Olympic Technology is Going for Gold

Standard

This post was originally published in today’s Foster’s and Seacoast Sunday.

The Olympics taking place in PyeongChang is a spectacle of technology that is giving us a glimpse into our future. With technological powerhouses like Samsung being one of South Korea’s most well known exports, it’s no wonder technology is taking center stage.

Intel Olympics Drone TechnologyThis awesome display of technology is not without its pitfalls. On the first day of this year’s Olympics, hackers took center stage, breaking into some Olympic technology and causing the office website of the 2018 Winter Games to be taken down overnight. As of now, there does not appear to have been any serious breach, but investigators are still at work and we may not know what has really happened during the Olympic Games until well after the Olympic torch has been extinguished in PyeongChang.

One of the massive challenges for technology at an event like the Olympics is security. It’s even more of a challenge due to the nature of the event. A temporary sporting event that brings the attention of the world on a small part of the host country for a short window of time. Talk about a target of opportunity.

Olympic Games are put on by local organizing committees under the auspices of the International Olympic Committee, the IOC. Technology contracts are awarded to multiple companies by the local organizing committee and are often decentralized, meaning each vendor chosen must secure their own networks. This brings multiple players to the table and multiple vulnerabilities. Intel, Samsung, Visa, Atos, Korea Telecom, Comcast, NBC and more all have extensive technology infrastructures in place at the Olympics. Even clothier Ralph Lauren has introduced technology to Team USA’s uniforms for this year’s Winter Olympics. The jackets Team USA will be wearing include active heating technology to keep the athlete’s warm.

Multiple organizations and government agencies have warned attendees to steer clear of public WiFi and be on alert for all manner of cyber scams. Some have gone so far as to recommend turning off WiFi and Bluetooth while at the Games, to avoid what are known as drive-by attacks, where a hacker may theoretically access your device to steal information and use it as part of a larger attack.

There will be plenty of technological marvels on display, from Intel’s amazing drone light shows to Samsung’s robots. A robot even carried the Olympic Torch for part of the relay leading up to the lighting of the Olympic Flame during the opening ceremonies one week ago. Technology will also be available to the athletes to help them tune their performance and maximize their experience. Suits with smart sensors will provide a level of athletic performance feedback not previously seen. It will be interesting to see if any competitors make changes based on this new information that will be available.

Another first for these Olympics is that all of the technology systems running and broadcasting the games will be Cloud based. You won’t find the temporary data centers that powered past games. This year, critical systems will all be physically away from the games in Cloud data centers. There are some fifty critical applications behind this year’s Olympic experience, all out in the Cloud.

Even with this reliance on the Cloud, there will still be well over three thousand IT workers on the ground in PyeongChang supporting the games. Whether things are based in the Cloud or not, you still need an on-site IT infrastructure to enable everything from accurately capturing race times to broadcasting the events live online and to television viewers worldwide.

For spectators who are in PyeongChang, Intel is providing virtual reality experiences from the athlete’s point of view. Imagine putting on a virtual reality headset and finding yourself hurtling down a slalom course at 70 to 80 mph. You can if you want to.

I mentioned Visa earlier as one of the technology companies on display at the Olympics. Yes, Visa is a financial services company, mostly known for issuing debit and credit cards. In PyeongChang, Visa is showcasing payment technologies of the future. There are contactless payment terminals throughout the venues. Visa provided special rings to the athletes that have embedded payment technology, allowing an athlete to simply wave their hand over a payment terminal to pay for something. Visa even has smart gloves in use so that when you are outside, you won’t have to take your gloves off to pay for something. Just place your hand near a payment terminal and make your payment.

The Olympics are always a great event, showcases known and unknown athletes and great stories of triumph and defeat. Technology is giving us a glimpse into the future as well this year, except the future is now.

How Did You Weather The Bomb Cyclone?

Standard

The following article was published in todays Foster’s and Seacoast Sunday.

BombCyclone2By the time you read this, you will have hopefully survived the “Bomb Cyclone” that rolled through on Thursday. I got a kick out of all the reports in various media about the storm’s “wicked cold” and “polar vortex.” It’s winter in New England. You never know what’s coming and when.

Storms like this provide a stark reminder that businesses don’t stop due to weather. Successful companies need to be able to operate through storms like this and ensure their staffs are able to work wherever and whenever they need to.

