Daily Tech Digest - February 04, 2017

Data Science: Identifying Variables That Might Be Better Predictors

The data science team embraced the iterative, “fail fast / learn faster” process in testing different combinations of variables and metrics. The data science team tested different data enrichment and transformation techniques and different analytic algorithms with different combinations of the variables and metrics to see which combinations of variables yielded the best results ... The challenge for the data science team is to not settle on the first model that “works.” The data science teams needs to constantly push the envelope and as a result, fail enough in their testing of different combinations of variables to feel personally confident in the results of the final model. After much testing and failing – and testing and failing – and testing and failing, the data science team came up with an “Attrition Score” model that had failed enough times for them to feel confident about its results


The Next Step in Finance: Exponential Banking

“Conversational interfaces” that improve the users’ experiences; “Automated Complex Reasoning,” which permits totally automated decision making; and “Deep Learning,” anticipating more advanced systems for fraud detection, are key cognitive technologies for the development of banking. As well as “risk scoring,” the definition of dynamic clusters of customers, the construction of artificial stress scenarios, and much more. And artificial intelligence is fundamental for the development of natural-language processing, which allows computers to maintain a conversation with human beings. This would enormously accelerate customer digitalization. On the other hand, user convenience calls for much more global and integrated solutions to their needs, and that this will be achieved through platforms combining products and services from different providers.


Friend or Foe? Why fintech and banks need each other

While the popular view is that few entrepreneurs want to tie up with a large, traditional corporation, the smartest and most ambitious innovators see the benefit of working with a leading financial institution to amplify the reach of their game-changing technology. On the flip side, some might assume that big, more risk-averse financial institutions would shy away from embracing innovation from a startup that thrives on failing fast and cheap. But the truth is banks embrace trends and technology that benefit their customers. And, speed-to-market is the new bank lexicon. That’s why Wells Fargo created a startup accelerator in 2014. Think of it like startup speed dating — we’re providing a framework and structure to nurture relationships with the startup community. The program mentors startups as they work to bring potential breakthrough technologies to financial services and other sectors.


How to mitigate containerized microservices risks

"Some people literally want to lift and shift," said Bryant. That is often a motivation for moving into the cloud, as organizations want to strip themselves of the burden of maintaining large datacenters, or even simply avoid spending millions of dollars upgrading legacy servers. Or perhaps the goal is to simplify the maintenance and enhancement of existing SOA applications, a motivation that commonly drives the adoption of microservices, and often the adoption of container-based architectures that use technologies like Docker and Kubernetes. Understanding the underlying goals that are motivating the move to cloud computing or containerized microservices is important, but equally important is being able to objectively know if the goals have been achieved when the migration is done.


Internet of Things: Setting business vision on speed and agility

Delivering on this IoT vision demands that CIOs, CDOs and CTOs catalyze a fundamental change in how their organizations develop applications. The IoT-driven applications that truly transform business are expected to be those that are developed with speedy, agile, team-based practices. And, in turn, those practices require that your IoT app development teams—which should include business analysts, data engineers, data scientists and subject matter specialists—share a common, cloud-based collaborative platform. This development environment should be built on a high-performance data lake and span a hybrid architecture that’s equally capable of handling structured and unstructured data. It needs to also support agile building, testing, refinement and deployment of analytics algorithms into myriad IoT deployment roles, both at the edges and in the cloud.


Enterprise Architecture will increasingly take over from the IT function

EA has to select, together with the business, the SaaS, FaaS, IaaS, PaaS, iPaaS, and business service solutions that integrate best and minimise unnecessary diversity by standardising on certain clouds and services. It also has to also align the information formats at the interface level because each outsourced component may have its own format. Yet, note though that the technology behind the IT cloud services is not really visible to the Enterprise and relevant to its architecture and as such IT needs not be documented in detail. But, while the IT decisions remain in the jurisdiction of each company, because companies in the value chain remain still autonomous, the virtual cloud enterprise Governance function, may still aim to coordinate with long term partners the harmonisation of information formats and cloud approaches in order to reduce unnecessary variation of cloud suppliers standards and technology to obtain overall economies of scale, minimise duplication and integration issues and align information format.


