Daily Tech Digest by Kannan Subbiah

May 19, 2016

Lessons from LinkedIn data breach revelations

As mentioned, LinkedIn’s passwords were encrypted, but the company was still using a relatively weak hashing algorithm. It was also not adding random text to passwords to make it more difficult to reverse engineer the hashed or scrambled versions of the passwords. ... Creating unique passwords for every online service means that if one is compromised, none of the others are affected. However, the converse is also true. If passwords are re-used and one service is compromised, it means all others where the same password is valid are also at risk. “While LinkedIn has taken the precaution of invalidating the passwords of the accounts affected, and contacting those members to reset their passwords, the chances are that many will use the same password across multiple online accounts,” said Liviu Itoafa, security researcher at Kaspersky Lab.

Cloud security: A mismatch for existing security processes and technology

Certainly cybersecurity professionals want to leverage existing security investments and lean on well-established best practices as much as possible. So, what’s the problem? Unfortunately, existing security technologies and processes don’t always work when pointed at cloud-based workloads. In fact, 32 percent of enterprise cybersecurity and IT professionals admit they’ve had to abandon many traditional security policies or technologies because they couldn’t be used effectively for cloud security, while another 42 percent have abandoned some traditional security policies or technologies because they couldn’t be used effectively for cloud security.

IT Governance Integral Part of Corporate Governance

For any modern day business to stay agile, relevant, competitive and profitable, it has to rely and invest in IT as a major component of its business strategy. Automating a company's functions, apart from requiring significant financial investments, also requires the incorporation of powerful internal control mechanisms into computers (hardware), software and networks to manage operational IT risks. In view of the above, IT governance is now considered as a bread and butter issue for businesses to thrive. The emerging trend is that IT governance and corporate governance can no longer be separated. IT governance now constitutes a key component of every company's strategic plan and consequently it has become a standing agenda item at board meetings.

Ransomware attacks force hospitals to stitch up networks

Once ransomware is on the networks, hospitals were forced to resort to finding and using paper copies, fax machines, phones, and any other non-connected devices, while network administrators hastened to get their systems up and running. The result of these activities has made a lasting impact on operations: in some instances doctors even had to reschedule high-risk surgeries. The lessons to be drawn from these recent incidents is the need for hospitals to develop and implement a strong cyber resiliency plan that incorporates incident response as well recovery operations from such attacks. The threat of ransomware demonstrates the need for hospitals, as well as all organizations, to identify critical information and properly store it on backup systems that are independent of the main network. While we can’t necessarily predict when attacks against us will occur, we can always be prepared to respond to them once they do.

Digital transformation trips: advice from CIOs

Unsurprisingly, lack of investment from the business is a barrier to digital transformation, with 50 per cent of those studied saying this was one of the biggest downsides. When asked what the major barriers are to digital transformation projects, the top answer was the lack of funds available for technology provision. Adding to complexity, corporate culture is often change-averse, according to 43 per cent of CIOs studied. If they are to encourage investment in digital, CIOs must now convince the board of the area's ability to drive business change. A financial sector CIO explains: "Gain board level sponsorship, so the initiative is perceived as a business led change programme, rather than a technology led one."

Google Has Built Its Own Custom Chip for AI Servers

TPU gets its name from TensorFlow, the software library for machine intelligence that powers Google Search and other services, such as speech recognition, Gmail, and Photos. The company open sourced TensorFlow in November of last year. The chip is tailored for machine learning. It is better at tolerating “reduced computational precision,” which enables it to use fewer processors per operation. “Because of this, we can squeeze more operations per second into the silicon, use more sophisticated and powerful machine learning models and apply these models more quickly, so users get more intelligent results more rapidly,” Jouppi wrote.

Make the bed, enterprise OpenStack deployment is moving in

The increased adoption of OpenStack is part of a changing perspective of open source in general, where more enterprises view it as a way to get faster top-level development, rather than relying on the roadmap of one proprietary entity, according to Nelson. "There's been a big shift from a bunch of developers getting in a room and dreaming of the future to something that has become a lot more real, and adopted by commercial vendors and looked at seriously by a lot of large enterprises," she said. The next step in OpenStack adoption is likely companies that are not interested in putting whole development teams in place to put the upstream code into production. Instead, the next round of adoption will likely involve a deployment from a vendor -- companies such as Canonical, Red Hat or Mirantis -- to do it hands-off, so it feels like rolling out Linux.

