applied widely across the practice, requiring personal compliance with rules and collaboration across internal departments. This is not just an issue for the IT team, although they have a significant role to play. Resilience is not just about preventing cyber crime, but encompasses cyber security on many fronts. A cyber-resilient law firm should “have the capacity across the business to maintain their core purpose, operations and integrity in the face of cyber attacks and cyber security breaches. A cyber-resilient practice is one that can prevent, detect, contain and recover from a plethora of serious threats against data, applications and IT infrastructure. It successfully aligns continuity management and disaster recovery with security operations in a holistic fashion.”

Leadership Relevancy in the Digital Age

Are you ready for digital age leadership relevancy? For full digital transformation? Are you ready for the tsunami of change coming? Is your business? If not, or if you want to get ready, you’ll enjoy this week’s episode of The Rebel Leader with Vijay Gurbaxani, founding director of Road to Reinvention: Leadership in the Digital Age — a signature conference hosted by The Center for Digital Transformation (CDT) at the UC Irvine Paul Merage School of Business. Vijay is also Professor of Business and Computer Science at the Merage School, but don’t expect an “academic” perspective to social leadership and organizational transformation. He is neck-deep into this pressing issue and comes at it from a unique and insightful perspective.

Inside Sundar Pichai's Plan To Put AI Everywhere

It’s Pichai’s first I/O since he became CEO last year when Larry Page reorganized the company into Alphabet. And it’s the first that will be held at Shoreline Amphitheater, an arena for rock concerts within a stone’s throw from Pichai’s office, rather than in the more staid San Francisco venue of years past. (“I wanted to create a sense of community, make it more informal, make it more like how Google works every day,” Pichai says.) Speaking softly in his lilting South-Indian accent, Pichai parries questions with his trademark calm and poise. He’s not a sound bite man. So his excitement at what Google will show off – at what the company is becoming – is masked by his long, meandering and thoughtful answers, always rich with context about the evolution of computing, the history of Google and what users expect.

Big data projects shake up the storage status quo

Cloud and virtual storage also have a potential role in the data marts that many company departments now use to run batch queries for different departments and business units. The data used in most of these data marts is batch created and is traditional data that departments have run for queries in the past. What is different is that users now have more analytics report creation tools and options for queries than they had in the past, and there is more ability for data administrators to generate data that is aggregated from different sources. In this batch environment, disk storage solutions work as effectively as they have in the past. As storage administrators react to the changes brought on by big data, the most significant change impact is accommodating the sheer size of extremely large big data files.

Cyber resilience: a board level issue for the legal profession

To start to address the challenge the broader legal profession needs to transform the way it thinks about cyber security and resilience. While privacy and confidentiality have always been foundation qualities for law firms, they must increasingly be able to demonstrate to their clients and regulators that they have adequate defences and associated controls and governance whilst remaining competitive and able to conduct business securely. Legal firms that do not take the time to train their staff, secure their systems and supply chain whilst advising their clients to do the same will increasingly find themselves losing high-profile contracts. Gone are the days when attackers focused solely on attempting to subvert a firm’s intrusion detection system or firewall defences with the goal of stealing sensitive information and then leaving.

The Average App Loses More Than 75% Of Its Users After One Day

“Using Day N retention rates, brands can determine how many new users return on a particular day following their first session,” said Appboys’s senior content producer Todd Grennan, in a blog post. “For instance, if 100 customers first use your app on a certain day (Day 0) and 30 of those original 100 return seven days later, that translates to a 30% Day 7 retention rate; similarly, if 20 of the original customers return 30 days later, that’s a 20% Day 30 retention rate.” According to the report, overall app retention drops to around 11% within a week of install. After 45 days, that number is less than 5% before hitting 4.1% after 90 days. Mobile operating systems play a role, Appboy said. Retention rates are higher on Android devices with a high of 27% on day one of install that declines to 13% by day seven. In comparison, iOS apps show a 23% session use on the first day and an 11% usage rate by the end of the week.

What’s Driving (and Inhibiting) DCIM Software Adoption?

One of the biggest drivers for DCIM software adoption in the near future, however, will be the transition to software-defined infrastructure. “Data centers will increasingly be viewed not as physical business but as pools of resources that can be drawn on when needed,” Cooke said. ... Many DCIM tools on the market today, however, are lacking key functionality that enables them to connect to and enable the digital transformation of data centers, and this is one of the factors that inhibit the market’s growth, Cooke said. The shift of more resources to outsourced IT infrastructure from on-prem facilities is another growth inhibitor, working both for and against the overall DCIM market. While use of DCIM tools by colocation providers and their users is on the rise, there will be fewer and fewer end user-operated facilities that need these management tools.

Google is bringing Android apps to Chromebooks

While Chromebooks have already been successful in the enterprise, they were lacking app compatibility, said Rajen Sheth, the director of product management for Android and Chrome for Business and Education. This update will better equip businesses and schools with apps they want, without requiring the developers of those apps to build a separate Chrome app, Sheth said. Chromebook shipments overtook Macs in the U.S. during the first quarter of this year, according to IDC. Building on that success by making Android apps available to those users should make the platform more appealing to buyers. Chrome OS users will now be able to write term papers on their Chromebook while also checking Snapchat, Kan Liu, Google's senior director of product management, said at the company's I/O developer conference in Mountain View, California.

Bringing resiliency to software acquisition

Thought leaders from government, industry and academia discussed the opportunities and challenges of IT resiliency at the Cyber Resilience Summit hosted earlier this year by CISQ. “Resilience is about risk,” said Paul Nielsen, director and CEO of the Carnegie Mellon Software Engineering Institute. “And one of the things about risk is, you can’t eliminate it.” Basic cyber hygiene can help eliminate low-hanging vulnerabilities, but increasingly persistent and sophisticated attacks against complex systems will continue to pose threats. Those risks that cannot be eliminated must be managed. Resilient software working as a coherent system can mitigate the impact of intrusions when they occur, continuing to operate while avoiding or minimizing damage.