How to use Cortana to perform file management tasks in Windows 10

While this article isn't about the Echo, I bring it up because while I was waiting for my unit to arrive, I was reading everything I could find about it on the Web. As I did, my interest in digital assistants was reinvigorated and I delved back into investigating Cortana on my Windows 10 system. I had played around with it a couple of times in the past, but since I have an iPhone, I use Siri for directions, weather, reminders, music, and impromptu internet searches. I never really found it compelling to use Cortana for those types of things while sitting at my desk. However, I decided to give Cortana a second chance and found that she does a nice job of providing me with the same types of features that I've grown accustomed to with Siri on my iPhone. Now, I haven't yet attempted to add Cortana to my iPhone, but I just might do that sometime.


From a DevOps bottleneck to a DevOps partner

Organizations can deliver apps faster and with higher quality by following by following an agile framework, but they also need to leverage DevOps tools that automate the process of moving code from Development to Operations. Sticking with our CNN Politics app example, one sprint would include developers writing APIs, application programming interfaces that are the building blocks of digital transformation, to request CNN polling data. Developers use a fast, distributed source control system such as Git, and synchronize local filesith a remote repository such as GitHub. The API code is checked into GitHub, which continuously integrates the code with a DevOps tool such as Jenkins, which automates software builds and may orchestrate with other tools to test and deploy code to an application server running in a production


How Google's Amazing AI Start-Up 'DeepMind' Is Making Our World A Smarter Place

Perhaps DeepMind’s most famous accomplishment so far is being the brains behind AlphaGo, the first computer program to beat a professional human player of the board game Go. AlphaGo was developed by feeding DeepMind’s machine learning algorithms with 30 million moves from historical tournament data, and then having it play against itself and learn from each defeat or victory. DeepMind’s work is based on a solid grounding in neuroscience. Two of the founders – Demis Hassabis and Shane Leg - met while undertaking research at the UCL’s computational neuroscience unit, and Hassabis has a PhD in the subject. This has underpinned their strategy of developing AI by teaching computers to mimic the thought processes of our own brains, in particular how we use information to make decisions and learn from our mistakes.


Q&A on The Great ScrumMaster

At a certain point of being agile, the traditional methods for achieving the next state fail because they are not based on self-organization and don’t see the organization as a system but as a hierarchy. The methods that were useful on the previous two levels of the #ScrumMasterWay model, such as organizing workshops, explaining, bringing in new concepts, and coaching at the team level are failing as the organization is already too complex. You would have to experiment, be playful and curious, and try different things to stimulate reactions. The system will give you some feedback, and all you have to do is to believe that every system is naturally creative and intelligent, so the people in that system don’t need you to tell them what to do. They will find out. However, they might not see it in the first instance, so they need you as a coach to challenge their status quo and reveal to them what you have seen from your different viewpoint.



Quote for the day:


"There is no monument dedicated to the memory of a committee." -- Lester J. Pourciau?


Daily Tech Digest - February 03, 2017

These 10 cities have the worst malware infection rates in the US

Malware attacks are on the rise across the US, but some cities are more susceptible than others, according to a recent report from Enigma Software Group (ESG). In 2016, Tampa, Orlando, and St. Louis each had malware infection rates per capita more than five times the national average—the highest in the US, the report found. ... "The important thing is that people in these cities, and everywhere else for that matter, need to always remain vigilant against malware, spyware, and other nefarious online activity." ESG compiled malware detection data from its SpyHunter anti-spyware software in the 100 largest cities in the US in all of 2016. Enterprises should be on the lookout for ransomware attacks in particular: Nearly half of businesses report that they were the subject of a cyber-ransom campaign in 2016, according to a recent Radware report.


Global Application and Network Security report finds ransom is top motivation for cyber attacks

“The intent of today’s threat actor is to develop the best tools possible to either disable an organisation or steal its data,” said Geenens. “While businesses focus on delivering the highest value to their customers, they will also have to stay vigilant and ensure they are able to meet the security challenges they will likely face. Security must be woven into the customer experience for a company to truly succeed. Without this change in thinking, organisations will remain vulnerable.” Radware’s Emergency Response Team (ERT), which actively monitors and mitigates attacks in real-time, creates this annual report for use by the security community. The ERT team compiles this report using a combination of data from a vendor-neutral survey of organisations, Radware’s in-the-trenches experience fighting cyber-attacks, as well as the perspective of third-party service providers.


