Authentic8 whitepaper: Why a virtual browser is important for your enterprise

The web browser has become the defacto universal user applications interface. It is the mechanism of choice for accessing modern software and services. But because of this ubiquity, it puts a burden on browsers to handle security more carefully.

silo admin console2Because more malware enters via the browser than any other place across the typical network, enterprises are looking for alternatives to the standard browsers. In this white paper that I wrote for Authentic8, makers of the Silo browser (their console is shown here), I talk about some of the issues involved and benefits of using virtual browsers. These tools offer some kind of sandboxing protection to keep malware and infections from spreading across the endpoint computer. This means any web content can’t easily reach the actual endpoint device that is being used to surf the web, so even if it is infected it can be more readily contained.

The blockchain world gets more interesting by the day

 

 

 

I was at a conference last week where everyone was doing some interesting things with blockchain technology. This is the not-so-secret sauce behind Bitcoin: a transaction log that is verifiable and can be synchronized across distributed servers and still handle multiple trust relationships, where chargebacks can’t happen and where the crypto is strong enough to have banks and other financial institutions spending millions of dollars supporting dozens of startups.

I have written before about blockchain tech for IBM’s SecurityIntelligence blog here, but what got me interested about the conference was how practical blockchain implementations have been and will be. This is especially true in changes to the world of supply chains, where goods move across the globe under a variety of incomplete and error-prone tracking circumstances.

Indeed, at the conference I saw lots of blockchain apps that related to supply chains and had almost nothing to do with cryptocurrencies. This is an industry that is ripe for change. As one analyst has written, many supply chains have data quality issues and automation has failed to deliver significant productivity gains. That could change with these new apps.

For example, there is no company called Everledger.io. The idea is to attach a unique digital signature to each and every diamond that is traded on the various international exchanges. This signature can be immediately verified with the actual item itself – like the way a checksum can be used to verify if a digital file has been altered – to ensure that the diamond hasn’t been tampered with or substituted. So far they have been able to track close to a million diamonds in this fashion. According to insurers, about seven percent of the world’s diamonds are fraudulent in one way or another. Last fall, data from the Gemological Institute of America, the main diamond industry certification body was altered by hackers.

We are still in early days, but you can see there are lots of other applications to help detect when counterfeit goods enter a supply chain that are ripe for blockchain applications. Sending prescription drugs around the world is another high-value application that several teams are working on blockchain apps.

One FedEx manager was on a panel where they spoke about how they need new technology for managing their supply chain. “The immutability of the transaction is important for us: are you who you say you are, and are you shipping what you say you are shipping?” They spend a lot on insurance and it would be nice if they could leverage blockchain tech to prove that a package actually did make it to the final destination, with something other than an illegible signature.

While they can track a package from when it leaves your door through their shipment network, that only works if they have control over the shipment from end-to-end. That isn’t always the case, and especially internationally where it can be more cost-effective if they can hand off a package to another shipper. The panel also brought up an interesting question, as to what constitutes a delivery address, with one of them holding up his phone, saying how he wants to be able to deliver something right to where he is at the moment. That has a lot of appeal to me, as I recall how many hours I have spent trying to find a package delivery person when I stepped out of my office for a moment.

Also speaking was a representative of Chattanooga-based Dynamo, a new accelerator for supply chain ventures. They are funding several blockchain-related startups. “It isn’t just about saving money with these kinds of businesses, but about finding opportunities to expand commerce.”

The conference started off with a speech from Brian Behlendorf, who is now in charge of the hyperledger project that is part of the Linux Foundation. He has been around the tech industry for a long time, putting up Wired magazine’s early website and developing numerous open source projects. The idea behind hyperledger is to have an open source project that can be used in a number of blockchain circumstances. Think of what the Apache programmers did for web servers back decades ago: the same thing will be attempted with having a set of protocols and standard infrastructure to build blockchain apps on top of with hyperledger.

