Articles

 

Why the Cloud Can Become a Game Changer

Like everything else in IT today, cloud computing can be either unnecessary in your business operations – or it could be something you really need. However, a recent survey on the perception of the cloud shows that almost half of small business owners are more or less dismissing it outright.

A recent survey by Newtek’s SB Authority Market Sentiment shows that almost half of small businesses do not see how cloud computing can cut down on costs and help increase their productivity, with an additional 32 percent still unsure about the whole idea.

At the very least, what these results show is that there is a pressing need for a more widespread and comprehensive information campaign about cloud computing. While many companies see the cloud as a mere fad, there’s much more to it than meets the eye, and what it offers can make a definite and concrete difference in the way a business conducts its operations.

What sets cloud computing apart from other hosting services is the way it’s managed and used. Management is handled completely by the service provider, and subscribers can adjust the specific features they use and pay only for those, similar to how on demand IT services work. Cloud computing usually also includes virtual data storage, with most if not all data stored off-site and in the cloud service’s servers.

Of course, the way the cloud impacts each particular organization will vary, and how it will affect your business in the short and long term depends on your needs and requirements – and whether you even need it in the first place. There are pros and cons to any cloud-based service, but at the very least it deserves some serious thought.

If you want to find out more about cloud computing and how it may affect your business, please give us a call and we’ll be happy sit down with you and discuss any issues and concerns you have, and help you determine whether the cloud is right for you.


Investing in Cloud vs On-premise : A Comparative Study

Extensive digitalization, increasing market demands, and the shift towards agile have compelled 21st century enterprises to adopt disruptive tech forces – and transition to Cloud processes. In fact, the growth in Cloud computing has been five times more rapid than the overall expansion of the IT sector.According to a 2015 survey by RightScale, currently 93% of businesses are harnessing Cloud technology to boost IT efficiency. Cloud adoption can drive several pan-enterprise benefits:

  • Innovation: Build, implement, and manage next-gen applications and extend SaaS apps with custom code
  • Standardization & Efficiency: Create value, enhance productivity, and drive efficiency by streamlining workload execution
  • Scalability: Expedite organizational growth to quickly meet business demands
  • Competitive edge: Facilitate smarter and accelerated decision making, without increasing Capex spend

Enterprises must tread cautiously when incorporating Cloud-based solutions

Enterprises must tread cautiously when incorporating Cloud-based solutions – resisting the temptation to jump on the bandwagon without proper market assessment and current state evaluation. It is, therefore, vital that organizations weigh a number of parameters – like security, deployment/maintenance costs, and utilization requirements – before embracing Cloud.

Cloud migration is an easier proposition for small to medium-sized businesses (SMBs)

For instance, cloud migration is an easier proposition for small to medium-sized businesses (SMBs) – and they have been aggressively making the shift. The European SMB Cloud Service market is expected to be worth €30.1 billion by 2018, expanding at a 17% compound annual growth rate (CAGR). SMBs are taking the lead when it comes to Cloud adoption, ahead of larger organizations, as a result of two major factors –

  • Data integrity and compliance concerns are less complex as a result of the localized nature of SMBs. On the other hand, enterprises with a larger global footprint face a plethora of regulatory as well as security hurdles across geographies.
  • Smaller firms enjoy the flexibility of modifying business processes in alignment with Cloud technologies – large organizations are often averse to change as their processes are long established and monolithic.

Yet, the potential of Cloud adoption extends beyond SMBs. In fact, even smaller units have to overcome multiple roadblocks, such as budgetary constraints. If they try to build a Cloud service offering on-premise, their operational expenditure will definitely shoot up. As a result, SMBs tend to channel their attention on core competencies, focusing on services beyond the ambit of Cloud providers, like desk side support.

On the other hand, larger enterprises, in spite of having adequate resources to develop on-premise solutions, might choose not to disrupt traditional processes and systems. Instead, they choose to re-direct their capabilities towards primary business operations.