IT execs: Most sought-after skills aren't IT-focused

There are lots of technologies that are developing, but coding, to my mind, is primarily syntax. [I try to] find somebody who's a good problem solver, who knows how to take a problem, break it down into pieces and get to a solution. Whether they're doing that in Java code or in Python or in CSS or in whatever the next JavaScript technology we're going to roll out to market is going to be, that's syntax that smart people can learn.  If I can find people who are great problem solvers and who are really aggressive learners [that] constantly want to be playing and learning with new things, [those] are the [people] that are going to be the best to build into my team. That's a team that I can point at any problem, even one that I can't anticipate, and any technology -- even one that I haven't seen -- and know that they're going to be able to pick it up and carry it to a new place.


Attention to cyber-security is becoming daily routine in the C-suite

Nearly half (45 percent) said the responsibility for monitoring “immediate risks to cyber-security” rests with those who are directly in charge of cyber-security (meaning cyber teams). Thirty-three percent picked either C-suite or both (meaning cyber teams and C-suite). When asked about responsibility for “emergent risks to cyber-security”, responsibility resting solely with the cyber team fell to 30 percent and the portion of respondents who picked C-suite or both jumped to 46 percent. Widespread social issues present business risk for companies around the world. Whatever the underlying causes of insecurity may be, they manifest themselves in many ways, physical and cyber-threats among them. Executives are confident in political authorities' ability to mitigate the causes of insecurity, but there remain opportunities for companies to address their exposure to the threats motivated by insecurities.


A value stream mapping process is best under a DevOps approach

Value stream mapping usually starts with the product person or team as they are the direct line to the customer, Alley said. The process moves through the development lifecycle, QA testing, release and operations, and how the IT team monitors and manages this product or feature after release. The value stream doesn't end there; it looks down through deployment and up at the customer to see if the project achieves its goals. The value stream mapping process assembles everyone involved with a workflow into the same room at the same time, to clarify their roles in this product delivery process and identify bottlenecks, friction points and handoff concerns. Value stream mapping reveals steps in development, test, release and operations support that waste time or are needlessly complicated.


Convert your big data into beautiful graphics with Google’s Data Studio tool

Part of the Analytics 360 suite that Google Inc. revealed earlier this year, Data Studio provides enterprises and small businesses alike with a simple, user-friendly interface that lets them build living charts and graphs using their analytics data. “One of the fundamental ideas behind Data Studio is that data should be easily accessible to anyone in an organization,” developers Nick Mihailovski and Nathan Moon wrote in a May 25 blog post announcing the American version of Data Studio. “We believe that as more people have access to data, better decisions will be made.” In addition to the main subscription-based program, American users can access a free version of Data Studio that limits each account to five reports, though both versions allow access to unlimited data and report viewing, editing and collaboration. A Canadian beta version has since been released.


RSA 2017: The Internet of Things security threat

IoT gear doesn’t exist in isolation, so attackers will seek ways to compromise other devices that they interact with in an effort to affect their usefulness, according to Anthony Gambacorta, the vice president of operations at Synack, who is speaking at the conference. He’ll present specific examples to look out for including products such as IoT’s relationships with cloud servers and mobile applications. Using data that IoT devices gather as legal evidence poses its own set of problems, which include preserving the data and its integrity, and analyzing it for incident investigations and to present as evidence in court. The nuances of these emerging needs will be examined by attorney Erik Laykin of Duff & Phelps LLC. Security luminary Bruce Schneier will offer up two sessions about regulating IoT devices, which are woefully insecure, some say because they are not held to any set of security standards.


Mesh networking: Why it's coming to a home or office near you

Increasing your range is only one advantage to mesh networking. You also increase your network stability. With a mesh, even if one node goes down, you still have a working Wi-Fi network. In addition, a mesh can deliver more bandwidth on average to each device and deal better with heavy-traffic congestion. Setting up a mesh network used to require either high-end equipment or considerable networking skill. Today, you just need to buy the gear, plug it in, and run a simple setup routine. Unlike ordinary routers, though, you're more likely to set up mesh gear from an Android or iOS program instead of a web page. Most mesh networking packages comes in sets of three nodes. 802.11s enables you to expand to dozens. But there are limits. The more nodes you have, the more hops are needed to send messages between devices. The result is increased latency and poorer bandwidth


New Chrome Beta Feature Looks To Make Web Apps As Powerful as Native Ones

This could be the future of Mobile: Apps on Android are changing. A couple weeks ago, Google began testing its new Instant Apps that let users interact with aps without needing to download them in the Play Store, but Progressive Web Apps takes that concept one step further. Not only do they eliminate the Play Store middleman altogether, they let developers build powerful apps right in Chrome and deliver them quickly without the hassle of downloads and updates, or concern about compatibility. Native apps have served us well (and likely will for years to comes), but Google is already thinking beyond the present implementation of apps to a future where everything is instant and connected.


Protecting your critical digital assets: Not all systems and data are created equal

In determining the priority assets to protect, organizations will confront external and internal challenges. Businesses, IT groups, and risk functions often have conflicting agendas and unclear working relationships. As a result, many organizations attempt to apply the same cyber-risk controls everywhere and equally, often wasting time and money but in some places not spending enough. Others apply sectional protections that leave some vital information assets vulnerable while focusing too closely on less critical ones. Cybersecurity budgets, meanwhile, compete for limited funds with technology investments intended to make the organization more competitive. The new tech investments, furthermore, can bring additional vulnerabilities.



Quote for the day:


"My great concern is not whether you have failed, but whether you are content with your failure." -- Abraham Lincoln


Daily Tech Digest - February 02, 2017

These are the threats that keep me awake at night

The concept of threat intelligence is sound: Use another organization’s discoveries about potential threats to augment your own security. The problem is that the quality of threat intelligence data is highly variable. Those who rely on it without the proper vetting may make matters worse and not better. As an example, many organizations applied the indicators of compromise provided by the U.S. government as part of the Grizzly Steppe investigation to their own monitoring systems. Burlington Electric was one such organization, and it quickly identified a PC with activity matching information in the government alert, causing a media storm related to the U.S. electrical grid being "hacked." Sadly, some of the information in the alert turned out to be inaccurate, and much time was expended investigating an employee who had innocently checked his Yahoo email.


Data from pacemaker used to arrest man for arson, insurance fraud

A man has been charged for arson and fraud after law enforcement used data gleaned from his pacemaker to uncover an alleged plot to cheat his insurance company. ... Suspicions were aroused when Compton's statements did not seem to match up with how the blaze begun, especially after he told a 911 dispatcher that after spotting the fire, he packed a number of suitcases and threw them out of his bedroom window after breaking the glass with a walking stick. Compton has medical conditions which include an artificial heart linked to an external pump. According to court documents, a cardiologist said that "it is highly improbable Mr. Compton would have been able to collect, pack and remove the number of items from the house, exit his bedroom window and carry numerous large and heavy items to the front of his residence during the short period of time he has indicated due to his medical conditions."


How Machine Learning Can Improve Healthcare Cybersecurity

Currently SIEM technology is considered one of the most advanced types of infrastructure cybersecurity. SIEM aggregates event data from all solutions across an IT infrastructure and applies security analytics in real-time for the earliest possible security threat detection. Introducing machine learning into enterprise cybersecurity will separate and integrate SIEM log-based methods with other UEBA. Machine learning will allow this process to be unsupervised, eliminating breaches caused by human error. Machine learning has proved useful in healthcare analytics, with providers and vendors looking to apply the technology to security solutions to protect clinical health data store on-premise and in the cloud. ... "This radical transformation is already underway and is occurring as a response to the increasingly menacing nature of unknown threats and multiplicity of threat agents," Pavlakis concluded.


Why You’re Doing Cybersecurity Risk Measurement Wrong

Broadly speaking, cybersecurity is risk identification and risk mitigation in the cyber domain. Measuring risk quantitatively is good because it helps security teams measure their capabilities somewhat objectively, which helps everyone make better decisions. For example, when deciding whether to upgrade all your firewalls or invest in organization-wide two-factor authentication, that decision should be based, in part, on what risk exists now and what risk will be after you implement a change. It may surprise you but people are generally pretty bad at this, resulting in things like transportation disasters, major breaches, economic bubbles, wars, and bad movies. ... Here’s where it gets more complicated: evaluating current and future risk requires accounting for people … and people make everything harder. A good risk analysis should account for risky behaviors by users, administrators, and security personnel, both before and after you make the change.


EVGA splashes into CPU chilling with new closed-loop liquid coolers

EVGA's venture into CPU cooling is further evidence that the enthusiast sector of PCs is thriving. Indeed, the AIO coolers are just the tip of the iceberg for EVGA, which is poised to meet the cooling needs of more sophisticated users, as well.  While all-in-one coolers are designed for simple, straightforward installation, EVGA will soon expand its selection into something much more ambitious. EVGA’s QRC, or quick-release cooling, system will mix the ease of AIOs with the flexibility of custom water-cooling setups by offering a variety of prefilled liquid-cooled components with snap-on quick-release connections at their ends. The idea is you can buy these separate AIO parts and expand the cooling system to fit the needs of your particular system.