Machine learning: Demystifying linear regression and feature selection

Linear regression is a powerful technique for predicting numbers from other data. Imagine you have an imperative to predict basketball scores from game statistics, and you miraculously know absolutely nothing about basketball. The fact that a hoop is involved is news to you. You’ve found a dataset on stats.nba.com that has a bunch of statistics (free throws made, assists, blocks, three pointers), including the final score, and now you want to predict future scores given those stats. Those of us who are not in your miraculous situation know that the answer is going to look a lot like points = free throws made + 2 * two pointers made + 3 * three pointers made.

Quote for the day:

"Unless you try to do something beyond what you have already mastered, you will never grow." -- Ronald Osborn

May 19, 2016

Lessons from LinkedIn data breach revelations

As mentioned, LinkedIn’s passwords were encrypted, but the company was still using a relatively weak hashing algorithm. It was also not adding random text to passwords to make it more difficult to reverse engineer the hashed or scrambled versions of the passwords. ... Creating unique passwords for every online service means that if one is compromised, none of the others are affected. However, the converse is also true. If passwords are re-used and one service is compromised, it means all others where the same password is valid are also at risk. “While LinkedIn has taken the precaution of invalidating the passwords of the accounts affected, and contacting those members to reset their passwords, the chances are that many will use the same password across multiple online accounts,” said Liviu Itoafa, security researcher at Kaspersky Lab.

Cloud security: A mismatch for existing security processes and technology

Certainly cybersecurity professionals want to leverage existing security investments and lean on well-established best practices as much as possible. So, what’s the problem? Unfortunately, existing security technologies and processes don’t always work when pointed at cloud-based workloads. In fact, 32 percent of enterprise cybersecurity and IT professionals admit they’ve had to abandon many traditional security policies or technologies because they couldn’t be used effectively for cloud security, while another 42 percent have abandoned some traditional security policies or technologies because they couldn’t be used effectively for cloud security.

IT Governance Integral Part of Corporate Governance

For any modern day business to stay agile, relevant, competitive and profitable, it has to rely and invest in IT as a major component of its business strategy. Automating a company's functions, apart from requiring significant financial investments, also requires the incorporation of powerful internal control mechanisms into computers (hardware), software and networks to manage operational IT risks. In view of the above, IT governance is now considered as a bread and butter issue for businesses to thrive. The emerging trend is that IT governance and corporate governance can no longer be separated. IT governance now constitutes a key component of every company's strategic plan and consequently it has become a standing agenda item at board meetings.

Ransomware attacks force hospitals to stitch up networks

Once ransomware is on the networks, hospitals were forced to resort to finding and using paper copies, fax machines, phones, and any other non-connected devices, while network administrators hastened to get their systems up and running. The result of these activities has made a lasting impact on operations: in some instances doctors even had to reschedule high-risk surgeries. The lessons to be drawn from these recent incidents is the need for hospitals to develop and implement a strong cyber resiliency plan that incorporates incident response as well recovery operations from such attacks. The threat of ransomware demonstrates the need for hospitals, as well as all organizations, to identify critical information and properly store it on backup systems that are independent of the main network. While we can’t necessarily predict when attacks against us will occur, we can always be prepared to respond to them once they do.

Digital transformation trips: advice from CIOs

Unsurprisingly, lack of investment from the business is a barrier to digital transformation, with 50 per cent of those studied saying this was one of the biggest downsides. When asked what the major barriers are to digital transformation projects, the top answer was the lack of funds available for technology provision. Adding to complexity, corporate culture is often change-averse, according to 43 per cent of CIOs studied. If they are to encourage investment in digital, CIOs must now convince the board of the area's ability to drive business change. A financial sector CIO explains: "Gain board level sponsorship, so the initiative is perceived as a business led change programme, rather than a technology led one."

Google Has Built Its Own Custom Chip for AI Servers

TPU gets its name from TensorFlow, the software library for machine intelligence that powers Google Search and other services, such as speech recognition, Gmail, and Photos. The company open sourced TensorFlow in November of last year. The chip is tailored for machine learning. It is better at tolerating “reduced computational precision,” which enables it to use fewer processors per operation. “Because of this, we can squeeze more operations per second into the silicon, use more sophisticated and powerful machine learning models and apply these models more quickly, so users get more intelligent results more rapidly,” Jouppi wrote.

Make the bed, enterprise OpenStack deployment is moving in

The increased adoption of OpenStack is part of a changing perspective of open source in general, where more enterprises view it as a way to get faster top-level development, rather than relying on the roadmap of one proprietary entity, according to Nelson. "There's been a big shift from a bunch of developers getting in a room and dreaming of the future to something that has become a lot more real, and adopted by commercial vendors and looked at seriously by a lot of large enterprises," she said. The next step in OpenStack adoption is likely companies that are not interested in putting whole development teams in place to put the upstream code into production. Instead, the next round of adoption will likely involve a deployment from a vendor -- companies such as Canonical, Red Hat or Mirantis -- to do it hands-off, so it feels like rolling out Linux.

SEC says cyber security biggest risk to financial system

The SEC, which regulates securities markets, has found some major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced, SEC Chair Mary Jo White told the Reuters Financial Regulation Summit in Washington D.C. "What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks," she said. "As we go out there now, we are pointing that out." White said SEC examiners were very pro-active about doing sweeps of broker-dealers and investment advisers to assess their defenses against a cyber attack. "We can't do enough in this sector," she said.

New Federal HIPAA Guidance Targets Data Security Incidents

The new guidance defines how business associate agreements should specify the terms of how and for what purposes protected health information will be used, and create reporting mechanisms that cover instances in which protected information is disclosed in a way not authorized under contracts. The new rules put the onus on BAs to report incidents to covered entities. ... OCR recommends that business associate agreements contain requirements that BAs and subcontractors report a breach or a security incident even if it did not cause a breach. The information should include BA or subcontractor name and contact information, a description of the incident, date of the incident and date of discovery, types of unsecured PHI involved in the incident, and steps being taken to further investigate the incident and avoid future incidents.

