Daily Tech Digest - December 14, 2016

Public vs. Private vs. Hybrid Cloud - Exploring the use Cases

Despite some of the challenges and associated costs of the private cloud model, many bigger firms are compelled to choose private due to the security risks of public. The potential damage to a company’s brand and the loss of customer trust after a public cloud breach can exponentially surpass the costs of the private cloud. ... Implementing a private cloud securely can prove difficult unless you utilize the help of a third-party service. This is where a qualified IT consultancy such as TechBlocks can provide critical guidance on the best practices for implementation, and perhaps discuss the case for a hybrid public-private approach. ... The hybrid cloud is increasingly the path for organizations that desire a customizable approach with reduced maintenance costs and time. Pursuing a hybrid approach is often the path IT will take to convince upper management that the cloud is safe and a good option for critical data.


The mainframe is hindering application delivery

“Organisations face both business and technical challenges on the mainframe, preventing them from innovating and transforming into a digital business. To avoid issues with the mainframe, organisations are working around it, re-platforming, or modernising. However, each of these tactics creates new issues. The good news is that those companies embracing DevOps deliver faster and at a higher quality, all while fostering collaboration,” said Compuware CEO Chris O’Malley Compuware, which commissioned the study, has been aggressively leading the transformation of the mainframe into a fully Agile and DevOps-enabled platform where development, testing and operations processes can occur at the same rapid pace as they do on distributed and cloud platforms.


10 Clear Principles for the 96% that Need Culture Change

“Although it’s important to engage employees at every level early on, all successful change management initiatives start at the top, with a committed and well-aligned group of executives strongly supported by the CEO.” It is imperative for the top team to be on the same page regarding both why the change is necessary and “the particulars for implementing it.” The top leader or any member of the top team will dramatically undermine change efforts if they are directly or indirectly sending messages that are in conflict with the change effort. They must act in a different way that’s consistent with the change effort and visible to all. ... “Mid-level and frontline people can make or break a change initiative. The path of rolling out change is immeasurably smoother if these people are tapped early for input on issues that will affect their jobs.”


Advocate Congress establish a permanent joint committee on information technology

This joint committee was formed in response to both a dramatic threat and an incredible opportunity. The threat was the potential of nuclear war. The opportunity was the potential to use nuclear science to generate electricity to power cities as well as naval vessels, as well as opportunities to use nuclear science in medicine and industry. It was clear to congress at the time that success in response to the threat and success in gaining national benefit from nuclear energy would require a different way of doing things. So, the response was the United States Atomic Energy Act of 1946. For over 30 years the Joint Committee this act set up provided bi-partisan solutions broadly supported and widely credited with bringing unity of effort to many multiple complex activities.


DevOps capabilities vary widely by industry vertical

DevOps maturity varies according to the business sphere that companies occupy, and some are constrained by the characteristics of their markets -- from heavy regulation in the financial services and life sciences industries to stifling technical debt in the retail and media and entertainment sectors. Other markets, such as healthcare and transportation, face unique cultural challenges to bringing a DevOps mindset to the software development process. ... The philosophy of increased IT automation and collaboration between development and operations -- which, in some industries, are no longer separate groups at all -- is here to stay. "Consumers, empowered by rich software interactions with access to internet resources, have never had more power or choices," wrote Forrester Research analysts in their report "The State of DevOps Industry Adoption for 2016 -- Where's the Heat?"


Nine Questions to Ask to Determine IoT Device Safety

While IoT brings forth many benefits to consumers—from convenience to energy efficiency, to monitoring babies and locating lost pets—it also brings risk. ... These IoT devices were used them to take out the Dyn DNS Server this September. As a consumer, you might think… “why should I care if my device is involved in a DDoS attack? As long as it works, I don’t mind.” Well, some 20,000 residents in Finland found out the hard way why it matters, when their building’s IoT connected thermostats stopped functioning because the devices were enslaved to a botnet conducting a DDoS attack (By the way, it’s cold in Finland in November). Whether you are a consumer considering a connected device as a gift for the holidays, or a reporter about to review the next wave of IoT devices launching at CES, we have put together a list of questions you should ask before diving in:


Why soft skills outweigh hard skills for IT-business collaboration

The skills needed in IT change so frequently that businesses are more interested in finding qualified candidates with strong soft skills -- workers who can grow and adapt in a quickly changing landscape, says Palm. Qualified workers can always take a course or complete training in areas where they need more knowledge, but it's not as easy to teach someone how to be collaborative or to communicate effectively. Palm says she's seen an increase in applicants that fit this "t-shaped personality," which means "an individual has a broad set of skills, but only a few areas where the skillset goes deep." T-shaped workers are the type of employees who are "agile and able to rapidly adapt to new changes," she says. They constantly adjust to new and uncharted territory, learn new skills as needed and stay up to date on emerging trends.


