The Risks of Cloud and Third-Party Apps

While cloud and third-party applications make it easier for businesses to operate, they introduce their own set of security risks. Organizations have less control over third-party apps than they would if they built them in-house. And because of this, more people and applications have access—not just employees.

Third-party applications open a backdoor into the business network that organizations don’t always secure on their own. In the SolarWinds breach, for example, attackers were able to gain access to the Orion monitoring platform, which gave them valuable cybersecurity information on thousands of organizations and access to their networks. Unfortunately, SolarWinds didn’t discover the breach for nine months, meaning the attackers gained nine months of knowledge and access. While AI may not have prevented the initial breach, it likely could have identified the intrusion much faster.

In addition to third-party risks, more applications in the cloud means more places for attackers to hide or breach to gain access to the network. Because the threat surface is distributed across the cloud, there are also more potential attackers posing as customers, partners and even employees.

Learn How to Prevent Third-Party Vulnerabilities.

Why is AI an Effective Security Measure?

With the larger attack surface, businesses should include AI as a baseline technology in their security measures. Human error causes approximately 88 percent of all security breaches.  AI solves that by automating repetitive tasks and monitoring more traffic at one time than humans can. It also never gets tired or makes an error, ensuring that remediation tactics are consistent every time. 

Another significant benefit of using AI for cybersecurity is behavioral analysis. Most cybersecurity AI monitoring tools can track normal behaviors of customers, employees, or partners, enabling AI to quickly identify anything out of the norm as different users use their cloud applications.

For example, if an employee in Chicago is only ever logged in from 9 AM to 5 PM during the week, and typically uses an application by visiting pages A, B, and C in that order, but suddenly the credentials are used to access sensitive information at 2 AM on a Saturday from Tokyo making initial requests to page C, AI can block the request and flag it for IT to investigate or challenge.

AI can also train itself through intent-based algorithms that watch and learn normal patterns of behavior and uses that to flag questionable or bad behavior.  However, with this model, the security is only as good as the data scientists who created the algorithms, since the AI will do exactly what it was programmed to do as it learns – not more or less. If organizations work with knowledgeable and experienced data scientists who understand algorithm biases and how unintended consequences can cause problems, AI is one of the best security measures they can have in place.

CloudSecOps is a Battle of Algorithms

The unfortunate reality is that bad actors already employ AI to power their attacks in the form of bots. If that’s the case, businesses can’t afford not to include AI in their cybersecurity processes to keep up. Cloud security operations (CloudSecOps) is a battle between good AI and bad AI. Good AI needs automation and strong policy enforcement to be effective, which means businesses need to work with expert data scientists to build strong policies into the algorithms.

Additionally, human cybersecurity experts can’t shut down bad bots as fast as attackers create them, meaning businesses need AI incorporated into their CloudSecOps to stand a fighting chance. AI also has the ability to infinitely scale while protecting applications by differentiating between good bots, like those used by search engines to index a website, and bad bots that cause harm. 

To protect against today’s threats, the best security strategies use a proactive approach. Human security analysts can only be reactive, responding to security threats after they occur. Yet, AI allows for a proactive approach by providing real-time monitoring of the attack surface and prompting action to advance security measures. Cybersecurity experts can best use their skills to build logic to remediate threats by working with data scientists to improve AI algorithms.

Security Has to Be a Priority with CloudOps

Cybersecurity can’t be an afterthought when it comes to CloudOps. It has to be built in from the beginning, using AI to automate and enforce security policies. It’s important to remember that current capabilities are always changing. Even if an organization addressed security during its first cloud migration, it may not be keeping up with emerging threats or taking advantage of current AI technologies.

Businesses that already have CloudOps or are considering a cloud migration need to revisit current AI capabilities to see how they can help improve their security landscape and put them on a more proactive footing. And if they don’t already have experienced data scientists on staff, they should consider hiring or partnering with companies that can provide their services to determine how to best build their next CloudSecOps organization.

Ready to improve your CloudSecOps? Check out our guide to Cloud Security Best Practices.

Mike O’Malley is the SVP of strategy at SenecaGlobal, a leading software development as-a-service company specializing in digital transformation. He has been in product development for 20+ years leading development, product management, marketing, and M&A in the tech space.

Throughout his career, Mike has combined deep engineering knowledge with business acumen to help companies figure out what creates success in the market for a product or solution. Then he builds and coaches teams to make it happen again and again. Mike holds a Bachelor of Science and a Master of Science degree in electrical engineering and a Master of Business Administration from the University of Illinois.

The post Leveraging AI to Secure CloudOps as Threat Surfaces Grow appeared first on IT Business Edge.

