October 18, 2016

Tech Bytes - Daily Digest - October 18, 2016

The state of CISO, How to improve your odds of landing great talent, Digital life skills all children need - a plan for teaching them, The SAM pattern: Lessons learned building functional reactive front end architecture, Companies try out selfies as password alternatives and more.

Most businesses vulnerable to cyber attacks through firmware, study shows

According to the survey, 63% of the individuals who consider their organisations to be fully compliant with firmware audits reported higher levels of effectiveness of their patch management processes. On the other hand, more than half of those that did not receive any feedback (51%) in this audit category had no controls for firmware integrity monitoring and flaw remediation. “With firmware maintenance being considered an operations function rather than a security concern, the chance for exploited vulnerabilities persists,” said Christos Dimitriadis, ... “It is time to underline the importance of firmware security in our risk assessments, and embed prioritised controls based on the threat model of each organisation, whether this includes espionage, transaction integrity loss or business disruption.”


The State of the Chief Information Security Officer

It is not surprising given the lower expectations and results that some well-intentioned and seasoned cyber security professionals go from CISO to Chief Scapegoat Officer in short order. Part of the problem is that even after nearly 30 years, the purpose and promise of the CISO is still very much unsettled. Some believe CISOs are not powerful enough or properly positioned in the organization to accomplish the job they have been asked to do. There are long-standing arguments over the proper reporting relationship of the CISO. If the CISO reports to the chief information officer (CIO), he/she can have direct impact to the IT organization and a seat at the table, but many CISOs continue to believe that such a relationship removes “independence” from the CISO’s agenda.


How to improve your odds of landing great talent

"We see there clearly are very different conversion rates depending on the source of a candidate; proactively sourced hires -- where a recruiter goes out and tracks down exactly the skills and experience needed for the role -- and referrals are such strong sources of hires because it increases the chances of a candidate having that cultural alignment with your company, as well as the hard skills they need," Srinivasan says. ... "A referral doesn't have to mean only someone a candidate knows well or has worked directly with. It could be something like, 'I've heard of this person by reputation in my field,' or 'I know such-and-such was a total rockstar developer at my last job,' and then recruiters can reach out on that basis," she says.


Critical flaws found in open-source encryption software VeraCrypt

The audit, which was performed by French cybersecurity firm QuarksLab and was sponsored through the Open Source Technology Improvement Fund (OSTIF), found eight critical vulnerabilities, three medium risk vulnerabilities and 15 low-impact flaws. Some of them are unpatched issues previously found by an older TrueCrypt audit. Many flaws were located and fixed in VeraCrypt's bootloader for computers and OSes that use the new UEFI (Unified Extensible Firmware Interface) -- the modern BIOS. TrueCrypt, which serves as the base for VeraCrypt, never had support for UEFI, forcing users to disable UEFI boot if they wanted to encrypt the system partition. VeraCrypt's UEFI-compatible bootloader -- a first for open-source encryption programs on Windows -- was released in August and is the biggest addition to the TrueCrypt code base made by VeraCrypt's lead developer,


8 digital life skills all children need – and a plan for teaching them

Educators tend to think children will pick up these skills by themselves or that these skills should be nurtured at home. However, due to the digital generation gap, with generation Z being the first to truly grow up in the era of smartphones and social media, neither parents nor teachers know how to adequately equip children with these skills. Young children are all too often exposed to cyber risks such as technology addiction, cyberbullying and grooming. They can also absorb toxic behavioural norms that affect their ability to interact with others. And while most children encounter such challenges, the problematic exposure is amplified for vulnerable children, including those with special needs, minorities and the economically disadvantaged. They tend to not only be more frequently exposed to risk, but also face more severe outcomes.


Abu Dhabi Securities Exchange uses blockchain for e-voting

“Adopting blockchain technology in our projects comes in alignment with the digital transformation of Abu Dhabi’s government services as we constantly strive to introduce ways that ease the process of doing business in the United Arab Emirates,” said ADX CEO Rashed Al Blooshi. “This step comes as we aspire towards becoming a fully digital exchange, with our strategic objectives aligned with Abu Dhabi’s vision for building a knowledge-based sustainable economy that constantly evolves,” he added. ADX expects the service to cut costs, save time and increase stakeholder involvement in decision making at listed companies. The blockchain service is one of the new services offered by ADX as part of its electronic platform. Other services include an initial public offering management system and rights issue management system.