SEC says cyber security biggest risk to financial system

The SEC, which regulates securities markets, has found some major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced, SEC Chair Mary Jo White told the Reuters Financial Regulation Summit in Washington D.C. "What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks," she said. "As we go out there now, we are pointing that out." White said SEC examiners were very pro-active about doing sweeps of broker-dealers and investment advisers to assess their defenses against a cyber attack. "We can't do enough in this sector," she said.

New Federal HIPAA Guidance Targets Data Security Incidents

The new guidance defines how business associate agreements should specify the terms of how and for what purposes protected health information will be used, and create reporting mechanisms that cover instances in which protected information is disclosed in a way not authorized under contracts. The new rules put the onus on BAs to report incidents to covered entities. ... OCR recommends that business associate agreements contain requirements that BAs and subcontractors report a breach or a security incident even if it did not cause a breach. The information should include BA or subcontractor name and contact information, a description of the incident, date of the incident and date of discovery, types of unsecured PHI involved in the incident, and steps being taken to further investigate the incident and avoid future incidents.

Role of Business Analysis in Agile

Great business analysts are now more aware of the customer and their journey with the software. They’re interested in understanding not only why the business want the product built, but what the problem is that the product is trying to solve and how their customers will use it. The business analyst is also in a fantastic position to influence team dynamics. They’re working closely with the product owner, working closely with the development team, being able to drive consensus on decisions that are being made is a great way to ensure that the whole team feels they have ownership of the product. This also helps establish a shared goal that the whole team can work towards. So you can see, there’s heaps of different paths a business analyst can take to be T-shaped and provide further value to their teams.

Quote for the day:

"Diligence is the mother of good fortune." -- Miguel de Cervantes,

May 18, 2016

Your Business’ Network Needs IPS and IDS – Here’s Why

If you are simply looking for IDS, which is intrusion detection services, then what you want to do is have the devices working out of the direct line of your traffic flow so that you can detect abnormalities on different scales. However, if your focus is on IPS, which is intrusion prevention services, then you want to put the device that is sorting through your traffic in line with your network so that it can be the barrier your network needs to stay safe. ... Some of the different streams that are used for intrusion pose a larger threat than others, and this is worked into the device itself that you are using. Your device will detect the intrusion, figure out what type of intrusion it is, and evaluate the information that it can get from the intrusion. From there, you will be able to get a rating as to just how much potential danger your network is in, and decide on what type of steps you want to take next, such as blocking that type of intrusion,

On Blockchain Disillusionment and Bitcoin's Big Bad Wolves

For all the investment, it remains increasingly unclear exactly how banks will use blockchain technology or distributed ledgers, or if the areas where it seems most effective will be lucrative or interesting enough for incumbent financial firms to pursue. As noted by Coin Sciences CEO Gideon Greenspan in a recent CoinDesk opinion piece, shared ledger efforts have hit a roadblock when it comes to confidentiality, as every institution operating in such environments today sees every transaction. "This turns out to be a huge issue, both in terms of regulation and the commercial realities of inter-bank competition," Greenspan writes. "While various strategies are available or in-development for mitigating this problem, none can match the simplicity and efficiency of a centralized database managed by a trusted intermediary."

DevOps model, a profile in CIO leadership, change management

Proponents tout the many benefits of DevOps, the practice of putting software developers and the IT operations together so that building, testing and releasing software can happen very quickly, frequently and more reliably. They say this approach (or culture or movement, as some call it) produces faster delivery of features, more stable operating environments and better quality products. They also say that the DevOps model means continuous software delivery and faster resolutions of problems, which lead to more satisfied users. Results like that get attention, said Donnie Berkholz, research director for the development, DevOps, and IT ops channel at 451 Research. In fact, he points out that 40% of the 568 infrastructure professionals his firm recently surveyed are using DevOps somewhere in their organizations.