Don't Like Russian Cyberspies? Tips To Stop State-Sponsored Hackers

“Customers are looking for a magical button to stop all these threats,” he said. Businesses will then buy the tools and assume they’re safe, when in reality they aren’t properly being used. For example, many businesses often fail to install security patches with their IT products -- including the antivirus software -- exposing them to hacks that otherwise could have been prevented. They may also ignore the warnings that pop up from security software, believing them to be a false positive. Or they’ll even forget to turn the software on.  However, in other cases, the businesses had limited expertise on staff to deal with the cyberthreats the security tools encountered. “If you buy the tools without hiring the right people, you are not going to solve your nation-state hacking problem,” Firstbrook said.


Blockchain – The Next Big Thing for Middleware

Fascinating new technologies are emerging these days. Everybody talks about cloud, containers, big data and machine learning. Another disrupting technology is blockchain. You might have heard about blockchain as the underlying infrastructure of Bitcoin. But Bitcoin is just the tip of the iceberg. This article explains the use cases and technical concepts behind blockchain, gives an overview about available services, and points out why middleware is a key success factor in this space. ... Welcome to the world of blockchain where smart contracts process such a scenario automatically and in a secure way. Governments in conjunction with global non-profit airline associations like International Air Transport Association (IATA), which “support aviation with global standards for airline safety, security, efficiency and sustainability,” could enforce airlines to compensate customers automatically as it is defined by law.


Google Tries To Advance IoT Security With Android Things

Android Things comes after the world got some more glimpses into how insecure many products can be. IoT devices were used to take down popular websites on the East Coast (and elsewhere) in October. Then in November, critical vulnerabilities were discovered in popular IoT cameras--a problem that repeated itself when backdoors were found in Sony's internet-connected cameras in early December. The IoT market had a bad couple of months. These issues have led to calls to improve the security of IoT devices. The problem is that many companies drag their feet in responding to problems, lack the infrastructure to push updates to devices that have already been sold, or simply don't care about the security of their products. Making sure these devices are safe for their owners and for the internet at large just isn't a priority for the manufacturers churning them out.



Quote for the day:


"Most people who sneer at technology would starve to death if the engineering infrastructure were removed." -- Robert A. Heinlein


Daily Tech Digest - December 13, 2016

10 brain teasing questions to ask when interviewing IT professionals

Tech companies are notorious for asking impossible interview questions meant to stump job candidates and demonstrate how they think on their feet. Google abandoned these types of questions several years ago, and executives later admitted that even they could not solve them, but several companies continue to use them as part of the interview process. These types of questions can either hurt or harm an interview, said Jen Teague, a small business staffing and onboarding coach. "When the interviewer has good grasp of the hiring procedures and what to look for, these can be very insightful as to how a candidate thinks," Teague said. "However, when they are added for no purposeful reason, they will turn away good candidates. These are really good for STEM-related fields but not usually as appropriate for other industries."


General Data Protection Regulation: the BC/DR impact

The regulation will impact any business, whether based in the EU or not, that holds the personal data of EU citizens. Moreover, the definition of ‘personal data’ is broad and could change as consumers continue to expand their online presence. Ultimately, it means that not only must organisations intensify their data protection efforts, they must do so for a large volume of data. In turn, organisations will need to extend their BC/DR efforts to cover this greater remit. And, as the pressure rises, so too do the stakes. GDPR is driven by two serious threats: reputational damage and monetary fines. Although you could argue that the former has always existed – with plenty of organisations having endured serious backlash from consumers following a data breach – the idea of financial penalties is new.