Successful companies today, employ a range of strategies to remain functional throughout any event that could impact their offices or staff. This is mostly done by leveraging Cloud or data center services to disperse the organization’s business systems across geographies in order to insulate the business from a catastrophic event in any one geography.

To put this in layman’s terms, this means not relying on a computing infrastructure that is solely located in the company’s sole office location. That’s how it used to be done, but not today. In the past, especially for smaller businesses, but for much medium- and larger-sized organization as well, a single location would be where you would find one or more servers that run all of the business systems. Email servers, file systems, printing, databases, accounting applications, any proprietary software would all be on these servers. If the office was not accessible, neither were the systems unless the business invested in power infrastructure, like generators, to keep the servers running the event of a power outage. This would also require robust remote access infrastructures, so that employees would be able to access these resources.

Today, this is accomplished very differently and quite cost effectively. Smart businesses have servers and systems offsite, in the Cloud, a private or public data center or a combination of these. Many companies have moved to Office 365 or Google G Suite, mostly for email, but potentially other productivity applications and services as well. With email moved offsite and into a data center infrastructure managed by industry giants Microsoft and Google, you can be assured you will not lose your ability to electronically communicate when a storm runs through your local regions. Email has become a primary form of communication for both internal and external contacts. Ensuring this capability is “always on” is more critical than it has ever been.

Having critical business systems offsite also ensures availability. When your applications are running in the Cloud or a data center, your systems will be more accessible than they would be if they were only located within your office. Hardly any business that considers itself a small- or medium-sized could afford to maintain the highly available and redundant infrastructure that exists in the Cloud and other data centers. The power and connectivity capabilities within these sites are truly impressive. They are all designed to ensure uptime and availability, regardless what may be happening.

While the above addresses the systems your teams use every day to accomplish their goals, telecommunication requirements are often overlooked. It’s equally important to make sure callers are able to call your organization and get through to someone throughout an extreme event, be it weather, natural disaster or other. Having a redundant telecommunications infrastructure will further ensure your customer experience is consistent through any event that might otherwise negatively impact the business.

If you or your teams experienced any issues during this last storm that should be a clear sign you need to review how your company is structured to ensure employees, customers and business partners are able to continue to work together and support one another, regardless of environmental or other events that would otherwise interrupt this. Make 2018 the year that your business embraces truly high availability and redundancy.

Meltdown & Spectre, What You Should Know

Standard

code_meltdown_spectre_2.jpg

Over the last few days, mainstream media has been sounding the alarm over two security vulnerabilities named Meltdown and Spectre.  What is unique about this latest security threat is that the flaws are within the design architecture of the processors that run virtually every computer and mobile device on the planet.  Yes, you read that right, you are almost certainly impacted by these flaws.

So, now that you are concerned, what should you do?  In a nutshell, watch for operating system and software updates and apply them as soon as you can.  Not your anti-virus or anti-malware software.  These won’t help.  Watch for operating system and firmware updates, as well as application updates and apply them.

If your company works with an MSP, like the company I work for, you can likely breathe a little easier.  Companies like Onepath were aware of these threats before the news hit and have been actively monitoring for patches from the hardware and software manufacturers, testing them and pushing them out to managed computers and mobile devices to patch them against the threat.  We sent out an advisory to all of our managed clients on Thursday, which may review at this link.  There is some good information in this advisory, including links to more detailed articles on the matter.

As of now, it is unclear if any malicious actors have actually used these threats to steal information.  It is thought not to be the case, but this is a rapidly developing story.  The good news is that to exploit these threats on a computer or mobile device, a hacker would need to get their malicious software installed on your computer or mobile device in order to take advantage of the exploits.  If you are practicing safe computing, you are likely safe for now, just as you should be against any malicious threat.

Cloud server infrastructures are thought to possibly be at greater risk.  Cloud providers are working diligently to patch their infrastructures to protect their customers, but most of us have less control over those resources as they are managed by the Cloud providers. We have to rely on them to tell us what they are doing to safeguard their systems.

For those that are interested in the technical side of this issue, Meltdown allows access to information running in memory on the affected computer or mobile device.  By allowing a hacker to gain access to what’s in memory, a bad actor could potentially steal passwords and other sensitive information, including what’s stored in password managers and browser sessions.  Spectre, on the other hand, allows a hacker to jump between applications, penetrating a security isolation long thought to be impenetrable.