The SAM Pattern: Lessons Learned Building Functional Reactive Front-End Architectures

SAM recommends factoring the business logic underlying a graphical user interface along three concepts: actions, model and state. Actions propose values to the model, which is solely in charge of accepting them. Once accepted, the state certifies that all subscribers are notified, especially the view (which is considered the “state representation”). Every event is processed as a “step”, which consists of a propose/accept/learn flow. This concept provides a stronger foundation to deal with event ordering and effects (such as back-end API calls). SAM is framework agnostic and several members of the community that formed around the pattern [1] went on to build a series of developer tools and code samples using different Frameworks, ranging from Vanilla JavaScript to AWS Lambda and pretty much anything in between.


Side-Channel Attacks Make Devices Vulnerable

“The industry is waking up to security and there are constantly articles in the news about some hack, breach or network problems related to malicious attacks,” says Angela Raucher, product line manager for ARC EM processors at Synopsys. “It is a focus for anyone developing SoCs right now because they have learned that just adding security in the network or in the device or the platform is not good enough. You have to start at the SoC level or there will continue to be vulnerabilities in the system.” Michael Chen, director of early stage programs in the System Level Engineering division of Mentor Graphics, explains that “people are doing a fairly simply power or differential power analysis. There are lots of side channels, not just power. It is any way to extract information from a device. This is usually done using some sort of microwave power reading antenna and is done post silicon.”


Companies Try Out Selfies as Password Alternatives

The authentication process typically starts with an app that asks users to snap a photo of themselves every time they do something online like make a purchase or file their taxes. Software uses the photo to make thousands of facial measurements, such as the width of the nose or the curve of the jaw, and converts them into a string of numbers to create a unique ID code. Then, it compares the code to a reference photo that the person has left on file. A highly probable match verifies the person’s identity. The technology’s accuracy is far from perfect. Shadows, low lighting or facial hair can confuse the software. Underscoring the shortcomings of facial recognition, Alphabet Inc.’s Google unit sparked an outcry last year after its Photos app misidentified two black people as “gorillas.” Google apologized and said it was tweaking its algorithms to fix the problem.


IT attrition could help address the cybersecurity skills shortage

It’s certainly true that if you need a highly experienced cybersecurity professional, you have no choice but to pull someone away from their current job, but this is a zero-sum game from a total employment perspective.  So, what else can we do? Well, there’s another disruptive force happening within IT called cloud computing. Simply stated, as organizations move workloads to public cloud providers such as Amazon Web Services, IBM SoftLayer and Microsoft Azure, they no longer need as many infrastructure administrators to babysit Intel servers, storage arrays or data center switches. As it turns out, these uprooted IT folks are a natural fit for cybersecurity jobs. According to the ESG/ISSA research, more than three-quarters (78 percent) of cybersecurity professionals moved from IT jobs to cybersecurity jobs as part of their career progression.



Quote for the day:


"Nothing will ever be attempted if all possible objections must first be overcome." -- Samuel Johnson


October 17, 2016

Tech Bytes - Daily Digest: October 17, 2016

How to hire your employer, Bringing security back to the top of the board room agenda, Don't get burned by data center hot spots, Learn actionable insights & practical guidance from COBIT, Threat response automation: The next frontier for cybersecurity and more.

Evolving DCIM market shows automation, convergence top IT's wish list

IT also needs to do more with less. Data volumes double every few years, but IT budgets are increasing at low, single-digit rates. As a result, data center managers are having trouble keeping up with the volumes of information. Consequently, users want DCIM products to be more than just monitoring tools; they want to weave them into the data center tapestry. Combining a DCIM tool with change management software creates new automation possibilities. For instance, a company could automatically generate a work order, which indicates the rack and position where an add-on device can be installed, specifies the devices and ports that will be connected -- such as power, LAN and cables -- and links that information to relevant applications.


