In This Issue
- New: Edge Computing
- Govs & Cybersecurity
- Telefonica USA Links
- Report from the CEO
- Infrastructure’s Face
- CS Startups to Watch
- Expert Shortage Opp
- ML & Human-Centric
- Cyber Defenses Faith
- Managing DC Security
- CL Misunderstandings
- Experts at RSA Advice
- Focus on the “T” in IoT
- Cloud-to-Client Direct
- AWS Glitch Disruptive
- Oscars Flub Evocative
- Coming DCIA Events
The ubiquitous cloud computing craze may not be long for this world if venture capitalist Peter Levine is right.
The Andreessen Horowitz general partner said that as more computing capabilities move to so-called “edge” devices, including anything from driverless cars and drones to the boundless devices that make up the internet of things (IoT), the cloud will slowly evaporate.
“A large portion of computation that gets done in the cloud today will return to the edge,” said Levine at the Wall Street Journal’s CIO Network event here Tuesday.
Levine said the driverless car, whose 200-plus CPUs effectively make it a “data center on wheels,” is a prime example of an edge device whose computing capabilities must be self-contained.
Levine said that an autonomous vehicle relying on the cloud for data would blow through stop signs and crash because of the latency associated with transmitting data from the car to the cloud.
The cloud will also cripple many scenarios for machine learning, which rely on speedy computing to deliver faster decision making… Read More
Governors from states across the country put the spotlight on cybersecurity at an annual gathering in Washington on Saturday.
Virginia Governor Terry McAuliffe (D) hosted a session at the National Governors Association (NGA) winter meeting to discuss the “serious cybersecurity issues” facing the nation and how states need to improve their defenses against cyber threats.
“Cybersecurity is critical to each and every governor,” said McAuliffe, who noted that Virginia was targeted by 86 million cyberattacks last year.
“We have a wealth of information that every single day people are trying to get in and get our information through cyber threats and cyber criminals.”
The governors heard testimony from a panel including John Carlin, former Assistant Attorney General for the Justice Department’s National Security Division; Vinton Cerf, Vice President and Chief Internet Evangelist for Google; and Mary Galligan, Managing Director at Deloitte & Touche… Read More
Miami-based Telefonica USA helps cattlemen keep track of their herds and provides sophisticated data and voice communications services to banks, multinational companies, and small businesses throughout the United States.
It also serves wholesale clients like mobile operators, content providers, and internet service providers (ISPs).
Founded in 2000, Telefonica USA is part of the Telefonica Business Solutions group, which provides a wide range of advanced telecommunications services to businesses in Europe, Latin America, and the US.
A unit of Spain’s telecom giant, Telefonica SA, the Miami operation has invested $9 million in recent years to expand its large data center in Doral and has built a highly skilled workforce of more than 200 in Miami, plus 100 more in the rest of the US.
The Miami unit was set up to provide business-to-businesses services to multinational firms and large companies based here, in Europe, and Latin America that do business here and overseas, as well as with small and mid-sized concerns here.
“Although we have people in New York, San Francisco, Seattle and other part of the country, our headquarters is in Miami as it is the crossroad where the Latin American market meets the States,” said Angel Barrio, the CEO of Telefonica USA… Read More
The DCIA commends the US House of Representatives Committee on Science, Space and Technology this week for approving the “NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017.”
Congressman Ralph Abraham (R-LA) introduced the bill mandating that government agencies adopt the cybersecurity framework developed by the National Institute of Standards and Technology (NIST).
The measure, which would require that NIST develop analytics for evaluating and assessing progress by federal agencies in advancing their cybersecurity capabilities, passed in a 19-to-14 vote despite opposition to its compliance audit requirements.
Congressman Eddie Bernice Johnson (D-TX), argued that NIST should not be responsible for assessing or auditing the adoption of its framework by government entities.
The bill was developed in response to recent high-profile government cyberattacks, including at the Internal Revenue Service (IRS) and Office of Personnel Management (OPM), and provides guidance for federal agencies to incorporate the NIST cyber framework and establish working groups in the federal and private sectors to help public and private entities use the framework.
The bill should complement President Trump’s forthcoming executive order on cybersecurity, which is expected to require federal agencies to follow NIST’s framework.
Abraham noted that, “Much as the nature of cyberattacks continues to evolve… we must also be willing to evolve to protect Americans… by thinking outside the box instead of maintaining a business-as-usual approach.”
Join us in encouraging passage of the bill by the full House. Share wisely, and take care.
On January 31st, President Donald Trump met with cybersecurity experts at the White House to discuss his plans to strengthen the government’s ability to safeguard its computer networks.
Though an expected executive order outlining Trump’s approach has not been signed yet, among the details Trump shared with reporters was that he would require all federal agencies to update their information technology systems and, working with utilities and other private industries, shore up protection of the electrical grid and other critical infrastructure.
In focusing attention on the security of critical infrastructure, Trump is correctly reacting to a growing number of attacks in recent years on energy, water and transportation systems.