As I stated earlier, the real risk to the average business and consumer is really not yet known.  The best defense is a strong offense, so making sure your computers and mobile devices are updated when manufacturers release their updates is the best thing you can do.  Some updates have already been released.  Others are thought to take days, weeks or even months to get to users.  I will continue to monitor developments related to these threats and posts updates as new and actionable information becomes available.  In the meantime, stay safe online and keep your defenses up.

Ancestry Breach Confirmed, What You Need to Know

Standard

Ancestry.com has confirmed a breach of their decommissioned RootsWeb service.

Security researcher Troy Hunt (@TroyHunt), who I have considerable respect for, discovered the breach and informed Ancestry. He has further commented that the company has handled this breach in exemplary fashion.

The breach involves an exposed file containing usernames, passwords and email addresses of 300,000 users of the RootsWeb service.

Ancestry says it has notified any impacted user, so if you ever used RootsWeb, you should have heard from Ancestry by now. That said, I believe it would be prudent to change your password on any Ancestry.com service that you use, whether or not you have been notified of a risk. Yes, this is abundantly cautious, but a reasonable step to take.

It’s encouraging to see the company respond well and aggressively to this breach. Other organizations will learn from how Ancestry has handled this.

The incident is still being investigated. It is not thought to be more widespread than what has been confirmed to date. Should I learn anything to the contrary, I will post an update.

IT Themes for 2018 from CompTIA

Standard

The following press release was issued by CompTIA today.  I’m very pleased to have been quoted in the section on “From product sales to service subscriptions.”

logo-small_jpeg

 CompTIA Board of Directors Identifies Six Tech Themes to Watch in 2018

 Downers Grove, Ill., December 21, 2017 – Artificial intelligence (AI) will stake out a larger role; a greater emphasis will be placed on the user experience with technology; and protecting personal data and information will become more critical in 2018, according to the board of directors of CompTIA, the leading technology industry association.

The new year will also see technology companies focused on new government regulations and requirements, led by the European Union’s General Data Protection Regulation (GDPR); evolving their business models to rely more on the sale of “as a service” subscriptions; and taking new actions to combat cyber threats.

The CompTIA directors at a board meeting earlier this month spent time trading ideas and debating the impact of nearly 20 trends likely to impact the technology industry in 2018. Six themes rose to the top of the consensus list of technology trends to watch.

Artificial intelligence (AI) expands its presence – A recent CompTIA survey found that one in four companies make regular use of AI in areas such as machine learning, virtual assistants, workflow tools, and in the automation of processes and tasks. Another 19 percent of organizations expect to adopt AI in the next year.

More focus on optimizing the customer experience – Options for acquiring technology have expanded, driving providers to find new ways to maintain relationships with current customers and acquire new clients. Optimizing customer experiences with technology is a crucial step in maintaining and building relationships; but it requires a thorough understanding of both user expectations and business objectives.

“The emergence of technologies that enhance the customer experience will be an important tech theme for companies wanting to stay ahead of the competition in 2018,” said Dan Shapero, founder, ClikCloud Digital Marketing. “Companies using artificial intelligence, chat, call center and mobile web to enrich customer experience will reap the benefit of increased customer loyalty, greater efficiency and higher margins in the foreseeable future.”

Protecting personal privacy – The security and personal privacy challenges associated with how consumer information is collected, used, analyzed, and shared will grow in importance as millions of new interconnected devices come online through the expansion of the Internet of Things, smart cities, autonomous vehicles, and other innovations.

Government requirements and regulations – The pace of innovation greatly exceeds the speed at which governments can adopt, alter, expand or eliminate policies and regulations. This can create inherent tensions between technologies entering the market – often at the demand of customers – and governments’ ability to regulate. In 2018 one of the biggest regulatory issues technology companies will face is the General Data Protection Regulation (GDPR), the new primary law that will regulate how companies protect European Union citizens’ personal data.

“Government regulation becomes more stringent when it feels the need to do a better job of protecting people than it deems the industry it’s regulating is doing,” said Tracy Pound, managing director, Maximity. “The GDPR is intended to provide consistent enforcement of data protection rules that increase an individuals’ rights to control data held about them; and to ensure that companies holding data can demonstrate accountability for that data and have good governance processes in place. It applies to any company that processes, stores or transmits personal data belonging to EU residents. It will still apply to the UK post Brexit, making it a global issue rather than a European one.

