April 09, 2016

How is open source transforming the Internet Of Things?

Open source is a disruptor that never quits. It seems to be penetrating and transforming every aspect of established data, analytics, and applications ecosystems. In a podcast recorded at IBM InterConnect 2016, Roger Strukhoff, executive director, Tau Institute for Global ICT Research, shares his expert perspective on how open source initiatives are transforming the Internet Of Things. Strukhoff responded to the following questions: How do you define the Internet of Things?; What is the most important open source initiative in the Internet of Things?; What will the Internet of Things landscape of 2020 look like?; You’ve described a “highly supple, flexible ecosystem of ecosystems” in the Internet of Things arena? ...


Digital Disruption in Financial Services

Watch the general session on ‘Digital Disruption in Financial Services’ where Jim Marous, owner and publisher of the Digital Banking Report, led a discussion with the following panellists on how digital transformation is driving the financial services industry. ... Digital transformation is lighting up across the industry, bringing new opportunities and opening up new markets – and demands a fundamentally new approach to thrive in a mobile-first, cloud-first world. What’s your plan for digital transformation? How will you transform and perform in this new environment, satisfying clients and shareholders alike? Watch the session to hear insights and thought-provoking conversations from your industry peers.


What to use instead of the asset-based approach for ISO 27001 risk identification

One of the most significant changes in the 2013 version of ISO 27001, a worldwide standard for Information Security Management Systems, is that it does not prescribe any approach in the risk assessment anymore. While it still requires the adoption of a process-based risk assessment approach (learn more here: ISO 27001 risk assessment treatment – 6 basic steps), the obligation to use an asset-threat-vulnerability model in the risk identification step no longer exists. While this approach in the standard provides more freedom for organizations to choose the risk identification approach that better fits their needs, the absence of such orientation is the source of a lot of confusion for organizations about how to approach risk identification.


How to Build a Big Data and Analytics Team

Hiring a great team doesn’t start with posting a job ad. It starts with the company taking a hard look at its goals and the talent it needs to achieve those goals. As with anything surrounding data, the first step is to be clear on the questions that you want the data to answer and the challenges or goals you hope to address. No matter what size your business, don’t be afraid to start small and build your analytics as you go. Start with the questions in mind and identify the key performance indicators that will allow you to accurately judge when the questions have been answered. Then – and only then – start considering which team members can help you answer the questions.


Bank of Ireland experiments with blockchain technology

Tighe said that the purpose of the trial is to understand the technology and assess how it can fit with Bank of Ireland’s legacy systems as a layer on top. “We see this as the start of a new concept, just like experimenting with TCP/IP in the early days of the internet. It may not end up like this but we see a strong technology that can help with transparency in transactions. “Crucially, it has to meet regulatory requirements. “It is the underlying technology that fascinates us and it could one day be an efficient way of transacting value between people and at the same time leave a transparent trail of information.”


Linux founder Torvalds on the Internet of Things: Security plays second fiddle

Of course, Linux isn't the right operating system for all embedded devices. After all, the Linux kernel keeps growing. Therefore, Torvalds said, "If you're doing something really tiny, like sensors, you don't need Linux." But that still leaves a lot of room for big embedded Linux devices. In particular, Torvalds sees Linux playing a large role in the IoT because "you also need smart devices. The stupid devices talk different standards. Maybe you won't see Linux on the leaf nodes, but you'll see Linux in the hubs." Personally, Torvalds added, "I'm never been very interested in very small OSs. I liked working with hardware. But, if it doesn't have a memory management unit, I don't find it that interesting."


C-suite champion: what is the CIO’s position in the business today?

The future CIO will be expected to understand how every department will use technology tools and ensure a return on investment is achieved. The myriad of services out there makes this even harder. The challenges CIOs face when making purchases are exacerbated further by the different options available for the same service. Organisations can choose to use a managed service provider or OEM to complete an install. Buying from an OEM direct may seem like the cheaper option, but when you throw in added support costs and any maintenance, costs can quickly escalate. Pressure on CIOs to reduce capital spend is forcing the issue further. The latter is winning the capex vs. opex debate as IT budgets continue to be spent on technology for use across the business.