Role of Business Analysis in Agile

Great business analysts are now more aware of the customer and their journey with the software. They’re interested in understanding not only why the business want the product built, but what the problem is that the product is trying to solve and how their customers will use it. The business analyst is also in a fantastic position to influence team dynamics. They’re working closely with the product owner, working closely with the development team, being able to drive consensus on decisions that are being made is a great way to ensure that the whole team feels they have ownership of the product. This also helps establish a shared goal that the whole team can work towards. So you can see, there’s heaps of different paths a business analyst can take to be T-shaped and provide further value to their teams.

Quote for the day:

"Diligence is the mother of good fortune." -- Miguel de Cervantes,

May 18, 2016

Your Business’ Network Needs IPS and IDS – Here’s Why

If you are simply looking for IDS, which is intrusion detection services, then what you want to do is have the devices working out of the direct line of your traffic flow so that you can detect abnormalities on different scales. However, if your focus is on IPS, which is intrusion prevention services, then you want to put the device that is sorting through your traffic in line with your network so that it can be the barrier your network needs to stay safe. ... Some of the different streams that are used for intrusion pose a larger threat than others, and this is worked into the device itself that you are using. Your device will detect the intrusion, figure out what type of intrusion it is, and evaluate the information that it can get from the intrusion. From there, you will be able to get a rating as to just how much potential danger your network is in, and decide on what type of steps you want to take next, such as blocking that type of intrusion,

On Blockchain Disillusionment and Bitcoin's Big Bad Wolves

For all the investment, it remains increasingly unclear exactly how banks will use blockchain technology or distributed ledgers, or if the areas where it seems most effective will be lucrative or interesting enough for incumbent financial firms to pursue. As noted by Coin Sciences CEO Gideon Greenspan in a recent CoinDesk opinion piece, shared ledger efforts have hit a roadblock when it comes to confidentiality, as every institution operating in such environments today sees every transaction. "This turns out to be a huge issue, both in terms of regulation and the commercial realities of inter-bank competition," Greenspan writes. "While various strategies are available or in-development for mitigating this problem, none can match the simplicity and efficiency of a centralized database managed by a trusted intermediary."

DevOps model, a profile in CIO leadership, change management

Proponents tout the many benefits of DevOps, the practice of putting software developers and the IT operations together so that building, testing and releasing software can happen very quickly, frequently and more reliably. They say this approach (or culture or movement, as some call it) produces faster delivery of features, more stable operating environments and better quality products. They also say that the DevOps model means continuous software delivery and faster resolutions of problems, which lead to more satisfied users. Results like that get attention, said Donnie Berkholz, research director for the development, DevOps, and IT ops channel at 451 Research. In fact, he points out that 40% of the 568 infrastructure professionals his firm recently surveyed are using DevOps somewhere in their organizations.

10 most in-demand Internet of Things skills

Insufficient staffing and lack of expertise is the top-cited barrier for organizations currently looking to implement and benefit from IoT, according to research from Gartner. "We're seeing tech companies around the globe getting organized and creating IoT strategies, but where they're struggling is they don't have the processes and talent in-house to make these things happen," says Ryan Johnson, categories director for global freelance marketplace Upwork. By tracking data from Upwork's extensive database, Johnson and his team have identified the top 10 skills companies need to drive a successful IoT strategy. Data is sourced from the Upwork database and is based on annual job posting growth and skills demand, as measured by the number of job posts mentioning these skills posted on Upwork from October 2014 to December 2015.

SAP Technology Targets Inequity in Workplaces Around the World

“Diverse teams are high performing teams,” said Mike Ettling, president of SAP SuccessFactors.* “We’re always looking at how innovative HR technology can improve people’s work lives. Our HCM solutions simplify and standardize HR processes for organizations across the globe. Addressing inequity fits into our focus on built-in intelligent services and recommendations. Today’s innovations, and those to come, are designed to help companies find and address opportunities to build inclusive cultures, prompting managers and HR professionals to make intentional decisions as they attract, hire, develop, reward and promote people.” The use of technology to tackle workplace issues like gender inequity has not grown at the same pace as that of the digital economy.

Cloud security and compliance concerns rise as investment grows

“As organisations look to cloud computing to reduce IT costs, increase agility and better support business functions, security of data and applications in the cloud remains a critical requirement,” says Holger Schulze, founder of the 300,000-member Information Security Community on LinkedIn. “The 2016 Cloud Security Report indicates that as organisations increase investments in cloud infrastructure, they are seeking a similar level of security controls and functionality to what’s available in traditional IT infrastructures. “However, they are finding traditional security tools ineffective in the cloud. In a shared responsibility model, this is an opportunity for organisations to implement effective cloud security solutions to strengthen their security posture and capitalise on the promise of cloud computing”.

Towards a whole-enterprise architecture standard – 6: Training

In short, training only make sense in those parts of the context that map to the left-side of that boundary. To the right, we’re going to need real skills, which in turn arise only from some form of education or self-education. The vertical axis on SCAN is an arbitrary scale of the amount of time available for assessment and decision-making before action must be taken – the latter indicated by the ‘NOW!’ as the baseline, with time-available extending ever upward towards an infinite future relative to the ‘NOW!’. The green dotted-line across that axis represents a highly-variable yet real transition from theory to practice, or from plan to action. For humans at least: above the boundary, there is time for considered or ‘complicated‘ evaluation, and plans and decisions are rational – or may seem so, at least; and below the boundary, there is time only for simple evaluation in real-time, and plans and decisions are emotional

How to manage workers in the gig economy

HR has developed into a department that is devoted to employee engagement and company culture. "As companies shift from having traditional paper pushing HR departments to becoming more focused on the employee experience, a PEO system can create a huge benefit allowing HR to focus on their talent brand vs compliance," says Harris. PEO models can also help minimize the workload and paperwork associated with gig workers, who are in and out of the company like a revolving door, says Harris. These systems take away a lot of the grunt work associated with onboarding employees, as well as managing their benefits, compensation and even seeing them out of the company once they move on. PEO systems are freeing up HR so they can focus on ensuring gig workers are engaged, feel a part of the culture and aren't treated any differently than typical full-time workers.