The answer to the question whether companies should invest in Cloud, or develop on-premise solutions is complex and multi-layered. Considering broader organizational goals, here is a comparative look at the two approaches –

On-Premise vs. Cloud

Top Drivers

On-Premise

Cloud

Functionality
  • Features can be incorporated as per the needs of the business
  • Applications or resources can be prioritized, based on hierarchy
  • Customization can be carried out whenever desired
  • High-level functionality, but some features might not align with business requirements.
  • In the event of any problem, redressal will be carried out irrespective of organizational hierarchy
  • Plenty of choices in terms of customization, although not necessarily business-specific
Capability
  • Resources with specialized knowledge are required to operate and maintain on premise applications
  • Service providers employ staff with niche skills, ensuring efficient operations and seamless delivery.

 

Cost
  • Investment in assets is a must, which will then be subject to wear and tear, and will gradually have to be replaced.
  • During peak periods, substantial expenses will be incurred to meet demand
  • Subscription based model is followed and can be categorized as operational expenses; further, there will be tax benefits
  • Scalability can be achieved easily and rapidly without having to install additional equipment
Maintenance
  • Slightly difficult to monitor the systems around the clock
  • In the event of a breakdown, remedial measures have to be implemented
  • Systems will be under the scanner 24 x7
  • Financially backed SLAs are provided, resulting in credit for downtime and eliminating the headaches associated with restoring services
System Management
  • Security measures have to be implemented by the organization
  • Trust is a given, since it is run from within the organization
  • The onus of ensuring compliance lies with the company
  • Security that is provided is beyond the scope of most enterprises
  • Trust has to be extended to the service provider
  • Service providers should have teams dedicated to meeting regulatory compliance

While both on-premise and Cloud systems present unique benefits and challenges, the latter seems to have an edge over the former. However, the mere assertion of this fact cannot substantially motivate Cloud migration. Implementation of Cloud computing – whether for SMBs or for larger businesses – is a complex process that has to be bolstered by future-ready planning and outcome-driven strategies.


Bot Platform – “You must choose. But choose wisely.”

In the closing scene of “Indiana Jones and the Last Crusade”, the protagonist is forced to choose. The guarding knight of the grail says, “You must choose. But choose wisely, for as the true Grail will bring you life, a false one will take it from you!”

As CUI (Conversational User Interface) gains credence, clients are wondering, “How do I build an effective bot?” Several platforms are available today. This post is an attempt to help you choose the right platform for your next successful bot.

NLP (Natural Language Processing)

The crux of a bot is the ability to convert human input into machine comprehensible tokens. Human language varies widely based on literacy, demographics and conversational abilities. To handle these variations, the bot platform needs to include:

  1. A powerful language processing engine that can break down the input correctly (Whether the user politely says “Will you please book my flight to Boston from New York?” or quips “NYC to BOS” in short, the NLP engine should be able to tokenize them equivalently)
  2. Rich ontology database to recognize context and ambiguous meanings (When the user says ‘interest’, do they mean the monetary rate or a favorable concern? It depends on the context and part of speech)
  3. Pragmatic canonical dictionary to identify common equivalences (user may say “dint” or the grammatically correct “didn’t” – the bot should be equipped to treat them just the same).

AI (Artificial Intelligence)

While NLP adds language comprehension skill, a bot needs more cognitive capabilities to serve customers smartly – capabilities include reasoning, pattern matching, learnability, perception. The bot platform can include these capabilities natively or through pluggable components allowing the developer to pick and choose. For instance, a bot can become adept at reading facial expression by using Face API.

Memory

Memory is yet another quality that a bot should possess. Akin to the human brain, memory can be:

  • Short-term: When the user says “I like the second one”, she is clearly referring to the choices provided shortly earlier, which the bot should remember.
  • Long-term: If the bot remembers the last chat with the customer and the problem they are having, it prevents the frustration of repeating.

The platform may allow usage of a cache grid or connecting to databases for persistent retention.