10 most in-demand Internet of Things skills

Insufficient staffing and lack of expertise is the top-cited barrier for organizations currently looking to implement and benefit from IoT, according to research from Gartner. "We're seeing tech companies around the globe getting organized and creating IoT strategies, but where they're struggling is they don't have the processes and talent in-house to make these things happen," says Ryan Johnson, categories director for global freelance marketplace Upwork. By tracking data from Upwork's extensive database, Johnson and his team have identified the top 10 skills companies need to drive a successful IoT strategy. Data is sourced from the Upwork database and is based on annual job posting growth and skills demand, as measured by the number of job posts mentioning these skills posted on Upwork from October 2014 to December 2015.

SAP Technology Targets Inequity in Workplaces Around the World

“Diverse teams are high performing teams,” said Mike Ettling, president of SAP SuccessFactors.* “We’re always looking at how innovative HR technology can improve people’s work lives. Our HCM solutions simplify and standardize HR processes for organizations across the globe. Addressing inequity fits into our focus on built-in intelligent services and recommendations. Today’s innovations, and those to come, are designed to help companies find and address opportunities to build inclusive cultures, prompting managers and HR professionals to make intentional decisions as they attract, hire, develop, reward and promote people.” The use of technology to tackle workplace issues like gender inequity has not grown at the same pace as that of the digital economy.

Cloud security and compliance concerns rise as investment grows

“As organisations look to cloud computing to reduce IT costs, increase agility and better support business functions, security of data and applications in the cloud remains a critical requirement,” says Holger Schulze, founder of the 300,000-member Information Security Community on LinkedIn. “The 2016 Cloud Security Report indicates that as organisations increase investments in cloud infrastructure, they are seeking a similar level of security controls and functionality to what’s available in traditional IT infrastructures. “However, they are finding traditional security tools ineffective in the cloud. In a shared responsibility model, this is an opportunity for organisations to implement effective cloud security solutions to strengthen their security posture and capitalise on the promise of cloud computing”.

Towards a whole-enterprise architecture standard – 6: Training

In short, training only make sense in those parts of the context that map to the left-side of that boundary. To the right, we’re going to need real skills, which in turn arise only from some form of education or self-education. The vertical axis on SCAN is an arbitrary scale of the amount of time available for assessment and decision-making before action must be taken – the latter indicated by the ‘NOW!’ as the baseline, with time-available extending ever upward towards an infinite future relative to the ‘NOW!’. The green dotted-line across that axis represents a highly-variable yet real transition from theory to practice, or from plan to action. For humans at least: above the boundary, there is time for considered or ‘complicated‘ evaluation, and plans and decisions are rational – or may seem so, at least; and below the boundary, there is time only for simple evaluation in real-time, and plans and decisions are emotional

How to manage workers in the gig economy

HR has developed into a department that is devoted to employee engagement and company culture. "As companies shift from having traditional paper pushing HR departments to becoming more focused on the employee experience, a PEO system can create a huge benefit allowing HR to focus on their talent brand vs compliance," says Harris. PEO models can also help minimize the workload and paperwork associated with gig workers, who are in and out of the company like a revolving door, says Harris. These systems take away a lot of the grunt work associated with onboarding employees, as well as managing their benefits, compensation and even seeing them out of the company once they move on. PEO systems are freeing up HR so they can focus on ensuring gig workers are engaged, feel a part of the culture and aren't treated any differently than typical full-time workers.

Cybersecurity in 2020: The future looks bleak

Scenario planning or scenario thinking started in military intelligence circles as a way to create flexible long-term plans. "Scenario planning may involve aspects of systems thinking, specifically the recognition that many factors may combine in complex ways to create surprising futures,"according to Wikipedia. "The method also allows the inclusion of factors that are difficult to formalize, such as novel insights about the future, deep shifts in values, unprecedented regulations, or inventions." ... Wearables will track more than heart rate and the number of steps taken. "With devices monitoring hormone levels, facial expressions, voice tone, and more," suggest Weber and Cooper, "the Internet is now a vast system of 'emotion readers,' touching the most intimate aspects of human psychology. These technologies allow an individual's underlying mental, emotional, and physical state to be tracked—and manipulated."