• Code Execution Exploits in the Browser
• Code Execution Exploits in Plug-ins
• Advanced Persistent Threats
• Man-in-the-Middle Attacks
• DNS Poisoning
• SQL Injection
• Cross-Site Scripting
• Broken Authentication and Session Management

Code Execution Exploits in the Browser

This is the most egregious type, and also the rarest. Occasionally attackers will discover a vulnerability in the browser itself that allows the execution of arbitrary binary code when a user simply visits a compromised site. Browsers are complex pieces of machinery with many subsystems (HTML rendering, JavaScript engine, CSS parser, image parsers, etc.), and a small coding mistake in any of these systems could offer malicious code just enough of a foothold to get running. From there, the malicious code has lots of options—downloading other malicious packages, stealing sensitive data and sending it to servers abroad, or silently waiting for further instructions from the attacker. The attacker doesn’t even have to compromise a legitimate site to host such an attack—advertising networks have been used to distribute malicious code on otherwise secure sites.

How to avoid: Turn on automatic updates in your browser of choice. This type of vulnerability is usually quickly patched by the browser or OS vendor, so attackers have a very short window in which to use it against fully updated systems.

Code Execution Exploits in Plug-ins

Plug-ins are probably the most well-known vector for drive-by downloads (attacks that silently download and run native code on your system). From Flash to Java, even plug-ins from large, reputable vendors have repeatedly had vulnerabilities used in malware attacks. Like browser exploits, vendors usually patch vulnerabilities of this type in short order, but outdated copies of browser plug-ins far outnumber the updated ones.

How to avoid: Keep your plug-ins updated and uninstall plug-ins and extensions that you don’t use. Browsers are getting better at warning users about outdated plug-ins, so don’t ignore the warnings.

Advanced Persistent Threats

Advanced persistent threats (APTs) quietly install malicious code on an endpoint and then steal data (keystrokes, screenshots, browser activity) or even modify what the user sees in their browser, sometimes going undetected for years. These attacks use a myriad of methods to get users to install them, many not related to the browser—for example, via an infected thumb drive or a hostile email attachment. But since so many sensitive interactions occur via the browser, most of these types of attacks put a high priority on stealing data from the browser.

Ways to avoid: Install a good antivirus product, and don’t pick up random thumb drives, open suspicious email attachments, or visit spam-filled sites on your work computer. Also, avoid public Wi-Fi networks as much as possible, as attackers can sometimes access machines through these.

Man-in-the-Middle Attacks

An attacker who has access to any point in a network connection between a user and sensitive websites (a “man in the middle”) has the opportunity to observe and modify traffic as it passes between the browser and web servers. Websites that use TLS (sites whose addresses start with “https”) help defeat this, because an attacker of this type has a very hard time faking the cryptographic certificate used by the server to authenticate itself to the browser. However, attackers know that a lot of users have been conditioned to just click through warnings when they appear, and so they can use an invalid/forged certificate and in many cases, users will ignore the browser’s warnings.

Ways to avoid: Don’t ignore browser warnings. When in doubt, try a different machine or internet connection, or just wait to conduct your sensitive transaction later. Businesses should install an SSL certificate on their website to protect users.

DNS Poisoning

Attackers can poison the DNS system (think of this as a contact list your browser uses to locate a site’s IP address by its name) at several different stops. Your machine caches DNS entries, and attackers can poison this cache. A special file on your machine can be modified to override DNS servers for certain web addresses, and malicious actors can even compromise DNS servers themselves and force them to serve up bad IP addresses for reputable sites. Once the attack is in place, your browser will contact an attacker’s server instead of the legitimate server for any targeted website. Attacks like this typically target banks and other financial institutions, fooling users long enough for them to give up account credentials, which are then used to empty their accounts.

Ways to avoid: Always look for “https” at the beginning of the site’s address when visiting a sensitive website to do financial transactions, and (again) don’t ignore browser warnings. Attackers who have poisoned your DNS lookups still can’t forge the certificates used for TLS, so in many cases, they’ll use a non-TLS (“http://…”) address and hope users don’t notice.

Also Read: Potential Use Cases of Blockchain Technology for Cybersecurity

SQL Injection

SQL injections have been a known problem for over 10 years, with The Open Web Application Security Project (OWASP) keeping it towards the top of its Top 10 threats list. Using an SQL injection, attackers can add SQL commands to a website in order to access and edit data on the server. Attackers can use web forms, cookies, or HTTP posts to inject their malicious code into the browser. The goal of these types of attacks is typically to steal, delete, or manipulate the data that businesses store on their servers, including customer names, social security numbers, and payment information. 

How to avoid: Businesses should protect their websites with careful coding techniques, including sanitizing and filtering user-supplied data and limiting the functions that SQL commands can have. Additionally, web application firewalls can protect businesses from SQL injections introduced via third-party vendors.

Also Read: Application Security Code Reviews: Best Practices

Cross-Site Scripting

Like SQL injections, cross-site scripting (XSS) attacks use injections to send malicious code to other users. The receiver’s browser thinks the code is legitimate since it comes from a trusted source and will execute the script, giving the attacker access to cookies and other sensitive information the browser has retained for use on that site. The bad actor can then use this information to impersonate the victim or steal their login credentials. The script can also sometimes rewrite the content of HTML pages, which may cause users to click on more malicious links. Sites that accept user-generated content are the most vulnerable to these types of attacks.

