This week’s technology news – 25th July 2014

Policing Cloud and data policies provides good practice
The evolution of big data and the harnessing of data in the Cloud has, with all its technological innovation and wider corporate adoption, flagged up ever increasing policing needs around compliance and information risk management. These must be reviewed regularly and intensely by the CISO to protect the organisation.  Failure to do so will make the threat of fines and penalties (which can be more severe than fines) ever more likely.

If strong information security measures and good governance practice are put in place, this can keep organisations ahead of regulatory mandates.  The speed of change in data and privacy laws does not make it easy to stay on top but a vigilant CISO will be thinking ahead constantly.

Cloud services may be offered by multiple suppliers using multiple data centres, sending data around the world. This crossing of borders gets complicated as each country has its own jurisdictions, making safeguarding complex especially if the review is triggered by incident versus proactively controlled and selected.

The right of respect for personal information data held by organisations is at the heart of information security. Accordingly, companies need to know what information they hold and whether it is “Personal Identifiable Information” (PII).  Protecting PII is the responsibility of the data controller.  Apart from names and addresses, PII can include medical records, bank account details, photos, videos, personal preferences, opinions and work locations. It does not however, have to include a name to be PII.  Privacy is a compliance AND business risk area.

Approved jurisdictions are recognised by the EU as having an adequate levels of protection under local regulation.  Countries which have satisfied the requirements outside Europe include:  Argentina, Canada, Israel, Uruguay and New Zealand.   The US is a jurisdiction that is missing from the list.  Their ‘work around’ is the Safe Harbour Treaty, that allows EU information to be transferred to US based organisations, but this may still not provide sufficient regulatory assurance or liability for some organisations or public bodies.

The decision to use Cloud systems should be accompanied by an information risk assessment concentrating on the complexity not only of the Cloud system, but privacy regulations too – and the level of security required for that data.  Once analysed, the right path for each organisation becomes less complex and the knowledge and understanding of the CISO increases, as does the confidence of the Board that they and their data is in “safe hands”.

Reputations are lost quickly in the modern age.  Trust which may have taken years to build, when lost, is gone forever – and the swift migration of consumers will always hit the bottom line. Governance is not always present in the information security function and breaches may be more often down to an inadvertent mistake rather than criminal intent, but all steps taken to reduce risk, so long as it still enables the organisation to reach its goals, will smarten the way business operates and reacts.  So wake up and smell the coffee:  be close to your Cloud provider to know and understand where your information will be stored and processed.

Plastering on the care
digital patch plaster

A very clever battery-operated, wireless, sticking plaster-sized, patient monitoring patch has been developed by Oxford based firm, Sensium Healthcare. The monitoring patch could revolutionise patient care and increase the amount of time medical staff can give to those patients in greatest need.   Currently, patients requiring monitoring are hooked up, immobile and require constant observation, normally in four hour cycles.  The new monitoring patch enables the patient to get up and move around (encouraged as part of the process of speeding up recovery) and vital sign data is updated every few minutes, passing the data via a ‘router box’ in each room to the hospital IT system.

It is not intended to replace routine checks, but nursing staff report that it has helped take off some of the pressure on ward rounds.  The patches provided early detection of deterioration in 12% of patients wearing them in the tests at the Brighton hospital.   With a high incident of 12,000 recorded preventable deaths in England in 2012, of which one third were down to monitoring, this could be a significant game changer for NHS England – and at only £35 each and lasting 5 days, it is a refreshingly cheap solution for the Minister for Health to consider!  http://www.bbc.co.uk/news/health-28317509#

The next big thing in Mobile Memory
rice-rram
Tablets have come a long way in the last 10 years: from Windows XP tablet PC edition, to all the options that exist today. But memory is one of the areas where we have not seen great strides. Rice University in Texas is claiming a breakthrough in this field. Their silicon oxide technology – a type of RRAM – has been in development for five years and is nearing mass production, having gone through several refinements. The technology is undergoing prototyping of chips,  capable of storing one Terabyte, the size of a postage stamp. The cost of a chip so memory-dense would likely be sky high but the technology also provides all size variants in-between.

When Operating System and Device makers have a lot more memory to play with, how we use our devices could change. Being able to dump all of your apps into memory mean you could access all your information instantly. This can change how we both multitask and perform complex tasks on mobile devices.  As always cost and power consumption will be vital in what role this technology does play in the future, but with the right balance struck, this could be a turning point for mobile devices.

MDM vs Containerisation
Last year certain analysts were predicting that traditional mobile-device-management (MDM) was on the way out, to be replaced with containerisation of both data and apps. It would seem the market has taking a different approach after all. Application level management has in fact grown but MDM is still the preferred method for BYOD security. This has led to many a heated discussion on which path is best for mobile security going forwards.