From a ransomware attack against San Francisco’s municipal transportation authority to charges that seven men with links to the Iranian government hacked into a small dam in New York, malicious attackers are increasingly expanding beyond traditional targets such as banks, retailers, and government agencies and going after essential infrastructure.
If it aims to take a holistic and leading-edge view of the nation’s cybersecurity posture, the administration would be wise… Read More
In spite of a slowdown in the overall funding activity from venture capital firms in 2016, the cybersecurity market continued to raise money at full steam.
Last year saw the market break records in terms of funding deals, with Q3 tallying up to be the most active quarter for deals in cybersecurity in the last five years, according to CBInsights.
That influx of money is driving innovation in a number of areas.
Particularly notable market segments targeted by these firms include security for data centers and public cloud infrastructure, security orchestration, and incident response tools, and third-party risk assessment tools.
The following 20 firms are primarily early-to-middle-stage startups, with a few more mature start-ups that have courted growth equity to change course or expand into a particularly hot new market segment.
We believe these firms are worth watching due to several factors.
On the funding front, they either managed to snag $25+ million in funding in 2016, or garnered a notable funding round in the last 3 months… Read More
Rudy Giuliani will face many challenges in his new role as cybersecurity advisor to President Trump.
Hopefully, Giuliani will prioritize the introduction of policies that tackle the ever-growing shortage of cybersecurity workers.
According to the ISC 2015 Global Information Security Workforce Study, more than 1.5 million cybersecurity professionals will be needed globally by 2020.
An estimated 500,000 to 1 million cybersecurity jobs remain unfilled in the US.
Companies are having trouble finding the right professional possessing practical cybersecurity defense skills.
The problem is not a lack of talent, but, in part, an education system that withholds cybersecurity training until college.
College education is not for everyone.
Many millennials that are savvy in information technology (IT) are looking for education models that replace enrolling in four-year academic institutions that results in loads of student debt… Read More
Imagine being surrounded by technologies, and hardly being aware of them.
For instance, a person walks into a room and without doing anything, the entire atmosphere is fine-tuned to his or her current mood or expectations.
Measurements are taken, personal data is sensed and recorded, and the room adjusts to integrate with the person’s countenance.
All this occurs without turning a switch or adjusting an appliance-simply walk into the room.
We’re beginning to move in this direction, with recent advances in medical technology, with personal fitness devices, and with smart home systems.
Behind the scenes, as the individual enters the room, the unseen technology helps advance the person’s security, health, comfort, and even creativity by providing a seamless set of adjustments and changes to everything from room temperature to computer access to food preparation… Read More
Government and private-sector executives are much more bullish on their companies’ cybersecurity than operators on the front lines, according to a report released today.
Executives are far more likely than operators – the IT and cyber staff – to believe their companies’ cybersecurity strategies have been fully implemented, according to the report from Intel Security and the Center for Strategic and International Studies think tank.
Operators are also five times more likely to believe their organizations lack incentives for cybersecurity professionals to improve their organizations to counter emerging threats, the report found.
“Almost half of operators reported no incentives existing in their organization,” the report said.
“It is possible that incentives, even when they exist, may not actually be known by employees, especially if they are lower down in the organization’s structure.”
There’s also a gap between how executives and operators assess the damage of a cyber breach, the report found… Read More
Multi-cloud Secure Applications (MUSA) is an EU H2020 funded research project which is aimed at ensuring security in multi-cloud environments.
The main goal of MUSA is to support the lifecycle of applications with strict security requirements over heterogeneous cloud resources.
MUSA will result in a security framework that includes security-by-design mechanisms as well as runtime security monitoring and enforcement to mitigate security incidents.
Multi-cloud applications rely on the adoption of cloud services of different capability types (i.e., infrastructure, platform or software as a service) from different cloud service providers (CSPs).
Multi-cloud follows the concept of distributed computing in which the components are dispersed but communicate in an integrated manner to achieve the desired goal.
This model offers the opportunity to select the best CSPs that satisfy both application and component level requirements… Read More
Have you ever traveled to a place where you didn’t speak the local language and attempted to ask for help?
Language is the key to communication and a critical component in effective public-private information sharing in the cyber domain.
Unfortunately – although some international organizations have attempted to document them – there are no common definitions for cyber terms globally across government, business, and academia.
When you throw in industry buzzwords and marketing jargon around cybersecurity, it can become nearly impossible for organizations to speak quickly and efficiently with each other about security.
To fully engage in cross-industry dialogue within the context of cybersecurity, we must speak the same language.
We can’t outmaneuver threats without it.
There are at least 16 different definitions of the term “cyber-attack” globally, all of which span a fairly large spectrum.
Most of them, at least mention something about denying, disrupting, destroying, or degrading information systems… Read More
Come to the RSA show, and you’ll find plenty of cybersecurity technology.
The top vendors from across the industry are here, showing products for fighting ransomware, preventing data breaches and more.
But even the best security software is useless if users and businesses aren’t taking the right steps to protect themselves. So we asked experts at the show for their best cybersecurity tips.