What Is Driving the Digital Economy?

Companies that thrive in the digital economy are 26 percent more profitable than their industry peers. These companies are thriving by improving customer experiences, optimizing operations and creating new business models—all through superior digital expertise and leadership. The 26 percent profit differential will shrink because the digital laggards will fall by the wayside, leaving the digital winners to compete among themselves. This is not as grim as it sounds: There is still time for the digital laggards to catch up … but not much time. We are already seeing the impact on the competitive landscape. According to R “Ray” Wang, principal analyst, founder and chairman at Constellation Research, half of the Fortune 500 companies on the 2000 list have since fallen off as a result of mergers, acquisitions and bankruptcies due to a failure to adapt digitally.


Bitcoin and the Rise of the Cypherpunks

As the bitcoin ecosystem has grown over the past few years, privacy concerns seem to have been pushed to the backburner. Many early bitcoin users assumed that the system would give them complete anonymity, but we have learned otherwise as various law enforcement agencies have revealed that they are able to deanonymize bitcoin users during investigations. The Open Bitcoin Privacy Project has picked up some of the slack with regard to educating users about privacy and recommending best practices for bitcoin services. The group is developing a threat model for attacks on bitcoin wallet privacy. ... A multitude of systems and best practices have been developed in order to increase the privacy of bitcoin users. Dr Pieter Wuille authored BIP32, hierarchical deterministic (HD) wallets, which makes it much simpler for bitcoin wallets to manage addresses.


You have the power. Should you use it?

But when you’re exercising power in an ongoing employment relationship, you should care a great deal about how the terms you dictate and the tactics you use make people feel. Their attitude toward the organization and you, their manager, directly affects the value they deliver as their part of the bargain. This is especially true when you’re dealing with geeks. The work they do requires engagement, creativity, dedication and commitment. It follows, then, that negative feelings can cost a great deal in productivity and quality. A developer who feels that she is being paid less than her equally capable peers is unlikely to think creatively day and night about how to better architect your system. A support technician who fears that his job may be converted to a contract position is thinking more about where to get a new job than about how to make a user feel good.


Quote for the day:


"The only way to discover the limits of the possible is to venture a little past them … into the impossible." -- Arthur C. Clarke

Posted by at No comments:
Labels: , , , , , , , , , , ,

April 08, 2016

Opportunities and Risks in 5 Global Outsourcing Locations

The Indian government launched Digital India in 2015 to transform the nation into a digitally empowered society and knowledge economy. The initiative aims to integrate government departments and the people of India by making government services available electronically.
Featured Resource The initiative also includes connecting rural areas with high-speed Internet networks. This initiative has three core components, i.e., creating digital infrastructure, delivering services digitally, and increasing digital literacy. Each of these components can potentially create several opportunities for the global services industry, across India-based and multinationals firms. Digital India offers four key opportunity areas for companies:


Banks finally welcome cloud computing cover

“One of the big challenges is the capital risk models that must be maintained according to regulatory demands. Banking CIOs must make that part of the opex rather than the capex,” an international banking CIO says of the increasing regulatory demands placed on banks which has created a demand for cloud technology in the sector. Regulatory demands don’t show many signs of a let-up, though Sir John Vickers, who was appointed to head the Independent Commission on Banking inquest, recently accused the Bank of England of being too light on the financial services industry. Though there have been numerous extensions to the Basel III accord, its BCBS 2329 regulates the principles of data aggregation. This means CIOs and their organisations have a responsibility to be accountable for the data they hold and who the data owners are.


CIOs lack faith in IT’s ability to meet digital demands of business

Many lack faith in the ability of the IT underpinning their organisation to support such a speedy product release cycle, with 68% raising concerns about the pressure this will put on their existing infrastructure and staff. This, in turn, could have dire consequences for the customer satisfaction they can deliver, and their brand reputation, according to 69% of respondents. Nigel Moulton, CTO for EMEA at VCE, told Computer Weekly that the survey highlight a difference in opinion between the IT department and the wider business about IT’s abilities. “When we looked at the CIO and the estimation of their IT organisation, they tended to be more critical of its capabilities than the business leaders were,” he said.