How to hire your employer

When we find ourselves stuck in unhappy careers—and even unhappy lives—it is often the result of a fundamental misunderstanding of what really motivates us. As we discussed in our book How Will You Measure Your Life, just because you’re not dissatisfied with your career path, doesn’t mean you’re satisfied with it. The things that you might easily put on your resume or talk about at a cocktail party, such as your job title or how big your office is, are not what really motivates most people in the long run. Instead, we’re driven by what we call “intrinsic’’ factors. They’re more difficult to see when you’re sizing up a job opportunity, but extremely important. Instead of simply asking about the perks and benefits of a new job, try asking yourself


Bringing security back to the top of the boardroom agenda

Security needs to be part of the design from the start and not bolted on afterwards. Too often security and compliance are an afterthought, once solutions have already been built and the projects have started. Security needs to be part of the foundations of IT. Building it into the core platform throughout your business allows for much faster transactions to market, as fewer things need to be altered when moving from development, to testing and finally to production. Having a software-defined architecture for security, built into the fabric of the IT infrastructure from the data centre to the device, is needed to embrace security in every phase of IT from the outset.


How to Design the Optimal Business Intelligence Dashboard

Unclear goals can dampen the impact of any IT project, and BI implementation is no exception. You need to consider your departmental goals and how they relate to broader business goals, and keep these goals in mind when designing your dashboards. Ask the bigger questions - How will these dashboards help achieve goals? What sort of metrics should we display that will improve our sales/costs/efficiency/customer satisfaction? IT cannot build a BI platform based on what they feel users will want, they need input from the actual user base. For some companies, the challenge comes on the back end, in terms of the technical troubles with integrating multiple disconnected data sources into the BI solution. They might have the right dashboard in place and know what metrics they want to examine, but the flow of data simply isn’t there.


Don't get burned by data center hot spots

Some computer room air conditioning units have insufficient knowledge of how air really moves in a data center, causing even worse cooling conditions. In modern designs, redundant units run simultaneously with normal units, but at reduced speed, so you don't realize added servers are stealing redundant capacity until a cooling unit fails or is turned off for maintenance. Thankfully, servers can tolerate a higher operating temperature for several days with little negative effect. ASHRAE's allowable thermal envelope goes up to 32 degrees Celsius or 89.6 degrees Fahrenheit in emergencies, but marginal redundancy -- combined with poorly planned computing hardware additions -- can cause serious overheating and thermal shutdowns within a short time after a cooling unit has quit.


Slack CEO describes 'Holy Grail' of virtual assistants

You might scour your email or document-management systems, using such search terms as "term sheet," and pull up a handful of emails or files. Once you find the dates you might go to separate financial reporting tool to look up the revenue information. Such a process could take you as much as 45 minutes. Now imagine a tool -- a bot network operating as one if you will -- that could find the information in disparate apps, cross-reference it and generate the correct answer in seconds. Butterfield estimates that such a system would result in productivity gains of anywhere from 10 percent to 30 percent. “That is the knowledge worker equivalent of giving a ditch digger a backhoe instead of a shovel," Butterfield says. "I would love it if we were successful building something like that," Butterfield says.


Learn Actionable Insights & practical guidance from COBIT

COBIT can be complex or simple, depending on the perspective from which it is read, understood and implemented. COBIT philosophy can complement and supplement a professional’s practical experience. However, fundamental understanding of core principles and philosophy of COBIT makes it easier to understand and implement. COBIT is easy to implement if one understands the rationale of design of COBIT. This will help in de-mystifying the structure and enable users to navigate and select relevant contents of COBIT knowledge repository from practical perspective of governance, assurance, risk and compliance as required from macro or micro perspective. The best way to enhance COBIT expertise is to implement it in real-life situations and scenarios.


Threat Response Automation: The Next Frontier for Cybersecurity

Roughly speaking, we could divide cybersecurity software evolution into two waves. The first wave was dominated by rule-based deterministic solutions. A classic example is the firewall. Firewalls apply simple policies, such as blocking inbound traffic, ports or protocols. The second wave of solutions consists of “fuzzy” rules and heuristics. We could perhaps mark the beginning of this wave of solutions with the first Intrusion Detection System (IDS). These solutions employed ML algorithms to spot anomalies and detect malicious activity. In fact, most contemporary cybersecurity vendors take pride in how their solutions utilize ML. Fraud analytics, web gateways, endpoint protection solutions and network sniffers, all utilize ML in their offerings.


Cut to the Chase: How a Data-Driven Culture Fosters Success

“About a year ago, we got the opportunity to use the Domo platform,” he said. At first he just gave licenses to his growth leaders around the country. “Then I decided that maybe I should dig deeper into this, which was one of the best things I could have done.” That’s when his conversations with national teams took a sharp turn, and for the better. “It allowed me to cut through a lot of the data, and cut through to the information that would really help me manage the group. Domo actually allows me to get a view into those offices like I never had before.” The end result, he said, was a significant transformation in how quickly and effectively he and his team could identify new opportunities, and solve otherwise challenging client issues.