So what is the right choice? Many companies are taking a two pronged attack, taking advantage of the strengths of each to use either, or both, when best appropriate. Just because MDM and containerisation can exist together does not mean that is what is best for your own organisation.  Define your own device use cases and security / governance requirements beforehand to decide which solution best suits your needs  Then you will be able to deliver the best options for your organisation’s needs.

 

Amicus ITS entered in to UKIT awards

JP and Mercedes

Two Amicus ITS employees have been nominated for the prestigious, national UKIT awards 2014.

Competing against the best of the IT industry are: JP Norman, Head of Technology & Governance, nominated for “Security Professional of the Year”, as well as Mercedes Coombes, Service Desk Level 2 Analyst who is in the running for “IT Service & Support Professional of the Year”.

The UKIT Awards, part of The Chartered Institute for IT, recognise excellence and outstanding performance throughout the UK computer industry. The awards focus on the contribution and achievements of individuals, projects, organisations and technologies that have excelled in their use and the successful development and deployment of IT in the past 12 months.

The judging is based on 4 key categories: professionalism, innovation, becoming a role model figure and evidencing measurable success, all of which JP and Mercedes have excelled in.

JP is solely responsible for the implementation of ISO27001, developing Compliance into a Service for all clients, and bringing the company’s IGSOC compliance from 66% to 100%. In addition, Mercedes has shown great initiative and going above and beyond normal duties, to ensure clients get the best service possible. She is known for her attention to detail and has demonstrated her understanding of intricate technical IT systems.

Both JP and Mercedes will find out if they have been shortlisted on Friday 5th September, to make it through to the finals on 12th November 2014 at Battersea Arena in London.

This week’s technology news – 18th July 2014

IBM, Apple and exclusive Apps

In the consumer market the war for a dominant victor has been decided, at least for now, Google comfortably holds the biggest share worldwide but for the workplace it is very much up for grabs. IBM and Apple have announced a new partnership to help each other tackle corporate mobility. IBM will be focusing on the software, creating new iOS apps, porting more than 100 of its existing applications over. IBM will also be selling iPads and iPhones direct, and teaming with apple to provide AppleCare for enterprises. 

 

This all makes for a strong business case, albeit a pricey one. The investment to work on so many end-to-end mobile solutions is impressive, however with such a partnership you must wonder if this is IBM taking a stand and making the bulk of these exclusive to Apple’s ecosystem, for mobiles at least. Application support has definitely helped sway the battle for phone manufacturers before, so why not use that same approach for businesses?

 

This could potentially be dangerous territory, an iPhone doesn’t make the most sense from a cost or support perspective to all. Of course this is not the first case of platform specific exclusive apps but with the size of the players involved, it could spur similar deals with others. This highlights an important consideration when deciding or reviewing your device standard of choice. Beyond what come pre-installed, are the necessary apps you need available? And are they implemented in away employees will be able to best benefit on the go? And how will they incorporate into your own existing infrastructure?

FBI on catch up with driverless car technology

An internal report by the FBI disclosed by the Guardian reveals their fear that the evolution of driverless cars such as those being developed by Google (and Volvo as reported in our 9 May 2014 blog), could create lethal weapons.   For law enforcers, their fear is that the automated cars present a perfect opportunity for criminals to focus their attention on shooting at officers, rather than having to keep their eyes on the road as well during a chase.   One counter to this is the advantage to the emergency services whose paths could be automatically cleared ahead of them as traffic moves aside.

 

With Google’s potential to have an approved car on the road in five to seven years and the British government already clearing the way for the legality of driverless cars on UK roads with the highway code being re-written, there is clearly a split in the debate.  Nonetheless the producers themselves are keen to promote that the anticipated increased safety will ultimately result in driver error becoming eradicated.  Whether this will also stem the traditional derisory comments between passengers and their driver about the skills on display may take a little longer to change.

A case of helpful hacking

Finding out a hacker has breached your network security is a major headache for companies. In the case of Sony, who infamously were hacked back in April 2011 had to close down their public facing media network for 24 days as it was rebuilt, admitting personal and credit card information was possibly compromised for up to 77 million users account. This instance can stand as a good case study on network and infrastructure security.

 

Google is taking a more direct approach and hiring the same hacker; George Hotz to assist with their new Project Zero initiative to identify problems with software. Controversial? Sure but the above does read as an impressive resume in the aim of finding flaws in large systems and applications. The Google project is not just self-beneficial. The new Team will also investigate other company’s software. Vulnerabilities found will be placed into a public database, with information on how long companies took to plug these after being alerted.