The digital workplace - IT’s biggest challenge?

The opportunity is huge. A successful digital workplace is not only a means of attracting talent it also maximizes the creative potential of the workforce and enables new ways of working that deliver better business outcomes. So much so that Gartner predicts that by 2020 the greatest source of competitive advantage for 30 percent of organizations will come from the workforce’s ability to creatively exploit digital technology. I also see the digital workplace as a foundation stone for any organization that is approaching artificial intelligence and automation as an opportunity to empower employees to create value in new ways. It puts people, and what they need to be more collaborative and creative when administrative tasks are automated, in the spotlight.  At its simplest, the digital workplace is one that offers employees anytime, anywhere access to technology devices and services in a way that boosts engagement, creative thinking and agility.


How security can directly impact the bottom line at banks, financial institutions

Financial organizations certainly recognize that these technologies impact their bottom line, but calculating the precise ROI of preventive solutions can be difficult. As a result, security is often viewed simply as a cost center. However, security has a valuable and untapped role to play that can deliver immediate tangible results across the entire organization – while using many of the security technologies already deployed. The transformation and expanded role of security can best be seen in its potential to contribute via technology to four additional key business operations: reducing inefficiencies in processes and procedures, predictive analysis, delivering actionable data and reports and achieving compliance. These tasks are often performed with time-consuming, costly and error-prone manual processes.


How Facebook and Google are battling internet terrorism

In one initiative, Facebook has been partnering with universities to set up challenges for teams of students to develop counter-messaging campaigns. ... "The campaigns have reached tens of millions of people," she said. "Some of the campaigns are just absolutely amazing in terms of how many people they reach." Google has been backing other efforts to counter extremist propaganda online, including offering up tailored ads to users who might be recruitment targets. Last September, Google launched the "Creators for change" campaign, through which the company identifies potentially influential YouTube users and works to "resource them up and help them understand how to utilize their audience, which is really millennials around the globe, to kind of convey messages that push back on hate and extremis and violence and xenophobia," Walden said.


Vespa team creates Gita, a robot for lugging your stuff

Introducing Gita -- a little round robot that will carry up to 40 pounds of your stuff. It is the first offering from Piaggio Fast Forward (PFF), a new company from the folks who created Vespa, the iconic Italian scooter. Michele Colaninno, Chairman of the Board of PFF tells us that the company is part of a 21st century revolution on mobility. He says, "... The way forward is that robotics engineering must help people and not substitute people." We spoke with Colaninno and members of the Boston-based team that developed Gita. The team isn't developing a self-driving car. Instead, they envision a future where cities are filled with active pedestrians and their robot assistants. In a closed environment, Gita can navigate entirely on its own. But it can also head outside to tag along with a person, following the human operator's wearable device and avoiding obstacles along the way.


Businesses are at a database crossroads

As the SQL monolith splinters, developers are ending up with increasingly more data handling options; programmer website DB-Engines counts more than 300 different options. That’s a great array of choices, and choice is good. But it’s a number that also shows the complexity of the problems organisations are looking to solve in the information age. However, it can’t continue in this vein – that’s not how markets work, so consolidation and market transformation are clearly coming. However, the question for the CIO, who needs to make the largest bets on technology, is who will emerge as the Oracle or DB2 of tomorrow. By 2020 there’ll be a fragmentation of the database world into three parts.



Quote for the day:



"You can have anything in the world you want if you'll just help enough other people get what they want." -- Zig Ziglar


Daily Tech Digest - February 01, 2017

Experts explain why microservices are overhyped

In reality, granular software applets add unnecessary complexity that stymies growth, increases overhead, and is at odds with how most contemporary cloud systems operate. This is "because [microservice] applications must be refactored to realize their value," Sweet said. "It's easy to get containerization mixed up with microservices," he said. "But where a traditionally monolithic application can be delivered in a large container model, moving an application from a traditional monolithic architecture to microservices requires complete refactoring. And as many enterprises learned when they tried to build private clouds, just because a new technology is hot doesn't mean there's enough engineering talent to go around." Microservice systems also demand a skilled employment ecosystem. Market demand and interest in microservices currently exceeds the pool of available, trained workers.


