Yahoo said that more a billion user accounts had been hacked in an incident that occurred in August 2013, a disclosure that comes on the heels of Yahoo’s announcement in September that 500 million accounts were compromised in a separate incident in 2014. Together, they are the largest known breaches ever of a single company's user data.
Crucially, Yahoo says it has not been able to identify the hackers behind the 2013 theft. The breach highlights the need for strong encryption and user education about passwords and general cybersecurity protections. It also shows how important it is to develop and maintain a culture of cybersecurity, especially as organizations grow larger.
Amazon unveiled a new concept for a retail store called Amazon Go, in which shoppers will be able to check out without having to interact with a cashier or wait on line.
Amazon says that the technology that enables the concept includes "computer vision, sensor fusion and deep learning." Customers will use a mobile application and scan their smartphones at a kiosk when they walk into the store.
The technology in the store, which the online retailer calls "Just Walk Out," automatically detects when products are taken from or returned to the shelves and keeps track of them in a virtual cart. When customers are finished shopping they will simply leave the store and shortly thereafter the company will charge the customer's Amazon account and send them a receipt.
That vending machine lurking in the break room could put companies at risk. In addition to often housing unhealthy snacks, the machines may use the Internet of Things to introduce new attack vectors for hackers.
Connected intelligent devices have the potential to transform manufacturing and the supply chain, improve healthcare and increase automobile safety. IoT technology also is expected to begin pervading the workplace to help with common functions such as building management.
Consider the numbers: Eighty-five percent of global organizations are working on IoT strategies, notes AT&T in “Exploring IoT Security.” And Gartner predicts there will be nearly 21 billion IoT devices in use worldwide by 2020.
Smarten Up on Security
Hyperconverged infrastructure offers organizations compute power, storage, networking and virtualization all in a single form factor. The cloud offers something similar but is billed as an operational, rather than capital, expense. If the two infrastructure options are so similar, why choose one over the other?
Mike Martell, systems manager at The Dingley Press in Lisbon, Maine, says for him, the decision came down to the need to control uptime.
“We’re a 24/7 operation so our window of tolerance is very low,” he says. “We need the consoles that run our presses working, so we can’t put that functionality in the cloud. Plus, the databases that we sort — 15 million names and address — can’t be in the cloud. If those names are ever breached, we would face billions in fines. We need to make sure everything is tightly secured.”
One of the most significant changes for IT is that it’s no longer just a storage administrator’s job to keep storage environments up, running and backed up.
In fact, a business may have people inside and outside the traditional storage team making storage purchases and taking care of the day-to-day issues of storage environments, says Scott Sinclair, a senior analyst with the Enterprise Strategy Group.
“You might have an application development team purchasing storage directly” from a cloud service, he says. “If a business unit needs to share files, they may just create and expense a Dropbox account. This change creates a problem for the storage team because that data isn’t part of an overall company data strategy.”
Offering those rogue departments access to software-defined storage or hyperconverged infrastructure can help reduce such shadow IT, as well as ease backup and recovery if there’s a problem.
Young IT leaders, millennials in particular, have embraced the cloud more than their older counterparts.
That’s the data revealed in a recent IDC survey. Medium-sized firms led by millennial IT leaders — aged 35 or younger — run an average of 10 cloud applications, which is two more than the overall average, notes IDC’s “State of the SMB Cloud: 2016 U.S. Small and Medium-Sized Business Cloud Adoption Survey.”
When deploying IT, 35.7 percent of millennials in medium-sized businesses say they prefer cloud over on-premises solutions, compared with 28.9 percent of Gen Xers and 13.2 percent of baby boomers.
When negotiating contracts with cloud providers, have an attorney review the fine print to ensure your company will be compliant with security and privacy laws, and to guarantee that all data is secure, advises Raun Nohavitza, senior director of IT at Centrify.
The Silicon Valley tech company has contracts in place with its major cloud providers that specify each vendor’s responsibilities to ensure security and privacy, Nohavitza says.
“If a new business is thinking about creating a new cloud service or exposing customer information to the cloud, they should think about privacy and security,” he says. “The main cloud providers will be happy to have that discussion with you, and will be happy to give you the tools you need to solve those problems.”
The Rural Renewable Energy Alliance in Backus, Minn., doesn’t have an IT manager. The nonprofit relies on the cloud to support its mission, which is to provide “a clean, long-term solution to energy poverty” by delivering solar energy to low-income communities.
RREAL also has a for-profit arm that installs solar panels for government, commercial and residential customers. The business is wholly owned by the nonprofit, which allows the organization to provide solar energy to low-income families at no cost, Director Jason Edens says.
Many of the organization’s 12 employees often work remotely as they meet with prospective clients, attend conferences and install solar panels throughout the region. In fact, the ability to access applications anytime, anywhere allows Edens to recruit and retain talented employees. Two workers currently telecommute from larger cities in the state.
Dyn, a major domain name system host that monitors and routes internet traffic, suffered a massive distributed denial of service (DDoS) attack Friday morning, as the New York Times reports.
The DDoS attack temporarily shut off access to Twitter, Netflix, Spotify, Box, Github, Airbnb, Reddit, Etsy, SoundCloud, The Times and other websites.
According to the Wall Street Journal, the attack started at around 7:10 a.m. Eastern time on Friday, and Dyn said its services were running again around 9:20 a.m. The company didn’t disclose the source of the attack, the Journal noted.