Channels

The platform should allow access to the bot through multiple channels – web, mobile, REST API or via popular IM front-ends such as Skype, WhatsApp or Facebook Messenger. A contemporary bot platform also supports use of unconventional interfaces innovatively. For example:

  • Rich-media integration (bot displays a map showing directions)
  • Voice and video (Speech recognition and gesture input)
  • Selectable options (user selects available appointment slot rather than typing a time)

Deep-linking

In a connected world, bots cannot work in a silo and need to talk to existing systems, services and apps. The day is not far when bots will talk to each other. How easily does the platform support such scenarios? How well can the platform scale to support emerging use cases? Answering these questions reveals the strength of the platform.

Ancillary factors

In addition to the above key factors, a few other influencing aspects are:

  • Security and privacy
  • TCO
  • Licensing
  • Vendor lock-in
  • Ease of development

There may not be a bot “holy grail”, but paying attention to these factors ensures you do not “choose poorly”. What have you chosen? We would like to know.


Blockchain – A primer

OVERVIEW

Most of us, at some point in time, would have made a purchase over the Internet using a credit card. Apart from the convenience of using a credit card, the other significant aspect is using the issuing bank as an intermediary to enforce trust between the consumer and the merchant. If the merchant fails to deliver the promised merchandise, you can always refuse to settle the payment with the credit card issuing bank. Obviously, this enforcement of trust by the intermediary comes at a nominal cost called transaction fees. Apart from credit cards, there are several such business workflows where intermediaries act as the trust providers between two transacting parties for a small fee. Now, would it not be more efficient with regards to cost and time, if both the transacting parties could implicitly trust each other without having to pay an intermediary for the transaction. Enter Blockchain…

WHAT IS BLOCKCHAIN ALL ABOUT?

Blockchain, as a concept, is a distributed public ledger containing transactions that are governed and maintained by specific protocols through consensus of the nodes participating in its network. The term Blockchain is often used interchangeably to describe both the blockchain network (network of nodes) and the distributed ledger (chain of blocks). That being said, let’s examine the above definition more closely in parts.

WHAT IS BLOCKCHAIN ALL ABOUT?

Blockchain, as the name suggests, is fundamentally a data structure that is comprised of blocks linked together as a chain. A block is a data structure in which the transactions are grouped together to form a logical container. This chain of blocks i.e. ledger is public as every node has the exact same copy and can access any transaction of any account.

The nodes participating in a public blockchain network do not have to obtain permission to authenticate themselves as part of the network. Anyone in the world would be able to join the network and function as a full node as long as they have network access and are able to identify themselves to the network. There is also another form of blockchain network implementation that is private in nature. In this case, access is administered by a central administrative entity within the network.

Another interesting aspect of blockchain is that, it is a peer to peer distributed network where all the nodes in the network are deemed equal to each other. They perform the exact same set of operations and maintain the exact same copy of the ledger across all nodes. Transactions within a block in the blockchain network are maintained through mutual consensus among nodes participating in the network. A block of transactions is only added into the distributed ledger when a majority of the nodes approve of its validity. Once the consensus is arrived and the block of transactions are added to the distributed ledger, they become immutable and cannot be changed by anyone within the network.

WHY IS BLOCKCHAIN BECOMING POPULAR?

Having explored the various features of blockchain technology, let’s now try and explore the benefits that this technology brings to the table. Despite all the interest that blockchain has garnered over the past few months, let us examine a few of the most important ones below.

DISINTERMEDIATION

As the entire blockchain network is peer to peer, there is no central authority who is required to verify transactions being executed on its network. The transactions are verified in a democratic way by soliciting consensus from the majority of the mining nodes. This eliminates the need for the trust factor associated with intermediaries like the ones handling financial transactions in today’s world. Additionally, as all nodes share the same copy of the ledger, this acts like a single source of truth for the participants of the network.