Don’t fall behind when it comes to migrating to the cloud

Security is also a strong benefit of cloud storage. While many assume that opening up a company’s database to online storage may run a higher risk of security breaches, in fact the opposite is often true. Because of their large scale and intensive client security requirements, cloud hosting providers often have better security than is reasonably maintained in-house by small and medium size businesses. Off-site backups, 24/7 monitoring, and enterprise-grade security audits are typically out of the price range of smaller organizations. It’s also important to note that not every application is right for the cloud. While migrating an internal communications tool, like a social intranet makes practical sense for the cloud, highly regulated and sensitive data like credit card information or health care records may not be suitable.



Quote for the day:


"Liberty is always dangerous, but it is the safest thing we have." -- Harry Emerson Fosdick


October 16, 2016

Tech Bytes - Daily Digest: October 16, 2016

10 highest-paying IT security jobs, You've been hacked. What are you liable for, GE CIO shares what he looks for in IT talent, What should be on the next President's cyber agenda, What lies beneath - Unpacking data center risks, Agile develelopment at the enterprise level - Misconceptions that jeopardize success and more.

10 highest-paying IT security jobs

Data breaches, DDOS attacks, hacks and threats continue to dominate the headlines, so it's no surprise that some of the most in-demand IT jobs are in the security area. And with a massive skills gap, companies are willing to pay handsomely for skilled security talent at all levels. "One area we're still seeing huge demand for is in cybersecurity, and hiring companies are willing to pay whatever it takes for talent that can help secure data and mitigate threats while simultaneously ensuring consistent and simplified accessibility from desktop to mobile devices. Companies are sending the message with their budgets: you can't put a price on that," says Jack Cullen, CEO of IT staffing firm Modis. Here are the top 10 highest-paying security roles, culled from career site Dice.com clients' job postings and median salary range data from cloud compensation solutions firm PayScale.com.


Why asking you to change your password makes it easier to hack the system

“If users are using the same or similar passwords across accounts – which a majority of respondents indicated – then they are also essentially handing the key to hackers to access their most critical information when they attack another, less important account,” the survey said. Hackers are using algorithms to check stolen passwords and simple variations of them on other accounts, Bauer said, looking for variations that simply add exclamation points, pound signs and asterisks to the end. The LastPass survey brought bad news for businesses: A third of respondents say they create stronger passwords for their personal accounts over work accounts. Experts agree on asking users not to reuse passwords but disagree on what users should do for adequately strong passwords.


You've been hacked. What are you liable for?

One of the difficulties facing organisations is that data protection legislation is vague when it comes to specifying the standards of protection required. The Data Protection Directive and the UK Data Protection Act both require the data controller to “implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access”. This concept is carried over to the new EU General Data Protection Regulation, which will be enforced throughout the EU – yes, including the UK – from May 2018. In fact, it also requires the controller to build in data protection by design and by default. ..., the ICO has not yet stipulated a particular minimum threshold for protection, but it generally penalises organisations that suffer the loss of unencrypted laptops and mobile devices.

Read more here: http://www.sacbee.com/latest-news/article108328102.html#storylink=cpy

GE CIO shares what he looks for in IT talent

We look to hire clear thinkers who are adaptive and agile. We want people with a strong sense of imagination who are also willing to take risks. Most of all I’m looking for people who have the ability to influence. Driving change is probably the hardest part of the job and influence is key. ... Another key takeaway was that the workforce is more global and diverse than ever and everyone has different needs. So, we changed our benefits package to adopt a model that allows customization for each employee. You’ve also probably seen the “Owen” commercials. We’ve been successful by being self-aware and making fun of our reputation as an “old school” company and talking honestly about how we’re evolving.


Removing the Data Divide -- Uniting People, Processes and Technologies

Raw security data and community-generated threat intelligence feeds are full of non-applicable warnings, red herrings and often don’t speak the same language – causing duplicate information. On top of this, security teams are working on disparate systems that can’t communicate about the potential threat indicators within the network. We call these issues threat fragmentation. Cleaning up the threat management mess From malware to phishing and ransomware, cyber threats take many forms, adding to the breadth of information from threat intelligence feeds and security tools that organizations must utilize in order to detect, respond to and mitigate threats. Sometimes the security personnel working to detect threats work well together – but often times they are moving quickly, causing disconnected and uncoordinated efforts.