The Industrial Internet of Things is full of transformational potential

Zhang observes that IIoT is not a new concept for manufacturing as most production facilities have had process control systems, SCADA data and historians for decades. However, with the advent of IIoT the next wave of manufacturing productivity is at the doorstep (or on the loading dock). The application of analytics to volumes of data produced by instrumented, connected assets can deliver quantifiable savings and benefits across supply chain and manufacturing processes. However, one of the immediate challenges frequently voiced by manufacturers undertaking an IIoT initiative is acknowledgement that much of the data generated by their assets is never captured, particularly “unstructured” data. And this is where IBM’s Watson IoT cognitive capabilities can transform that data, once captured, into meaningful insight.


The Data Science Puzzle, Explained

Several concepts central to data science will be examined. Or, at least, central in my opinion. I will do my best to put forth how they relate to one another and how they fit together as individual pieces of a larger puzzle. As an example of somewhat divergent opinions, and prior to considering any of the concepts individually, KDnuggets' Gregory Piatetsky-Shapiro has put together the following Venn diagram which outlines the relationship between the very same data science terminology we will be considering herein. The reader is encouraged to compare this Venn diagram with Drew Conway's now famous data science Venn diagram, as well as my own discussion below and modified process/relationship diagram near the bottom of the post.


Harnessing the value of big data with MDM

Big data can act as an external source of master information for the MDM hub and can help enrich internal Master Data in the context of the external world. MDM can help aggregate the required and useful information coming from big data sources with internal master records. An aggregated view and profile of master information can help link the customer correctly and in turn help perform effective analytics and campaign. MDM can act as a hub between the system of records and system of engagement. However, not all data coming from big data sources will be relevant for MDM. There should be a mechanism to process the unstructured data and distinguish the relevant master information and the associated context. NoSQL offering, Natural Language Processing, and other semantic technologies can be leveraged towards distilling the relevant master information from a pool of unstructured/semi-structured data.


AI Isn't Just For The Good Guys Anymore

Security providers are increasingly using machine learning to tell good software from bad, good domains from bad. Now, there are signs that the bad guys are using machine learning themselves to figure out what patterns the defending systems are looking for, said Evan Wright, principal data scientist at Anomali. "They'll test a lot of good software and bad software through anti-virus, and see the patterns in what the [antivirus] engines spot," he said. Similarly, security systems look for patterns in domain generation algorithms, so that they can better spot malicious domains. "They try to model what the good guys are doing, and have their machine learning model generate exceptions to those rules," he said. Again, there's little hard evidence that this is actually happening.


How to practice cybersecurity (and why it's different from IT security)

In cybersecurity, the defenders acknowledge that highly motivated and creative adversaries are launching sophisticated attacks. There’s also the realization that when software is used as a weapon, building a stronger or taller wall may not necessarily keep out the bad guys. To them, more defensive measures provide them with additional opportunities to find weak spots and gain access to a network. This mentality goes against the fundamental principle in IT security of erecting multiple defensive layers around what you’re trying to protect. By separating what you’re trying to protect from the outside world, you’re keeping it safe—at least in theory. While this works in physical security, where IT security has its roots, it doesn’t really work when you’re facing enemies who need to be successful just once to carry out their mission.


Security is the categorical imperative of the Internet of Things

Security is the categorical imperative of the IoT. Many companies have always understood this and have never abdicated their responsibilities. But that understanding needs to be made absolute. Security must be baked directly into every IoT solution; incorporated into the development process of all devices and systems and suppliers; normalized across every application. All stakeholders need to be on a common ground — and education is the first step. Efforts like those of the Internet of Things Consortium (IoTC) Privacy and Security Committee seek to establish and disseminate guidelines for minimum viable products and policies to strengthen privacy and security. There is no such thing as infallible security and there will always be people looking for ways to exploit and subvert IoT technologies. But we don’t have to make it so easy for them.


Business Transformation Demands Modern Data Integration

Vital data needed by organizations frequently is found not only outside the enterprise data warehouse, but outside the enterprise. Businesses are pressed to recognize the value that can come from integrating data from a variety of sources. Data management and data integration solutions have been strongly challenged to handle continuous changes in data and how it's used, increasingly in real-time. Modern data integration builds on technologies and processes that long have been part of the bigger world of data integration, beyond basic ETL functions. Practices like data quality, data profiling and data governance (also highly relevant to business users) comprise important capabilities that are central to reliable up-to-date data, no matter the source or structure. Modern data integration offerings encompass interoperating multi-platform solutions (iPaaS and on-premises), as well as pure-play cloud and SaaS solutions, where the lines continue to blur between application and data integration.