Red Hat's open source success story built on killing complexity in IT

What used to be a matter of "helping [customers] carve out costs" has become a matter of "building new architectures." I don't personally feel OpenStack has the same resonance as things like Docker, though Red Hat begs to differ, but the general point is correct: Open source increasingly drives innovation, and as more developers pile into open source, the complexity quotient keeps rising. ... The challenge for any would-be open source vendor is two-fold: First, they need to stop trying to exclusively sell whatever project they first developed. Second, they need to stop selling software and instead sell subscription services around the software they corral. This sounds simple, but in practice virtually no open source company follows both of these principles.


Organizations Confirm Big Time Need for Real-time Data

In the midst of all the technology innovation, data scientists and architects still suffer similar challenges of the past. Slow data loading is perhaps one of the most prevalent. With increasing volumes, it simply becomes harder to ingest and store new data. Legacy data architectures based on disk drives or single server systems simply cannot meet today’s performance needs. Slow queries also pose a challenge for similar reasons that disk-oriented and single node systems quickly reach a limit on performance. The lack of concurrency, otherwise known as multi-tasking, further inhibits what older systems can handle. Ideally you have fewer data systems that can handle more types of workloads and models to simplify infrastructure and reduce costs.


Restaurant waitlisting app NoWait rolls out mobile payments

Now that the company has established a large enough business customer base and consumer user base, it’s been expanding what’s possible on its platform. For example, it more recently rolled out a way for diners to privately rate their experience and for restaurants to respond, instead of turning to Yelp. With mobile payments, NoWait is looking to close the loop between the restaurant and consumer, explains CEO Ware Sykes. The company has already been testing payments in its hometown of Pittsburgh, and early results are promising, the CEO claims. “Restaurants are seeing faster table turns, servers are seeing substantially higher tips, and consumers save five to ten minutes at the end of the meal,” he says.


Hybrid cloud: The smart person's guide

In optimal deployments, hybrid cloud provides the best of both worlds of computing. Public cloud providers offer the ability to instantly provision computing resources on demand, without the extensive upfront costs and time needed to build on-premises solutions. The private cloud component delivers information quickly, and does not rely on internet connectivity to operate — an important consideration as ISPs consolidate, and struggle to provide service. Having a private cloud component provides peace of mind; with an on-premises server, a disruption to internet connectivity will not bring your business to a complete standstill. Cost is a substantial factor for many organizations. For industries with seasonal or variable workloads, assembling a private cloud to handle normal workloads while relying on public cloud providers to handle burst workloads can be a budget-friendly IT strategy.


How To Handle A Zero-Day Attack - From Lawyers

When it comes to analyzing or even manipulating the data, try to avoid using any custom code. It’s going to be much easier for all concerned if you use products and methods that can be easily reproduced, even if a clever AWK script with some APL matrices would be more elegant. Any settings and parameters for the apps and databases used in your analysis should be recorded in your journal entries, and use screenshots liberally to substantiate the details.  Of course, anyone with an interest in the outcome of the case should not be analyzing, let alone manipulating, data. Typically, this means consultants should be doing all the data crunching. Make sure that the consultant has no investments in your company or the opposing party, and that your contract with them contains no incentives or bonus payments for specific outcomes.


Dealing with digital disruption in Africa

“No African company can afford to face these kinds of changes without having some kind of digital strategy,” Southwood said. “But this kind of strategy is to some large extent going to be reactive whereas the smarter corporations will begin to make innovation a core part of their business so that they help disruptive start-ups launch and invest in them so that they know how to shape their businesses in the future.” Regulations could also pose a challenge to disruption. Southwood gave the example of mobile money in Kenya and Nigeria. In Kenya, mobile money was allowed to operate until the regulatory bodies understood its implications. “But by the time Nigeria drew up its m-money regulatory framework, it insisted that the banks - not the mobile operators - were formally responsible for offering the services. If disruption threatens powerful players in the economy,


0 Bugs Policy

Bugs that were opened during the development of a new feature. If you are working in Scrum for example (or any other agile iterative methodology), these are the “in sprint” bugs that were found for the new user story you are currently implementing. These kinds of bugs must be fixed right away, otherwise the story/feature is not really DONE, and you are violating a basic agile rule saying that: DONE is DONE is DONE; which means, the story/feature is really completed, only after it was fully tested and approved by the product owner. No loose ends. If this concept is not crystal clear, than we need to go back for agile basics, but that is another article…


Could the Internet of Things morph into the Abandonment of Things?