Cybersecurity in 2020: The future looks bleak

Scenario planning or scenario thinking started in military intelligence circles as a way to create flexible long-term plans. "Scenario planning may involve aspects of systems thinking, specifically the recognition that many factors may combine in complex ways to create surprising futures,"according to Wikipedia. "The method also allows the inclusion of factors that are difficult to formalize, such as novel insights about the future, deep shifts in values, unprecedented regulations, or inventions." ... Wearables will track more than heart rate and the number of steps taken. "With devices monitoring hormone levels, facial expressions, voice tone, and more," suggest Weber and Cooper, "the Internet is now a vast system of 'emotion readers,' touching the most intimate aspects of human psychology. These technologies allow an individual's underlying mental, emotional, and physical state to be tracked—and manipulated."

Global Lenders on Edge as Cyber Attacks Embroil More Banks

While Swift has for decades made sure its own financial messaging network was secured, less attention was paid to the security surrounding how member banks -- each with their own codes and varying levels of technology -- were connecting. Even today, when it discusses the cyber attacks, Swift emphasizes that its own network wasn’t breached and says its members are responsible for their own system interfaces. Some U.S. banks are pushing to open discussions with Swift about whether it should have responded more quickly to the breaches and should now help member banks better secure their systems, according to one of the people familiar with the thinking within a large U.S. bank. BITS, the section of the Financial Services Roundtable aimed at combating cyberfraud and other technological issues, could be tapped to broker those discussions, the person said.

Quote for the day:

“The common question that gets asked in business is, ‘why?’ That’s a good question, but an equally valid question is ‘why not?’” -- Jeff Bezos

May 17, 2016

Critical Flaw in Symantec Antivirus Engine Puts Computers at Risk of Easy Hacknig

The worst part about it is that the Symantec AVE unpacks such files inside the kernel, the highest privileged region of the OS. This means that successful exploitation can lead to a full system compromise. "On Linux, Mac and other UNIX platforms, this results in a remote heap overflow as root in the Symantec or Norton process," Ormandy said in an advisory. "On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel, making this a remote ring0 memory corruption vulnerability -- this is about as bad as it can possibly get." Symantec has rated the vulnerability with a 9.1 severity score out of 10 in the Common Vulnerability Scoring System.

An Update On The Megatrend of Cloud Computing

There are seven key MegaTrends driving the future of enterprise IT. You can remember them all with the helpful mnemonic acronym CAMBRIC, which stands for Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics, Internet of Things, CyberSecurity. In this post we dive deeper into the first of these trends, Cloud Computing. We succinctly describe Cloud Computing as the scalable delivery of computational resources. Models of cloud compute include public clouds, private clouds and blends in between. Architectures are in place now that leverage tiers of clouds that can exist in multiple sizes and locations, including homes, businesses and datacenters.

Stealthy malware Skimer helps hackers easily steal cash from ATMs

"One important detail to note about this case is the hardcoded information in the Track2 -- the malware waits for this to be inserted into the ATM in order to activate," the Kaspersky researchers said. "Banks may be able to proactively look for these card numbers inside their processing systems, and detect potentially infected ATMs, money mules, or block attempts to activate the malware." Skimer is just one of several malware programs designed to infect ATMs that were discovered in recent years, suggesting that this method of attack is becoming increasingly popular among cybercriminals. The way in which malware programs have been installed on ATMs in the past has varied. In some cases it was installed by insiders. In others it was installed by booting from a CD drive after opening the ATM's front case using special keys.

How big data is going to help feed nine billion people by 2050

The power of farming data is insurmountable, and it is also dangerous. If someone knows the data of an operation, they also know when and where the crops are, how much yield, how much it costs, and the farm's profits. The overwhelming fear is that it falls into the wrong hands, be it a neighbor, a seed retailer, a fertilizer company, or a big ag corporation. And then that data is used against the farmer by being sold to a competitor or undercutting a neighbor for a better deal on land prices. Farmers and big ag companies are racing to find the holy grail of precision agriculture. Precision technology is a farming management concept that measures and responds to field variability for crops, often using satellites and GPS tracking systems. It has become more and more prevalent in recent history because of the advanced technology systems available on farms.

If These Predictions Are Right, We Will Lose Millions Of Jobs To Computers

The application of machine learning to the ever-increasing amounts of data being produced throughout the world will change everything when it comes to our jobs. Yes, these new technologies will make jobs easier for many people — but they also may make many of those jobs obsolete. Algorithms can now answer our emails, interpret medical images, find us the legal case to win, analyze our data, and more. Machine learning relies on algorithms that “learn” from past examples, thereby relieving the programmer from having to write lines of code to deal with every eventuality. This ability to learn, coupled with advances in robotics, cloud computing and mobile technology, means that computers can now help humans perform complex tasks faster and better than ever before.

The Importance Of A Personal Business Continuity Plan

People’s knee-jerk response is often to assume their data is automatically backed up to the cloud. While this is a good fallback, it is often presumptuous. If a cloud backup of your computer or your phone is your fallback strategy, you should look and see what is actually being backed up and whether it is current. When I recently examined my personal business continuity plan and looked at my iPhone iCloud backup, I discovered only 10 of my 129 applications were backed up to the cloud. If the cloud were my Plan A, I’d be in trouble. The reality is that you never, ever want to lose your data. It is your most valuable asset, and you need to do everything possible to protect it. The Disaster Recovery Journal explains that a personal business continuity plan is all about having a methodology in place to recover your data and help you return to full productivity as soon as possible.

