1 2 3 4 5 Previous Next

Geek Speak

2,762 posts

Had a great time at the Seattle SWUG last week. I always enjoy the happiness I find at SWUG events. Great conversations with customers and partners, and wonderful feedback collected to help us make better products and services. Thanks to everyone that was able to participate.

 

As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy!

 

90% of data breaches in US occur in New York and California

There is no such thing as a “leaky database.” Databases don’t leak, it’s the code that you layer on top.

 

Top 5 Configuration Mistakes That Create Field Days for Hackers

And sometimes the code is solid, but silly default configurations are your main security risk.

 

A ransomware attack is holding Baltimore's networks hostage

Maybe Baltimore thought they were safe because they weren’t in California or New York.

 

Facebook sues data collection and analytics firm Rankwave

“Hey, you can’t steal our users data and sell it, only *WE* get to do that!”

 

Microsoft recommends using a separate device for administrative tasks

I’ve lost track the number of debates I’ve had with other admins that insist on installing tools onto servers “just in case they are needed.”

 

Hackers Still Outpace Breach Detection, Containment Efforts

It takes an intruder minutes to compromise an asset, and it takes months before you will discover it happened.

 

Watch Microsoft’s failed HoloLens 2 Apollo moon landing demo

This is a wonderful demo, even if it failed at the time they tried it live.

 

Breakfast at the SWUG, just in case you needed an incentive to attend:

Starting with DevOps can be hard. Often, it's not entirely clear why you're getting on the DevOps train. Sometimes, it's simply because it's the new trendy thing to do. For some, it's to minimize the friction between the traditional IT department (“Ops”) and developers building custom applications (“Dev”). Hopefully, it will solve some practical issues you and your team may have.

 

In any case, it's worth looking at what DevOps brings to the table for your situation. In this post, I'll help you set the context of the different flavors and aspects of DevOps. “CALMS” is a good framework to use to look at DevOps.

 

CALMS

CALMS neatly summarizes the different aspects of DevOps. It stands for:

  • Culture
  • Automation
  • Lean
  • Measurement
  • Sharing

 

Note how technology and technical tooling are only one part of this mix. This might be a surprise for you, as many focus on just the technological aspects of DevOps. In reality, there's many more aspects to consider.

 

And taking this one step further: getting started with DevOps is about creating and fostering high-performance teams that imagine, develop, deploy, and operate IT systems. This is why Culture, Automation, Lean, Measurement, and Sharing are equal parts of the story.

 

Culture

Arguably, the most important part of creating highly effective teams is the aspect of shared responsibility. Many organizations choose to create multi-disciplinary teams that include specialists from Ops, Dev, and Business. Each team can take full responsibility over the full lifecycle of a part (or entire) IT system, technical domain, or part of the customer journey. The team members collaborate, experiment, and continuously improve their system. They'll take part in blameless post-mortems or sprint reviews, providing feedback and improving processes and collaboration.

 

Automation

This is the most concrete part of DevOps: tooling and automation. It's not just about automation, though. It's about knowing the flow of information through the process from development to production, also called a value stream, and automating those.

 

For infrastructure and Ops, this is also called Infrastructure-as-Code; a methodology of applying software development practices to infrastructure engineering and operational work. The key to infra-as-code is treating your infrastructure as a software project. This means maintaining and managing the state of your infrastructure in version-controlled declarative code and definitions. This code goes through a pipeline of testing and validation before the state is mirrored on production systems.

 

A good way to visualize this is the following flow chart, which can be equally applied to infrastructure engineering and software engineering.

 

The key goal of visualizing these flows is to identify waste, which in IT is manual and reactive labor. Examples are fixing bugs, mitigating production issues, supporting customer incidents, and solving technical debt. This is all a form of re-work that, in an ideal world, could be avoided. This type of work takes engineering time away from the good kind of manual work: creating new MVPs for features, automation, tests, infrastructure configuration, etc.

 

Identifying manual labor that can be simplified and automated creates an opportunity to choose the right tools to remove waste, which we'll dive into in this blog series. In upcoming posts, you'll learn how to choose the right set of DevOps monitoring tools, which isn’t an easy task by any stretch of the imagination.