“With industry surveys stating that less than 10 percent of companies are prepared for the GDPR, this is a significant opportunity for tech companies to reinforce being a true trusted business advisor by providing insights and services that help clients navigate the new regulation in order to help them minimize the risk of data breaches and to demonstrate compliance,” Pound continued. “With maximum fines of 4 percent of global turnover or €20 million, tech companies and their clients need to wake up to the volume of preparatory work in documenting systems, educating staff, bringing policies and procedures for processing data up to date and making changes to be ready for the deadline of 25th May 2018. Expecting this to go away and to do nothing is a game of Russian Roulette.”

From product sales to service subscriptions – The “everything-as-a-service” model is not a new phenomenon. But the subscription service model continues to evolve as businesses expand their reliance on the technology ecosystem. In this fast-changing market many companies – traditional technology firms and new market entrants alike – are striving to carve out their niche.

“As the ‘as-a-service’ model of technology acquisition continues to mature, traditional resellers are facing significant changes to their established business models,” said MJ Shoer, director, client engagement, and virtual CIO, Onepath. “While there will always be a need to make capital acquisitions of technology, subscription models are now the norm and some traditional customers are now procuring their technology from multiple sources. This requires that technology solution providers drive value by helping our customers understand and leverage this evolving market trend. We also need to help our customers leverage technology to improve their workflows and business processes to gain a competitive edge.

“Technology solution providers also need to adapt to the changing security landscape,” Shoer added. “While many traditional MSPs are building security practices within their existing business structure, this leads to concerns about the fox watching the hen house. How technology solution providers bring security services to their customers while ensuring the integrity of those services will be paramount to providing the type of services most customers will require, especially with increasing government regulation like GDPR and others.”

Cyber readiness – Video gaming communities, hotels, fast-food restaurants, retailers, healthcare providers, educational institutions, government agencies, and business services providers were just some of the victims of cyber-attacks and data breaches in 2017. Despite improvements on many fronts, threats show no signs of abating. In fact, evidence suggests that things will get worse before they get better, with the attacks growing in both frequency and virulence.

“Going into the new year we expect cybercriminals to stick with the malware that makes them the most money: ransomware,” said Scott Barlow, vice president, Global MSP, Sophos. “In fact, according to recent research by Sophos, 2018 could potentially bring the explosion of Ransomware-as-a-Service (RaaS). These hacking kits, designed to make cybercrime accessible to anyone regardless of skill, will drive global ransomware levels through the roof.”

As the leading trade association for the technology industry association CompTIA provides a vast selection of education and training materials, research and market intelligence, webinars and conferences, business best practices, member communities and advisory councils, and more on a wide range of technology topics. Visit www.comptia.org to learn more.

CompTIA: Building the Foundation for Technology’s Future

The Computing Technology Industry Association (CompTIA) is the world’s leading technology association, with approximately 2,000 member companies, 3,000 academic and training partners, over 100,000 registered users and more than two million IT certifications issued. CompTIA’s unparalleled range of programs foster workforce skills development and generate critical knowledge and insight – building the foundation for technology’s future. Visit CompTIA online, Facebook, LinkedIn and Twitter to learn more.

Contact:

Steven Ostrowski
CompTIA
sostrowski@comptia.org­
630-678-8468

Apple, Please Fix Do Not Disturb While Driving

Standard

Back in late September, I posted about 2 Excellent iOS 11 Features to Enable.  One of those features is Do Not Disturb While Driving.  Well, after using this feature for a few months, I’m sorry to save it is flawed and desperately in need of an update to address a few serious shortcomings.

WazeI use Waze, pretty much every day, as it is far superior to the built in navigation in my car.  The problem is that by having Waze open, Do Not Disturb will not enable.  Why?  Because the feature requires that your phone be locked.  This just doesn’t make sense.

Android phones have had this type of feature, mainly through 3rd party apps, for years.  Due to Apple‘s strict control over the iOS operating system, which I support, iPhone‘s have not.  This is admittedly Apple’s first attempt to address this need, but it lacks some proper planning and is a flawed implementation.

Many states, like my home state of New Hampshire, have or are enacting hands-free laws, which is a great thing.  The amount of incidents involving distracted drivers using their phones has become an epidemic.  You see it on the road every day.

The premise of this feature is that you can’t use your phone, except as a hands-free device, nor will you get any pop-up notifications that would distract you, while you are driving.  Great concept, flawed implementation.  Here’s my real world experience over the last few months.