Orchestration and Automation: The Enterprise’s Best Kept Secret

The IT organization simply defines a set of policies using templates. Those templates are then used to automatically provision all the infrastructure resources required by any given application workload. The end result is a much more agile IT organization capable of dynamically responding to any and all new application requirements. Once that automation capability is in place the IT organization gains the ability to holistically orchestrate sets of infrastructure services that function as a cloud; right down to being able to define what infrastructure resources can be made available to a specific application. In the truest sense of a cloud IT organizations can even allow developers to self-service their own IT infrastructure requirements within a set of well-defined guidelines defined by the IT organization.

Martin Van Ryswyk on DataStax Enterprise Graph Database

Datastax Enterprise (DSE) Graph is part of a multi-model platform that supports key-value, tabular, and Document models in addition to graph. Rather than use multiple vendors for handling polyglot implementations that demand different data models, the users can use one vendor and get different data models in the same product. DSE Graph includes additional capabilities like security, built-in analytics, enterprise search, visual management monitoring and development tooling. Also, DataStax Studio now comes with a new web-based solution to visualize graphs and write & execute graph queries. InfoQ spoke with Martin Van Ryswyk, EVP of Engineering, DataStax, about the graph data model support in Datastax.

Publisher's cloud strategy improves uptime and agility with PaaS

By embracing the Cloud Foundry PaaS, Springer Nature initiated "a big change in the working relationship between operations and development," Otte said. For example, changes to Springer's primary business channel, SpringerLink, once meant downtime. With PaaS, however, Springer Nature was able to dramatically improve uptime by empowering development teams to self-serve. According to Otte, "By embracing PaaS, we let dev teams own their applications in production without worrying about the operational hassles." This also resulted in "simplified operations and reduced costs across the board." This fits 451 Research's survey data that concluded IT increasingly worries about improving agility, rather than simply shaving pennies off hardware and software costs:

ONC Task Force: No ‘Show-Stopping’ Barriers to API Requirements

“We recognize implementation of such a framework may require Congressional action; however, using its role as advisor for all things health IT, ONC should seek to harmonize conflicting, redundant and confusing laws that govern access to health information,” the task force said. As part of that oversight framework, ONC should coordinate with the relevant agencies a single location for all API actors to access in order to become educated and to ask questions about the oversight and enforcement mechanisms specific to patient-directed health apps, as well as their specific rights, obligations and duties. For instance, the task force said, patients should have one place to access in order to log complaints regarding an app’s behavior, and app developers should have one place to access in order to log complaints that could launch investigations regarding a provider or an EHR API developer’s behavior regarding information blocking.

Survey: No Cure In Sight for Healthcare Data Breaches

“The fact that healthcare is bearing the brunt of cyberattacks is no surprise, given the unique black market value of the complete sets personal information sitting in electronic medical records, including patient names, family history, Social Security Numbers, and billing information,” commented Dylan Sachs, director of identity theft and anti-phishing for security vendor BrandProtect. “What is remarkable, however, is the level of sophistication these cyber criminals have achieved. We’ve recently witnessed a wave of elaborate attacks designed specifically to penetrate healthcare organizations. It seems clear that security measures must evolve to include aggressive, proactive monitoring for suspicious activities outside traditional security perimeters.” The College of Healthcare Information Management Executives similarly has raised a red flag about the epidemic of data breaches.

Quote for the day:

"Technological innovation is indeed important to economic growth and the enhancement of human possibilities." -- Leon Kass

May 16, 2016

Is The Fintech Industry The Next Tech Bubble?

Many experts believe that since banks offered such a wide multitude of services, they have lost their focus and have over extended themselves. This is why many Fintech startups started in the last decade are starting to give banks a run for their money. Most of these fintech startups specialize in one particular field and focus on customer experience and convenience. For instance, PayPal started offering online payments as a service for merchants when checks were becoming irrelevant for e-commerce transactions. This immediately made PayPal a household name and the company was able to gain significant market shares in a sector that was gravely neglected by banks. DealSunny, a company that specializes in special offers and coupons, devised a neat infographic exposing some of the facts about the amazingly fast growing Fintech industry.

The End Of IT: More Questions, Some Answers

Companies will not become digital until the employees, including the executives, adopt digital-age attitudes and techniques. The question is, "How?" In many instances, this will be a Darwinian process. Those CEOs who think digitally and who understand disruption will naturally lead their organizations to better places. In other cases, boards and directors will select new CEOs, perhaps those who have demonstrated an understanding of both business and the new digital age. ... Too frequently, the consultant doesn't take into account the business environment, or the consultant doesn't spend adequate time assessing conditions before applying the framework. This process is a little like a painter who shows up and doesn't clean the existing painted surface or apply primer. That new coat of paint is going to peel off sooner rather than later.

Courting the Internet of Things: Legal issues to weigh

Take the most basic question: Who owns the data smart devices produce and send forth over the Internet? Right now it depends on the contractual relationship between the parties. So if someone is buying, say, a refrigerator that can monitor its contents and send out orders to replenish dwindling supplies of milk, eggs or Pop Tarts, "there ought to be fine print in that purchasing agreement which talks about the data and the right of the manufacturer of the product to use that data and their ability to disseminate it," Foley said. Some data, like healthcare, finance and student aid information, is regulated, so there are rules limiting what organizations can do with it.

How to define the evolving role of data scientist

Businesses should also avoid being data-greedy -- because the idea of too much of a good thing, certainly can apply to data. "They may be collecting more data than they have the capacity to explore and assess the value of. One way to solve this problem -- is to be more selective about what data you analyze," says Rattenbury. And because data is such a new concept in business, Rattenbury recommends a flexible approach to a data strategy -- one that considers what should change as you move along with a new data initiative. This way, businesses can consider what's working, what's not working, who the key players are and the value tied to specific data points. However, prioritizing data this way isn't just a task for data scientists, he says, it's a task that needs to include everyone in the company.