Never Stand Alone: Collaboration In The Face Of Cyber Threats

Information Sharing and Analysis Centers (ISACs), Information Sharing and Analysis Organisations (ISAOs) and communities of cybersecurity analysts work in a similar way, built on trust and the common desire for large-scale collaboration. Members agree on the rules and principles that govern community participation, including the level of anonymity and what data should be shared at what time. Shared goals and values as well as clear, agreed boundaries encourage initial collaboration, and as trust grows and working relationships expand, the collaboration occurs organically. It is in these dynamic, responsive relationships between like-minded experts where the value of these communities is demonstrated.


Hack of Saudi Arabia Exposes Middle East Cybersecurity Flaws

The extent of the damage isn’t clear, though two people informed of the security breach said it targeted the Saudi central bank, the transportation ministry and the agency that runs the country’s airports. One bright spot is that the Saudis have been able to restore some lost data via back-ups, recovering faster than they did after the 2012 strike, said one person familiar with the clean-up.  The central bank, known as the Saudi Arabian Monetary Authority, denied that its systems were breached. The country’s General Authority of Civil Aviation said damage to its networks was limited to some office systems and employee e-mails. While the assault was similar to the one that hit Saudi Aramco four years ago, the impact was “much smaller” and didn’t disrupt transportation or aviation services, said Abbad Al Abbad


Dozens arrested in international DDoS-for-hire crackdown

The arrests targeted buyers of DDoS-for-hire services, which get paid to flood websites or internet-connected systems with traffic, forcing them to go offline. In addition to the 34 arrests, law enforcement agencies interviewed and warned another 101 individuals. Many of the suspects were under the age of 20, the European Union police agency Europol said in a Monday statement. Most buyers of DDoS-for-hire services use them to pull pranks, often in online gaming. For example, a flood of traffic can be sent to a rival player’s IP address, severing his or her internet connection to a game. But DDoS attacks can also be used for more malicious purposes. For example, hackers have used them to shut down online businesses as part of extortion schemes.


The big data ecosystem for science: Physics, LHC, and Cosmology

Large-scale data management is essential for experimental science and has been for many years. Telescopes, particle accelerators and detectors, and gene sequencers, for example, generate hundreds of petabytes of data that must be processed to extract secrets and patterns in life and in the universe. The data technologies used in these various science communities often predate those in the rapidly growing industry big data world, and, in many cases, continue to develop independently, occupying a parallel big data ecosystem for science (see Figure 1). This post highlights some of these technologies, focusing on those used by several projects supported by the National Energy Research Scientific Computing Centre (NERSC).


Top 10 developments of 2016 in autonomous vehicles

"Automated driving developments in 2016 became more concrete," said Bryant Walker Smith, an expert in legal aspects of autonomous driving, "and I expect developments in 2017 to be even more so. More and more people in the field are saying, 'just do it already'—not to full automation anytime anywhere, but rather to specific pilot projects that will start to showcase high automation under limited conditions." And according to John Dolan, a principal systems scientist in the Robotics Institute at Carnegie Mellon University, "a major trend is the more intensive application of machine learning to autonomous driving." Michael Ramsey, autonomous vehicle analyst for Gartner, also contributed to the list, pointing to the first fatality of a semi-autonomous car as one of the biggest news items of the year.


Don't let your filters become blinders

As destructive as dirty filters can be in the public square, I can personally testify that, in business, they can be devastating. Especially when a company, division or team is struggling for one reason or another, as mine once was. It was that experience, in fact, that served as the genesis of our research exploring the reasons why companies succeed and fail. It revealed that internal misalignment is the number one issue with which struggling companies must deal, and anything that exacerbates internal division makes recovery less likely. In that sense we can become our own worst enemies. Most of us have come to understand the wisdom of filtering what we say (particularly in social media). But it’s equally important to be aware of our tendencies to filter what we hear, how we’re treated, and the reasons we ascribe to both.


10 outdated security tools that need to be replaced

One of the biggest ways to shift into this new era of security involves the relationships within the organization. In what West called ‘series’ management, he stressed the need for CISOs to work closely with the operations department. “The relationship with operations is critical to the success of any CISO,” West said. “I create relationships to make security work. Five years ago, this didn’t exist. The security person has never been asked to meet with the CSO or the management community. And today that happens all the time.” West explained that involves knowing what executives do and do not understand about the technical aspects of security risks. “If I can explain to them in a few minutes in language they understand,” he continued, “we can be successful at getting funding.”