With Waze open, Do Not Disturb While Driving will not activate.  I have it set to automatically activate when my iPhone connects to my car’s Bluetooth audio system.  Once I determined this was happening, I placed an icon to manually enable Do Not Disturb While Driving manually from the Control Center.  While this does enable it, it does not work reliably, again, because I have Waze active on my iPhone.  Only some text messages receive the auto-reply that I have configured.  Most do not.  I also get every pop-up notification, which is a distraction.

Here is how it should work.  You should be able to set app exceptions that are allowed to be running and still allow Do Not Disturb While Driving to function properly.  It should not be dependent on the phone being locked.  I should be able to get in my car, open Waze, put my phone on it’s mount, connect it to vehicle power and as soon as it connects to my Bluetooth, Do Not Disturb While Driving should activate.  I should not receive ANY pop-up notifications until I have turned off the car or pressed the home button and clicked the I’m Not Driving pop-up that displays when Do Not Disturb While Driving is active.  Anyone who sends me a text message, should receive my configured auto-reply and the very cool feature, an additional notification informing them if they send the message again with the word urgent, it will come through and notify me.  This is s smart emergency notification option.

I’ve sent this feedback to Apple and am hoping they will fix this in an update soon.  I’ll be monitoring this situation and will update you as I learn more.  In the meantime, stay safe and only use your phone hands-free while driving.  Your fellow drivers, riders and pedestrians thank you.

What’s Next for Net Neutrality

Standard

NetNeutralityCongressUnless you have been living under a rock, you know that the Federal Communications Commission (FCC) voted to repeal Net Neutrality rules yesterday.  Sadly, this was a partisan vote, with the three Republican Commissioners voting to repeal and the two Democratic Commissioners voting to keep the rules in place.  This is not and should not be a political issue.  The vote represents just about everything that is wrong with our government today.  The party is more important than the constituency.  I’m not going to get in to the political issues around this vote.  Instead, I’m going to focus on what this means for the average consumer and business user of the Internet.

In the near term, nothing should change. The Net Neutrality rules that were repealed were in place to assure that no Internet Service Provider (ISP) would be able to block or throttle the ability to reach anything on the Internet.  It also prevented an ISP from charging content providers or end users, higher fees in order to access everything online.  The repeal of these rules means this could all change.  As a friend of mine put it, it would be as if the brand of car you own dictates how fast you may drive.  For example, Ford‘s are limited to only driving 40 MPH on highways, but Lexus‘ are able to drive 85 MPH.  If you own a Lexus, you’ll get where you are going faster than if you buy a Ford.  That’s the thrust of the issue.

The arguments around this issue are many and there is host of misinformation being circulated to back up any given position.  These rules were only put in place a few years ago and are widely referred to as “Obama-era” rules.  There in lies one of the fundamental problems, in my opinion.  This ties the rules to one person, a former president, a member of the opposing party to the one in power today and simply politicizes the entire matter.  The fact of the matter is that there have been some form of Net Neutrality rules in place for many years.  They were strengthened a few years ago in response to an ISP blocking content that threatened its business and resulting legal battles.

The argument that the rules were not needed because there are no issues is partly true and partly false.  The Internet has been largely open and unrestricted, but there are plenty of reasons to be concerned.  From the consolidation of media and technology companies to emerging business models that challenge established norms, the potential for Net Neutrality issues is growing daily.

Commissioner Jessica Rosenworcel, who I have written about before, referred to the vote as a “rash decision” that puts the FCC “on the wrong side of history, the wrong side of the law, and the wrong side of the American public.”  She may be right, especially about that last part.  Some statistics show as many as 85% of the American public opposed the repeal.  If the Commissioners were putting people over party, you would think they would have upheld the rules.  But I digress.

Will you see any immediate changes?  I don’t think so.  First of all, the changes will take weeks to put in place.  ISP’s, wireless carriers and other businesses involved in the delivery of Internet services will need to evaluate their business models and potential risks should they elect to make any changes based on the repeal.  One could imagine significant public backlash should an ISP like Comcast change their plans to require either content providers or consumers to pay higher fee in order to have access to certain sites and services online.  You would think they will think long and hard about the implications of changing how they deliver Internet service.

Several State Attorneys General have said they will file lawsuits to try to stop the repeal from taking effect.  At this early date, it’s unclear if this could be successful.  Many members of both the House and Senate have said they will consider legislation to restore the rules.  Several groups, including watchdogs and trade associations have said they may also file suit.

This entire issue is likely to become messier before it settles down.  For now, you should not have anything to worry about.  In the meantime, I’ll keep tabs on this issue and post updates as I learn more.

 

%d bloggers like this: