In This Issue
- IoT: DC Is Cool Again
- Akamai Adds Soha
- Intelligence to Edge
- Report from the CEO
- LOCK DOWN LOGINS!
- Body-Based Transmit
- Dem Cellphone Hack
- Unified Cybersecurity
- NIST Assessment Tool
- Cyber Insurance Bill
- Regs Remain Murky
- States Breach Laws
- McCaul: Decryption
- Blockchain Caucus
- Enterprise Storage
- NetApp HD Program
- Coming DCIA Events
The distributed computing lexicon has historically been relegated to conversations within the walls of military organizations, tech enterprises and the halls of academia.
ARPANET technology in the 1960s begot the internet.
Salesforce helped make “software as a service” a household term in 2000.
Researchers have talked about distributed computing for years.
Today, those distributed computing concepts will be critical to the success of IoT initiatives.
Investments like Ford Motor Company’s $182.2 million into Pivotal, a cloud-based software and services company, signal distributed computing’s migration from the halls of academia to the boardroom.
Akamai Technologies continues to focus on strengthening its Cloud Networking Solutions through acquisitions.
The company recently acquired Sunnyvale, CA based Soha Systems, which provides “enterprise secure access-as-a-service” solution.
Per Techcrunch, Soha had raised roughly $10 million from investors that included Andreessen Horowitz, Cervin Ventures, Menlo Ventures and Moment Ventures. Soha’s solution helps in improving security compliance while keeping content safe at the cloud (both public and hybrid systems).
Per Akamai “the deal is intended to enhance the firm’s strategy in securing, protecting, and accelerating enterprise applications and services through cloud technology.”
Soha is an important addition to the cloud networking suite product portfolio that already included technology from previous acquisitions like Bloxx (Oct 2015) and Prolexic (2013). With rapid adoption of cloud computing, security has become a major concern for enterprises… Read More
Something about the Internet of Things (IoT) is not quite right.
The dynamics between data sources, such as sensors and the cloud, fall short in critical applications.
The result: big data may just as well be no data.
Seeing the discrepancy between concept and reality, many technology visionaries and systems providers now advocate a topology called “fog computing” that creates a layer between the two poles of the network.
This layer will aggregate compute, storage, control, and network resources closer to the sources of data.
Proponents of fog computing do not see this distributed approach replacing the cloud, but complementing it instead.
Fog computing promises to move data to the best place for processing and, in doing so, mitigate or eliminate shortcomings that prevent the IoT from delivering the benefits its creators have promised.
To better understand why industry leaders are pushing to implement fog computing, let’s look at the areas where cloud computing falls short… Read More
Following up on last week’s report, we are pleased to be able to report that one the US Presidential candidates has articulated a strategy on national cybersecurity.
Republican candidate Donald Trump made his remarks in Herndon, VA to a veterans’ group, stating that cybersecurity would be an “immediate and top priority” in his administration.
“As a deterrent against attacks on our critical resources, the United States must possess the unquestioned capacity to launch crippling cyber counterattacks. This is the warfare of the future, and America’s dominance in this arena must be unquestioned,” he added.
Trump said he would order the Department of Justice (DoJ) to establish task forces capable of working with state and local authorities to combat future threats, strengthen and augment the military’s Cyber Command, and establish a Cyber Review Team to annually assess the state of federal cybersecurity, starting with the most sensitive systems first, but ultimately analyzing all systems and proposing measures to make them as secure as modern technology permits.
“To enhance the defense of the other agencies of government, including our law enforcement agencies, we will put together a team of the best military, civilian, and private sector cybersecurity experts to comprehensively review all of our cybersecurity systems and technology,” he continued.
Trump also said he would appoint an attorney general to reform the DoJ and “restore the integrity” of the department.
“Today is just the beginning of a long and overdue national discussion of how to protect ourselves from modern cyber-crime and evolving national security threats, and how to develop the cyber offense strategies necessary to gain a critical security edge in the 21st century,” he concluded.
We look forward to being able to present such a report from the other major party candidate shortly. Share wisely, and take care.
The Obama administration and a bevy of nonprofit organizations, technology firms, and financial services companies joined forces Wednesday in a public campaign to get Americans to stop relying on passwords and use stronger methods of identity authentication.
“Your usernames and passwords are not enough to keep your accounts secure,” states the campaign website, which went live Wednesday in the run-up to the 13th annual National Cybersecurity Awareness Month.
“Luckily,” the website continues, “there’s a simple and quick way to put you in control of your personal information and keep your key accounts like email, banking and social media safer – it’s called strong authentication.”
Strong authentication, also called multi-factor or second-factor authentication, has long been advocated by security experts as an alternative or addition to passwords.
Unfortunately, as the campaign factsheet notes, 72 percent of Americans believe their online accounts are secure with just a password and login – something that repeated breaches of password data, like the one revealed last week by Yahoo, have shown to be untrue. Under the slogan “Lock down your login” the campaign advocates one or more of three authentication technologies… Read More
Trying to remember a pile of passwords is a hassle many people get around by just using the same codes for everything, but that’s hardly secure.
Smartphone manufacturers have embraced sensors like fingerprint and iris scanners, and thanks to a new system out of the University of Washington (UW), that security and ease of use could soon be extended to other devices, by relaying a signal from a fingerprint scanner through the body to a receiving device in direct contact with the user.
Like similar systems that have used magnetic fields to transmit data through the body, the UW team’s technique is designed as an alternative to sending signals wirelessly through the air via Bluetooth or Wi-Fi.
The advantage of this, the researchers say, is that it’s much harder for hackers to intercept the signal, since they’d have to be physically touching the person.
“Let’s say I want to open a door using an electronic smart lock,” says co-lead author, Merhdad Hessar.
“I can touch the doorknob and touch the fingerprint sensor on my phone and transmit my secret credentials… Read More
The FBI is investigating the hacked cellphones of several Democratic Party officials with the belief the attacks are connected to a spate of breaches at party networks and under the assumption that Russia is behind the hacking, Reuters reports:
“The FBI is investigating suspected attempts to hack mobile phones used by Democratic Party officials as recently as the past month, four people with direct knowledge of the attack and the investigation told Reuters.
The revelation underscores the widening scope of the US criminal inquiry into cyber attacks on Democratic Party organizations, including the presidential campaign of its candidate, former US Secretary of State Hillary Clinton.
US officials have said they believe those attacks were orchestrated by hackers backed by the Russian government, possibly to disrupt the November 8th election in which Clinton faces Republican Party candidate Donald Trump.
Russia has dismissed allegations it was involved in cyberattacks on the organizations.”
The phones, says the report, were hacked within “the past month or so.”
That would put the timing of the breach soon after hackers, widely suspected to be Russian intelligence, were booted… Read More
As cyberattacks become a growing concern with advances in technology, firms should be working to establish a cybersecurity plan that is cohesive across business operations to effectively reduce damage and cyber insurance claims, according to panelists at the 2016 Professional Liability Underwriting Society (PLUS) Cyber Liability Symposium held Tuesday at the Hilton Midtown in New York City.
“That is the biggest barrier to quickly acting when you have a risk event,” said panelist Cari Toneck, Chief Compliance and Risk Officer at Methodist Hospital of Southern California.
“You need to think of cybersecurity like disaster management – similar to your plan for an event like hurricane Katrina – where everybody is on the same page.
The key players in an organization need to immediately get together to respond to an event in a cohesive fashion and look at cyber risk as something that has the potential to domino into other claims and exposure.”
Toneck pointed to one example of a local hospital in California that recently suffered a ransomware attack, where attackers demand ransom payments in exchange for the return of stolen data… Read More
The National Institute for Standards and Technology (NIST) has published a draft questionnaire that companies and other organizations can use to assess their cybersecurity “maturity” – a response, NIST says, to demand from the private sector.