Smarter, Faster, Stronger – The Rise of the Super Robots

Due to significant investments and research, we can mimic the process of the human brain via sophisticated, multi-level, “deep” neural networks. These networks are made possible due to the development of graphic processing units that now have enough power to accelerate deep learning algorithms for training or inference. The technology behind it all is complex, but the ability for computers to learn, write software and perform artificially intelligent tasks, is revolutionising the world we live and work in today. ... Drones that don’t just fly by remote control, but navigate their way through a forest for search and rescue; compact security surveillance systems that don’t just scan crowds, but identify suspicious activity; and robots that don’t just perform tasks, but tailor them to individuals’ habits.


What Should be on the Next President's Cyberagenda?

"We really haven't acknowledged the extent of the damage that could be done by a cyberattack on our infrastructure," Borg said. "Industrial control systems could be hijacked and cause massive physical damage. That could be done with a migrating piece of malware with no Internet connection, as was done with Stuxnet." ... However, since it's likely the United States has planted similar malware on those countries' systems, something similar to the nuclear stalemate during the Cold War exists. "I'm particularly worried about the Russians or Chinese," Borg said. "What I'm worried about is some completely irresponsible agent without any involvement in the modern economy acquiring these capabilities."


Transformation Competency: It’s Time to Get Good at It

Because the pace of change has accelerated dramatically in the digital age, and organizational complexity has skyrocketed, knowing how to change and adapt is an essential discipline for any business. If you’re a global hotel chain, you consider a response to the arrival of Airbnb. If you’re a well-established restaurant chain, what do you do when a young upstart franchise offers fresher food, simply by leveraging more modern data technologies to improve supply chain logistics? If you haven’t established a competency around the very idea of transformation, what you probably do is have a lot of unproductive, increasingly urgent meetings with costly management consultants while your competition literally eats your lunch.


What Lies Beneath – Unpacking Data Centre Risks

There is a major education challenge at play, where those with software asset management in their remit need to quickly learn how this aspect of the IT estate is presenting risk. Their role is evolving as a result. This changing role is one factor to overcome. But many organisations will find there is confusion over who owns licences in the data centre. It could be the data centre manager, it could be the IT manager, or the person with software asset management (SAM) in their remit. Is this leaving a gap, where everyone has different priorities, and are looking to each other to take responsibility? Given the data centre manager is invariably focused on the hardware and smooth running of the data centre, this is unfortunately a common scenario. If the SAM manager is responsible, the likelihood is that the metrics they are accustomed to managing is not in the data centre.


Agile Development at the Enterprise Level: Misconceptions That Jeopardize Success

Agile approach that works within their environment.It’s radically different from the waterfall method of application development and delivery, incremental in its approach and focused on just-in-timecompletion of work. ... “The Impacts Of Missed Requirements In Agile Delivery,” a recent study by Forrester, explored the root causes of missed requirements in Agile adoption and the tangible business benefits organizations could achieve with better management tools. 96 percent of respondents reported problems in software development projects due to missed requirements, and 60 percent expected increased customer satisfaction from faster delivery as a result of avoiding missing requirements. IT and business leaders need to discern between fact and fiction when it comes to making Agile work in the enterprise.



Quote for the day:

"Cunningham's Law: The best way to get the right answer on the Internet is not to ask a question, it’s to post the wrong answer." -- @Tech_faq

October 14, 2016

Don't Be Sure Big Tech Breakthroughs Are Behind Us

Technology that makes these thing cheaper will make the business world more efficient, just like cheaper steel makes manufacturing cars more efficient. And it’s here, in the realm of white-collar work, where I believe the technologies bow under development have the potential to create huge productivity gains. A lot of effort right now is being poured into machine learning and artificial intelligence, thanks in part to technical advances in the field, and also thanks to the availability of large amounts of data to train machines. In a recent interview with Lee, venture capitalist Marc Andreessen explained why he thinks machine learning is the next transformative technology. Essentially, machine learning allows machines to do your thinking for you.