As developers, we understand that even the simplest of IoT products represents a significant investment. They contain embedded software to make the thing work, server side applications to process messages or send out alerts, databases for maintaining user accounts, iOS and Android mobile apps for controlling devices from your reclining chair, and more. There are license fees for software libraries, too. I can understand the underlying economic reason for leaving the past behind, but in this connected age, before you arbitrarily put a bullet through your products and applications, you’d best provide a soft landing for the people who paid for the privilege of using them.


Quote for the day:


"To improve is to change, so to be perfect is to have changed often." -- Winston Churchill,

Posted by at No comments:
Labels: , , , , , , , , , , ,

April 07, 2016

How New Technology Trends Disrupt the Very Nature of Business

In the Museum of the Future, you can see what it would be like to be going to a doctor to get a new body part to jump higher or move faster. You look at these types of ideas, and the business embraces the same sort of idea. How can I augment my business to actually run smarter and be better? What are things on which I can augment myself to use data better? You can no longer be an island as a company. You need to share ideas and innovation with others. You need to be connected, and when you're connected, you can transform your business, you can do new things, you can take on new capabilities, and you can augment your business.


Are CISOs Building Effective Business Cases for Data Security Investment?

CISOs will have to redesign this undemanding path toward an approach for making business cases in terms executives can appreciate and directly connect to the organization’s top strategy goals and objectives. Making more effective business cases can help to gain investment dollars and increased control for a budget not always under a CISO’s direct management. Security investment decisions are only as good as the business case process. The first step in this process is to define the security initiative well enough so that decision makers can make informed choices. ... In short, they drive results, and not just promise them, because they’re used to ensure the project and the benefits are delivered.


Time to separate the fintech fictions from the fintech facts

It’s an exciting time to be in the fintech landscape. People love to talk about fintech as the next big thing, and as time goes on we’ll have more and more examples of fintech companies hitting it big. With this excitement though, there has been some misinformation and fear shared in the community and among observers. It’s understandable; fintech as a sector is new, and in some ways untested, but people understand the possible gains to be made by innovating the financial services industry. Fintech is a force, and we’re only just beginning to feel its effects. What’s needed is a definitive way to separate the fintech fictions from the facts.


IoT will shake up world of data analytics, says report

“The view has been that IoT is a mashup of complex technologies used only by early adopters,” said Mike Lanman, Verizon senior vice-president of IoT and enterprise products at Verizon. “In the past year, we’ve seen compelling examples of how the IoT is being deployed by a wide-range of enterprises, entrepreneurs, municipalities and developers to address relevant business, consumer and public needs. “Meanwhile, consumers are more willing to try new technologies and apps that introduce a better way of life. The end result will not only give rise to thousands of new use cases over the next two years, but will also create an accelerated pipeline for innovation and a new economy.”



7 Wall Street Firms Test Blockchain for Credit Default Swaps

The companies did not disclose which blockchain or ledger systems were used as part of the trial, though only a few firms currently offer support for smart contracts, with Symbiont and Ethereum being perhaps the most notable. According to the statement, the test showed that regulators could view in "real time" a wide range of financial events including trade details, counterparty risk metrics, and exposure to reference entities. “Our experiments with Axoni demonstrate that confidentiality and privacy can be preserved between bilateral parties on an immutable distributed ledger at scale," said Emmanuel Aidoo, who is in charge of the blockchain and distributed ledgers at Credit Suisse, in a statement. Over the course of the months-long project, the group said it built its network using Axoni-hosted software that was installed locally.