The reality of android soldiers and why laws for robots are doomed to failure

One reason for the unreasonable level of expectation around autonomous weapons is the belief that AI is far more capable than it really is, or what Sharkey describes as the "cultural myth of artificial intelligence that has come out of science fiction." Researchers working in the field assert that AI is working on projects that are far more mundane (if useful) than building thinking humanoid robots. "Every decade, within 20 years we are going to have sentient robots and there is always somebody saying it, but if you look at the people on the ground working [on AI] they don't say this. They get on with the work. AI is mostly a practical subject developing things that you don't even know are AI — in your phone, in your car, that's the way we work."

Outsourcing Software Development to a Global Talent Pool: World of Help or World of Hurt?

Client success requires that your vendor understand the politics, administration, paperwork, red tape, tax and banking systems of the countries where they have established dev centers. For an outsource vendor, this if often the biggest challenge to overcome. Does your vendor employ someone on-site at their offshore dev center(s) to ensure they are able to successfully meet this challenge? The role of an on-site international business manager has the primary function to manage and navigate the processes specific to countries outside the U.S. Your vendor needs to ensure their employees, their facilities, and your code is safe, accessible, and stable. Regardless of outsource destination, your vendor needs to have a plan to address potential issues with electrical outages and other unpredictable factors related to utilities.

Google Ending Automatic Chrome Support For Flash

"While Flash historically has been critical for rich media on the web, today in many cases HTML5 provides a more integrated media experience with faster load times and lower power consumption," Anthony LaForge, technical program manager for Chrome at Google, wrote in an online posting explaining the switch. "This change reflects the maturity of HTML5 and its ability to deliver an excellent user experience." LaForge also noted that Google would continue to work closely with Adobe and other browser vendors to keep moving the Web platform forward, in particular paying close attention to Web gaming. Flash has been widely criticized for its security holes and susceptibility to new vulnerabilities. The late Steve Jobs published a 1,500-word letter in 2010, essentially calling the platform a relic from the bygone era of PCs and mice.

Identity Startup Netki to Launch SSL Certificate for Blockchain

Netki will seek to act as a certificate authority similar to how Symantec sells SSL certificates to domain name holders. When a MSB acquires a digital identity certificate for itself and its users, the name, address and verification level (aligned to the risk or value of the transactions) is built into the certificate. When a transaction is made, the MSBs on both sides send identity certificates and compare the information through their own AML checks. If both sides have a small green lock, the transaction is secure and compliant. Newton explained that one certificate would contain both the MSB and client information, but in the future, there would be a separate certificate for the MSB and client. But not storing information on a public ledger is also necessary for the world that Newton believes is coming.

Centralizing Security for Decentralized Environments

Both DDoS and web application security are important in today’s high-stakes, high volume game of “protect the application.” Bringing both together in a single, cloud-based solution addresses the need to centralize security whilst establishing appropriate app-centric perimeters regardless of where that app may be deployed. It’s infeasible to establish those app-centric perimeters on-premises. The architectural drawbacks of doing so outweigh the operational advantages. But moving that same concept to the cloud, as a cloud-based service, not only affords the same operational advantages innate to centralization but is an architecturally sound principle, as well. A cloud-based solution has access to greater bandwidth, which means it can withstand a deluge of network and application attack floods.

7 Deadly Career Mistakes Developers Make

Your expertise in one stack may make you invaluable to your current workplace -- but is it helping your career? Can it hurt to be too focused on only one stack? MediaMath’s Donohue doesn’t pull any punches on this one: “Of course it is -- there’s no modern software engineering role in which you will use only one technology for the length of your career. If you take a Java developer that has been working in Java for 10 years, and all of a sudden they start working on a JavaScript application, they’ll write it differently than someone with similar years of experience as a Python developer. Each technology that you learn influences your decisions. Some would argue that isn’t a good thing -- if you take a Java object-oriented approach to a loosely typed language like JavaScript, you’ll try to make it do things that it isn’t supposed to do.”

Quote for the day:

"Great effort springs naturally from a great attitude." -- Pat Riley

May 15, 2016

Towards a whole-enterprise architecture standard – 5: Practices and toolsets

What do we do when we’re doing whole-enterprise architecture? How do we choose what to do, when, in what order? And how do we record what happens, the outcomes, the results? Perhaps the core to all of this is the ‘Start Anywhere’ principle, and the focus on overall effectiveness of the enterprise. Yes, the potential scope of whole-enterprise-architecture might at first seem impossibly huge: anything, anywhere, in any aspect or domain of the entire enterprise, and even beyond. Yet the crucial twist is that the enterprise is seen as an ecosystem, or ecosystem-of-ecosystems: whichever way we look at it, it’s always oneintegrated whole, deeply interdependent, deeply interwoven. In which case, it doesn’t matter where we start: if everything’s connected to everything else, then we connect with everywhere eventually.

Can IT keep up with big data?

When IT deals with big data, the primary arena for it is, once again, large servers that are parallel processing in a Hadoop environment. Thankfully for the company at large, IT also focuses on reliability, security, governance, failover, and performance of data and apps—because if it didn't, there would be nobody else internally to do the job that is required. Within this environment, IT's job is most heavily focused on the structured transactions that come in daily from order, manufacturing, purchasing, service, and administrative systems that keep the enterprise running. In this environment, analytics, unstructured data and smaller servers in end user departments are still secondary.

Ransomware: How high will the demands go?