How to avoid: The prevention methods for XSS closely follow those to avoid SQL injections: filter and limit user submissions as much as possible to prevent malicious code. Additionally, you can encode the output of HTTP responses to keep the browser from interpreting it as active content and executing the code.

Broken Authentication and Session Management

When a user logs into a website, they get a unique session ID, which the website then continuously transmits between the user’s device and the server. If this session ID doesn’t have the proper encryption, an attacker can intercept the ID and hijack the session for their own purposes. Users operating on public or unprotected Wi-Fi are especially vulnerable to this. Attackers can also use a brute force attack like they would to guess someone’s password. These brute force attempts become easier if the attacker has already intercepted several session IDs. 

How to avoid: Businesses can install SSL certificates on their websites to encrypt the information that protects their users’ browsing sessions and login credentials. Additionally, users should only connect from protected, private connections, avoiding public Wi-Fi whenever possible. 

Protect Your Browser, Protect Your Business

Human error is one of the biggest factors in organizational data breaches, and with all the vulnerabilities that browsers have, it’s easy for employees to fall victim to attacks. To protect the business, organizations need to train their users on the vulnerabilities they face from their browser and make sure they only connect from private WiFi connections. Additionally, businesses should install web application firewalls on their machines and limit and filter user-generated content whenever possible. With these precautions in place, businesses are less likely to fall victim to browser-initiated attacks.

Read Next: Data Privacy Forces a Tradeoff with Cybersecurity. Is It Worth the Risk?

Jenn Fulmer updated this article on Jan 12, 2022. Jenn is a content writer for TechnologyAdvice, IT Business Edge, and eSecurity Planet currently based in Lexington, KY. Using detailed, research-based content, she aims to help businesses find the technology they need to maximize their success and protect their data.

The post Top Five Vulnerabilities Attackers Use Against Browsers appeared first on IT Business Edge.

Puppet’s latest survey found that 83 percent of IT decision makers report their organizations are implementing DevOps practices to unlock higher business value through better quality software, faster delivery times, more secure systems and the codification of principles. However, within that 83 percent are distinct cohorts of organizations whose success with DevOps is contingent upon a number of factors, revealed in the report.

Delving deeper into that 81 percent segment, the report found that many organizations in the middle stages of their DevOps evolution have plateaued. Among these mid-evolution teams, cultural blockers remain the biggest hurdle to reaching DevOps success, including a culture that discourages risk (21 percent), unclear responsibilities (20 percent), de-prioritizing fast flow optimization (18 percent), and insufficient feedback loops (17 percent).

Further findings in the report also revealed:

• 91 percent of highly evolved teams report a clear understanding of their responsibilities to other teams compared to only 32 percent of low-evolution teams.
• 65 percent of mid-evolution firms report using the cloud, yet only 20 percent use the cloud to its full potential. High-evolution teams use cloud better with 57 percent satisfying all five NIST cloud capability metrics compared to only 5 percent of low-evolution respondents.
• 90 percent of high-evolution teams have automated their most repetitive tasks compared to only 67 percent of mid-level and 25 percent of low-evolution.
• Among highly evolved organizations, 51 percent integrate security into requirements, 61 percent into design, 53 percent into build, and 52 percent into testing in contrast to mid-level organizations in which security becomes involved only when there is a scheduled audit of production or an issue reported in production.
• Fewer than two percent of high-level organizations report resistance to DevOps from the executive level compared to 13 percent of those in the low-evolution firms.

“A standout finding from the report is the importance of team identities; organizations with less ambiguous team names with more clearly defined team responsibilities are more likely to be more highly evolved in their DevOps journey,” said Nigel Kersten, Field CTO at Puppet. “The title ‘DevOps team’ is misleading, as it allows many organizations to assume that having a DevOps team means they are doing DevOps correctly. We recommend less ambiguously named stream-aligned and platform teams, as seen in the Team Topologies model, which create a more well-defined path to achieving DevOps success at scale.”

The report also found that further key determinants for mid-evolution organizations to achieve DevOps success at scale include a successful platform team approach, organizational buy-in from both managers and practitioners, a strong automation practice, and a willingness to accept risk and invest for the future.

Read next: AI and Observability Platforms to Alter DevOps Economics

The post DevOps Report Cites Culture as Hurdle in DevOps Evolution appeared first on IT Business Edge.

SAP announced today it plans to fundamentally change the relationship between software vendors and their customers. Historically, enterprise software vendors have, for better or worse, relied on IT services providers to implement applications often with mixed results. SAP is now saying it will take direct control over entire digital business transformation projects, including the contracting and managing of IT services providers, as part of a subscription organizations pay for on an annual basis per project.

Announced at an online “RISE with SAP: The Introduction” event, the initiative will lead to a significant reduction in the level of friction organizations experience today when launching a digital business transformation initiative, says Sven Denecken, COO for S/4HANA and head of product success at SAP. “It’s a concierge service under a single contract,” says Denecken. “It’s business transformation as a service.”