Your car's computers might soon get malware protection

Modern cars contain tens of specialized computers that control everything from infotainment functions to steering and brakes. The pressing need to protect these computers from hackers will likely open up a new market for car-related software security products. Karamba Security, a start-up based in Ann Arbor, Michigan, is one of the companies that has stepped up to answer this demand. The company's anti-malware technology, unveiled Thursday, is designed to protect externally accessible electronic control units (ECUs) found in connected cars. These controllers, like those that handle handle telematics, infotainment and on-board diagnostics, can be accessed via Wi-Fi, Bluetooth or even the Internet, so they can serve as entry points for hackers into a car's network.


Veriflow promises to bulletproof networks

Veriflow believes its mathematical approach across a network-wide infrastructure, solves the above problems and also results in zero change-induced outage and breaches. Unlike techniques such as penetration testing and traffic analysis, Veriflow performs mathematical analysis of an entire network's state, and does so proactively – before vulnerabilities can be identified and exploited, and without waiting for users to experience outages. If there is a network policy violation, Veriflow will find it and provide a precise identification of the vulnerability and how to fix the flaw. Otherwise, Veriflow can provide mathematical proof that the network is correct, giving enterprises the confidence to change their infrastructure.


Cyber Insurance Coverage Gaps May Surprise Many Organizations

Even after providers assess whether they are buying enough coverage and can financially handle additional costs once sublimits are reached, providers must look closely at the definitions contained in the policies. “The real issue in cyber coverage is definitions of certain terms, which could exclude coverage,” Hite says. Coverage goes into effect on the day it was bought, but in instances where a hacker already has infiltrated information systems before a policy was purchased, there is no coverage because policies often don’t work retroactively. Hite advises buying a “retroactive date” policy that covers the organization back at least one year. Organizations with the financial and technical means should have a strong response team in place with everyone knowing what their duties are if an attack comes.


Face it: Developers are becoming babies

It's perhaps not surprising that the developer population keeps getting younger, at least as measured by experience. For example, while the early open source community largely focused on rewriting legacy, proprietary software as open source (Linux replacing Unix, OpenOffice replacing Microsoft Office, etc.), today's open source community is building the future. ...  Developers, focused on their code, can't be bothered to write good documentation which, in turn, hampers adoption. Brian Rinaldi venturedto call the situation a "mess," one that keeps getting worse as more developers jump into code without recognizing that good documentation is an essential feature of the best open source projects (and always has been).


A (new) discipline: The (new) security engineer

This discipline is security in pursuit of designing, architecting, developing and deploying secure products; this is not your father's "security engineer," the one responsible for setting up firewalls and ensuring the VPN was running. While the latter is still an incredibly important role, this new role is about building secure products, rather than working with security products. It requires deep knowledge of developer languages and practices, infrastructure architecture, usability design, legal liabilities and contractual language, regulatory standards, tooling, threat landscapes and hacker trends, supply chain management, and corporate governance. It begs for a passionate evangelist who can dig into dry and dusty regulatory documents, someone cynical enough to expect to be hacked at any time who can also be an enthusiastic and patient mentor ...


Quote for the day:



"Cyber is the one area where we have pure competitors who have the capabilities that we do." --  Adm. Michael Rogers

Posted by at No comments:
Labels: , , , , , , , , , , , ,

April 06, 2016

How secure is your boardroom data?

So cyber security is not just a concern for the CIO and their team – it’s something that everyone at board level needs to be aware of. In its 2015 whitepaper, ‘10 Steps: A Board Level Responsibility’, the UK government warned that security was now a board level responsibility, and offered help for senior executives on how to keep sensitive data safe. This has to include both an increased level of awareness around cyber security – knowing the company’s cyber security policies, ensuring they are functioning and are being enforced as intended, and having an awareness of the type of risks that the company may face.This requires a link from IT to the board to make sure these knowledge gaps are filled, and that board members are kept up to date with latest threats. Perhaps there is a role for a sub-committee that focuses only on the analysis of cyber threats and reports back to the board.


Build Your Own Offshore Development Team - or Not?