SECURITY

The transactions executed on a blockchain network which have been mined are inherently secure and immune to tampering. Even if an attacker node wants to change the details of the transaction in a particular block, he/she will have to recalculate the block ID with the tampered transaction information. It will also need to repeat this process for all the blocks preceding the tampered block in the chain. By this time, the network would have continued to form more blocks in the chain with the original block ID.

To overpower the blockchain network, the attacker will need to control a majority of the nodes and obtain at least 51% of the computational nodes of the network to form a dishonest consensus. This would turn out to be so expensive that even if the attacker does manage to subvert the said transaction, the net gain achieved might be negative. The strongest security feature of the blockchain network is the fact that everyone knows how to defeat it, but no one can in isolation.

FAULT TOLERANT NETWORK

The blockchain network being a distributed peer to peer network, will share the copy of the ledger with every other node in the network. This fundamentally means that there is no single point of failure. The moment a node dies, the rest of the nodes will continue to mine newer blocks without interruption. The moment the node is resurrected, the latest copy of the ledger will be shared with the new node and the block creation process will continue unhindered. As long as a few nodes are operational in the network, the transactional history will continue to be preserved.

BIBLIOGRAPHY

  1. Satoshi Nakamoto; Bitcoin: A Peer-to-Peer Electronic Cash System https://bitcoin.org/bitcoin.pdf
  2. Bitcoin Blockchain Reference https://bitcoin.org/en/developer-guide#block-chain

Cyber Security in Avionics: Becoming Future Ready

Software is a core element in every critical system. The software used by the defence department is especially critical and needs to be protected with utmost security. Attacking the software defence system is a revolutionary method of pursuing war.

Recently, India and Australia have signed a Memorandum of Understanding (MoU) for advancement and improvement in civil aviation security. This puts more emphasis on various cyber safety and protection approaches.

In cyber warfare, the information as well as the fundamental control of the civilization is at risk. The risk of fundamental control of networks and software-controlled electronics has already grown significantly in aviation. The performance and proficiency of aircrafts were hitherto defined by its hardware. Now, 75% of the aircraft’s performance and proficiency are dependent on the system-controlled software instead, which is more absolute. Therefore, an increasing dependence on software can be observed.

The strength of the modern aircraft lies in its software systems and programming.

It is an integration of several parts through networking and this networked software is under threat today. Complex interferences through radars and personal computers, organizational local area networks, internets, modems, navigation systems, civilians and military communication systems have put the system under risk.

Cyber infiltration and cyber security threats can potentially affect several aircraft systems at a time and lead to a global catastrophe. As a result, it is important to incorporate and integrate nuclear weapon control systems in the military aircraft.

Cyber infiltration and attacks on such military computers can prove fatal to national security.

The effect of cyber warfare can cause devastating effects on civilization and the economies even after the war is over.

In a military aircraft, the software controlled system is susceptible to cyber-attack. Any cyber-attack starts with cyber infiltration or cyber raid, affecting the entire organization. Also, the software in the system can be manipulated, damaged, and controlled by the hacker. Additionally, it can be rewritten, copied or damaged. Consequently, this can lead to cyber assault.

New landscapes and new challenges are beginning to emerge as a result of cyber threats. While many states are aware of the gravity of the situation and the potential threats facing the civil aviation industry, many are still struggling to manage the threats, both at a national and individual level. However, the use of computer based systems will continue to increase in the near future, especially in the aviation industry.

Therefore, it is essential for all international organizations, associations, states, and stakeholders of civil aviation to raise awareness of cyber security threat and the importance of cyber security to counter this threat. They need to take necessary action and deploy cyber safety procedures in order to prevent cyber threats on the global civil aviation system.