How Blockchain Can Benefit IT Outsourcing

Initially, the technology will be used to monitor the delivery and usage of IT equipment with a sensor that embeds information into the blockchain. Ultimately, that information would then trigger automated invoicing and payment processes between the two companies. If service providers and their customers were to tie their payment systems and SLAs together on a blockchain in that way, it would increase the efficiency of outsourcing contract management a great deal, says Ferrusi Ross. In this case, the bank might have a business rule on its engine that on the 4th of the month launches a validation of the SLAs and initiates a payment to IBM based on those results without any human intervention. The smart contract approach also offers the promise of increased transactional security. “If it can do that, it will become widely used,” says Susan P. Altman, partner in the commercial transactions and outsourcing practice at law firm K&L Gates.


Amid security concerns, Google's Allo virtual assistant is still worth a look

You might have heard that Edward Snowden has warned users to not install or use Allo. Why? The concern is simple— that conversations will be retained on servers. There is another, more disconcerting issue. Allo was supposed to employ end-to-end encryption for messages. That is, unfortunately, not happening. At least not out of the box. You can, however, start a chat in Incognito mode to encrypt your chats (this should be the default). But what about Assistant? Will these conversations between user and AI be encrypted, or vanish from the Google servers once they've served their purpose? It seems the answer to these questions are "no" and "until the user deletes them." Good news: the deletion of Assistant chats is a really simple task.


Security spending to top $100 billion by 2020

IDC analyst Sean Pike noted that enterprises fear becoming the next cyberattack victim and boards of directors are demanding security budgets be used wisely. Indeed, our CXO 2017 spending planner noted that network security is the No. 2 priority for the year ahead with securing networks and data the No. 1 challenge. Not surprisingly, banking is investing the most into security for 2016 with $8.6 billion, followed by discrete manufacturing, government, and process manufacturing. Those industries account for 37 percent of annual security spending. Healthcare will be the fastest growing area for security over the next five years with a compound annual growth rate of 10.3 percent. By model, services will account for 45 percent of all security spending. Managed security services account for much of that spending.


Why Physical Security Should Be as Important as Cybersecurity

In addition to having a staff member in a building’s lobby monitoring who gets access to a company’s offices, security technology expert Robert Covington, the founder and president of togoCIO, writes in Computerworld that “systems requiring a proximity card for entry are now quite common, and with good reason.” Such systems are important and should be used more than they are, he says, because they “provide tight granularity of access control for individual doors and a detailed audit trail.” Yet, as Covington notes, badges or badge data can be stolen by thieves or malicious actors. Ralph Goldman, a security industry veteran and lead writer for the Lock Blog, tells CIO that wireless communication technology is now enabling businesses to deploy “smart locks” that can let firms add barriers to doors and unlock the doors remotely via wireless protocols.


People Are The New Security Perimeter

Insider threats like these have become a considerably more prominent issue in the past few years. And you only need to look so far as your organization’s favorite coffee shop or the connected devices in every home to see how easy it could be to accidentally share confidential or proprietary information to prying eyes and ears. In the past, we could rely on technology to protect your confidential information and protect your workforce. But more and more users bypass these security measures, and these problems will only expand as the internet of things continues to grow. You can no longer expect your workforce to refrain from interacting with the world outside of your organization’s security precautions. If controls hinder employees’ activity, they can stifle business innovation altogether.


1 billion reasons to care about cyber due diligence

The legal, financial and reputational risks involved in these sorts of large scale data security incidents are firmly on the agendas of boardrooms around the world. A recent Mergermarket report, Testing the Defenses: Cybersecurity Due Diligence in M&A, highlights an IBM survey which found that the average cost of a data breach in the United States in 2015 reached US$3.79 million, an increase of 7.6% from 2014. Given the ever increasing risks in this area, companies are asking themselves how they can reassure boards and shareholders that what appears to be an attractive takeover target won’t end up being a poisoned chalice. While Mergermarket reported that in the majority of cases cyber security issues were not enough alone to cause buyers to walk away from a deal, deal timelines and deal value can be significantly affected by cyber security issues.


Critical Strategies to Prepare for the Future with All-flash Storage

Because of the internet, technology has rapidly accelerated in the last 20 years. Making all this possible is a myriad of connected infrastructures that are the vital foundation that keep technology running. If we look back when the computer was first introduced mainstream, the entire back-end of it would be in the same room as the user. Today, the massive amount of data a computer produces and stores are far more likely to be in a datacenter on the other side of the country. While it may be out of sight – it should never be out of mind. Today’s modern datacenter needs to support the dynamic nature of modern businesses, including seamlessly scaling with growth and demand, delivering superior user experience so employees don’t see any downtime, and supporting the need for businesses to be agile in response to changing market requirements.


