Volume LII, Issue 11

Posted on by dciadminwp

In This Issue

US Tech Industry to Obama: Keep Hands Off Encryption

Excerpted from Reuters Report by Richard Cowan

As Washington weighs new cybersecurity steps amid a public backlash over mass surveillance, US tech companies warned President Barack Obama not to weaken increasingly sophisticated encryption systems designed to protect consumers’ privacy.

In a strongly worded letter to Obama on Monday, two industry associations for major software and hardware companies said, “We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool.”

The Information Technology Industry Council and the Software and Information Industry Association, representing tech giants, including Apple, Google, Facebook, IBM, and Microsoft, fired the latest salvo in what is shaping up to be a long fight over government access into smart phones and other digital devices.

Obama administration officials, led by the FBI, have pushed the companies to find ways to let law enforcement bypass encryption to investigate illegal activities, including terrorism threats, but not weaken it so that criminals and computer hackers could penetrate the defenses.

So far, however, the White House has not spelled out specific regulatory or legislative steps it might seek… Read More

Cyber Security Measure Blocked in Senate

Excerpted from Reuters Report by Patricia Zengerle

The US Senate failed on Thursday to advance legislation to strengthen protections against cyberattacks, as Democrats banded together to oppose the measure’s inclusion in a defense policy bill President Barack Obama has threatened to veto.

By a 56-40 vote, lawmakers decided largely along party lines not to move ahead with the measure as an amendment to the National Defense Authorization Act.

The vote came after the government announced late last week that hackers, possibly linked to China, had stolen millions of federal employees’ records from its computers. It was the third time in three years that the Senate has failed to advance bipartisan cyber security legislation.

However, the bill to extend liability protection for companies that share information about cyberattacks might not be dead.

A spokesman for Republican Senate Majority Leader Mitch McConnell said he had not announced how he would proceed. A spokesman for Harry Reid, the Senate Democratic leader, said the measure would likely pass quickly if McConnell brought it to the floor under regular order.

Republicans, the majority party in both the Senate and House of Representatives, had said they sought to include the cyber security measure… Read More

Weak Encryption = No Encryption. No Exceptions!

Excerpted from Slashdot Blog by SJBE

Weak encryption is effectively the same as no encryption. Encryption has no value unless it cannot be broken.

You cannot make encryption only weak for the “good” guys. It simply doesn’t work that way and wishing will not make it otherwise.

Any government official that argues in favor of weak encryption is either ignorant of how encryption works or is corrupt/self-serving and just wants their job to be easier without regard to the consequences.

Yes I am fully aware that “bad” guys having access to strong encryption presents certain challenges. However weakening your own encryption to the government can spy on the populace will not EVER solve that problem.

Does this mean that back-doored encryption is a mathematical impossibility, or that it won’t work in practice because the back-door key will eventually leak due to hacking, rogue employees, etc?

It is almost certainly a practical impossibility and I’m confident it is a mathematical impossibility too. A key is either possible to crack in a reasonable amount of time or it isn’t. There is no middle ground… Read More

Report from DCIA CEO Marty Lafferty

Click Here for Video

The Distributed Computing Industry Association (DCIA) is going on the record in support of the position taken this week by the Information Technology Industry Council (ITI) and the Software & Information Industry Association (SIIA) regarding encryption technologies.

The Council and Association sent a letter to President Obama opposing any policy actions or measures that would undermine encryption as an available and effective tool.

From our perspective, in the context of the now forming Advancement of Digital Rights Management (ADRM) Working Group, encryption, along with closely associated authentication technologies, are absolutely essential tools.

Encryption already helps secure many aspects of our daily lives.

It is a critical asset of the global digital infrastructure, enabling security and confidentiality for transactions of all kinds.

Encryption provides assurance to individuals and organizations that their communications are private, and that their valuable data and confidential information are protected.

The rapid growth in online commerce would not have happened if consumers could not trust that their payment information was secure.

Netflix would not have been successful without encryption. HBO and now Showtime would not be launching online premium television channels without encryption.

Consumers’ and rights-holders’ trust in digital products and services are vital to enabling continued economic growth in the online marketplace.

Accordingly, we urge the Administration not to pursue any policy or proposal that would require or encourage companies to weaken encryption or enable workarounds.

The legitimate needs of law enforcement agencies can be met through proactive collaboration with private sector organizations and due process.

In fact, the missions of homeland security as well as state and local police are better protected with stronger rather than weaker encryption.

It would be an enormous mistake to compromise or erode trust in commercial offerings that consumers and companies rely upon to be protected.

The domino effects around the world would be extremely harmful to the preservation of security and privacy.

Continuing innovation and technological progress would be seriously jeopardized.

We look forward to working with federal authorities on alternatives to diminishing the strength of encryption. Share wisely, and take care.

Data Loss Prevention Violations Occur in Cloud Storage Apps

Excerpted from Mobile Enterprise Report by Deena Amato-McCoy

Still reeling from last week’s reports of the federal government’s breached personnel files, the business world is holding its breath as it awaits the next data intrusion.

As companies begin evaluating their own potential entry points, they may want to consider their cloud-based platforms, as 90% of data loss prevention (DLP) violations occur in storage apps, according to the Summer 2015 Netskope Cloud Report, from Netskope, Los Altos, CA.

The report is comprised of data collected from “millions of users in hundreds of accounts in the global Netskope Active Platform between March 15 and May 31, 2015,” according to a company statement.

The most coveted data tends to be enterprise confidential intellectual property, customer, or regulated data that the organization did not know or want to store there, the report said. Meanwhile, 17.9% of all files in enterprise-sanctioned cloud apps violate at least one DLP policy.

Of those DLP-violating files, one in five are exposed publicly. Among the different types of mishandled sensitive content, the highest incidence of DLP policy violations involve personally identifiable information (PII) (26.8%)… Read More

Call for Volunteers: Cloud Security Guidance

Excerpted from CSA News Report

The Cloud Security Alliance’s (CSA) Security Guidance for Critical Areas of Focus leverages the CSA Cloud Control Matrix and seeks to establish a stable, secure baseline for cloud operations. It acts as a practical, actionable road map to individuals looking to safely and securely adopt the cloud paradigm.

Since its last revision in 2011, the cloud landscape, tools and technologies have changed and so we want to reflect that in an updated version of the Guidance. CSA is currently seeking volunteers to provide in-depth feedback and insight for the next version of the Security Guidance.

Volunteers are needed that can invest their time in providing detailed and quality feedback, as well as specific direction on the Security Guidance. Volunteers will need to review the prior version of the Guidance and answer questions like what they like about it; what needs to be changed or added; what cloud security practices are not being address?

CSA will be accepting volunteer submissions over the next six weeks starting on Monday, June 8, 2015. Interested individuals may submit their request to volunteer via the website. CSA will evaluate all completed forms and respond with questions and/or acceptance. Volunteers will be given access to a Google doc to provide feedback on the prior version of the Security Guidance… Read More

Verizon Combines Security, Cloud Storage, Tech Support for SMBs

Excerpted from Channel Partners Report by Craig Galbraith

Verizon is out with a new bundle for small-business customers designed to offer protection from viruses and malware on connected devices; tech support to keep their technology running smoothly; and cloud storage for files and other data.

Aptly named the Security, Support & Storage Bundle, the new offering from Big Red was built “to provide peace of mind, with a convenient resource for support, storage and security,” said Carson Burns, security solutions senior product manager for Verizon.

“Customers have told us that they’re running out of digital shelf space for their online purchases, documents and media files,” Burns added. “This is particularly true for small-business owners who want to focus on growing their business. They need an easy place to turn for problems that may arise …”

Breaking it down further, the new Verizon bundle gives small-business customers the carrier’s Internet Security Suite for comprehensive cybersecurity protection on all devices; Verizon Cloud, for backing up, storing, sharing and accessing files; and unlimited, around-the-clock tech support in English or Spanish from certified technicians.

Those tech-support personnel can help troubleshoot new or existing software and assist with switching from a former provider… Read More

What Apple’s Tim Cook Overlooked in His Defense of Privacy

Excerpted from NY Times Report by Farhad Manjoo

Timothy D. Cook, Apple‘s chief executive, delivered a speech last week that raised some eyebrows in the technology industry.

“I’m speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information,” said Mr. Cook, who was being honored by the Electronic Privacy Information Center, a privacy watchdog group.

His blistering defense of privacy, which he and other Apple executives repeated at the company’s developer conference this week, was notable. It isn’t every day that you hear a tech executive admit there is an opaque trade-off at the heart of his industry. We users give digital giants access to our most private information, and they shower us with technology we can’t do without. It is an arrangement baked into every decision made in every boardroom in Silicon Valley, and it is a bargain that many of us are uneasy about. Now, finally, here was the leader of the world’s most powerful company asking whether that deal is worth the trouble.

But while Mr. Cook raised awareness for digital privacy, his speech glossed over two main issues… Read More

Technology Trends – Combining Mobility & Cloud Computing

Excerpted from WhaTech Report by Naaman Shibi

In a survey of over 1400 senior executives to explore how companies are applying digital technologies, the results pointed to mobility and cloud.

77% of participants considered mobility among their top five priorities for 2015.

43% said that mobility was in their top two priorities.

39% will allocate budget to mobility to improve field service/customer service.

In addition to Mobility, Cloud solutions were also identified by 62% of respondents as being in their top 5 priorities for 2015.

The current estimation is that by 2020 there will be over 25 million mobile applications available in Google Play (Android ) and the App store (iOS). In mid 2015 there are approximately 1.5 million mobile applications on the App store.

Some of the relevant apps for service providers are: inspection and maintenance, asset management, field mobility applications, safety and compliance, and data collection tools.

Overview of field service application: (paperless and electronic forms): field activities results are recorded on mobile device… Read More

Report Reveals Cloud, Mobile Drive Insider Threats

Excerpted from Mobile Enterprise Report

A new report issued by Bitglass claims that 62% of IT executives have seen an increase in insider threat over the last 12 months. And, as the report states, the move to cloud structures and mobility are the leading cause for this increase.

The applications most vulnerable to insider threats include cloud storage and file sharing (44%) as well as collaboration and communication applications (43%), followed by finance and accounting applications (38%).

The data most vulnerable to insider threats are customer data and intellectual property (both 57%), followed by employee data (45 percent) and financial data (43 percent).

Despite this growing challenge, only 25 percent of enterprises monitor abnormal user behavior in the cloud. “The rapid adoption of cloud and mobile technologies is driving a sharp rise in insider threats at organizations dealing with sensitive data,” said Nat Kausik, CEO, Bitglass.

“Countering insider threats requires greater visibility and control of data that has moved beyond the firewall.” According to Bitglass’ report, which surveyed 500 IT professionals, 54% of executives pointed to insufficient data protection as a challenge while 51% pointed to more data leaving the network and more devices with sensitive data as a key driver of insider threats… Read More

Google Made Secret Blueprint Public to Boost Cloud

Excerpted from Wired Report by Cade Metz

Craig McLuckie took the idea to Urs Holzle, the man who oversees Google’s global network of computer data centers, and Holzle didn’t like it.

Together with two other engineers in Google’s Seattle office, McLuckie wanted to recreate Borg as an open source project. Borg is the sweeping software tool that drives everything from Google Search to Gmail to Google Maps, letting the company carefully parcel computing tasks across that global network. For years, it was one of the company’s best kept secrets. And McLuckie wanted to share its blueprint—or at least some of it—with the rest of the Internet.

“When we went to Urs the first time, he was not really happy about the idea,” McLuckie says. “What we were basically doing is offering up the secret sauce that runs Google as an open source technology.”

But Holzle and the rest of the Google brass eventually approved the project. Known as Kubernetes—an ancient Greek word for shipmaster or pilot—it launched a year ago today. Over the last 12 months, more than 370 coders have made more than 12,500 “commits” to the project, and a majority of these coders don’t work for Google, including three of the top six contributors… Read More

DRM Patents Available from ICAP Patent Brokerage

Excerpted from Benzinga Press Release

ICAP Patent Brokerage announces for sale patents disclosing a motion-based algorithm for fingerprinting digital video, available from The University Court of the University of St. Andrews, Scotland, UK. This portfolio is offered as part of the Internet of Things IP Auction, with a bidding deadline of July 30th, 2015.

“This is an important portfolio for providers of DRM and/ or content management software products, video anti-piracy services and content monitoring systems,” says Dean Becker, CEO of ICAP Patent Brokerage.

With a 2004 priority date, the portfolio for sale discloses a “motion-content-based” algorithm for accurate identification of digital video footage bitstreams which is independent of codec type or video impairments such as noise, picture area cropping, color/ dynamic gain contrast/ brightness variations etc.

The technique comprises identifying motion in a video as a function of time and using the identified motion to create a motion fingerprint, then identifying peaks and/or troughs in the motion fingerprint and using these to create a reduced size point of interest motion fingerprint. Reduced size fingerprints for a plurality of known videos can be prepared and stored for later comparison with reduced size fingerprints for unknown videos, thereby providing a mechanism for identifying the unknown videos… Read More

What New Application Will The Cloud Empower Next?

Excerpted from Windows IT Pro Report by Cheryl Ajluni

The cloud is a hot trend these days, empowering new innovations and applications in business, government and society, in general. One interesting application even has it being used to securely store and manage the 2016 Iowa Caucus results. Want to know more?

The cloud is back in the news this week, Microsoft’s Azure cloud computing platform that is, with yet another proof point that the technology is not just empowering business, but government and society in general. As it turns out, the 2016 Iowa caucus results will be delivered via a new, mobile-enabled, cloud-based platform that’s specifically designed to facilitate accurate, efficient and secure reporting. And the platform it’s being built on is — you guessed it — Azure.

The new platform will feature separate mobile reporting apps for both the Iowa Democratic and Republican parties. They will be available on all major mobile platforms and support each party’s unique caucus process. Precincts will use the apps to securely submit results directly to party headquarters. Each party will also have separate results verification apps that will allow headquarters staff to monitor incoming results, identify potential problem areas and connect with precinct chairs if issues arise.