Resolving the Disconnect Between IT Security and C-Suite Executives

Organizations need to adopt a different approach to security, one which understands that the goals of both IT teams and company executives are interconnected. Security goals and the strategies to meet them need to be set by top leadership, and specific security objectives should also be built into staff performance goals and supplier performance measurements to drive behavioral change. Implementing effectively security programs and improving the security awareness of both employees and partners can help companies better protect their assets and information, and avoid the fall-out from breaches, helping them meet their business objectives as well. Bridging the Communications Divide So how can this be accomplished? To overcome the communications divide between IT and executives, there needs to be active dialogue and continuous engagement between the two parties.



Quote for the day:


"We are all pretty bizarre, some of us are just better at hiding it, that's all." -- Andrew Clark


Daily Tech Digest - December 12, 2016

Improving security, efficiency, and user experience in digital transformation

With the costs of password protection—in time, risk, and dollars—mounting, enterprises are looking to implement flexible risk-based approaches: requiring user authentication at a strength that is commensurate with the value of the transaction being requested. Fortunately, as shown in figure 3, various technologies are emerging that can be combined in a way that satisfies enterprise risk tolerance and user flexibility at the same time. Emerging technologies such as blockchain17 are positioned to replace the vulnerability of the single password with multiple factors. Having multiple, cascaded gatekeepers fortifies security by requiring additional checkpoints. The more different proofs of identity required through separate routes, the more difficult it is for a thief to steal your identity or to impersonate you.


6 network and security trends you can expect in 2017

One trend that is appearing is the emergence of memory-resident malware. These ephemeral infections will not survive a reboot and be particularly difficult to forensically detect, but as more people leave their computers continuously running, this may be a successful attack technique. As malware defenses on enterprise and personal laptop computers becomes more prolific, the attackers will again shift their techniques. It is not difficult to predict that more attackers will shift to mobile malware. ... The IoT world has the problem of having a wide variety of protocols and standards, enterprises that lack skills with IoT systems, overly complex architectures, products with weak security features, weak security measures and operational immaturity. All of that leads to more security issues. We have already seen immense DDoS attacks sourced from vulnerable IoT devices, and it wouldn’t be going out on a limb to predict even more in 2017.


Goldilocks, serverless and DevOps: Five predictions for IT in 2017

Service-oriented architectures are nothing new. Service-based applications allow large, complex applications to be owned and managed by a distributed development and operations teams, often used hand-in-hand with DevOps organisational models.  However, two questions that have long plagued service oriented architectures are: how large should your services be, and how many should your application use? If you make your services too large, you miss out on many of the advantages of these scalable distributed architectures. Too small, and your inter-service architecture becomes unwieldy.  What this means is that, in recent years, there has been a trend to build applications using microservices. The idea being the smaller the service, the easier it is to maintain, and the more distributed development teams can be.


Teenage DDoS users targeted by international law enforcement operation

"Today's generation is closer to technology than ever before, with the potential of exacerbating the threat of cybercrime. Many IT enthusiasts get involved in seemingly low-level fringe cybercrime activities from a young age, unaware of the consequences that such crimes carry," says Steven Wilson, head of Europol's European Cybercrime Centre. "One of the key priorities of law enforcement should be to engage with these young people, to prevent them from pursuing a criminal path, helping them understand how they can use their skills for a more constructive purpose." The operation took place from 5 December to 9 December 2016 and involved Europol working alongside law enforcement from Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom, and the United States.


Singapore’s ‘city brain’ project is groundbreaking -- but what about privacy?

A city's traffic management system, perhaps years old, could be matched, sliced and diced with air pollution readings running in a separate silo, for example. Such a system could be set to permit the most congested traffic artery associated with the worst pollution to be freed up by giving green lights to the cars that are waiting the longest and are pumping out the most carbon dioxide pollutants. However, the state of the art with city brain technology is not yet that advanced. Most city officials would be happy simply to be able to monitor what's going on in disparate areas of a big metropolis more or less in real time, instead of waiting days or weeks to hear about conditions from various public works department heads.