Boosters say the document will help specialists explain the importance of cybersecurity to the company’s bottom line – the “holy grail” of business cybersecurity.
But some critics have questioned how useful it will be to smaller companies.
The Baldrige Cybersecurity Excellence Builder is one of a number of tools NIST offers that are named for the Reagan-era Commerce Secretary Malcolm Baldrige, credited as one of the leaders of the quality management movement in the 1980s.
It’s designed to walk organizations through the process of figuring out “how to integrate cybersecurity risk management into larger enterprise business practices and processes,” Matthew Barrett explained to FedScoop.
Barrett is the Program Manager for the NIST Cybersecurity Framework – a document that catalogs the five areas of cybersecurity every company needs to know: identify, protect, detect, respond, and recover… Read More
Congressman Ed Perlmutter (D-CO) introduced legislation this month to subsidize data breach insurance for businesses while encouraging practices that would keep them from ever having to use it.
The Data Breach Insurance Act would offer a tax deduction of 15 percent of the cost of breach insurance.
Perlmutter said he has received positive feedback for the bill from both legislators and stakeholders.
“Using an incentive approach rather than a mandate gives this a much better chance of succeeding, both in the marketplace and in the Congress,” he said.
The bill, he said, would promote breach protection for consumers on both the “front and back end.” The insurance rebate would only apply to policies that required companies to enact good cybersecurity practices, like those in the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
The NIST framework was explicitly developed as guidelines for good cybersecurity and was not intended to be used in regulations. It says its suggestions should be customized for the unique needs of any user… Read More
The breach at Yahoo is likely the largest hacking incident to date to occur, as the company confirmed last week that it affected 500 million users in 2014, but other infiltrations have remained under the radar.
When companies are breached, they are required by the SEC and state regulatory agencies to disclose the incident, but the rules are vague and fraught with loopholes.
Each state has its own notification requirements while the SEC says the hacking incidents need to be materially relevant to be declared.
Determining how soon a company needs to disclose its hacking incident is complicated as some companies work first with law enforcement to determine the breadth of the infiltration and what information was stolen.
Some experts believe the regulations need to be stricter so the public can be informed sooner that their personal information, often containing financial information such as credit card data, was stolen.
In Yahoo’s case, the company confirmed two years after the fact that users were affected by a state-sponsored actor… Read More
Federal regulations, such as HIPAA and the HITECH Rule, garner the majority of attention when it comes to the data breach notification process. However, state laws also exist, and tend to vary.
Covered entities and business associates must ensure they adhere to their state’s requirements for data breaches, along with the federal regulations.
As technology continues to evolve, and medical information becomes more highly sought after on the black market, more states are adjusting their data breach legislation. While not all states include health insurance or medical information under what is considered protected personal information, it is still necessary that healthcare organizations understand state law.
Here are some of the more recent cases of amendments and laws affecting the state data breach notification process.
Earlier this year, Illinois Governor Bruce Rauner signed several amendments to a data breach notification law that would impact healthcare data security regulations starting in 2017.
The revised Personal Information Privacy Act will include health insurance and medical information… Read More
House Homeland Security Committee Chairman Michael McCall is calling on Congress to increase spending on quantum computing research to ensure that the United States is the first nation to employ quantum computing as a tool to decrypt data.
“We can’t lose this one to the Chinese,” he says.
Speaking at a US Chamber of Commerce Cybersecurity Summit September 27th, McCaul (R-TX) noted, “If China develops quantum computing first, it would be a national security disaster.”
“If we want to be first in this area, the federal government has to be driving this.”
McCaul compared the quantum computing race to the space race in which the United States landed the first person on the moon.
“We want to be first in this; it’s really important,” he said.
The National Institute of Standards and Technology (NIST) has begun work on quantum computing… Read More
Two lawmakers are joining hands across the aisle to form a congressional caucus to promote blockchain – the distributed ledger technology underlying bitcoin and other cryptocurrencies.