References:

  1. http://www.dau.mil/pubscats/PubsCats/AR%20Journal/arq2000/alford.pdf
  2. https://www.tripwire.com/state-of-security/security-data-protection/security-hardening/hacking-aviation-technology-vulnerability-disclosure-and-the-aviation-industry/
  3. http://www.saa.com.sg/saaWeb2011/export/sites/saa/en/Publication/downloads/EmergingThreats_CyberSecurityinAviation_ChallengesandMitigations.pdf
  4. http://www.aviationtoday.com/2015/06/12/experts-speak-to-cyber-security-in-aviation/
  5. http://resources.infosecinstitute.com/cyber-threats-aviation-industry/#gref

DDoS attack shows dangers of IoT ‘running rampant’

 

Oct 25, 2016 2:02 PM PT

A U.S. Senator has joined security officials calling for stiffer cybersecurity for Internet of Things (IoT) devices following a major attack last Friday.

In a letter to three federal agencies, Sen. Mark Warner (D-Va.) on Tuesday called for “improved tools to better protect American consumers, manufacturers, retailers, internet sites and service providers.”

Friday’s big cybersecurity attack affected 80 major websites and was blamed on the Mirai botnet that largely targeted unprotected IoT devices, including internet-ready cameras.

Those devices were used by unknown attackers to overload servers at Domain Name System provider Dyn in a Distributed Denial of Service (DDoS) attack.

President Barack Obama said Monday that U.S. investigators “don’t have any idea” who was behind the attack. He added on Jimmy Kimmel Live that future presidents face the challenge of “how do we continue to get all the benefits of being in cyberspace but protect our finances, protect our privacy. What is true is that we are all connected. We’re all wired now.”

Security experts recommended Tuesday that default usernames and passwords in IoT devices be avoided and said automatic updates of IoT software could help avoid similar attacks in the future.

“This attack should be a wake-up call about security issues across IoT,” said Mark Dufresne, director of threat research at Endgame, a cyber security company based in Arlington, Va.

“There’s a low barrier for entry for hackers due to IoT devices that ship with default credentials and lack automatic security updates to fix known flaws,” he said in an interview. “As things stand today, we should expect to see more and more attacks involving IoT.”

Technology can create a better customer experience, improve products and services, and increase the effectiveness of business operations. Learn what your enterprise must do to adapt and thrive.

Default usernames and passwords are relatively easy for hackers to guess; there are even lists of default usernames and passwords available on an internet search.

Experts said several solutions to create a non-default approach are possible: Manufacturers could require a password be changed by a customer before the device is first used; a random number generator could be used to create a password for each device, with the unique password made available to the user; and the unique MAC (Machine Access Control) address of the device could function as the password until a user changes it.

For IoT devices to get automatic updates would require more processing power. Dufresne said adding such capabilities wouldn’t necessarily be expensive.

“We see the dangers of this IoT running rampant,” he said. “There’s a continuum of bad to middling security and nobody is knocking it out of the park.”

Even though DDoS attacks first hit the internet in the 1990s, they are still commonplace. AT&T on Monday released a survey of more than 700 IT decision makers that found that 73% of companies suffered at least one DDoS attack in the last year.

“Most attackers are targeting businesses using forms of attacks we already know about and can help defend against,” said Mo Katibeh, senior vice president of advanced solution at AT&T. “The vast number of threats and attack patterns across our network fit with very well-known attacks…like DDoS,” he said in an interview.

Katibeh said that when AT&T U-verse residential and small business customers receive an internet gateway device they are immediately required to update the user name and password. For the 20 car manufacturers that connect cars to AT&T wireless networks, there is Virtual Private Network protection, which means traffic is “not riding the open internet, and thus protected against DDoS attacks,” he said.

AT&T is also working on software that will stop a robot arm from moving on a manufacturing floor if the arm moves slightly at variance with its controlled range of motion, he said.

Katibeh said that IoT devices are going to pose ever-greater challenges for enterprise security officials.

“For every enterprise, there’s a call to action around Internet of Things,” he said. “We even have connected coffee pots. Every enterprise should be doing risk and vulnerability assessments and knowing what to protect and knowing its vulnerabilities. Make sure you are buying devices that have minimum security built-in to allow updates of firmware and patches as they become available.”