All reported results will be securely stored and managed in the Azure platform… Read More

Enterprise File Security Leader Vaultize Expands to Africa Region

Excerpted from PR Newswire Release

Enterprise Digital Rights Management (DRM), Secure File Sharing and Endpoint Data Protection leader Vaultize announced signing of Master Reseller Agreement with Winigroup, a Value Added Distributor (VAD) headquartered in Lagos, Nigeria, to expand its channel ecosystem in Africa. After this signup, Vaultize enterprise file security platform that enables file sync and share (EFSS), VPN-free anywhere access and mobile collaboration with built-in Digital Rights Management (DRM) and endpoint backup, is now available in Africa region through a large network of resellers and system integrators.

A value-added international security solutions provider, WiniGroup delivers IT security, risk management, business process optimization, physical security and training services across Africa. The company’s unique mission is to make Africa a more secure region in today’s information age.

“We are pleased to welcome Winigroup as our VAD. We look forward to leverage their expertise in enterprise security and their strong network of partners, to further expand our reach in the region. Vaultize will remain focused on outpacing the industry in innovation and delivering solutions that meet and exceed the ever-increasing file security and end-user productivity requirements,” said Anand Kekre, CEO, Vaultize.

“Vaultize complements security solutions in our portfolio,” said Tim Akano, Vice Chairman, Winigroup… Read More

SDN & NFV: Future of Virtualization & Cloud Computing

Excerpted from Streaming Media Magazine Report By Dom Robinson

If you are deploying streaming media infrastructure or managing online video creation and distribution workflows, you’re familiar with the challenges of organizing potentially vast arrays of computers and applications.

This article will look at how infrastructure is evolving from something that has traditionally been built from single-purpose appliances and dedicated networks, into a “cloud” of resources that can be orchestrated as required to run almost any application.

If you want to lower your overhead, scale to support audiences of any size, or ensure that you can replace failing infrastructure with backup options in seconds, then you need to understand what the telecom giants are doing—not only because they are defining things at vast scale and with extreme uptime requirements, but because it is enabling them to enter the workflow and streaming infrastructure market too.

Pretty soon you will be seeing software-defined networking (SDN) and network function virtualization (NFV) emerge at all layers of the distributed computing sector — streaming workflows included.

Before we dive in to SDN and NFV, though, some background is in order… Read More

IBM Cloud Services for Designing Chips for Mobile, Wearables

Excerpted from eWeek Report by Darryl Taft

IBM today announced plans to deliver its IBM High Performance Services for Electronic Design Automation (EDA).

Big Blue designed the new cloud service, which will provide on-demand access to electronic design tools, in partnership with SiCAD, a Silicon Design Platform provider, with expertise in EDA, design flows, networking, security, platform development and cloud technologies.

“The proliferation of smartphones, tablets, wearable devices and Internet of things (IoT) products has been the primary driver for increased demand for semiconductor chips,” Jai Iyer, founder and CEO of SiCAD, said in a statement. “Companies are under pressure to design electronic systems faster, better and cheaper. A time-based usage model on a need-basis makes sense for this industry and will spur innovation in the industry while lowering capital and operations expenses.”

The service is delivered on IBM’s SoftLayer infrastructure supporting a pay-as-you-go model that opens up IBM-patented tools—that were previously used exclusively by IBM Microelectronics—to other electronics and semiconductor companies. In fact, IBM’s EDA tools have been used to bring more than 100 projects to market, including IBM mainframe and Power microprocessors, interconnects, application-specific integrated circuits (ASICs) and custom projects, the company said… Read More

Coming Events of Interest

Freescale Technology Forum — June 22nd-25th in Austin, TX. FTF, this year focusing on the Internet of Things (IoT), is the heart of discovery, imagination and innovation. Together we will strategize and design the next market-shifting products.

Cloud World Forum — June 24th-25th in London England. This marquee event is presented by Informa Telecoms & Media. Co-located with the seventh annual major international conference will be Enterprise Apps World.

ADRM Working Group Formative Meeting — June 25th via global videoconference. The DCIA sponsored working group will kick-off with prioritization of action plans targeting five constituencies: DRM Platform Providers, CE Manufacturers, Content Providers, Consumers, and DRM Industry Opponents.

Cloud Computing Boot Camp — July 30th in Washington, DC. Designed for small-to-medium businesses (SMBs) and their counterparts in government agencies and healthcare organizations whose responsibilities include evaluating, purchasing, and implementing cloud-based solutions.

Digital Hollywood Fall — October 19th-22nd in Marina Del Rey, CA. The future of the entertainment industry. Digital Hollywood debuted in 1990 and has from its start been among the leading trade conferences in its field.

Internet of Things World Forum (IoTWF) — December 6th-8th in Dubai, UAE. IoTWF is an exclusive event that brings together the best and brightest thinkers, practitioners, and innovators from business, government, and academia to accelerate the market adoption of the Internet of Things.

Posted in Newsletters