Rise of the 'accidental' cybersecurity professional

Cybersecurity is inherently interdisciplinary, Hurley said. "One thing I've done over and over is bring people from different disciplines into a room, to create a common vocabulary and work through a particular issue or problem that needs to be resolved," she said. Depending on your background, you may be able to make the leap to security within your own company, Hurley said. "There are tons of opportunities in cyber and many doors of entry," Hurley said. "Whatever doorway you come through, you will be working with colleagues from many disciplines, and becoming more expert." Shelley Westman, senior vice president of alliances and field operations at Protegrity, started her career as a lawyer. She left the field and went to work at IBM in a number of different roles ranging from procurement to product management. Eventually, she was assigned a role in hardware security.


The Misaligned Middle and Getting off the Hamster Wheel Using Kanban

So optimizing in one area can cause problems downstream in another area, and we don't recognize that if we're not looking at the big picture. Getting people to see and understand the big picture, and then having that help bring previously maybe even warring tribes together to have a conversation about how to fix it. Secondly, DevOps has a lot to do with culture. It's not just about automation and how can we change culture from a top-down command and control approach to a more distributed power to give people autonomy to do the work that they need. So some of the models that we're looking at is the Western behavior model which is the elements for a pathological kind of organization that's run by fear, versus a bureaucratic organization that's usually run by rules, versus a really agile organization to work with that's run by high cooperation and diversity



Quote for the day:


"Don't let today's opportunities become tomorrow's what ifs." -- Pat Flynn


Daily Tech Digest - January 31, 2017

Agile Is King, But Continuous Integration Is An Elusive Goal

Continuous integration with an ability to deploy hourly, often described as an end goal of adopting an agile development process, was cited by 28% as the destination they were shooting for. However, only 14% were actually doing so. Hourly continuous integration a year ago was a goal for only 18%. The added 10% a year late shows how quickly continuous integration is rising in the consciousness of development staffs. It's rising faster than the actual ability to deploy, currently at 14%, but a year ago a similar Dimension Labs survey showed it to be 10%. On the other hand, everyone is trying to practice the meshing of a software update into a production system. Thirty-five percent of respodents said they could integrate updates daily and 17% said weekly. Another 20% do updates on a "less than weekly basis" but still more frequently than the six-month or annual update periods practiced by development staffs of yore.


A human capital challenge in information technology

Leaving IT jobs unfilled can have serious consequences. For instance, with the rise of the IoT, the number of connected devices is estimated to increase to 200 billion by 2020, from 2 billion in 2006.5 Cyberattacks—crimes ranging from data theft to malware—are also on the rise. In 2015, the number of breaches involving the exposure of more than 10 million identities increased by 125 percent and new mobile vulnerabilities increased by 214 percent.6 Without the right IT talent in cybersecurity, the proliferation of the IoT could give cyber criminals increased opportunity to attack and breach businesses. Moreover, IT skills such as cybersecurity and data analytics span all industries from manufacturing and retail to financial services and government. In fact, IT skills in general span several industries, and therefore, filling IT job openings with the right talent is important to the overall performance of the economy.


Smart Cities of the Future: An Innovation or Intrusion?

An interconnected city grid of traffic and pedestrian cameras offers a wealth of actionable Big Data. As an example, in the Dutch city of Rotterdam, “the traffic authority monitors about 22,000 vehicle movements every morning, while the regional environment agency produces hourly data about air quality from sensors across greater Rotterdam resulting in over 175,000 observations per year.” In addition to better managing traffic and public transit, as well as controlling pollution, proponents highlight the ability of such data to enable enhanced policing, crowd control, and even public sentiment monitoring. However, others express grave concerns about the potential for abuse in such systems, especially given the integration of smartphones into connected apps utilized by many smart cities. Although ostensibly “anonymous,” smartphones contain personal markers, and a wealth of information that represents great value to marketers, government agencies, and fraudsters.


Why open source helps you build your applications that much faster

The ability to create new applications quickly, reliably and economically is drawing businesses to open source and inspiring them to use it for ever-larger projects. When developers think of open source, they think "free." And with good cause: it’s technology you can get at no cost and use with few licensing restrictions. However, the association I prefer is to business agility. According to the Forrester Research report "Development Landscape: 2013, 76% of developers have used open-source technology at some level. Open-source technologies offer a variety of benefits to that makes it easier to build your apps, be it bringing innovative ideas to market fast with reduced development costs, creating scalable and portable apps and services, or continuously building, testing and delivering high quality production code.