"Once inside a network, attackers can identify high-value files, databases, and backup systems and then encrypt all of the data at one time," the report suggested -- and pointed to malware families such as SamSa which can be deployed manually into an infected system. As ransomware becomes more dangerous, researchers fear that cybercriminals will use its increased power to extract higher ransom payments from victims. Currently, the majority of ransomware perpetrators demand between $200 and $500 -- usually in bitcoin -- before they release the victim's system. ... "If attackers are able to determine that they have compromised a system which stores valuable information, and that infected organization has a higher ability to pay, they will increase their ransoms accordingly," the researchers said.

How to Simplify Enterprise Architecture Messaging for Stakeholders

A second practice to kill EA complexity is to take a more selective approach to recording and managing data. This approach is often referred to as, 'Just Enough' Enterprise Architecture. It seems obvious when working with tangible ‘things’ - the more things you own, the more difficult it is to control and maintain the ones you want. Yet with data, this logic and reasoning is often lost. To kill EA complexity, Enterprise Architects should adopt a more vigilant approach in managing their data. Additionally, what EA’s choose to record should be more deeply considered. A ‘Just Enough’ approach to Enterprise Architecture has been championed by leading analysts - including Gartner - for some time, and for this exact reason. Maintaining data that provide value to your initiative is in essence, choosing to increase your own workload, and decreasing your productivity.

High-tech hiring and the malleable modern career

Mike Germano is partially in charge of cultivating the corporate culture that's helped Carrot Creative secure the prestigious title two years in a row. When seeking candidates, Carrot Creative's hiring managers take care to do things differently. Germano says the company prefers to avoid recruiters, utilizes social media diligently, focuses on relationships with educational institutions, and puts candidates for tech positions through a variety of tests to ensure both cultural fit and technical expertise. ... "Candidates meet with not only technical managers, but also members throughout departments to discuss various aspects of the job and [the company itself]. We put a lot of emphasis on the candidate’s natural excitement and drive, not only for what they do, but also for trying and learning new things."

Robots won’t just take jobs, they’ll create them

We all know how great it is when technology works — and how frustrating it is when it doesn’t. Even sophisticated technology companies haven’t eliminated their human customer support teams, because when something goes wrong, it is often a human who needs to fix it. There will always be a need for on-site, human labor and expertise when we deal with machines. Robots will have glitches, need updates and require new parts. As we rely more and more on mechanized systems and automation, we will require more people with technical skills to maintain, replace, update and fix these systems and hardware. We see this starting already. IT departments have sprung into existence because of digital technologies. Network administrator, field service technician and web developer are job titles that didn’t exist 30 years ago.

Big Data Processing with Apache Spark - Part 4: Spark Machine Learning

The spark.mllib package contains the original Spark machine learning API built on Resilient Distributed Datasets (RDDs). It offers machine learning techniques which include correlation, classification and regression, collaborative filtering, clustering, and dimensionality reduction. On the other hand, spark.ml package provides machine learning API built on the DataFrames which are becoming the core part of Spark SQL library. This package can be used for developing and managing the machine learning pipelines. It also provides Feature Extractors, Transformers, Selectors, and machine learning techniques like classification and regression, and clustering.

Seven Principles of Enterprise Architecture

With the break of digital Transformation, discipline of Enterprise Architecture, EA, is shaken on its bases. A questioning is more than necessity. Large consulting firms, carriers of miracle solution, are reduced to simplistic recommendations (bimodal IT) attacked by competitor gurus (see the debate), without real proposal on the bottom. Confronted on the one hand with an immense IT heritage, and on the other hand with this multiform disruption, Enterprise, CIO, do not know by which end take the problem. One claims to see cleavages everywhere: between the IT into bimodal, between the SQL and NoSQL, between intern and external Information Systems… But, clearly, these dichotomies does not function, because the value chain do not divide thus.

Insights On IT Governance

In today’s business situation with its complexity, required to be responsive, the costs to an organization can be important to stay competitive and meet business initiatives and challenges. An organization might face challenges and business problems like Global competition, product development costs, regulatory compliance, new business opportunity, and lack of skilled staff. While addressing any of these issues, the organization must be sure that the value of the business internally and the value provided to its customers is maintained or improved. This influences the executives to focus on how they can grow, sustain, change, and manage the organization to meet these challenges pertaining to corporate policies, processes, and IT infrastructure and systems that are required.

Lean vs. Traditional IT Governance

Traditional governance strategies often prove to be both onerous and ineffective in practice due to the focus on artifact generation and review. For example, delivery teams will often produce required artifacts, such as requirements documents or architecture documents, solely to pass through the quality gate. ... The result is a governance façade that often injects risk, cost, and time into the team efforts: the exact opposite of what good governance should be about. Lean IT governance, on the other hand, is a lightweight approach to IT governance that is based on motivating and enabling IT professionals to do what is best for your organization. Lean IT governance strives to find lightweight, collaborative strategies to address governance areas.

Quote for the day:

"Once a new technology rolls over you, if you're not part of the steamroller, you're part of the road." -- Stewart Brand

May 14, 2016

Q&A with Shawn Callahan on Putting Stories to Work

The first thing you need to do to develop your storytelling skills is to find some stories, preferably about things that have happened to you. Then you must work out the lesson or insight that is contained in a story, share the story, and see what happens. Here are two tips that will help enormously. First, never use the word ‘story’ when you share your story. Don’t start by saying, ‘Hey guys, I want to share a story with you …’ Instead, start with the insight that is contained in the story. For example, your story might be about persistence, about just how important it is to stick with something. So you might start by saying, ‘You know what, a lot of success comes from persistence. A few years ago …’ And away you go. People will listen intently because they want to know the insight that’s based on your experience.

The UK builds a 'fintech bridge' to Singapore

The co-operation agreement enables the UK regulator to refer fintech firms to its counterpart, and vice versa, making it easier for fintechs to scale between countries. Both countries want to be global fintech hubs amidst growing competition from the US and China. A booming fintech industry is desirable for two reasons: it helps the national economy, and it promotes competition and growth in the financial services industry. But while both Singapore and the UK boast advantages for fintechs, they are relatively small markets — the UK has under 70 million people, while Singapore has around 6 million. The partnership will create opportunities for fintechs to scale beyond the countries' borders, making it easier for startups that choose to launch in these countries to attract investment.