There is an historical “garbage in, garbage out” approach to leveraging overseas dev/test talent and cost savings. We throw something to essentially a coding factory on another continent and wonder why it doesn’t come back looking like it was tailor-made. Or we think we’ve secured the services of a hotshot overseas coder and wonder why he leaves us for Microsoft and a work visa six months later. I’ve been on both sides of the outsourced development puzzle—client side and vendor side. Some may be in the unique position to create their own offshore center due to business connections, existing infrastructure, unique cultural background, or a combination of all three. But this is not typical or practical for most of us and here’s why:


How to do data-driven marketing right

Enterprises today accumulate a lot of data, which they typically use internally for CRM, sales forecasting, and marketing strategies, among other things. But some savvy companies, particularly those in the technology industry, share this data with the media and the world at large. The benefits of data-driven content marketing can be considerable. Here's how some companies leverage their own data for marketing, brand awareness, and thought leadership, along with tips and best practices for success.


How to Prepare for a DDoS Attack

Visibility is critical when preparing for issues in your network. SNMP graphing platforms will tell you an extraordinary amount of information on volumetric attacks. You’ll be able to see and (depending on the platform) sometimes even alert on anomalous bandwidth events. You’ll be able to track at which port it entered your network, if it’s saturating any links, and even where the attack is headed. It’s surprising how many companies I’ve worked with over the years that do not deploy this because it’s such an easy and basic thing to implement. Primarily, you need devices that can speak SNMP, such as managed switches, routers, etc., and then you need a platform to query them.


Study: Interest in location intelligence technology nascent but rising

Interest in location intelligence is dependent on the industry. “If you’re doing things like sales operational planning, you have to use location intelligence to do that. Otherwise, you’re not going to understand how to allocate resources appropriately,” he said. Indeed, when broken down by industry, the survey reveals that retail has the highest interest in location intelligence with 65% of those representing the industry indicating that location intelligence is either critically important or very important to their company. Only 40% of survey takers from health care and 35% of survey takers from education said the same. Yet Dresner predicts location intelligence will rise in importance across all industries eventually. One driver is Internet of Things (IoT), he said, pointing to the growing network of Wi-Fi enabled physical objects such as Fitbits and connected vehicles.


Next-Generation Databases Shift IT Priorities

IT professionals do not want their next-generation database solution to require a "media-heavy server architecture," Thakur pointed out. "They want native formats on secure storage." They want a scalable system that can handle ever-increasing data loads, Thakur added. They want resiliency. "Given this highly distributed world, a node could go up or down fairly quickly. Customers want backup infrastructure that is highly available," Thakur said, which is preferable to doing the backup all over again should a node ever quit. But there is a trade-off. IT professionals can either have eventual data consistency on the next-generation platform, or strong consistency, which is the hallmark of the relational database, Thakur explained. "If you want scalability, you have to give up something," he said. IT professionals will give up strong consistency to gain the benefits of scalability that big data has to offer, he added.


Technology, IoT monetization to usher in 'programmable economy'

Over the next few years, Furlonger predicted, there will be a transition to an economic model that will better support organizations' move to digital business. IoT will play a key role in this transition. "The Things will start to act as proxies for us. You see that with things like virtual personal assistants, virtual customer assistants, different algorithms for robots … making decisions on our behalf in the transactional supply chain. That's just the beginning," he said. Furlonger said robotic services -- including those attached to IoT -- will become increasingly autonomous. "There's no reason -- because everything is connected to the Internet -- why they can't access your bank account, why they can't pay tax, why they can't transfer money. It's just another Internet-based connection, and then they become part and parcel of this new economic environment," he said.


The 'IoT' Is Changing the Way We Look at the Global Product Value Chain

The traditional product value chain has been shaken up with the unstoppable spread of globalization and the universal commodification of goods and services. Globalization has forced companies to adjust and respond. In fact, Internet of Things (IoT) products are playing a pivotal role in the alteration of B2C relationships, delivery channels and product pricing, and their continued proliferation is shaping the very nature of how we look at the product value chain. The "Internet of things" refers to objects that can communicate among one other through a network. IoT is becoming prolific and commonplace in everyday objects. And, with experts predicting that the IoT network will consist of some 50 billion devices by 2020, those devices will only become more and more ubiquitous. The IoT revolution is truly just beginning, and it will most certainly will be televised!