Before the conference took place, a pre-conference hackathon was held and more than a dozen teams and 50 people participated to win the top prize of $20k. The winners included college students, which should give you an idea of how quickly blockchain is evolving. Unlike many hackathons where the winners get to pose with an oversize check, in this case the winning teams’ prize money was preloaded in bitcoin on a special cryptokey, which was quite fitting. The first place finishers wrote an app to eliminate ID fraud, using blockchain to encrypt and validate who you actually are.

Blockchain isn’t just all about the supply chain: the banks are getting involved too. A private effort from R3 has more than 40 financial services supporters to try to create standards for distributed ledgers. Barclays has more than 45 Bitcoin-related projects. Deloitte has a group based in Toronto doing cryptocurrency and blockchain consulting. A Berlin neighborhood has dozens of retailers who accept bitcoins. Finally, there are other currencies that are gaining traction, including Ethereum and Dash.org, that attempt to improve upon the original bitcoin specifications and further fueling blockchain interest.

It looks like there will lots of blockchain-related news in the coming months.

Fast Track blog: Lessons Learned From IT Asset Management

As a citizen developer, trying to manage your IT assets can be tough. Keeping track of such things as programs, servers, policies and procedures requires discipline, organization, and best practices that those of us who were raised in the IT school of hard knocks had to learn along the way. Here are a few tips from the IT pros to help you out.

You can read more on the QuickBase Fast Track blog here.

For Immediate Release: a podcast for B2B Marketers

I return to doing a regular series of podcasts with my long-time former partner Paul Gillin, called For Immediate Release: B2B. Paul and I co-hosted almost 100 episodes of MediaBlather back several years ago, and many of those shows have held up well talking about how technical PR and marketing communications professionals can leverage new media and other strategies.

In this week’s show, we talk about the upcoming merger between Microsoft and LinkedIn (Paul and I are split on whether it is a good thing), and interview Radius.com CEO Darian Shirazi about predictive analytics and its utility for marketing and customer retention.

http://firpodcastnetwork.com/?powerpress_embed=4329-podcast&powerpress_player=mediaelement-audio

Wanted: more women in software

The tech business for years has had an awful record of employing and retaining female engineers, and this record is getting worse. Women represent less than a third of the typical firm’s engineering staff, and in some cases such as Twitter only 10% are engineers. Top tech management ranks are almost exclusively male.

Over the years, I have accepted this sad fact of our industry, but this week I was at a conference that was almost all populated with women and girls. It was an eye opener for me. Like many of you, I have gotten used to being in a mostly male audience when I attend or speak at tech conferences. This event was called “She’s Pivotal” and the title was purposely multiple meanings. It was organized by the software vendor to showcase the brainy and accomplished women that it employed, along with some stalwarts from St. Louis. It was inspiring and a bit uncomfortable, which is what I imagine many of the female nerds feel when they sit in a typical meeting. One woman in her 50s spoke about when she first started her career; she was the sole member of her gender in most of her meetings. “Now things have progressed to where there are two or even sometimes three of us in a room.” I guess that is progress.

Then there is this: engineering schools graduate many more women that either never end up actually doing any engineering, or who leave the field after a few years. This research from last year found that nearly 40 percent of women who earn engineering degrees quit the profession or never enter the field at all. There could be a variety of reasons for this: after all, many male engineering grads also don’t end up doing engineering too.

One of the ways for tech firms to get more sensitive about women engineers was an effort last year that started to count their actual makeup. Software developer Tracy Chou’s began a voluntary collection effort on GitHub to keep track of these numCkhbciiWgAAc_ypbers, and numerous firms have entered their workforce gender info on her project. Most firms have less than 20% women, but there are a couple of standouts. For example, Thoughtworks has 29% with 655 women engineers, and Wells Fargo has 24% with 1300 engineers. While not listed, I do know that Mastercard has lots of women in their workforce, and they had several of them (as shown above) attending the event.