Rolling into the digital age: inside Rolls-Royce’s tech transformation

The IT function is focusing on product data and document management; integrated design, simulation and verification; lean engineering; and enabling IT capabilities such as high-performance computing and fast technical engineering PCs. This IT vision is allowing the company to move towards a completely digital design-and-test process for the aircraft engines it builds. Simulating the fan-blade-off test, for example, has provided more insight, helped the environment and reduced engine development time and costs, as well as the number of physical engines required to be tested. Rolls-Royce’s digital aspirations spread far and wide. The creation of a digital twin for the physical engine is allowing the company to move from engine health monitoring – which it has done for many years – to the merger of that data and other data on the aircraft to provide value-added services to airlines.


Google takes on IoT with Brillo and Weave

In addition to Brillo, Google is also fielding Weave, an IoT-oriented communication protocol. Weave is the communication language between the device and the cloud. Google Brillo is the OS for IoT products and Weave is built right in, explained Hanwook Kim, product manager for both. "Our vision is to make every device connected, smart, accessible and secure," he said. With something like 1.4 billion devices already running Android, Kim said Google Brillo and Weave are natural extensions. "We want to make it easy for developers to build connected devices in an open ecosystem," he said. "If you're building a new product from scratch or find that your current OS isn't providing the flexibility you need, Brillo could be a good fit." On the other hand, he added, if you're already using an OS or have an existing product, Weave can still be used to provide a way to connect your device to the cloud and other Google products.



Quote for the day:


"Make your mistakes, take your chances, look silly, but keep on going. Don’t freeze up." -- Thomas Wolfe


October 13, 2016

What have we learned from the Yahoo breach?

What have we learned from this or similar cybersecurity data breaches? And how much impact can a data breach cost an enterprise? According to the Ponemon Institute Study, the cost of a data breach varies by industry and the average per capita cost was $221 in the US with average total organizational cost at $7.01 million. The more records that are lost forces the departure of customers. In addition, the post data breach response costs go higher including helpdesk activities, communications, investigation, remediation, legal expenditures along with pressure from regulatory body interventions to review the cybersecurity preparedness and identify the gaps that resulted into the successfully data breach.


Number of women working in IT to rise by 2020

In future, IT departments will need to employ people with a wider range of skills, opening up new opportunities for women, Kris van Riper, practice leader at CEB told Computer Weekly. “There will be more people in the IT team with marketing background, maybe digital marketers; more people with customer experience background; more people who are business analysts, who are getting requirements from customers; and project managers,” she said. The trend follows a shift in the role of the IT department from a department that drives IT projects for business, to a department that acts as an advisor for other parts of the business that want to adopt digital technology. Research shows that companies with a more equal balance between male and female employees, particularly at senior levels, are more successful than those that are more male dominated.


Michael Dell Tells IT Leaders All They Need To Know About The New Dell Technologies

Cloud is a way of doing IT. Again, a little pattern recognition. If you go back to the mid 1990s where people were talking about the Internet, the questions were: What's your Internet strategy? Where's is your Internet product division? Where's your vice president of the Internet? Where is all that now? Well, it turns out that the Internet is everywhere. It's in everything, that's just how we do stuff. We get it, it's like oxygen. The cloud is actually like that, too. And this is why it's a bit of a confounding topic, because cloud is not just a place, it's a way of doing things. Within our family, of course, we have VMware, which has 500,000 customers who are all on this journey to some form of a private cloud, a hybrid cloud, a multi-cloud world where they're connecting all these things together.


Hackers abusing a 12-year-old flaw to attack the internet of insecure things

The IoT devices are being used to mount attacks “against a multitude of internet targets and internet-facing services, such as HTTP, SMTP and network scanning,” as well as to mount attacks against internal networks that host the devices. In many cases, there are default login settings such as “admin” and “admin” or other lax credentials to get to the web management console. Once attackers access the web admin console, they can compromise the device’s data and sometimes even take complete control of the machine. The attack itself is not new, but Akamai Technologies has seen a surge in SSHowDowN Proxy attacks in which IoT devices are being “actively exploited in mass scale attack campaigns.”