SAP is in a position to deliver on this premise because it has embedded instances of best practice for a wide range of business processes with its SAP S/4 enterprise resource planning (ERP) application suite. Those processes give organizations a means to replace legacy business processes based on custom software that is difficult to maintain and update, says Denecken. RISE with SAP is being offered as a subscription because each digital business process will be continually updated and supported by SAP and its IT services partners.

At the same time, SAP makes its S/4 suite of applications available as a cloud service that it maintains on behalf of customers. Those applications are always current with the latest release versus on-premises IT environments that are often two or more release cycles behind. The cost of supporting those older releases ultimately eats into the bottom line of SAP.

That long-term approach also ultimately makes it simpler for SAP to apply both advanced analytics along with machine and deep learning algorithms and robotic process automation (RPA) capabilities embedded in its applications and databases against the data it collects to further automate business processes. Collectively, SAP describes those technologies along with a portfolio of low-code tools it provides for making extensions to its applications as crucial enablers for building an intelligent enterprise.

Of course, organizations that embrace RISE with SAP will be more dependent on business processes defined by SAP. Most of those processes are not of a nature that would create differentiated value for an organization so continuing to rely instead on a legacy process enabled by custom code could be costing organizations more trouble than it’s worth.

It’s too early to say how RISE with SAP will be received. In theory, it should reduce the number of vendors any IT organization needs to engage. However, many organizations rely on a wide range of application software that they need third-party services providers to integrate. After all, not all those integrators are likely to be as excited about taking a back seat to SAP if they perceive they already own the relationship with the customer.   

The post SAP Unfurls Digital Transformation Service appeared first on IT Business Edge.

IT salaries were flat in 2020, according to a January 2021 IT Salary Survey conducted by Janco Associates, a management consulting firm that focuses on management information systems. The finding is the worst since the dot.com bust, with IT middle managers hardest hit as the mean total compensation for those positions were lower than in previous years, with only 0.08% growth. Janco interviewed over 101 CIOs in the last several weeks as part of its data-gathering process for the survey.

“In reviewing the data from our latest IT Salary Survey we found that total compensation was flat,” said M. Victor Janulaitis, CEO of Janco Associates. “The one factor that stood out the most was the reduction or flat-out elimination of discretionary bonuses. That added to the fact that SMBs, where most IT pros have positions, were the most adversely affected by the shutdowns. That  drove many companies to manage costs by limiting hiring and salary increases.”

Janco’s findings show that 116,000 IT professionals were laid off or terminated in April and May due to COVID-19 shutdowns, reducing the demand for IT salary increases. The IT market recovery was further slowed by a second wave of shutdowns with more than 8,000 additional jobs eliminated in November. By year’s end, there were 84,000 fewer IT jobs than at the start of 2020.

Also read: Talent Management Becomes Crucial in the COVID-19 Age

“On the bright side, there has been a pick-up in development activities associated with initiatives which support Work From Home telecomputing and related mobile applications,” Janulaitis said. “That could be the spark that drives any growth in salaries and hiring in the near term. However, in our opinion, salaries for IT pros will remain flat for at least the first and second quarters of 2021.”

The survey also found that hiring for many positions at all levels of IT management were put on hold, with consultants who augment IT staff being all but eliminated. Hiring for key replacements and employees with very specific skills continued, however, to support C-Level mandated development activities, according to Janulaitis.

Other major findings of the 2021 IT Salary Survey are:

• Between January 2020 and January 2021, the total mean compensation for all IT Professionals increased from $94,535 to $94,609 or 0.08%.
• Most salary increases were limited to 1% or less
• Demand has remained highest for IT professionals who support Work From Home (WFH) and e-commerce
• KPI metrics are the focus of C-Level management to understand and manage WFH employees.

“CIOs are now less optimistic about the direction their organizations are moving and are cautiously managing budgets, salaries, and staffing,” Janulaitis said. “They are waiting to see what the impact of the vaccines will be on the overall economic picture.”

More information on the 2021 IT Salary Survey can be found at https://www.e-janco.com/salary.htm

Also read: Securing Work-From-Home Networks to Safeguard Your Business

The post IT Salaries Stalled During Tumultuous 2020, Survey Says appeared first on IT Business Edge.

One of the things that has become apparent in the wake of the COVID-19 pandemic is that more people can successfully work for an organization from anywhere. While there is still a need to meet in person on occasion, it’s been shown there are plenty of tasks that can be handled just as easily by employees working from home as is in the office.

The implications of that transition, however, are now just being appreciated by hiring managers. Prior to the pandemic, there was always a strong preference for hiring individuals that lived in proximity to an office. They may have worked from home from time to time, but most of the time they were expected to be in the office.

However, once that proximity requirement is removed the size of the candidate pool increases by orders of magnitude. There is now no reason to not consider a job candidate that may live on the other side of the country or, for that matter, the world.

As more organizations start to appreciate that simple fact the way they approach hiring is about to fundamentally change forever. Rather than trying to recruit talent locally, hiring managers now need to think in the same terms a general manager of a professional sports team tends to approach talent management. The next rising star could be anywhere.

Also Read: HP Life: How to Make Yourself More Valuable while Social Distancing

Tapping IT Talent

It’s now feasible for IT teams to, for example, recruit IT professionals with critical DevOps skills on entirely different continents, notes Clyde Seepersad, senior vice president and general manager for training and certification at The Linux Foundation.

“We’ve hired some folks for our DevOps teams from South America,” says Seepersad.

Cisco CEO Chuck Robbins during a recent Cisco Partner Summit Digital event went so far as to note the impact on local economies will be profound because organizations won’t be compelled to move people to geographic regions such as Northern California where the cost of living is much higher.

“We can hire people anywhere,” says Robbins.

That shift will also go a long way to addressing economic inequality if individuals can generate income that flows back into their local community while working for organizations that are many miles away, adds Robbins.

HR’s Role in the Talent Search

That shift is going to require organizations to reengineer most of the human resources (HR) applications they currently employ, says David Somers, general manager of Talent Optimization at Workday.

More employees than ever are also working across different shifts that might not be based on the traditional 9-to-5 working day, adds Somers.

At the same time, contractors are playing a large role as organizations either reduce the number of full-time employees or are forced to furlough staff.

Workday, to make it simpler to manage that modern workforce, just added a Workday Talent Marketplace module specifically designed to enable HR professionals to manage talent based on the skills the organization can collectively tap, says Somers.

“We’re just at the start of this,” adds Somers.

Regardless of what HR application is employed to manage the workforce there will be no going back. The challenge and opportunity now is figuring out how best to optimize a workforce not only during a pandemic, but also for an entirely new era of employment.

Also Read: 2020 Top Companies for Human Capital Management (HCM) Software

The post Talent Management Becomes Crucial in the COVID-19 Age appeared first on IT Business Edge.

This week I had an interesting briefing with a little-known company that is providing a solution to a problem we have but don’t talk about much. The problem is people not using the apps IT provides properly or at all. The very same effort we make on our web sites to analyze potential customers and drive higher conversion rates if applied to our internal apps should provide higher productivity, greater return on the app investment, and stronger corporate performance so you’d think the market would be rich in solutions that do this. It isn’t. Knoa, which provides a solution that does exactly that, seems to stand alone but reports some of the leading companies like Coca Cola, Comcast, Disney, Johnson & Jonson, Merck, Pfizer, Schlumberger, Siemens, Tata, and Unilever.

For me, this briefing was kind of like someone pointing out I’d left my fly open. I should have noticed the obvious problem that wasn’t being addressed and felt a tad stupid that I hadn’t seen what should have been an obvious oversight. What made it particularly obvious for me is that I recall that when I first started working for a High-Tech company I spent my first two weeks convinced I was going to be fired because I had no idea what my job was, and no one had the time to train me. Then when I transferred into IBM and they took away my PC and gave me a color Terminal with a light pen (which I never did understand how to use) and dropped me into a huge office without Windows I again felt like I was drowning as I had nearly 10 years seniority but not a single clue how to use the tools I’d been given (to be fair they were things like PROFS that truly sucked).  

Let’s talk about the missing link for app deployment, employee productivity, and unnecessary stress.

Assuring The User

While the Knoa solution can be applied to any App, it is mostly focused on SAP. Now why that is interesting is that with SAP, in particular, there is a common thread I’ve observed over the years where companies pay millions for an SAP solution, which is either not fully implemented (often becomes shelfware), and if implemented not properly used. At one time SAP showed up on a list of very expensive solutions that weren’t worth the money because of these two aspects. It wasn’t that the solutions couldn’t work, it was that the implementation failed which reflected poorly on SAP, but in most cases it was more the fault of the whoever implemented the solution (often a third party or poorly trained IT team) or whoever implemented and assured employee training and competence.

SAP is incredibly powerful, but it is far from easy to implement properly, yet the tools that measure the implementation, as a class, didn’t emerge. Well, until Knoa because that’s what they do.

This lack of rigor seems nuts to me; it would be like buying a Supercar and then taking it out to race without first learning to drive, let alone learning to drive a car with that much power. In a car, the Kevin Hart crash is indicative of what would and does happen. Now with an app you may not get the physical disaster of a car crash (every time I see a picture of that car my heart breaks) but the economic impact is potentially far greater because you are talking about software that effectively runs the company and if that isn’t done properly, the impact on the bottom line potentially is several magnitudes higher than the cost of the software which, in and of itself, isn’t insignificant.

What Knoa’s solution does is provide metrics that tell management if the software is being used properly, if users individually are having problems, and it points the way towards fixing that can improve the effectiveness of the app significantly by assuring the deployment.  The tool is incredibly effective for SAP migrations because it helps identify custom apps in place that seem to create dependencies but are either not used or used so seldom they can be removed as a dependency without the screwy practice of turning them off to see who complains. That last is still a common practice.  

One interesting comment they made was that during a recent deployment, the app immediately discovered bad employee behavior (it sounded like embezzlement to me, and that is often tough to catch, and I say that as an ex-Internal Auditor).