Global Lenders on Edge as Cyber Attacks Embroil More Banks

While Swift has for decades made sure its own financial messaging network was secured, less attention was paid to the security surrounding how member banks -- each with their own codes and varying levels of technology -- were connecting. Even today, when it discusses the cyber attacks, Swift emphasizes that its own network wasn’t breached and says its members are responsible for their own system interfaces. Some U.S. banks are pushing to open discussions with Swift about whether it should have responded more quickly to the breaches and should now help member banks better secure their systems, according to one of the people familiar with the thinking within a large U.S. bank. BITS, the section of the Financial Services Roundtable aimed at combating cyberfraud and other technological issues, could be tapped to broker those discussions, the person said.

Quote for the day:

“The common question that gets asked in business is, ‘why?’ That’s a good question, but an equally valid question is ‘why not?’” -- Jeff Bezos

May 17, 2016

Critical Flaw in Symantec Antivirus Engine Puts Computers at Risk of Easy Hacknig

The worst part about it is that the Symantec AVE unpacks such files inside the kernel, the highest privileged region of the OS. This means that successful exploitation can lead to a full system compromise. "On Linux, Mac and other UNIX platforms, this results in a remote heap overflow as root in the Symantec or Norton process," Ormandy said in an advisory. "On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel, making this a remote ring0 memory corruption vulnerability -- this is about as bad as it can possibly get." Symantec has rated the vulnerability with a 9.1 severity score out of 10 in the Common Vulnerability Scoring System.

An Update On The Megatrend of Cloud Computing

There are seven key MegaTrends driving the future of enterprise IT. You can remember them all with the helpful mnemonic acronym CAMBRIC, which stands for Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics, Internet of Things, CyberSecurity. In this post we dive deeper into the first of these trends, Cloud Computing. We succinctly describe Cloud Computing as the scalable delivery of computational resources. Models of cloud compute include public clouds, private clouds and blends in between. Architectures are in place now that leverage tiers of clouds that can exist in multiple sizes and locations, including homes, businesses and datacenters.

Stealthy malware Skimer helps hackers easily steal cash from ATMs

"One important detail to note about this case is the hardcoded information in the Track2 -- the malware waits for this to be inserted into the ATM in order to activate," the Kaspersky researchers said. "Banks may be able to proactively look for these card numbers inside their processing systems, and detect potentially infected ATMs, money mules, or block attempts to activate the malware." Skimer is just one of several malware programs designed to infect ATMs that were discovered in recent years, suggesting that this method of attack is becoming increasingly popular among cybercriminals. The way in which malware programs have been installed on ATMs in the past has varied. In some cases it was installed by insiders. In others it was installed by booting from a CD drive after opening the ATM's front case using special keys.

How big data is going to help feed nine billion people by 2050

The power of farming data is insurmountable, and it is also dangerous. If someone knows the data of an operation, they also know when and where the crops are, how much yield, how much it costs, and the farm's profits. The overwhelming fear is that it falls into the wrong hands, be it a neighbor, a seed retailer, a fertilizer company, or a big ag corporation. And then that data is used against the farmer by being sold to a competitor or undercutting a neighbor for a better deal on land prices. Farmers and big ag companies are racing to find the holy grail of precision agriculture. Precision technology is a farming management concept that measures and responds to field variability for crops, often using satellites and GPS tracking systems. It has become more and more prevalent in recent history because of the advanced technology systems available on farms.

If These Predictions Are Right, We Will Lose Millions Of Jobs To Computers

The application of machine learning to the ever-increasing amounts of data being produced throughout the world will change everything when it comes to our jobs. Yes, these new technologies will make jobs easier for many people — but they also may make many of those jobs obsolete. Algorithms can now answer our emails, interpret medical images, find us the legal case to win, analyze our data, and more. Machine learning relies on algorithms that “learn” from past examples, thereby relieving the programmer from having to write lines of code to deal with every eventuality. This ability to learn, coupled with advances in robotics, cloud computing and mobile technology, means that computers can now help humans perform complex tasks faster and better than ever before.