Congressmen Mick Mulvaney (R-SC) and Jared Polis (D-CO) announced the formation of the new bipartisan Congressional Blockchain Caucus Monday, saying it would be “dedicated to the advancement of sound public policy toward cryptocurrencies and other blockchain-based technologies.”
The move was welcomed by the technology’s enthusiasts.
“For the past two years, we’ve worked with both congressmen to educate lawmakers about blockchain – what it is, how it works, why it’s important,” said Jerry Brito, Executive Director of Coin Center, a think tank that focuses on policy questions raised by the new technology.
He told FedScoop the caucus would formalize that pedagogic work, “Especially with the new Congress.”
Its members would be lawmakers who see the potential in the technology and want it to flourish… Read More
As someone well-placed at a major storage vendor pointed out to me recently, big box storage arrays are going the way of the dinosaur because a single all flash array can replace multiple disk arrays.
And for that reason, the all flash revenue potential isn’t anywhere near that of disk even though solid state storage is a hot market.
Add to that the fact that storage software can’t make up the shortfall in revenue from exiting disk arrays either and you have a glum near-term outlook for the well-known big box storage vendors.
Nevertheless, enterprise storage is still a land of opportunity for those with the right vision.
Remember that those who have traditionally predicted meteoric data growth haven’t backed off.
The Internet of Things (IoT) is only the latest data volume generator and more will come when we get to some others now appearing on the horizon like blockchain.
So there are now some interesting startups looking to capitalize on some hot storage trends… Read More
NetApp is in the process of rolling out a “hard deck” program and other changes to its channel program, targeting accelerated growth in the storage vendor’s small and midsize business market.
A “hard deck” in channel terms is a program in which a vendor sets aside a certain number of customers or potential customers, typically its largest, as targets for either its direct sales team or direct sales working with partners, and leaving the rest to be handled exclusively by solution providers.
For NetApp, the hard deck is defined as a line just below NetApp’s top 1,000 accounts, said Scott Strubel, vice president of NetApp’s Americas partner organization.
Strubel told CRN at this week’s NetApp Insight conference in Las Vegas that the company’s partner presence above that line remains unchanged.
“We expect our partners to play a very big role above the line, in that top-1,000 accounts,” he said. “We have a very high percentage of our business in the top 1,000 accounts going with and through partners.”
“But we’re going to guarantee that, below that line, 100 percent of our business is going to go through partners… Read More
Security of Things World USA — November 3rd-4th in San Diego, CA. SoTWUSA has been designed to help you find pragmatic solutions to the most common security threats facing the IoT.
Rethink! Cloudonomic Minds — November 21st-22nd in London, England. R!CM will cover how IoT is impacting cloud strategies and how to take advantage of these two key technology trends.
Government Video Expo — December 6th-8th in Washington, DC. GVE is the East Coast’s largest technology event for broadcast and video professionals, featuring a full exhibit floor, numerous training options, free seminars, keynotes, panel discussions, networking opportunities, and more.
CES 2017 — January 5th-8th in Las Vegas, NV. More than 3,800 exhibiting companies showcasing innovation across 2.4 million net square feet, representing 24 product categories.
Industry of Things World USA — February 20th-21st in San Diego, CA. Global leaders will gather to focus on monetization of the Internet of Things (IoT) in an industrial setting.
fintech:CODE — March 16th-17th in London, UK. A new international knowledge exchange platform bringing together all DevOps, IT, and IoT stakeholders who play an active role in the finance and tech scene. Key topics include software development, technical challenges for DevOps, DevOps security, cloud technologies and SaaS.
retail:CODE — March 16th-17th in London, UK. 20 real-life case studies, state-of-the-art keynotes, and interactive World Café sessions, 35+ influential speakers will share their knowledge at the intersection of the retail and technology sectors.