Wrapping Up

It just seems odd that we spend millions on solutions like SAP and don’t have more tools like Knoa that assure that these millions are well spent. But simply assuring that no other employee has to go through the trauma of feeling inadequate like I did when no one has the time to answer questions or help would, if you have any empathy at all for those just starting, be a reason to consider a tool like this.

In the end, a deployment, particularly one as expensive and powerful as SAP tends to be, requires a way to assure the tool is properly deployed, evolves in a way that favors the business, and is effectively used by users with adequate competence. Knoa does that, and particularly for SAP deployments may be the best, in terms of return on investment, little known tool in the SAP market.

The post Knoa: The Missing Link for SAP Deployment, Employee Productivity and Unnecessary Stress appeared first on IT Business Edge.

“We believe this will drive a workforce revolution: Archaic workforce structures where people had a specific job within an organization are being upgraded to labor platforms that allow more on-demand models, giving people opportunities to work on different things and in different ways,” said Mary Hamilton, managing director and lead of the Digital Experiences R&D group at Accenture Labs, and Alex Kass, Accenture Labs Fellow.

According to the Accenture Technology Vision 2017 companion survey of more than 5,400 business and IT executives, we found:

• Eighty-five percent of executives plan to increase their organization’s use of independent freelance workers over the next year.
• Seventy-six percent of executives agree organizations are under extreme competitive pressure to extend innovation into their workforce and corporate structure.
• Seventy-three percent of executives we surveyed report that corporate bureaucracies are stifling productivity and innovation.

The gig economy is clearly disrupting the tech industry, both in positive and negative ways.

How the Gig Economy Is Changing the Tech Industry

The gig economy is clearly disrupting the tech industry, both in positive and negative ways.

Allows for a Freelance Lifestyle

Many tech projects are now executed by external workers engaged on a freelance basis, as independent contractors via flexible talent pools, and as statement of work-based consultants, according to Arun Srinivasan, senior vice president, Strategy/Customer Operations at SAP Fieldglass. “Cloud-based solutions have emerged to help balance the supply-demand equation in the gig economy by helping businesses source work from multiple talent channels and by helping external workers easily find appropriate jobs,” Srinivasan added. “This digitally enabled matchmaking between the job and the worker is encouraging professionals to choose to be part of the liquid workforce and spurring new tech careers.”

AI in the Gig Economy

Crowdsourcing platforms used in the gig economy will rely on artificial intelligence, said Wendy Gonzalez, senior vice president & managing director at Samasource. “Gig workers go to these platforms and sign up for a task, such as responding to how an image makes them feel or identifying descriptors for an object. These responses are then crowdsourced to the company as data sets and applied to the algorithms to make them more accurate. For example, high-tech companies use computer vision to do facial recognition and things of that nature, and they will create a project asking people to annotate a person’s face and tag it to train the facial recognition software.”

VR in the Gig Economy

Virtual reality could change the way full-time workers and gig employees collaborate and interact, according to a Fast Company article. “VR will be used to accommodate the evolving definition of ‘employee’ to include both workers in conference rooms and gig workers contributing remotely.”

Finding the Right Contractor

Technologies like Slack help easily incorporate short-term contractors doing gigs into the team environment, then exit them as soon as the gig is over. It’s easier than ever to find gig-contractors online, including with upwork, fiverr and more. We can incorporate our gig contractors into our system quickly with time tracking (Harvest), screen sharing (GoToMeeting), direct deposit (Gusto), task management (Asana), and more, according to Andrew Seidman, head of Operations for Digital Reach Agency.

Getting Your Startup Running

“The gig economy has created an opportunity for startups to work with experienced and entrepreneurial-minded developers and employees who they may not have otherwise had the ability to hire on a large scale,” said Vainu Co-Founder Mikko Honkanen. “However, the gig economy presents its challenge to startups who need a dedicated team to really get their project off the ground. Independent contractors, by definition, are not in the same kind of relationship as a full-time employee would be. While they may be dedicated, they are not in the traditional sense an ongoing part of the team.”

Necessary for Global Growth

Thanks to technology, we are a global society. And it is tech jobs within the gig economy that will continue that growth, according to Fred Schebesta, CEO and co-founder of finder.com, which is currently in the process of global expansion, operating in five countries around the world with two new markets opening soon. “Hiring tech experts who are doing some work on the side and not looking for full-time work has been instrumental to our global growth,” he said. “We’re able to get top talent to conduct the work that there is not yet a full-time role for. Being an online business, we’re also able to hire workers from anywhere in the world, which has allowed us to recruit some great global talent we wouldn’t have otherwise had access to.”

Building Apps to Support the Gig Economy

Many of those using the gig economy to find potential clients rely on mobile apps. Those apps rely on companies like Shiftgig, which is just one example of a company leveraging technology to help businesses find workers and ultimately helping fuel the need for tech jobs in this space. “Shiftgig is an app-based mobile platform that connects businesses with reliable, high-quality workers on demand,” explained Eddie Lou, the CEO and co-founder. “While the app’s focus is on the hourly workforce, Shiftgig has a team of around 50 full-time employees, and are currently hiring about 15 more, that focus on maintaining our technology and building new features for it.”