The Importance Of A Personal Business Continuity Plan

People’s knee-jerk response is often to assume their data is automatically backed up to the cloud. While this is a good fallback, it is often presumptuous. If a cloud backup of your computer or your phone is your fallback strategy, you should look and see what is actually being backed up and whether it is current. When I recently examined my personal business continuity plan and looked at my iPhone iCloud backup, I discovered only 10 of my 129 applications were backed up to the cloud. If the cloud were my Plan A, I’d be in trouble. The reality is that you never, ever want to lose your data. It is your most valuable asset, and you need to do everything possible to protect it. The Disaster Recovery Journal explains that a personal business continuity plan is all about having a methodology in place to recover your data and help you return to full productivity as soon as possible.

Orchestration and Automation: The Enterprise’s Best Kept Secret

The IT organization simply defines a set of policies using templates. Those templates are then used to automatically provision all the infrastructure resources required by any given application workload. The end result is a much more agile IT organization capable of dynamically responding to any and all new application requirements. Once that automation capability is in place the IT organization gains the ability to holistically orchestrate sets of infrastructure services that function as a cloud; right down to being able to define what infrastructure resources can be made available to a specific application. In the truest sense of a cloud IT organizations can even allow developers to self-service their own IT infrastructure requirements within a set of well-defined guidelines defined by the IT organization.

Martin Van Ryswyk on DataStax Enterprise Graph Database

Datastax Enterprise (DSE) Graph is part of a multi-model platform that supports key-value, tabular, and Document models in addition to graph. Rather than use multiple vendors for handling polyglot implementations that demand different data models, the users can use one vendor and get different data models in the same product. DSE Graph includes additional capabilities like security, built-in analytics, enterprise search, visual management monitoring and development tooling. Also, DataStax Studio now comes with a new web-based solution to visualize graphs and write & execute graph queries. InfoQ spoke with Martin Van Ryswyk, EVP of Engineering, DataStax, about the graph data model support in Datastax.

Publisher's cloud strategy improves uptime and agility with PaaS

By embracing the Cloud Foundry PaaS, Springer Nature initiated "a big change in the working relationship between operations and development," Otte said. For example, changes to Springer's primary business channel, SpringerLink, once meant downtime. With PaaS, however, Springer Nature was able to dramatically improve uptime by empowering development teams to self-serve. According to Otte, "By embracing PaaS, we let dev teams own their applications in production without worrying about the operational hassles." This also resulted in "simplified operations and reduced costs across the board." This fits 451 Research's survey data that concluded IT increasingly worries about improving agility, rather than simply shaving pennies off hardware and software costs:

ONC Task Force: No ‘Show-Stopping’ Barriers to API Requirements

“We recognize implementation of such a framework may require Congressional action; however, using its role as advisor for all things health IT, ONC should seek to harmonize conflicting, redundant and confusing laws that govern access to health information,” the task force said. As part of that oversight framework, ONC should coordinate with the relevant agencies a single location for all API actors to access in order to become educated and to ask questions about the oversight and enforcement mechanisms specific to patient-directed health apps, as well as their specific rights, obligations and duties. For instance, the task force said, patients should have one place to access in order to log complaints regarding an app’s behavior, and app developers should have one place to access in order to log complaints that could launch investigations regarding a provider or an EHR API developer’s behavior regarding information blocking.

Survey: No Cure In Sight for Healthcare Data Breaches

“The fact that healthcare is bearing the brunt of cyberattacks is no surprise, given the unique black market value of the complete sets personal information sitting in electronic medical records, including patient names, family history, Social Security Numbers, and billing information,” commented Dylan Sachs, director of identity theft and anti-phishing for security vendor BrandProtect. “What is remarkable, however, is the level of sophistication these cyber criminals have achieved. We’ve recently witnessed a wave of elaborate attacks designed specifically to penetrate healthcare organizations. It seems clear that security measures must evolve to include aggressive, proactive monitoring for suspicious activities outside traditional security perimeters.” The College of Healthcare Information Management Executives similarly has raised a red flag about the epidemic of data breaches.

Quote for the day:

"Technological innovation is indeed important to economic growth and the enhancement of human possibilities." -- Leon Kass

May 16, 2016

Is The Fintech Industry The Next Tech Bubble?

Many experts believe that since banks offered such a wide multitude of services, they have lost their focus and have over extended themselves. This is why many Fintech startups started in the last decade are starting to give banks a run for their money. Most of these fintech startups specialize in one particular field and focus on customer experience and convenience. For instance, PayPal started offering online payments as a service for merchants when checks were becoming irrelevant for e-commerce transactions. This immediately made PayPal a household name and the company was able to gain significant market shares in a sector that was gravely neglected by banks. DealSunny, a company that specializes in special offers and coupons, devised a neat infographic exposing some of the facts about the amazingly fast growing Fintech industry.

The End Of IT: More Questions, Some Answers

Companies will not become digital until the employees, including the executives, adopt digital-age attitudes and techniques. The question is, "How?" In many instances, this will be a Darwinian process. Those CEOs who think digitally and who understand disruption will naturally lead their organizations to better places. In other cases, boards and directors will select new CEOs, perhaps those who have demonstrated an understanding of both business and the new digital age. ... Too frequently, the consultant doesn't take into account the business environment, or the consultant doesn't spend adequate time assessing conditions before applying the framework. This process is a little like a painter who shows up and doesn't clean the existing painted surface or apply primer. That new coat of paint is going to peel off sooner rather than later.

Courting the Internet of Things: Legal issues to weigh

Take the most basic question: Who owns the data smart devices produce and send forth over the Internet? Right now it depends on the contractual relationship between the parties. So if someone is buying, say, a refrigerator that can monitor its contents and send out orders to replenish dwindling supplies of milk, eggs or Pop Tarts, "there ought to be fine print in that purchasing agreement which talks about the data and the right of the manufacturer of the product to use that data and their ability to disseminate it," Foley said. Some data, like healthcare, finance and student aid information, is regulated, so there are rules limiting what organizations can do with it.

How to define the evolving role of data scientist

Businesses should also avoid being data-greedy -- because the idea of too much of a good thing, certainly can apply to data. "They may be collecting more data than they have the capacity to explore and assess the value of. One way to solve this problem -- is to be more selective about what data you analyze," says Rattenbury. And because data is such a new concept in business, Rattenbury recommends a flexible approach to a data strategy -- one that considers what should change as you move along with a new data initiative. This way, businesses can consider what's working, what's not working, who the key players are and the value tied to specific data points. However, prioritizing data this way isn't just a task for data scientists, he says, it's a task that needs to include everyone in the company.

The reality of android soldiers and why laws for robots are doomed to failure

One reason for the unreasonable level of expectation around autonomous weapons is the belief that AI is far more capable than it really is, or what Sharkey describes as the "cultural myth of artificial intelligence that has come out of science fiction." Researchers working in the field assert that AI is working on projects that are far more mundane (if useful) than building thinking humanoid robots. "Every decade, within 20 years we are going to have sentient robots and there is always somebody saying it, but if you look at the people on the ground working [on AI] they don't say this. They get on with the work. AI is mostly a practical subject developing things that you don't even know are AI — in your phone, in your car, that's the way we work."

Outsourcing Software Development to a Global Talent Pool: World of Help or World of Hurt?

Client success requires that your vendor understand the politics, administration, paperwork, red tape, tax and banking systems of the countries where they have established dev centers. For an outsource vendor, this if often the biggest challenge to overcome. Does your vendor employ someone on-site at their offshore dev center(s) to ensure they are able to successfully meet this challenge? The role of an on-site international business manager has the primary function to manage and navigate the processes specific to countries outside the U.S. Your vendor needs to ensure their employees, their facilities, and your code is safe, accessible, and stable. Regardless of outsource destination, your vendor needs to have a plan to address potential issues with electrical outages and other unpredictable factors related to utilities.

Google Ending Automatic Chrome Support For Flash

"While Flash historically has been critical for rich media on the web, today in many cases HTML5 provides a more integrated media experience with faster load times and lower power consumption," Anthony LaForge, technical program manager for Chrome at Google, wrote in an online posting explaining the switch. "This change reflects the maturity of HTML5 and its ability to deliver an excellent user experience." LaForge also noted that Google would continue to work closely with Adobe and other browser vendors to keep moving the Web platform forward, in particular paying close attention to Web gaming. Flash has been widely criticized for its security holes and susceptibility to new vulnerabilities. The late Steve Jobs published a 1,500-word letter in 2010, essentially calling the platform a relic from the bygone era of PCs and mice.