Juniper CIO: Cloud Migration ‘Inevitable’

You have to understand there’s a tipping point where at a certain scale it might be cheaper to run on premise than in the cloud. Offsetting that risk may require new skill sets in IT. For us, one has always been around vendor management. With cloud computing, you have to be really careful with those monthly bills and acknowledge and invest in the skills necessary to review the monthly bills and keep your usage charges appropriate. So there’s an investment of time and effort there. ... We’ve been saying for years that IT is moving from an organization that used to build things to an organization that now integrates things. If you’re in the business of integration, that implies you have some piece of middleware or piece of technology that stitches all of this together and delivers it seamlessly to the end users. That skill set and technology is the center point of our solution and our approach.


5 enterprise-related things you can do with blockchain technology today

On the internet, famously, no one knows if you're a dog, and on the internet of things, identity can be similarly difficult to pin down. That's not great if you're trying to securely identify the devices that connect to your network, and it's what prompted the U.S. Department of Homeland Security to fund a project by Factom to create a timestamped log of such devices in a blockchain, recording their identification number, manufacturer, available device updates, known security issues, and granted permissions. That could all go in a regular device-management database, but the DHS hopes that the immutability of the blockchain will make it harder for hackers to spoof known devices by preventing them from altering the records.


The human attack surface, counting it all up

The path of least resistance for black hats are non-technical hacks that rely on tricking humans into revealing their login credentials and passwords. With that in hand, cyber thieves proceed to steal personal identities and money. How many humans are we talking about? Microsoft estimates that by 2020 4 billion people will be online — twice the number that are online now. The 500 largest U.S. corporations by revenues which appear on the Fortune 500 employed 27 million people in total last year - about 17 percent of the nation's workforce. The world's 2,000 largest publicly traded companies which appear on the Forbes Global 2000 account for approximately 87 million employees. Employees at large corporations are especially attractive to hackers who are after personal identities, which can be sold in black markets on the dark web.


Malware, Hacking Is A Serious Game, But Security Experts Warn Against Panic

Advances in technology also advance the methods security teams use to uncover hidden issues. Such efforts have lead Qualcomm and HackerOne to collaborate on bounty program, which will employ white hat hackers and award up to $15,000 to those who can penetrate systems run by Qualcomm-based chipsets and modems to uncover vulnerabilities and report their findings. With several headsets now on the market, virtual reality and augmented reality are expected to be among the top trends of 2017, and as a result could also represent the next frontier in cyber vulnerabilities. ... “We can say with certainty that there will be vulnerabilities that people haven't thought of yet,” Rice said. “It's important to continually approach it with that mindset of ‘there's something here that we've overlooked, let's be vigilant, let's be ready for it.’”


The 7 Most Sensational Breaches Of 2016

Remember when mega-breaches of hundreds of millions of people's credit card numbers seemed to be the worst attackers could throw at enterprises. What a quaint time that was. This last year has seen a drastic drop in those kinds of wholesale breaches. Nowadays the numbers don't look nearly as dramatic, but the implications of breaches are actually much more serious. In 2016 the most impactful hacks and exposures directly lead to tens of millions in fraudulent money transfers, potentially impacted national elections, and got enterprise executives sacked from their jobs.  Ericka Chickowski specializes in coverage of information technology and business innovation.



Quote for the day:


"Life isn't about finding yourself. Life is about creating yourself." -- George Bernhard Shaw


Daily Tech Digest - December 11, 2016

Why Deep Learning is Radically Different From Machine Learning

There is a lot of confusion these days about Artificial Intelligence (AI), Machine Learning (ML) and Deep Learning (DL). There certainly is a massive uptick of articles about AI being a competitive game changer and that enterprises should begin to seriously explore the opportunities. The distinction between AI, ML and DL are very clear to practitioners in these fields. AI is the all encompassing umbrella that covers everything from Good Old Fashion AI (GOFAI) all the way to connectionist architectures like Deep Learning. ML is a sub-field of AI that covers anything that has to do with the study of learning algorithms by training with data. There are whole swaths (not swatches) of techniques that have been developed over the years like Linear Regression, K-means, Decision Trees, Random Forest, PCA, SVM and finally Artificial Neural Networks (ANN). Artificial Neural Networks is where the field of Deep Learning had its genesis from.


What is fog computing and what does it mean for IoT?

Fog computing refers to decentralized computation at the edges of the network, as opposed to being centralized in data centers. By distributing computing to the edges, the results will be sent to the cloud, not the raw data itself. This shift in paradigm will tremendously reduce the need for increased bandwidth and computational power in the cloud. Centralized computing in the cloud has provided several benefits for enterprises. Scalability, easy pricing schemes and minimal upfront cost are among the big ones. However cloud computing have certain disadvantages. Foremost latency and delay jitter, as well as there being a higher probability for security breaches when large amounts of data is moved through networks. Fog computing greatly reduces the amount of data being sent to and from the cloud, reducing latency as a result of local computation while minimizing security risks.


How Can Community Banks Keep Up With Customer Demands?

Customers expect that they can carry out even quite complex queries and transactions on their own terms. AI advances allow sophisticated Natural Language Processing and continuous improvement through Machine Learning. This will be the subject of future post because I consider this to be one of the most exciting and promising technology areas for community banks. Benefits include greater customer satisfaction, deeper relationships, cross-selling opportunities, and reduced personnel expense. ... Robadvisors are becoming sophisticated enough to be highly valued assistants for financial advisors. Community banks that offer wealth management and investment advisory services will benefit significantly. They will see increased customer interaction and deeper advisory abilities.


Are You Driving Your WAN? Learn to Embrace SDN

More is needed. No fork-lift upgrades, no more proprietary “boxes.” True SDN will be provided as software running on standard servers or virtualized only. The addition of SDN will be in a non-disruptive manner to allow partners to move as quickly or as slowly as their need determines. All current systems will be unaffected by the additions of SDN. Whether or not all these systems will be needed after implementing SDN, will be a decision that can be made at a future time. SDN offerings need to be flexible as well in implementation objectives. Both Layer 2 and layer 3 products should be available to address all possible scenarios and when used in conjunction can address not only major location connectivity, but also connectivity for road-warriors, work-at-home, the Internet of Things (IoT), and supervisory control and data acquisition (SCADA). This ensures a holistic approach — the SDN offering must have options for office locations and individual devices.


A Strategic Perspective On Blockchain And Digital Tokens

Digital tokens and blockchains, two distinct but complementary technologies, waste cheap storage to give data the continuity of real-world assets. Bitcoin is just the first application. The technologies are far from mature, but if scalability limitations are overcome, they will have long-term disruptive potential in complex transaction networks such as trade, health care, and the Internet of Things. And it is by no means obvious that traditional intermediaries will be able to control them. This essay outlines how the economics of transaction costs and trust could be reshaped by tokens and blockchains and by the stacked architecture on which they are built. The aim is not to prescribe exactly what leaders should do (every business is unique, and the devil is in the details) but to provide a strategic context to help executives frame the right questions.


Smart Cities of the Future: An Innovation or Intrusion?

An interconnected city grid of traffic and pedestrian cameras offers a wealth of actionable Big Data. As an example, in the Dutch city of Rotterdam, “the traffic authority monitors about 22,000 vehicle movements every morning, while the regional environment agency produces hourly data about air quality from sensors across greater Rotterdam resulting in over 175,000 observations per year.” In addition to better managing traffic and public transit, as well as controlling pollution, proponents highlight the ability of such data to enable enhanced policing, crowd control, and even public sentiment monitoring. However, others express grave concerns about the potential for abuse in such systems, especially given the integration of smartphones into connected apps utilized by many smart cities.


12 Interesting Big Data Careers That Everyone Should Know

A study says that data science is going to open up as much as 10 million jobs in this decade. Now, since you already know there are many opportunities, how do you leverage your skills to tap into it? First and foremost look at what skills define you. Is it your expertise, your visualization skills or managing skills that you not only demonstrate but also enjoying working? Once you're through with it, work towards it and learn from the different software languages that are trending in the industry and are in high demand. Take up certification courses that can give the much-needed edge. After your build, your portfolio with technical skills, a broad range of data job profiles can help you settle in and earn a six figure salary. Beyond software industries, many industries like retail, manufacturing are turning to big data to ease the process of making efficient systems.


Managing Cultural Differences in your Distributed Team

Dutch are very open, however, people in Asia tend to be less open, especially when authority is involved, i.e., “I’m not going to contradict my boss or project manager”. That may be seen as disrespectful. If the boss is in the West and I’m in the East, then my Western boss in turn will keep asking me to be more open or proactive. And I might get confused, because I’m not used to being allowed or even stimulated to voice my ideas. If my boss tells me “This is the way to do it,” I’d rather do that exactly, even if I think it’s a crazy idea. This behavioral difference impacts most of the agile ceremonies. For example, in sprint planning if a product owner asks 'Can you take more user stories?', regardless of the possibility, people in some Asian cultures tend to say "Yes" always, which defeats the whole purpose of doing planning


Here are some best practices for preventing DDoS attacks

"While DDoS attack prevention is partly a technical issue, it is also largely a business issue," said Rachel Kartch, analysis team lead at the CERT Division of SEI, a federally funded research and development center sponsored by the US Department of Defense and operated by CMU, and author of the DDoS post. In general, organizations should begin planning for DDoS attacks in advance, Kartch noted in the post. "It is much harder to respond after an attack is already under way," she said. "While DDoS attacks can't be prevented, steps can be taken to make it harder for an attacker to render a network unresponsive." To strengthen resources against a DDoS attack, it's important to make the architecture as resilient as possible, Kartch said. "Fortifying network architecture is an important step not just in DDoS network defense, but in ensuring business continuity and protection from any kind of outage or disaster situation," she said.


IoT in the Cloud: The Next Phase of Enterprise Infrastructure

While cloud-based IoT infrastructure is usually viewed as the next phase in tech-savvy markets, many developing nations are looking at it as a way to propel their economies into the 21st century without having to recreate decades’ worth of data center infrastructure. Systems developers like Fujitsu are hoping to tap these markets with turnkey solutions that allow organizations to launch full-scale IoT environments with relative ease and low start-up costs. The Fujitsu Cloud IoT Platform provides a broad set of APIs and a user-friendly dashboard to enable a high degree of customization and continuous development as technologies and markets evolve. Fujitsu also has a large managed services portfolio that focuses on providing solutions to clients rather than loading them up on technology.



Quote for the day:


"You never change things by fighting the existing reality. To change, build a new model that makes the existing model obsolete." -- @JamesSaliba


Daily Tech Digest - December 10, 2016

Three Ways To Reinvent For The Fourth Industrial Revolution

Education institutions at all levels need to adopt an inclusive growth mindset that embraces change. New curriculums are needed that teach technological literacy, equipping students with the skills needed to succeed in this new era of digitally computer assisted design and manufacturing. Programming, technology- and user-experience design, and equipment operation and management will be valued skills, along with cognitive abilities like creativity and logical reasoning. This extends beyond the classroom. Needed skills will continue to evolve throughout a person’s career. As more jobs are automated, employers must commit to providing their employees the tools and on-the-job access to learning that are necessary for future success.


IoT Is A Security Mess And Regulators Are Paying Attention

The next generation of IoT devices will probably have better security and privacy protection baked in, but there will still be billions of insecure devices out there from before – devices like smart doorbells, with longer life cycles than mobile phones – which are easy pickings for hackers looking to gain entry to a network, LeBlanc said. And in toto the data that can be pulled from ubiquitous sensors is also far more comprehensive and personal than what can be obtained from online browsing behavior. “It’s true that you can track everywhere someone goes on the web, but with IoT you can track where someone works, what food they eat, how long they exercise for, how much electricity they consume,” said Heather Zachary, a partner at law firm WilmerHale. “It’s a full picture of your entire life and that’s only going to become more the case.”


Usability and security key to payments via the Internet of Things

It is not realistic to expect device manufactures to equip all devices with bank-grade security. However, it is still essential to secure payments and money movement activities from the devices connected to the Iot. Doing so will require securing the device itself, apps on the device as well as creating layers of security beyond the device – such as into the cloud – as part of a multi-layered approach to security. To break this down, we can think about the two primary ways payments are initiated via the IoT – by a person or by the device itself. If a person initiates a payment from a device it is quite possible they are using an app intended for the purpose of making payments – accessing online banking from their connected car to make a bill payment, for example.