A Lack of Job Security

“While qualified IT and tech professionals have many opportunities within the economy, they may not have the same job security,” explained Lindsey Havens, senior marketing manager with PhishLabs. “The gig economy brings with it a backlash of disgruntled workers who want benefits, paid holidays and the other extras that come along with being a full-time employee. Now, more than ever IT jobs are turning into independent contractor positions or freelance. While that may offer flexibility for workers, it doesn’t secure a future down the road.”

Short-Term Opportunities

As the gig economy grows in IT, there are a lot more short-term opportunities than there used to be, Tim Goldstein, author of Geeks Guide to Interviews: 15 Critical Items for the Technical Type, has observed. In turn, it seems to be reducing the longer-term staff augmentation contracts where you basically did a bunch of stuff that now might be gigged out. “For me overall, it has been a negative trend. Most of it revolves around the short assignments and the downtime between them,” Goldstein said. “While many of us are trying to live a little more relaxed lifestyle, hit and miss employment can be stressful.”

The post How the Gig Economy Is Changing the Tech Industry appeared first on IT Business Edge.

10 Reasons Why the Enterprise Is Turning to Hyperconverged Infrastructure

While HCI is certainly innovative in design, its true measure lies in the practical benefits it brings to data center management and operations.

Hardware Consolidation

While the overriding meme for HCI is that it provides greater scale, the real benefit is that it enables highly dense infrastructure footprints. This will help the enterprise shed the ad hoc data centers of today in favor of sleeker, more compact systems that provide high levels of performance in very confined spaces.

More Efficient Resource Consumption

HCI, plus related cloud resources, allows organizations to make resources available to a greater number of users within and outside the enterprise. Using high-speed storage and integrated fabric technologies, HCI is able to pool and distribute resources on a much more dynamic basis than legacy infrastructure.

Service-Level Objectives/Business Outcomes

HCI allows businesses to streamline service delivery to customers and drive efficiencies in product and application development cycles. This in turn provides a greater ability to accommodate individual user needs and target niche markets.

Platform Integration

Because HCI will most likely be built on commodity hardware, enterprises have a greater ability to integrate numerous data platforms and virtual architectures than in the past. Not that these systems will necessarily work together seamlessly, but they will no longer require their own hardware to provide effective service.

SDDC

As a greenfield deployment, HCI is much more amenable to software-defined data center (SDDC) constructs than legacy hardware. In fact, most HCI deployments to date are being purpose-built around highly abstract data ecosystems.

Composable Infrastructure

By deploying HCI as the underpinnings of fully virtualized infrastructure, organizations make it easier to manage that infrastructure as services to be mixed and matched rather than systems linked inexorably to hardware. As new HCI modules are plugged into the environment, they can join the federated pool of resources without the lengthy, complicated provisioning and integration tasks of current infrastructure.

Private/Hybrid Clouds

Organizations are quickly coming to realize that cloud computing is not conducive to legacy infrastructure or applications. HCI is the quickest and easiest way to put an optimized, scalable hardware layer in place for the growing legion of cloud-native services and microservices.

Artificial Intelligence

This same dynamic applies to AI technologies like machine learning, neural networks and speech recognition. These technologies require massive computing capabilities that are prohibitively expensive to deploy in a conventional sense but can be managed with hyperconverged infrastructure.

Automation

Even intelligent automation has difficulty navigating random collections of hardware and software. HCI places a premium on uniformity, which makes it easier to automate processes to perform the same functions the same way.

Cost Control

At the heart of all of these developments is the need to achieve greater scale and higher levels of performance without blowing the IT budget completely out of whack. In terms of cost per GB, Gbps, compute cycle or time spent on management and configuration, HCI provides a better ROI than traditional infrastructure.

The post 10 Reasons Why the Enterprise Is Turning to Hyperconverged Infrastructure appeared first on IT Business Edge.

The use of the same basic technology in commercial, industrial and other complex and dense environments, the Industrial Internet of Things (IIoT), eventually could be even more impactful. Grandview Research predicted this spring that the global value of the IIoT will reach $993.62 billion by 2025. The value of the sector exceeded $100 billion last year and has a compound annual growth rate (CAGR) of more than 25 percent, according to the report.

Grandview says that businesses want to merge operational and information departments of their organizations. Doing so, the report suggests, will “increase the overall productivity, enhance operational efficiency, improve visibility, and reduce the complexities of different processes in the industry.”

Cost reduction to date has been the main driver of adoption. Other contributors are the emergence of ancillary and complementary technologies, including low-power hardware devices, the cloud, Big Data analytics, robotics and automation and smart sensors. Let’s look into the interesting world of the IIoT.

IIoT Gaining Momentum in Adoption and Results

Cost reduction has been the main driver of IIoT adoption. Other contributors are the emergence of ancillary and complementary technologies, including low-power hardware devices, the cloud, Big Data analytics, robotics and automation and smart sensors.