Test Management Revisited

While test management is largely irrelevant in this world, there is still a desperate need for test leadership. Why is this? The main reason is that as organisations struggle to become more innovative to respond quickly to market changes, engineering has responded by turning to continuous deployment and cross-functional teams to help meet demand. How testing fits into this picture is proving to be an Achilles heel for many organisations, which struggle to solve the challenge of how to making testing relevant and faster, yet uphold the quality they need to develop trust with their customer base. The truth is, agile or not, most organisations adopt a testing approach constructed not long after the computer came into being—despite the enormous technological advances made in the last 70 years.


Why Banks Should Go Easy On The Blockchain

The banks are certainly getting schooled on the technology, with most of the world’s top FIs participating in some type of blockchain development scheme, if not investing on their own internal programs to explore the tool. FinTech innovators were the first to forge a path that could bring blockchain into the real world, but it wasn’t until financial institutions began investing and taking interest in the sector that it began to be taken seriously. It may not seem fair, but Lawlor said it was necessary. “Any time we’re dealing with people’s money, there’s a need for the legitimacy of a financial institution that’s been around for potentially hundreds of years,” he noted. “They also have the regulatory and compliance structures already in place.”


Quote for the day:


"Don't expect to build up the weak by pulling down the strong." -- Calvin Coolidge

Posted by at No comments:
Labels: , , , , , , , , ,

April 04, 2016

5 Security Bad Habits (And Easy Ways to Breal Them)

Procrastination. Fidgeting. Biting your nails. These are all bad habits, but none so bad that they could bring a company to its knees. When it comes to security, however, some bad habits could be devastating, leaving your company vulnerable to hacks, data loss or theft or some similar type of security breach. The good news is that there are some simple steps IT can take to educate users on security best practices and make them part of the solution instead of the problem. Jonathan Crowe, senior content manager at endpoint security solutions company Barkly offers five simple ways to improve your security posture and help employees become a bit more security-savvy.


How Early-Stage Startups Can Enlist The Right Amount of Security As They Grow

Many resource-strapped startups gauge their commitment level to security by assessing the financial expense to the company. Instead, Graham recommends defining security spend by a company’s possible exposure risk. “For all companies, there’s a limit to how much money can be lost. So if you’re spending more than that amount, you’re absolutely screwing up,” says Graham. “There’s also a limit to how much money you’re likely to lose based on what it is you do with customer data and what you do to monetize it. You’re also messing up if you spend more than that amount.” Graham admits that these assertions are counter to many marketing messages. Most startups are exposing customers to more risk than they’re selling. “There’s a lot of social capital used in marketing these days. Statements such as: ‘You can absolutely trust us to take care of your data.’


The inevitability of data visualization criticism

On a recent episode of What's the Point, Giorgia Lupi expressed this perfectly when she said, "Beauty is a very important entry point for readers to get interested about the visualization and be willing to explore more. Beauty cannot replace functionality but beauty and functionality together achieve more. Beauty is an asset." This doesn't mean you should never produce a line chart, but would the WSJarticle have been so successful had they done it Randy's way? Randy acknowledges this in his article. We both agree you need to craft accurate charts and focus on the story. A rich dataset can tell many stories. In this case, even when you have chosen the story you want to choose ("vaccinations end disease"), it can be told in many different ways (line chart or highlight table).


How an AI program helps doctors identify cancer and other medical abnormalities

Behold.ai's system works by looking at images and giving doctors suggestions, based on learning from similar medical scans. "Computers have become increasingly adept at figuring out objects and images," said Raut. "There's the Amazon Fire phone, which can scan a picture and if it's a product on Amazon, it will find it for you." And Facebook, he said, can see a photo and tell who that person is. "There's a lot of advances in facial recognition that we wanted to adapt to medicine," he said, "because it's about determining where the nodules, aneurysms, and things like that are." Through partnerships with hospitals, Behold.ai is using data sets from real patients to ensure that the reinforcement learning system has quality data


Outshone by Smaller Screens, PCs Aim to Be Seen as Cool Again

Yet as people increasingly gravitate to smartphones and tablets for their computing needs, shifting into what has been called the “post-PC era,” the investment into design and new innovations by PC makers may come to naught. Last year, 289 million PCs were sold worldwide, an 8 percent drop from 2014, according to Gartner, a research firm. The sales decline was just the latest in several years when the PC market faced an onslaught of smartphones and tablets as cooler alternatives. The falloff is expected to level off this year, with PC sales even expected to begin growing slowly in 2017. But that still leaves the question of whether PCs can seem cool again. Even people who depend on the PC industry now lack passion for these onetime miracle products.


