Prepare for Increasing Frequency of “Nation-State” Cyberattacks with Strategy, not Technology

Chase Cunningham

Let me pose a question: “Is it a bad thing to give the average person a hand grenade with the pin pulled?” I think most of us would respond to that question with an emphatic “YES!”  No one in their right mind would think it's a good idea in any possible reality to allow anyone without extensive military or professional training to access an explosive--especially not one that is live and has no safety device in use. Bad things would happen, and people would probably lose their lives; at the very least, there would be damage to property. No matter what, this scenario would be a very bad thing and should NEVER happen.

OK, now let me change that question a bit: “Is it a bad thing for every person with a network connection to have access to extremely powerful nation-state-level cyber weapons?”  Hopefully you would respond similarly and say “YES!”

Just as the hand grenade juggling is a problem, so is the proliferation of nation-state-level exploits. These malicious tools and frameworks have spread across the world and are presenting a very complicated problem that must be solved. Unfortunately, the solution that we've currently been offered amounts to a variety of vendors slinging solutions and tools that, without good strategy, cannot effectively combat the myriad cyber artillery shells now being weaponized against every system that touches the World Wide Web. The bad guys have now officially proven that they can “outdev” the defensive technologies in place in many instances and have shown that it's highly likely that many installed legacy technologies are wide open to these weaponized attacks (anti-virus be darned) across the planet.

Read more

Dear IT Operations: It’s Time To Get Serious About Security

Milan Hanson

Okay, I’ll apologize right away to the IT ops teams that are already security-savvy. Hats off to you. But I suspect there are still a few that leave security to the CISO’s team.

On Friday, May 12, 2017, evil forces launched a ransomware pandemic, like a defibrillator blasting security into the heart of IT operations. What protected some systems? It wasn’t an esoteric fancy-pants security tool that made some organizations safe; it was simple e-hygiene: Keep your operating systems current. Whose job is that? IT operations’. Had the victims kept up with OS versions and patches, they wouldn’t have been working over the weekend to claw back from disaster. What’s the path to quick restoration? Having a safe offline backup. Whose job is that? IT operations’. The WannaCry ransomware outbreak is a brutal reminder that IT operations plays a critical role (or not!) in protecting the business from villains.

While headlines get everyone’s attention, there’s another non-news reason for IT operations to step up its security role, and that’s profit. In this age of the customer, the businesses that gain market share and disrupt industries are exceptionally agile; they deliver the features that users want as fast as they want them. DevOps arose from that new reality: to make IT operations as quick and nimble as developers are. In the process (and I would argue that this should be essential to the process), operations people learned a lot more about development, and developers learned a lot more about operations. The infamous “wall” between dev and ops is crumbling, and customers, the business, and shareholders are happier for it.

Read more

DevOps Has Reached “Escape Velocity”, CIO’s Need To Get Onboard!

Robert Stroud

In an era where velocity and agility are driving technology management organizations over simple cost reduction, every business must constantly evolve to drive business differentiation. Leveraging practices such as Lean and Agile, smaller changes, automated pipelines and product centric teams, DevOps is transitioning from unicorns and small projects to company-wide initiatives. Companies such as WalmartING and JetBlue to name a few are leveraging DevOps to drive their business transformations and are reaping the benefits or accelerated velocity across the organization. DevOps is a powerful approach available to the CIO to drive velocity and agility, supporting the innovation required to drive business transformation.

 

Unlocking the value requires cultural change

To unlock the promise of DevOps, CIOs must lead and support a cultural change within their technology management organization. As any leader knows, changing institutionalized behavior is the toughest of all management challenges and CIOs are understandably skeptical of new trends.  Despite this, CIOs must recognize when a trend becomes an imperative for survival. DevOps has become this imperative, and CIOs must engender a culture of collaboration and learning and enable their people with the right tools to drive holistic life-cycle automation.  

 

Lean processes are critical to success

Read more

Product Development Must Evolve for the Internet of Things

Nate Fleming

Traditional physical products and machinery are steadily being replaced by connected products and assets that shift business models and augment customer relationships with digital experiences and data.  But creation of these products is a major challenge for traditional product companies. The process of building connected products is complex, requiring new software development skill sets, accelerated product release cadences, and innovative software tools and proccesses that meet the needs of IoT product organizations.  For traditional product companies to make the transition to a digital product development organization and successfully create connected products they will need to focus on the following five initiatives:

  1. Create an open partner ecosystem that amplifies product value.
  2. Organize for continuous product improvement through software updates.
  3. Adapt agile development and planning processes to physical product development.
  4. Embrace flexible requirements and contracting for iterative projects.
  5. Build an extended team of broad and deep t-shaped skillsets.

Adaptation and execution on these initiatives will be difficult requiring executive buy in, core shifts to company cultures, partnership with services firms, reskilling, and change management initiatives.  For a deeper dive on this topic and actionable steps to take in the transformation to a digital product development organization, see the Forrester report The Internet Of Things Propels Product Development Into The Digital Era.

IBM to retire Emptoris and work with SAP Ariba on next generation digital procurement

Duncan Jones

SAP Ariba & IBM today announced a partnership that had been a rumour for a few days now. Part of the deal includes IBM gradually retiring Emptoris and encouraging its customers to migrate to SAP Ariba.

http://www.ariba.com/about/press-releases/sap-ariba-and-ibm-transform-procurement

It’s an ambitious move by SAP Ariba. IBM Emptoris’s leadership had an exciting vision of next gen digital procurement but decided they couldn’t deliver it without a cost prohibitive replatforming of its various products. SAP Ariba has a good suite of products and a captive market, but now its leaders have shown that they also have a vision for digital procurement. The partnership makes sense for both companies.

·         IBM can now convert its digital procurement vision into revenue streams. By linking up with SAP Ariba it will be able to create a royalty stream for IBM Watson and implementation work for IBM GBS. Gracefully retiring Emptoris is a pragmatic decision and avoids wasting money trying to shore up a revenue stream that was doomed to decline anyway.

·         SAP Ariba will benefit from IBM’s vision, technology, and influence. It will get some new ideas about the opportunities for digital procurement. IBM GBS’s procurement transformation practice will become a source of leads for SAP Ariba. IBM’s own procurement department may be a proving ground for its innovation, (assuming that it eventually migrates from Emptoris to the Watson-enhanced SAP Ariba platform).

Read more

Five Factors That Make Deep Learning Different - Go Deep Baby!

Mike Gualtieri

At the highest conceptual level, deep learning is no different from supervised machine learning. Data scientists start with a labeled data set to train a model using an algorithm and, hopefully, end up with a model that is accurate enough at predicting the labels of new data that is run through the model. For example, developers can use Caffe, a popular deep-learning library, to train a model using thousands or millions of labeled images. Once they train the model, developers can use it within applications to probabilistically identify objects in a new image.  Conceptually like machine learning, yes, but deep learning is different because:

Read more

C-Level Business Executives Are Playing A Bigger Role In Tech Spending, But CIOs Still Remain Dominant

Andrew Bartels

Tech buying in business and governments is clearly shifting from the sole or primary control of the CIO and the tech management organization and into the hands of business leaders.  But how much is this happening? Anecdotal comments and surveys – including Forrester’s own Business Technographics surveys – suggest that most tech purchases are now controlled by business executives.  However, in our just-published report, “C-Suite Tech Purchasing Patterns,” Forrester’s analysis shows that the shift of tech buying from the CIO to business executives is much less dramatic, with just 5% of all new tech purchases fully controlled by business by 2018.  Moreover, this shift varies dramatically by C-level executive. CMOs and eCommerce heads have the highest proportion of new project spending under their control, but CFOs, COOs, supply chain heads, and heads of customer service are much less likely to go it on their own.

Read more

Data is the perimeter, defend it that way

Chase Cunningham

Data is the perimeter, defend it that way

Unless you have been living under a rock or possibly hiding in the mountains of Montana with a giant beard and eating way too many government issued MRE’s you probably heard about the nuclear bomb of a ransomware attack that kicked off last week.  Welcome to the post apocalypse folks.  For years, many of us in the cybersecurity industry have been jumping up and down on desks and trying to get the world (writ large) to pay attention to managing and patching outdated systems and operating systems that have been running legacy software, to no avail.  Now that Pandora’s box has been opened and the bad guys have use the NSA leaked tools as weapons platforms all the sudden everyone gives a dang.  I caught no less than 17 talking heads on the news this morning stating that “this is the new reality”, and “cybercrime is a serious threat to our way of life.”  Duh, also water is wet and fire is hot.  Thank you news.  

Regardless of all the bad that is bouncing around the news and everywhere else today (and as I type this I can literally see a pew pew map on CNN that looks like a Zika Virus map showing the spread of WannaCry dominating the screen behind the anchor team) the reality around this “massive hack” and “global attack” is that if folks didn’t suck at patching their systems and followed basic best practices instead of crossing their fingers and hoping that they didn’t get hit the “end of days malware” would be basically ineffective.  The “hack” targets Windows XP systems, an old, outdated, unsupported OS that should have been pulled from use eons ago.  And if the legacy system running that OS couldn’t be pulled, IT SHOULD HAVE AT LEAST BEEN PATCHED.  Problem solved, or at least made manageable. 

Read more

AI Is Not An Exception – Technology Has Always Taken Jobs

Mike Gualtieri

Yes, AI will take jobs away from many workers - our relatives, friends, and neighbors. So too have all technologies created throughout human history. We invent things to make things easier and the impossible possible. The invention of the wheel made transport easier. Gutenberg’s printing press put lots of monk’s out of business. The chainsaw saw a reduction in the number of sawyers (lumberjacks). Modern medicine created a sharp decrease in snake oil charlatans. The Wang word processor annihilated typing pools. The list goes on. Technology changes how and who performs work, but it also enables new work that no one ever imagined. AI is but another technology in a long list of technologies dating back to the blunt club.

The culprit is gray matter

It is human intelligence. There is nothing that can stop it. But, it is that same gray matter that finds a way – a way for humanity to flourish – at least statistically. If life is precious, then the last hundred years have seen a dramatic increase in life expectancy. According to the National Institute On Aging, the most dramatic and rapid gains have occurred in East Asia, where life expectancy at birth increased from less than 45 years in 1950 to more than 74 years today.

AI will short-term replace workers just as all technology has, but longer term it will raise wages as human workers become exponentially more productive because their efforts are augmented by intelligent machines – non-human servants.

We can go back or we can go forward. Let’s go forward.

Massive Ransomware Outbreak Highlights Need For A Digital Extortion Decision Tree

Jeff Pollard

5/12/2017 might be another day of cyber-infamy based on malware as hospitals and critical infrastructure providers are locked out of their machines due to what appears to be a new variant of ransomware dubbed WannaCry spreading through corporate networks. Like the ransomware outbreaks in mid-2016 here in the US, NHS hospitals are experiencing patient care issues as a result of the malware, with some shutdown completely as of 11:37 AM Eastern time.

Early analysis indicates the malware spreads via SMB protocol, possibly using a vulnerability published by Microsoft on March 14th, per CCN CERT National Cryptologic Center. This same exploit mechanism appeared to be in use by ETERNAL BLUE, included as part of the Shadow Brokers dump. Patching and update information from Microsoft is located here. For the specific list of affected systems, along with CVE Number, specific MS patch details, and alternative mitigation techniques check here.

Read more