Culture and Technology Can Drive the Future of Openstack

“OpenStack in the future is whatever we expand it to,” said Red Hat Chief Technologist, Chris Wright during his keynote at the OpenStack Summit in Austin. After watching several keynotes, including those from Gartner and AT&T, I attended other sessions during the course of the day culminating in a session by Lauren E Nelson, Senior Analyst at Forrester Research. Wright’s statement made me wonder about what lies in store for OpenStack and where the OpenStack Community—the “we” that Wright referred to—would take it in the future. Several sessions in the Analyst track called out the factors that explain the increased adoption of OpenStack as well as the technological challenges encountered.

15 Google Doc Features You Didn't Know Existed

While the capability to edit and make changes in a document is great, there are times when you only want to suggest changes -- without actually making any. That's where "Suggesting" mode in Google Docs comes in handy. It works a lot like Comments in Microsoft Word. First, switch from "Editing" mode to "Suggesting" mode by clicking the pencil icon at the top right of an open document, and then choosing "Suggesting." ... Want to comment on a document and get a specific person's attention? You can do that by tagging them in your comment. All you have to do is add an @ or a + sign, and then begin typing their name or email address. Google Docs will give you a couple options based on your Gmail contacts, and once you've submitted the comment, it'll notify that person you mentioned by sending them an email.

Blockchain technology will revolutionize the world, enthusiasts say

Blockchain could disrupt transactions the way the internet did for communication. Any information that can be encrypted and stored in digital form can be transmitted — everything from real estate deals to medical records to transferring concert tickets. Blockchain is a “distributed ledger” invented by the mysterious person or group known as Santoshi Nakamoto that is accessible by everyone, but controlled by no one. It’s searchable and public making it more traceable than cash but encrypted and anonymous to maintain privacy. Picture it as a communal record-keeping system — the kind small communities kept in the 16th century to keep track of births, marriages, property transfers, anything of importance—but on a massive global scale. Blockchain is seen as the next great disintermediation.

10 Ways Virtual Reality is Disrupting Industries

Most of all virtual reality are helping teachers bridge the gap between what’s taught in the classrooms and what’s out there in the real world. Putting it into practice recently, British Museum partnered with Samsung and hosted a Virtual Reality Weekend. Families got a chance to view the museum antics using Samsung Gear VR. In fact, children above 13 were given a VR tour of the Bronze Age where they could experience a 3D depiction of life as it was back then. While this is just the beginning, Google seems to be planning for a Magic School Bus experience with its Expeditions Pioneer Program. Expeditions is a virtual reality platform which allows teachers to take kids on virtual field trips to places where buses can’t go. The program currently has more than 100 VR panoramas including those of Coral Reefs and US Financial Centers.

Going Through the Scrum Motions as Opposed to Being an Agile Jedi

Doing Scrum and not being Agile is more challenging to discern. It occurs in organizations adopting Scrum as their preferred Agile approach. The astute observer will notice team behavioral patterns that suggest mechanical adoption rather than assimilation. The psychological pattern is that of introjection – similar to chewing on a mouthful of dry biscuits not being able to swallow. Similar to other managerial process, it is easy to adopt the Scrum ceremonies rather than their intent. We have seen it occur previously with Six Sigma, Total Quality Control, and other managerial processes. Achieving the intent requires a cultural change; cultural change requires organizational change; organizational change requires buy in from key stakeholders which in turn requires people championing the new process across the organization.

Road to Efficiency, Part 1

The responsibility for resiliency and access may move to the cloud solution provider, but if data is deleted (inadvertently or intentionally) or corrupted on a logical level (and we know applications never corrupt data, don’t we?), it doesn’t matter on which infrastructure it runs. Furthermore, most businesses typically require more than just the most recent point in time copy of data. Finally, remember that these requirements apply equally to IaaS, PaaS, and SaaS solutions. ... In the end, we need to enhance the value of the data itself. One way is by providing insight into all data, regardless of whether it resides on-premises or in the cloud, on primary storage or as part of data protection solution. Once we can gather and identify all data, the key is unlocking its value. Global search, hold and discovery are just some of the initial use-cases.

Security in a hybrid world: You can’t protect what you can’t see

There are two parts to enforcing the new normal; bringing your entire estate into compliance, and enforcing the use of this new baseline. Once you have determine a need for change: patching, configuration files, applications, you name it, you need to act quickly and across your entire environment. Automation is faster, less error prone, and helps you reliably perform required actions across your entire estate. No matter how good you and your team are, and no matter how good your tools are, someone will always try to run older unpatched code. And someone will, if you don’t have the automated policies in place to confirm and approve code execution based on software versions, configuration file settings, registry settings, etc. One easy way to limit your exposure is to scan snapshots and live VMs for policy compliance.

Snowden interview: Why the media isn’t doing its job

A lot of people laud me as the sole actor, like I’m this amazing figure who did this. I personally see myself as having a quite minor role. I was the mechanism of revelation for a very narrow topic of governments. It’s not really about surveillance, it’s about what the public understands—how much control the public has over the programs and policies of its governments. If we don’t know what our government really does, if we don’t know the powers that authorities are claiming for themselves, or arrogating to themselves, in secret, we can’t really be said to be holding the leash of government at all. One of the things that’s really missed is the fact that as valuable and important as the reporting that came out of the primary archive of material has been, there’s an extraordinarily large, and also very valuable amount of disclosure that was actually forced from the government, because they were so back-footed by the aggressive nature of the reporting.

Quote for the day:

"If everyone has to think outside the box, maybe it is the box that needs fixing." -- Malcolm Gladwell