Changing enterprise architect role opens new doors, closes others

The enterprise architect role is particularly important in businesses with a hybrid cloud strategy, he said. "The enterprise architect must provide the vision on how to maintain a consistent approach to delivering IT services across all these platforms, while providing a unified approach to foundational IT components," Carroll said. This will also include providing secure, consistent access to these applications. Carroll said he envisions the new enterprise architect functioning essentially as a cloud and mobile services leader for the business, choosing the appropriate platforms and creating a clear vision for the use of cloud and mobile technology.


The future of AI is humans + machines

From being able to scan information ranging from school records to social media posts and then pulling the information into an initial pass/no-pass decision to weed through candidates is only the first step. Intelligent agents will eventually be able to look at a mass of available candidates and rank order them against existing job requisitions ranking them by whether they are internal or external, by education and experience, and by personality and work ethic. Thereby, the top three that you actually interview or recruit will not only meet the hard qualifications of experience and education, but the soft qualifications of personality and ethics.  This isn’t just about selecting the employee, it is about monitoring them and their interaction with management.


Many organisations falsely equate IT security spending with maturity: Gartner

Explicit security spending is generally split among hardware, software, services (outsourcing and consulting) and personnel. However, any statistics on explicit security spending are inherently "soft" because they understate the true magnitude of enterprise investments in IT security, since security features are being incorporated into hardware, software, activities or initiatives not specifically dedicated to security. Gartner's experience is that many organizations simply do not know their security budget. This is partly because few cost accounting systems break out security as a separate line item, and many security-relevant processes are carried out by staff who are not devoted full-time to security, making it impossible to accurately account for security personnel.


6 Cyberthreats Keeping CIOs Up At Night

In a distributed denial-of-service (DDoS) attack, an attacker sends a massive amount of requests to a target computer or network resource, from multiple, distributed devices across the internet — for example, sending seemingly legitimate HTTP requests to a website. The traffic overwhelms the resources available to the web server or application, making it inaccessible to customers. DDoS attacks often use botnets — thousands of devices connected to the internet of things (IoT) — to amplify the scale of these attacks. These attacks can hit retail sites particularly hard in the pocketbook, preventing customers from doing business. Hackers may also use DDoS attacks to distract IT while they simultaneously try to compromise other parts of a company’s network, Barbounis said.


China’s Cybersecurity Law: Game over for foreign firms?

The new law formalises several key requirements, namely: That a potentially wide range of companies censor ‘banned’ information, and demand real name registration of their users – that is, for services like instant messaging – in order to restrict online anonymity; “Critical information infrastructure operators” must store “personal information and other important business data” inside China. This need only be data related to Chinese operations, but the terms remain vague enough for them to apply to a wide range of data and companies. Those wanting to transfer data outside China need to pass an additional security assessment; Organisations monitor and report any “network security incidents” and provide “technical support” to help in investigations. This could mean providing the authorities with access to communications and so on.


Reinforcing cyber security strategies with cyber insurance

Cyber insurance can help to strengthen comprehensive cyber security strategies to minimise the impact of disruptive events. Most of these policies cover liability and the costs associated with dealing with a breach or attack. These include the cost of restoring data; business interruption; dealing with privacy breaches such as identity theft and payment fraud; network breaches; public relations expenses; and even money paid to cyber extortionists or cyber terrorists. Policies may even cover legal liability to third parties, including fines and penalties. Despite its usefulness, cyber insurance remains relatively unknown among businesses of all sizes. Further, many security professionals are unaware it exists.


Electronics-sniffing dogs: How K9s became a secret weapon for solving high-tech crimes

Similar to drug or arson detection dogs, electronics detection dogs are trained to recognize a chemical odor, and to sit when the odor is present, in order to alert their handler. When the dog correctly identifies an odor, he or she gets food. Officers begin training the dogs to identify large amounts of the compound, eventually using less and less. They place devices with the odor in different boxes, and expand the training into different rooms. The Connecticut program spends five weeks imprinting the dogs with the odor and teaching them how to do their job, and then six weeks training them to work with their handlers, Real said. "We teach them everything from searching people, boxes, bags, vehicles, outside," Real said. "Anywhere these dogs might be asked to search, we train them to work in that environment."



Quote for the day:


"The most successful people are those who are good at Plan B." -- James Yorke