 

Google are not the only ones in the vulnerability finding game, Both Microsoft and Facebook have ‘bug bounty’ programmes, paying hackers for find system vulnerabilities. No matter how big or small, you may be surprised what someone outside your company walls could see in, if they really wanted too. Make sure your own system has had an additional teams eyes review the security, beyond the team that implemented it. Sometimes a fresh pair of eyes is all that’s needed to find that overlooked flaw.

Google’s diabetes smart lens looks good

The future of wearable technology and advances in digital health have taken what appears to be a solid step forward, following the deal struck between pharmco giant Novartis and Google to produce Google’s diabetes ‘smart’ contact lens.  With 1 in 10 people in the world forecast to have diabetes by 2035, this is canny commercial advance in healthcare.  The lens, utilising a tiny wireless chip with miniaturised glucose senses embedded in the lens, will help diabetics monitor their glucose levels through the tears in the sufferer’s eyes.  The results are then communicated to a mobile phone or computer.

 

With the prototype revealed in January, Novartis believe the technology had “the potential to transform eye care”.  The enthusiasm of Google’s co-founder Sergey Brin to use technology “to help improve the quality of life for millions of people”, may still be some way off.  However, with the increase in incidence of the disease, such innovative technologies would likely prove popular to consumers, whilst enabling healthcare experts to continue their monitoring role and make a difference to the management of the disease.

google smart lens

Amicus ITS announces launch of new Cirrus Project

DSC_0083 JP Norman

No. 1 IT Managed Service Provider, Amicus ITS, based in Totton, has just been given approval by its board members to proceed with a major investment to virtualise its own physical IT infrastructure. Today’s business data must be better protected than ever to counter the ever present threat of commercial downtime, security breaches whilst enjoying the full benefit of increased agility and collaboration, wherever the workforce is based and whatever the size of the organisation.

Head of Technology and Governance, JP Norman today announced: “The AITS Cirrus Project marks a great step forward for our organisation technologically. It is a rightful progression for us to take on now, having provided this for our clients for a number of years. The timing of this upgrade is excellent as we are in the process of publishing a new, world class three tier Cloud solution to businesses across the UK and abroad”.

Director of Sales, Les Keen confirms: “Amicus ITS’s Cloud framework offers a speed of flexibility, deployment, scalability and versatility that is almost unique in the UK. The key question we had to answer for ourselves in this exercise, is the same that we ask every client, every time: “Where do you need your data to be held and what degree of security do you need?”. With those answers in place the migration is technically relatively straightforward. The benefit we offer to our clients is that wrapped into all this positive assurance is a pro-active 24×365 service desk – which hopefully stops problems before they arise.

Anyone interested in following this project as it unfolds is welcome to sign up to follow news and watch out for updates online on our news pages at www.amicusits.co.uk

This week’s technology news – 11th July 2014

Microsoft increases Cloud business continuity with latest acquisition

Microsoft
Cloud-based business continuity specialists InMage have now been snapped up by Microsoft, with the aim to bolster their own Azure cloud platform. Business continuity is universally agreed to be incredibly important, the ability to recover quickly from a system failure could make the difference between continuing to run a successful business and not. Despite the agreed importance budget and time can often stop this from being implemented correctly.

Microsoft hopes that InMage’s tech will make Azure the perfect place for disaster recovery, giving you the benefits of cloud and reassurance of business continuity across their full portfolio of supported environments including Windows, Linux, physical, digital, hyper-v, VMware and others.

The InMage acquisition is looking like a smart buy for Microsoft and a great feature add for Azure users. Cloud or not, business continuity is often overlooked despite its importance and is an area every organisation should revaluate. Even a once great plan may not make sense today in our rapidly evolving industry.

Unlock your smartphone with an NFC tattoo
digital-tattoo

Want to keep the contents of your smart device secure but hate tapping in a pin every time you need to check something? There’s actually a few alternatives including built-in fingerprint readers and more recently wearable’s. The latest is tapping your phone against your new tattoo. Thankfully this particular tattoo is not a permanent commitment, the digital-tattoo is about the size of a penny, mostly transparent and can stick to your skin for about 5 days a time, surviving showers, exercise and sleep.

This unlocking method is an alternative and not an addition step of authentication but can add additional convenience, and the tattoos are purchased in packs of 10 cheaply. Digital-tattoos are not perfect however, if in the unlikely situation it was removed either by yourself or knocked by putting on extra clothing and then picked up by someone who knew exactly what it was for, they would have an auto unlock key to your phone, regardless of what pin you had set.

Both alternative to 4-digit pins and additional authentication for smart devices will become more important going forwards with incredibly sensitive information just 4 button presses away. If you can’t guarantee no one will be able to break your code make sure you can remotely erase or remove access to important data.

 

This week’s technology news – 4th July 2014

Personal and corporate lives fuse over mobile devices
Samsung report 75% of workers across Europe use corporate devices for personal tasks and a similar number use their own mobiles for work related activities. There is an increasing blur between the home and workplace – and whilst the figures are slightly lower at nearly two-thirds for UK respondents, it is clear there is still much to do on narrowing the risk and understanding new ways of working with your employees.

In our device-led, computer filled age, it may come as no surprise that 40% of the 4,500 workers surveyed said that their productivity levels are higher and 28% reported that stress levels were lowered, because of their ability to complete personal tasks during work time eg. during commuting time or a lunch hour. These included shopping or research – and UK workers reportedly had on average nine personal applications on their work smartphone and eight work apps on their business device. Many workers had no idea if their company even had a policy on use governance.

Clearly it is an important area for companies to protect themselves by ensuring they have a defined mobile and security policy to avoid security leaches or mis-use. Samsung’s own Knox-enabled devices are getting wide adoption, with 25 million devices enabled and attracting more than one million users, with approved endorsement by the UK Government and US military. Part of winning over staff and creating a better overall outcome, will be an education effort between the company and their workforce to advise employees and make them understand why restrictions are necessary. Governance can have a feel good factor if is handled well and not simply seen to obstruct workflow or efficiency.

The physical location of your data may change in the future
Many organisations are very cautious where their business data is physically stored, and rightfully so. The physically location can determine if other parties can also access your data if they believe they have reason to do so. Gartner recognises these concerns, though also believes the physical location of your data will become less relevant in the coming years and irrelevant by 2020. They believe physical location will be replaced with legal, political and logical locations. Neither one of these location types solve the issue alone but organisations will need to take on a hybrid approach, using multiple locations with different service delivery models.

While we plan for this future, we can utilise current software defined data centres to gain the flexibility of increased agility from provisioning applications quickly, improved control and policy-based governance, whilst keeping a handle on the location of your data.

“OFSTED” required for the Internet of Things (“IoT”)
The next phase of internet architecture “The Internet of Things” and how it will connect with our lives, still has a glaring gap to master, namely standards. There is much talk about the collection of data which will layer the insights to intuitively “assist” us in our future life, work and environment. This will happen via billions of little sensors being attached to everything, collected, processed and recycled into the right direction to be useful to us. Currently this is handled in data centres but despite their efforts to reduce energy use, the IoT will change this space. Ultimately, it is the data, its management and how it is aggregated to be intelligent, that lies at the heart of the issue, not so much sensors or home networks which is often the public talking point.

The intelligence of the IoT has to be harnessed by being more green without doubt. The sensors need multiple gateways, connecting a multiplicity of devices of varying power demands, which avoid connecting to the mains or requiring frequent battery replacements. IoT needs low speeds and low energy. It must stay simple and have mass production at scale, to make being “Smarter” compelling. But that will require it being at a reasonable cost.

The conflict lies in there being a lot of technologies with competing interests, vying for their part of the market including Wi-Fi, Bluetooth Low Energy, the latest DECT mutation (ULE) and the Weightless group which uses “white space” radio, plus older versions including ZigBee. But until these shake down to key IoT operators which can deal with and distribute the volumes of power at low cost to commercial mass, clarity cannot be deduced.

And therein lies the conundrum: with the potential to be top heavy in power overheads, how will it all be connected, who will govern the standards – and what will those standards be? It is still a very complex picture. But whilst the answers are not fully expressed yet, it will be big business for some and the live questions must lead to some form of “Office of Standards” to avoid the internet being caught on catch-up with itself and the formulae not working for the good of us all in the long term.

Wearables in the workplace, are you ready?
Google Glass is yet to be officially released, but with the announcement and commercial release of Android Wear, Google’s own smart watches have leap-frogged themselves into customers’ hands. Both Apple and Microsoft are heavily rumoured to be working on their own wearable platforms potentially being released later this year.

Wearables by their nature are meant to be worn throughout your day, monitoring your health and also keeping you notifications at glance level.

If you have not already, you will soon find people wearing their own wearables into the workplace. With a new type of device comes new security concerns. The good news is that wearables will fit into an existing set of good policies. These devices do not connect to the internet directly, but rely on a connection with the user’s phone, so a thought out mobile policy will cover this. Another area of concern is that the camera on Google Glass could record employees without consent. Again, this should already be covered by a mobile or camera policy.

The conclusion is that even if you are not adopting wearable tech now, you shouldn’t be surprised to see a smart watch on an employee’s wrist. Check over your technology policies and make sure you are ready, as the wearable may arrive quicker than you expect.

Android-Wear