Security convergence in a utility environment

Organizations have begun to acknowledge the importance of detecting and preventing insider threats. Just as it is vital to have methods to detect external threats, it’s also important to protect your organizations assets and systems from unauthorized insider misuse or destruction. Physical security networks and IT infrastructures have been running as separate networks in years past. Since video monitoring systems and access control systems started using the TCP/IP open network, however, IT is being applied to the realm of physical security more often. Access control, such as card and biometric recognition, along with visitor management programs, all use an IT platform. Similarly, video management technologies (cameras, thermal observation units) gunshot detection, and intrusion alarms use related IT systems.


With IoT data, sometimes less is more

With so many IoT devices, apps, and services coming to market, more and more personal info is being captured, transmitted, and stored, yet much of this data is unnecessary to support the functionality of the device or service. You may think this is not a big deal, but the more personal data you have, the more resources your company will have to devote to protecting it. If there is a breach, the bad guys can extract a large amount of personal information about customers. The potential consequences range from identity theft and fraud of your customers to significant financial damage to your company’s brand. Once a month I get an email from my thermostat service, telling me how I compared to the previous month, to my neighborhood, and what external factors may have caused my energy use to change.


Why Insurance Companies Want to Subsidize Your Smart Home

In Madison, Wisconsin, insurer American Family has a 600-square-foot model home, complete with furniture, where it is testing out water sensors, cameras, and other devices. The company already offers a discount for customers who install the Ring video doorbell, because it acts as a deterrent to burglary. Sarah Petit, a director of business development, says that the company wants to expand the number of smart home devices it supports. So far, insurers’ dreams of rewiring how we look after our homes have been hampered by questions about privacy and security, as well as by incompatibilities between smart devices from different companies. Petit says the head of the Illinois Department of Insurance recently told her of concerns that data collected from consumers’ homes could be misused. And defining what counts as misuse can be difficult.


The combination of human and artificial intelligence will define humanity’s future

While we’re starting with HI+AI in health diagnosis, transportation coordination, art and music, our partnership is rapidly extending into co-creation of technology, governance and relationships, and everywhere else our HI+AI imagination takes us. .... Our connection with our new creations of intelligence is limited by screens, keyboards, gestural interfaces and voice commands constrained input/output modalities. We have very little access to our own brains, limiting our ability to co-evolve with silicon-based machines in powerful ways. Relative to the ease and speed with which we can make progress on the development of AI, HI, speaking solely of our native biological abilities, is currently a landlocked island of intelligence potential. Unlocking the untapped capabilities of the human brain, and connecting them to these new capabilities, is the greatest challenge and opportunity today.


CIO's move to chief customer officer role signals trend

The new role requires is a far more white-glove approach that provides personal attention. Lillie is "mapping" the journey for Equinix’ 8,000-plus customers, recommending appropriate services and modifying processes or IT systems to satisfy customers' business needs. If a customer recommends changes to a product, Lillie loops in Baack. "I make sure that that voice of the customer gets to Sara for inclusion in the product roadmap," Lillie says. Lillie says he anticipates facing challenges such as when an Equinix business line and its customer are at odds over product functionality. “I’m going to have to get them to see that that’s not how the customer sees it,” Lillie says. Forrester Research analyst Sharyn Leaver says the practice of promoting CIOs to chief customer officers may accelerate in the tech industry, where it’s common for IT leadersto purchase products from dozens to hundreds of vendors.


In Nokia city Espoo, robot buses now cruise the streets

After the pilot in Espoo, the buses will move to Tampere, central Finland, before the trials are put on hold for the winter months. The robot buses will return to the streets in the spring with the pilots continuing until 2018. The Finnish robot bus pilot comes as the race heats up to bring autonomous vehicles on the streets. ... The Finns see this wide interest in automated transportation as a major opportunity for the country. Traffic legislation in Finland is among the world's most permissive when it comes to testing autonomous vehicles, as a driver is not required to be inside the vehicle. Tommi Arola, ministerial adviser at the Finnish Ministry of Transport and Communications, says, unlike many countries, Finland's legislation doesn't define where a driver should be in a vehicle or require that their hands are on the wheel at all times.



Quote for the day:


"The lurking suspicion that something could be simplified is the world's richest source of rewarding challenges." -- Edsger W. Dijkstra