VR + AI: the very real reality of virtual artificial intelligence

By layering in aspects of natural artificial intelligence, experiences are developing that lose the feeling of being so “unreal;” distinct memories, interactions and relationships are being created that cause the user to question — well, if it happens in real life, but inside of a headset, does that not make it real? Of our five senses, Head Mounted Displays (HMDs) handle vision, a solid pair of 3D headphones like OSSIC handle sound; AxonVR and others are working on haptics and touch…next up is smell and taste, those should be, well…interesting. But beyond our five senses which create the feeling of physical “presence” in a virtual space, is the “immersion” of having a real experience, experiencing the unexpected and having the opportunity to create very real memories. As opposed to playing a pre-programmed “AI” game experience, natural social interaction is the key to this.


Who owns the data from the IoT?

There are two major classes of parties in this space. The first category includes corporations, data brokers and marketplaces, which exchange data among themselves. This is not typically exposed to tight government regulation. The second category is composed of consumers who submit data to a vendor in exchange for a product or service. Agreements in the consumer space may be subject to government oversight. The result is that certain industries such as healthcare must comply with a network of statutes and agency rules. On the other end of the spectrum is the give-and-take approach. Under this approach, the vendor may collect in-depth data from a sensor platform to optimize the user's experience. Here, the contract allows all data to be exchanged in return for incentives such as a curated service or discount. This approach conveys all data usage rights and data title once the end user opts in.


Linux: The 10 best privacy and security distributions

The awesome operating system Linux is free and open source. As such, there are thousands of different ‘flavours’ available – and some types of Linux such as Ubuntu are generic and meant for many different uses. But security-conscious users will be pleased to know that there are also a number of Linux distributions (distros) specifically designed for privacy. They can help to keep your data safe through encryption and operating in a ‘live’ mode where no data is written to your hard drive in use. Other distros focus on penetration testing (pen-testing) – these come with tools actually used by hackers which you can use to test your network’s security. In this article, we’re going to highlight 10 of the best offerings when it comes to both privacy and security.


No silver bullet for business IoT security

One way to sabotage IoT deployments is to replace trusted devices with rogue ones. Existing technologies can help here. SSL/TLS encryption not only ensures that data transmitted by devices is secure, it also confirms a device’s identity. To this end, there has also been renewed interest in PKI (public key encryption). This means more encryption certificates as devices proliferate, which may mean upgrading certificate management capabilities. The encryption suppliers all have new messages around IoT security, including Symantec, Gemalto, Thales, Entrust Datacard, Vormetric and Venafi. Other approaches are being developed to help with IoT device identification. Third-party registries are gaining popularity. These can be referred to for identifying devices and their expected location and function. DNS service providers such as Neustar list known devices and there are specialist databases such as Xively.


Security Automation Isn’t Artificial Intelligence Security

What is confusing many security technology buyers at the moment lies with the inclusion of AI buzzwords around products and services that are essentially delivering “automation.” Many of the heavily marketed value propositions have to do with automating many of the manual tasks that a threat analyst or incident responder would undertake in their day-to-day activities, such as sifting through critical alerts, correlating them with other lesser alerts and log entries, pulling packet captures (PCAPs) and host activity logs, overlaying external threat intelligence and data feeds, and presenting an analytics package for a human analyst to determine the next actions. All these linked actions can of course be easily automated using scripting languages if the organization was so inclined.


Introduction to Machine Learning with Python

Machine learning at a high level has been covered in previous InfoQ articles (see, for example, Getting Started with Machine Learning in the Getting a Handle on Data Science series), and in this article and the ones that follow it we’ll elaborate on many of the concepts and methods discussed earlier, emphasizing concrete examples, and venture into some new areas, including neural networks and deep learning. We’ll begin, in this article, with an extended “case study” in Python: how can we build a machine learning model to detect credit card fraud? (While we’ll use the language of fraud detection, much of what we do will be applicable with little modification to other classification problems—for example, ad-click prediction.) Along the way, we’ll encounter many of the key ideas and terms in machine learning, including logistic regression, decision trees, and random forests, true positive and false positive rate, cross-validation, and ROC and AUC curves.



Quote for the day:


“When you innovate, you’ve got to be prepared for everyone telling you you’re nuts.” --@LarryEllison