The IIC and the ECC to Work Together

The Industrial Internet Consortium and the Edge Computer Consortium (IIC and ECC) signed a memorandum of understanding (MoU) to partner on driving computing at the edge of the network. The IIC says that the three pillars of the agreement will be to identify and share IIoT best practices, collaborate on test beds and research and development projects, and work together on standards.

Analytics firm SAS and CSA, a global testing and certification company, both recently joined the IIC.

FogHorn Introduces Lightning ML

To fully leverage the IIoT, processing must be done at the network’s edge. Sending data back and forth to data centers or the cloud is too time consuming and unpredictable for often mission-critical industrial applications.

IIoT software provider FogHorn Systems released Lightning ML, a small-footprint platform geared to quickly process inputs in the field. Lightning ML can execute machine learning capabilities locally via its complex event processing engine. In this way, control over machines can be exercised in real time. Lightning ML can also access assets stored in the cloud when such fast processing is unnecessary.

New Skills Will Be in Demand

The IIoT will employ a lot of IT workers during the next few years. In order to be useful, a certain amount of training or retraining is necessary. Network World suggests that cross-discipline or multi-discipline approaches are best.

Specifically, data scientists, networking experts, cyber security specialists, data architects, software engineers, application developers and programmers will be in demand.

The IIoT Is Here, and It’s Useful

Industry is excited about the IIoT. IndustryWeek reports that a study by Accenture of 1,400 businesses leaders found that 84 percent are confident new revenue streams can be created using IIoT tools. IIoT-enabled manufacturing devices will swell from 237 million two years ago to 923 million by 2020, when $267 billion will be spent by these companies on the IIoT.

The story points to some useful roles for all this spending, including real-time production adjustments, more accurate demand forecasts, just-in-time (JIT) deliveries, rush order reduction (through better systems and data), seamless change orders, and higher quality through manufacturing executive systems (MES).

Different Platforms for Different Uses

Industrial companies are addressing the IIoT in more than one way.

SearchManufacturingERP takes a look at three platforms. The first focuses on asset performance. A good example is GE’s Predix, which is aimed at analyzing industrial data and analytics to sharpen options. A second type of platform takes aim at promoting and enabling interoperability. Siemens AG’s MindSphere is cited as an example of an offering that helps companies create interoperable apps in the cloud. Finally, Honeywell enables companies to “solve long-standing business problems using the technology.” Many of these problems have been vexing industry for many years.

Asavie: Six Months from Prototype to Commercial Use

Asavie, a company that provides enterprise mobility and IoT connectivity products, issued an IIoT survey. The 79 respondents participated in webinars in April and May, which means that the pool of respondents likely consists of a higher percentage of companies who have bought into the concept.

That caveat notwithstanding, the survey found that 60 percent of participants are conducting a live IIoT project and an additional 20 percent have plans to do so this year or next. Twenty percent don’t have a set timeframe. Fifty-seven percent reported that the time from prototype to production can be more than six months. Twenty-six percent said that three months can elapse.

NexDefense Upgrades, Rebrands the Sophia Platform

Needless to say, the security of any IIoT platform is paramount. NexDefense recently updated and rebranded its flagship Integrity product suite. Integrity 32, formerly the Sophia platform, has a better graphical user interface and has enlarged its asset discovery and inventory. The vendor-agnostic platform is safe for industry control systems and SCADA environments.

Other upgrades include a new approach to visualization, rapid detection linked to behavioral detection, enhanced performance and resiliency, and support for NERC CIP v5.

Sony: MultiFire an Industrial IoT Option

A contentious issue is the most efficient and fairest way for cellular devices to join networks that use unlicensed spectrum. The problem is that cellular networks weren’t designed to do this, and a poorly designed scheme may interfere with current users of the spectrum, including Wi-Fi.

One approach is advocated by The MultiFire Alliance. When Sony Mobile Communications joined the alliance, a quote in the press release from Izumu Kawanishi, the executive vice president for Sony Mobile’s Product Business Group, suggested that the MultiFire Alliance holds promise as a way to provide connectivity in industrial IoT settings.

Success Not Guaranteed

Writing at the IoT Journal, Scot Wlodarczak points to a study that says that IIoT projects are considered a complete success in only 26 percent of cases. This means, simply, that people quarterbacking these efforts need all the help they can get.

Wlodarczak counsels companies to start small; define success; align IT and operations; understand and address security risks; avoid data overload and “cultivate a technology-focused culture and IoT expertise.” He also suggests developing a deep understanding of the networks in use and simplifying where possible.

The IIoT Payback Must Be Quick

Radically new approaches require flexibility in assessing performance. Smart Industry Vice President of Content Keith Larson explored time-to-value. As the name implies, TtV focuses on generating results quickly.

The TtV measure also includes ease of purchase and setup, quickness of integration, and ability to scale. Larson mentioned platforms from Rockwell Automation that set themselves up through automated discovery of network assets and dashboards that configure themselves.

The post IIoT Gaining Momentum in Adoption and Results appeared first on IT Business Edge.