Another way is to start recognizing how women can make an engineering staff better, just by their presence. The women managers on the panel spoke about how it wasn’t their coding prowess but their ability to collaborate with others and form strong teams to get projects done. They came from companies such as Express Scripts, EMC and Monsanto. All held management titles and some of them have been around for 15 or 20 years in various engineering positions.

One speaker gave three suggestions for women to succeed in tech. “Try everything to see what you like, when in school take at least one business and engineering class, and just remember that it’s never too late to get more technical education or experience.” All are great ideas.

Ironically, Pivotal themselves isn’t the best example. While Cornelia Davis, their CTO, gave an excellent talk at their event, if you go to their management page online you can see a page of all male faces there. But at least they recognize that it is time for a change, and allowed Davis and other staff members to participate in this event. Certainly, Pivotal isn’t alone: most tech companies, indeed most companies, have all male executive suites. Sadly, the glass ceiling is still firmly in place.

me at 63 worlds fairThen there is the movement called #ILookLikeAnEngineer on Twitter. Last year women engineers started posting their pictures with this hashtag. It is a great idea, because the more we all can see them and can realize that there is no singular “look” the better we all will be. Of course, I posted this picture from my childhood that fits the popular stereotype. (Once a nerd, always a nerd.) Those of you that are engineers, I encourage you to post your own selfie.

One of the goals for the event was to get young girls interested in engineering fields while they were still in high school, or even younger. The event was co-sponsored by CoderGirl, a local effort that holds weekly coding meetups to help teach women and girls programming concepts. I spoke to several of the girls at the event who were considering going in this direction, and they all felt encouraged by what they heard from the professional presenters. One girl asked whether she could actually cut it in engineering, given that she wasn’t very good in math. The answer was most definitely yes: Tammy Hawkins, who went on at Mastercard to invent the “Selfie Pay” authentication app, told us that she too wasn’t a math whiz, and managed to just barely pass her last college math course. “But that was fine, because there are always people who can help you who know more,” she said.

That is actually an important point. Many of us – men and women alike – don’t often apply for a job because we don’t think we have the self-confidence or skills required. Programming is a very collaborative culture, and these days teams of programmers work together on solving problems and producing code. You aren’t always going to be the smartest person in the room.

It is time that all companies adapt to a more diverse workforce if they want to succeed. And we need to be on the leading edge in tech. It is time to fix this.

The Fast Track blog: How Can a Non-Programmer Learn to Build Business Applications?

Last month’s Wired magazine featured a cover story entitled, “The End of Code.” Its thesis is that machine learning and neural networks will eventually obviate the need for programmers to write code. While it is an interesting thought, we are far from that situation actually happening anytime soon. Rather than seeing the end of coding, I think we are just at the beginning of a new era where coding and business-led app building is becoming more plentiful and exploding. This is the era of the citizen developer who has to carry the water for the rest of the world.

The issue isn’t whether any of us will or won’t code, but how we can do a better job with the coding tools and low-code platforms that we have at our disposal. My Fast Track blog post today talks more about these issues.

Network World 9-vendor multifactor authentication roundup

Due to numerous exploits that have defeated two-factor authentication, many IT departments now want more than a second factor to protect their most sensitive logins and assets. The market has evolved toward what is now being called multi-factor authentication or MFA, featuring new types of tokens and authentication methods.

For this review in Network World, we looked at nine products, five that were included in our 2013 review, and four newcomers. Our returning vendors are RSA’s Authentication manager, SafeNet’s Authentication Service (which has been acquired by Gemalto), Symantec VIP, Vasco Identikey Authorization Server, and TextPower’s SnapID app. Our first-timers are NokNok Labs S3 Authentication Suite (pictured above), PistolStar PortalGuard, Yubico’s Yubikey and Voice Biometrics Group Verification Services Platform.

All of these products are worthy of inclusion in this review as representative of where the MFA market is heading. In addition, if you want to stay on top of MFA developments, we recommend you follow our Twitter list here.

My review also features a collection of screencaps here, and an overall trends rundown as well here.