Identity Startup Netki to Launch SSL Certificate for Blockchain

Netki will seek to act as a certificate authority similar to how Symantec sells SSL certificates to domain name holders. When a MSB acquires a digital identity certificate for itself and its users, the name, address and verification level (aligned to the risk or value of the transactions) is built into the certificate. When a transaction is made, the MSBs on both sides send identity certificates and compare the information through their own AML checks. If both sides have a small green lock, the transaction is secure and compliant. Newton explained that one certificate would contain both the MSB and client information, but in the future, there would be a separate certificate for the MSB and client. But not storing information on a public ledger is also necessary for the world that Newton believes is coming.

Centralizing Security for Decentralized Environments

Both DDoS and web application security are important in today’s high-stakes, high volume game of “protect the application.” Bringing both together in a single, cloud-based solution addresses the need to centralize security whilst establishing appropriate app-centric perimeters regardless of where that app may be deployed. It’s infeasible to establish those app-centric perimeters on-premises. The architectural drawbacks of doing so outweigh the operational advantages. But moving that same concept to the cloud, as a cloud-based service, not only affords the same operational advantages innate to centralization but is an architecturally sound principle, as well. A cloud-based solution has access to greater bandwidth, which means it can withstand a deluge of network and application attack floods.

7 Deadly Career Mistakes Developers Make

Your expertise in one stack may make you invaluable to your current workplace -- but is it helping your career? Can it hurt to be too focused on only one stack? MediaMath’s Donohue doesn’t pull any punches on this one: “Of course it is -- there’s no modern software engineering role in which you will use only one technology for the length of your career. If you take a Java developer that has been working in Java for 10 years, and all of a sudden they start working on a JavaScript application, they’ll write it differently than someone with similar years of experience as a Python developer. Each technology that you learn influences your decisions. Some would argue that isn’t a good thing -- if you take a Java object-oriented approach to a loosely typed language like JavaScript, you’ll try to make it do things that it isn’t supposed to do.”

Quote for the day:

"Great effort springs naturally from a great attitude." -- Pat Riley

May 15, 2016

Towards a whole-enterprise architecture standard – 5: Practices and toolsets

What do we do when we’re doing whole-enterprise architecture? How do we choose what to do, when, in what order? And how do we record what happens, the outcomes, the results? Perhaps the core to all of this is the ‘Start Anywhere’ principle, and the focus on overall effectiveness of the enterprise. Yes, the potential scope of whole-enterprise-architecture might at first seem impossibly huge: anything, anywhere, in any aspect or domain of the entire enterprise, and even beyond. Yet the crucial twist is that the enterprise is seen as an ecosystem, or ecosystem-of-ecosystems: whichever way we look at it, it’s always oneintegrated whole, deeply interdependent, deeply interwoven. In which case, it doesn’t matter where we start: if everything’s connected to everything else, then we connect with everywhere eventually.

Can IT keep up with big data?

When IT deals with big data, the primary arena for it is, once again, large servers that are parallel processing in a Hadoop environment. Thankfully for the company at large, IT also focuses on reliability, security, governance, failover, and performance of data and apps—because if it didn't, there would be nobody else internally to do the job that is required. Within this environment, IT's job is most heavily focused on the structured transactions that come in daily from order, manufacturing, purchasing, service, and administrative systems that keep the enterprise running. In this environment, analytics, unstructured data and smaller servers in end user departments are still secondary.

Ransomware: How high will the demands go?

"Once inside a network, attackers can identify high-value files, databases, and backup systems and then encrypt all of the data at one time," the report suggested -- and pointed to malware families such as SamSa which can be deployed manually into an infected system. As ransomware becomes more dangerous, researchers fear that cybercriminals will use its increased power to extract higher ransom payments from victims. Currently, the majority of ransomware perpetrators demand between $200 and $500 -- usually in bitcoin -- before they release the victim's system. ... "If attackers are able to determine that they have compromised a system which stores valuable information, and that infected organization has a higher ability to pay, they will increase their ransoms accordingly," the researchers said.