Joe Stewart, Director of Malware Research at Dell SecureWorks
He advises everyone to set up two-factor authentication to protect their internet accounts, especially email. It can be particularly useful when stopping hackers who are trying to steal login passwords from users, whether through malware or email phishing schemes.
Even if the hacker manages to loot your passwords, two-factor authentication ensures you’re still protected from all but the most sophisticated attacks: access to your account will require another form of authentication, such as your fingerprint… Read More
Unlike traditional internet of things (IoT) solutions, edge computing looks to bring the power of the data closer to the asset itself so that decision making is quicker and data is nearer the hands of the right folks who can take the right actions.
In practice, it’s called, “Decision making at the point of read.”
In 2017, we will begin to see more of a focus on the benefits of edge computing – and to be more specific – solutions that will address industrial applications, which are the logical, more affordable option for small and medium sized corporations.
This new approach is a deviation from traditional IoT solutions, which uses the cloud to collect streaming telemetry data and send it back to a centralized system for analysis.
These traditional IoT platforms are expensive, can be plagued by complexity, and returns on the investment remain largely unproven. For these reasons focusing on more agile, less expensive, and easier to scale edge solutions will likely gain in popularity and utility.
In order for this new approach to be successful, enterprises must begin to focus on the “T” within IoT as opposed to the “I”… Read More
‘Hybrid cloud isn’t going to be a mix of AWS and Google, or AWS and on-premise. It will be a mix of AWS and client machines.’
One of the buzzwords to emerge over the past year is that of “serverless” computing or architecture, which, as the term suggests, involves the provisioning of key information technology resources to users without the fuss and muss of acquiring and activating additional hardware, which not only means servers, but disk space as well.
Let the cloud vendors worry about the messy details of protocols, security, resource provisioning, processor speeds, and memory allocation, and focus on the applications business users need to run their organizations.
Serverless is, for all intents and purposes, another name for Platform-as-a-Service (PaaS).
There are vendor tools and environments suited for such a purpose, including Amazon Web Services Lambda, IBM BlueMix OpenWhisk, and Microsoft Azure Functions, Buzzwording aside, full-throttle adoption of serverless platforms may even stir rethinking of optimal hybrid cloud architectures, and what it means for IT teams to serve as brokers of needed business services.
Amazon says it fixed a problem that triggered a lengthy outage on its cloud storage service, causing widespread frustration among popular online services Tuesday.
The disruption, which stemmed from an East Coast location, hampered the operations of a wide array of Amazon clients, from media companies to makers of corporate communications software.
Reactions to the outage spread rapidly on Twitter, with memes depicting scenes of chaos from “The Office” and houses on fire.
The problem – and the ensuing outcry – show how important the cloud has become to the smooth functioning of the internet economy, as enterprises migrate their data and computing processes from their own premises to data centers operated by Amazon and other cloud giants.
But it also shows how far-reaching glitches at these data centers – touted as highly reliable – can be.
In Amazon’s case the cloud service may have been so robust that it lulled users into an exaggerated sense of security… Read More
Now that La La Land Moonlight has won the Academy Award for best picture, this is as good a time as any to look back at some screw-ups in the world of cloud computing.
May we all learn from our mistakes.
The Force is not with you: Take a trip back to May 9, 2016, less than a year ago.
It was on that day the Silicon Valley NA14 instance of Salesforce.com went offline, a condition colloquially known as Total Inability To Support Usual Performance (I’m not going anywhere near the acronym).
Customers lost several hours of data and the outage dragged on for nearly 24 hours.
CEO Mark Benioff took to his Twitter account to ask for forgiveness. Shortly after, Salesforce moved some of its workloads to Amazon Web Services.
AWS giveth, AWS taketh away: Though transferring workloads to AWS helped Salesforce recover lost customer confidence (though not lost data), the opposite was true for Netflix… Read More
fintech:CODE — March 16th-17th in London, UK. A new international knowledge exchange platform bringing together all DevOps, IT, and IoT stakeholders who play an active role in the finance and tech scene. Key topics include software development, technical challenges for DevOps, DevOps security, cloud technologies and SaaS.
retail:CODE — March 16th-17th in London, UK. 20 real-life case studies, state-of-the-art keynotes, and interactive World Café sessions, 35+ influential speakers will share their knowledge at the intersection of the retail and technology sectors.
Delivery of Things World — April 24th and 25th in Berlin, Germany. Over 400 IT executives will discuss what DevOps really means for business. This event brings together all stakeholders to share their experience and expertise.
Security of Things World — June 12th and 13th in Berlin, Germany. A world class event focused on the next information security revolution. Security concerns that preoccupy enterprise customers today and pragmatic solutions to threats.
Autonomous Systems World — June 14th and 15th in Berlin, Germany. An international knowledge exchange among top experts in the field, providing a unique glimpse into the fascinating world of autonomous robots, intelligent machines, and smart technologies.
INTRASECT — June 29th and 30th in Washington, DC. The first conference of its kind to engage key stakeholders in a comprehensive and engaging examination of existing and future regulatory policy governing the usage of commercial autonomous vehicles.