Microsoft Embraces Linux - Way Too Late

The Linux-on-Windows announcement is more interesting, but requires some clarification. This is not Linux running in a VM -- there's no Linux kernel present, nor a hypervisor emulating hardware. This isn’t Cygwin, which is a Unix environment compiled specifically to run on the Windows platform. It’s not a container, either. The Ubuntu environment running on Windows 10 contains binaries identical to the binaries running on an Ubuntu platform -- an ELF executable. What Microsoft has done is build a system call translation layer. When a Linux binary makes a syscall, Microsoft’s Windows Subsystem for Linux translates it into a Windows syscall and delivers what the binary expects. It’s akin to WINE, which does something similar for Windows binaries running on Linux. Also like WINE, it’s not magic -- many binaries won’t "just work." This is only the beginning of a long process for Microsoft.


C#/Web API Code Generation Patterns for the RAML User

C# 2.0 was designed with code generation in mind. Seeing how common it was to use code generators even in Visual Studio itself, it was given the ability to create partial classes. A partial class contains some, but not necessarily all, of the code that makes up the whole class. This allows you to separate the class over multiple files, some of which are code-generated while others are hand-written. This separation prevents the code generator from wiping out code the developer has manually written. Unfortunately, this wasn’t enough. Partial classes allow you to add new methods, but not change the behavior of existing ones. For that we had to wait until 2008 and the introduction of partial methods in C# 3. Superficially, a partial method looks like an abstract method, but this is the wrong analogy.


MedStar hack shows risks that come with electronic health records

Health care executives and regulators say their increasing reliance on computer networks and electronic patient data have brought new challenges. Sharon Boston, a spokeswoman for LifeBridge Health, said the corporation takes information security seriously and works to adapt to new threats as they arise. LifeBridge operates Sinai, Northwest and Carroll hospitals in the Baltimore region. "The use of the electronic medical record across the health care industry is broader and deeper than it has ever been, and will continue to grow," Boston said. "With the evolving nature of these electronic threats, LifeBridge Health continually monitors the safety and potential vulnerability of our information systems and takes appropriate action."


Ever been in these social engineering situations?

Once I picked the lock to the unalarmed external emergency door, I realized that the client took the extra step of implementing biometric access control. There wasn't a single person going in or out while I observed. I needed a different way in to the server room. I noticed a security guard station with several monitors and a key box behind the desk. I saw a guard and a maintenance employee were taking a coffee break. "Sorry guys, I'll just be a moment. I need to get the serial numbers off of these devices. We are doing inventory." I gave him the face of, "you know, the grind," shrugged and began writing down anything I saw. "Not a problem," the guard responded after glancing at my fake badge I made using basic photo editing skills. “You can take them if you want. They don't work half of the time anyway," the guard chuckled.


Microsoft's machine learning vision includes security, too

"We want to build intelligence that augments human abilities and experiences. Ultimately it is not going to be about man versus machine. It is going to be about man with machines," Nadella said at Build. And what's better than having machines help users protect their data and communications? Nadella acknowledged social implications to security and privacy, promising Microsoft will take a “principled approach” as it adds intelligence to applications. Technology needs to be “more inclusive and respectful,” as well as balance security and privacy considerations, such as adopting encryption. Consider the Skype bot. The Build demo showed the bot picking up key terms related to travel during a Skype call and suggesting hotel reservations. The same bot will have to recognize sensitive information and make sure to protect it.


Quote for the day:


"For all companies, there's a limit to how much money can be lost. So if you're spending more than that amount, you're absolutely screwing up." -- Michael Graham

Posted by at No comments:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)