How to Simplify Enterprise Architecture Messaging for Stakeholders

A second practice to kill EA complexity is to take a more selective approach to recording and managing data. This approach is often referred to as, 'Just Enough' Enterprise Architecture. It seems obvious when working with tangible ‘things’ - the more things you own, the more difficult it is to control and maintain the ones you want. Yet with data, this logic and reasoning is often lost. To kill EA complexity, Enterprise Architects should adopt a more vigilant approach in managing their data. Additionally, what EA’s choose to record should be more deeply considered. A ‘Just Enough’ approach to Enterprise Architecture has been championed by leading analysts - including Gartner - for some time, and for this exact reason. Maintaining data that provide value to your initiative is in essence, choosing to increase your own workload, and decreasing your productivity.

High-tech hiring and the malleable modern career

Mike Germano is partially in charge of cultivating the corporate culture that's helped Carrot Creative secure the prestigious title two years in a row. When seeking candidates, Carrot Creative's hiring managers take care to do things differently. Germano says the company prefers to avoid recruiters, utilizes social media diligently, focuses on relationships with educational institutions, and puts candidates for tech positions through a variety of tests to ensure both cultural fit and technical expertise. ... "Candidates meet with not only technical managers, but also members throughout departments to discuss various aspects of the job and [the company itself]. We put a lot of emphasis on the candidate’s natural excitement and drive, not only for what they do, but also for trying and learning new things."

Robots won’t just take jobs, they’ll create them

We all know how great it is when technology works — and how frustrating it is when it doesn’t. Even sophisticated technology companies haven’t eliminated their human customer support teams, because when something goes wrong, it is often a human who needs to fix it. There will always be a need for on-site, human labor and expertise when we deal with machines. Robots will have glitches, need updates and require new parts. As we rely more and more on mechanized systems and automation, we will require more people with technical skills to maintain, replace, update and fix these systems and hardware. We see this starting already. IT departments have sprung into existence because of digital technologies. Network administrator, field service technician and web developer are job titles that didn’t exist 30 years ago.

Big Data Processing with Apache Spark - Part 4: Spark Machine Learning

The spark.mllib package contains the original Spark machine learning API built on Resilient Distributed Datasets (RDDs). It offers machine learning techniques which include correlation, classification and regression, collaborative filtering, clustering, and dimensionality reduction. On the other hand, spark.ml package provides machine learning API built on the DataFrames which are becoming the core part of Spark SQL library. This package can be used for developing and managing the machine learning pipelines. It also provides Feature Extractors, Transformers, Selectors, and machine learning techniques like classification and regression, and clustering.

Seven Principles of Enterprise Architecture

With the break of digital Transformation, discipline of Enterprise Architecture, EA, is shaken on its bases. A questioning is more than necessity. Large consulting firms, carriers of miracle solution, are reduced to simplistic recommendations (bimodal IT) attacked by competitor gurus (see the debate), without real proposal on the bottom. Confronted on the one hand with an immense IT heritage, and on the other hand with this multiform disruption, Enterprise, CIO, do not know by which end take the problem. One claims to see cleavages everywhere: between the IT into bimodal, between the SQL and NoSQL, between intern and external Information Systems… But, clearly, these dichotomies does not function, because the value chain do not divide thus.

Insights On IT Governance

In today’s business situation with its complexity, required to be responsive, the costs to an organization can be important to stay competitive and meet business initiatives and challenges. An organization might face challenges and business problems like Global competition, product development costs, regulatory compliance, new business opportunity, and lack of skilled staff. While addressing any of these issues, the organization must be sure that the value of the business internally and the value provided to its customers is maintained or improved. This influences the executives to focus on how they can grow, sustain, change, and manage the organization to meet these challenges pertaining to corporate policies, processes, and IT infrastructure and systems that are required.

Lean vs. Traditional IT Governance

Traditional governance strategies often prove to be both onerous and ineffective in practice due to the focus on artifact generation and review. For example, delivery teams will often produce required artifacts, such as requirements documents or architecture documents, solely to pass through the quality gate. ... The result is a governance façade that often injects risk, cost, and time into the team efforts: the exact opposite of what good governance should be about. Lean IT governance, on the other hand, is a lightweight approach to IT governance that is based on motivating and enabling IT professionals to do what is best for your organization. Lean IT governance strives to find lightweight, collaborative strategies to address governance areas.

Quote for the day:

"Once a new technology rolls over you, if you're not part of the steamroller, you're part of the road." -- Stewart Brand