 

Lean

Lean is a methodology first developed by Toyota to optimize its factories. These days, Lean can be applied to manufacturing, software development, construction, and many other disciplines. In IT, Lean is valuable to visualize and map out the value stream, a single flow of work within your organization that benefits a customer. An example would be the manufacturing of a piece of code from ideation to when it's in the hands of the customer via way of a production release. It's imperative to identify and visualize your value stream, with all its quirks, unnecessary approval gates, and process steps. With this, you'll be able to remove waste and toil from this process and create flow. These are all important aspects of creating high-performing teams. If your processes contain a lot of waste, complexity, or variation, chances are, the team won't be as successful.

 

Measurements

How do you measure performance and success? The DevOps mindset heavily leans on measuring performance and progress. While it doesn't prescribe specific metrics to use, there are a couple of common KPIs many teams go by. For IT teams, there are four crucial metrics to measure the team's performance, inside-out:

  1. Deployment Frequency: how often does the team deploy code?
  2. Lead time for changes: how long does it take to go from code commit to code successfully running in production?
  3. Time to restore service: how long does it take to restore service after an incident (like an unplanned outage or security incident)?
  4. Change failure rate: what percentage of changes results in an outage?

 

In addition, there are some telling metrics to measure success from the outside-in:

  1. Customer satisfaction rate (NPS)
  2. Employee satisfaction (happiness index)
  3. Employee productivity
  4. Profitability of the service

 

Continuously improving the way teams work and collaborate and minimizing waste, variation, and complexity will result in measurable improvements in these key metrics.

 

Sharing

To create high-performing teams, team members need to understand each other while still contributing their expertise. This creates the tension between “knowing a lot about few things” and “knowing a little about a lot of things.” This is known as the T-shaped knowledge problem. To balance between the two, high-performing teams are known to spend a decent amount of time on sharing knowledge and exchanging experiences. This can take shape in many ways, like peer review, pair programming, knowledge sessions, communities of expertise, meetups, training, and internal champions that further their field with coworkers.

 

Next Up

With this contextual overview, we've learned DevOps is much more than just technology and tooling; grasping these concepts is vital for creating high-performance teams. But choosing the right approach for automation is no joke, either. There's so much to choose from, ranging from small tools that excel at one task but are harder to integrate into your toolchain to “OK” enterprise solutions that do many tasks but come pre-integrated. In the next post in this getting started with DevOps series, we'll look at why choosing a one-size-fits-all solution won't work. 

By Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering

 

Here’s another interesting article from my colleague Sascha Giese on how improved communications and training can help organizations keep their infrastructure updated. Training is one of those things that’s always a priority but rarely makes it to the top of the list.

 

Government technology professionals dedicate much of their time to optimizing their IT infrastructures. So, when new policies or cultural issues arise, it can be challenging to integrate these efficiently within the existing landscape.

 

The SolarWinds IT Trends Report 2018 revealed that, in the U.K. public sector, this challenge is yet to be resolved—43% of those surveyed cited inadequate organizational strategies as the reason for the lack of optimization, followed closely by 42% who selected insufficient training investment. Let’s explore these topics further.

 

Communication Should Never Be a One-off

 

Organizational IT strategy may start at the top, but often it can get lost in translation or diluted as it’s passed down through the ranks—if it gets passed down at all. As such, IT managers might be doing their daily jobs, but they may not be working with an eye towards their agencies’ primary objectives.

 

One example of this is the use of public cloud, which—despite the Cloud First policy being introduced in 2013—is still not being realized across the U.K. government to its full potential, with less than two-thirds (61%) of central government departments having adopted any public cloud so far.

 

Agency IT leaders should consider implementing systematic methods for communicating and disseminating information, ensuring that everyone understands the challenges and opportunities and can work toward strategic goals. Messages could also then be reinforced on an ongoing basis. The key is to make sure that the U.K. government IT strategy remains top-of-mind for everyone involved and is clearly and constantly articulated from the top down.

 

Training Should Be a Team Priority

 

The IT Professionals Day 2018 survey by SolarWinds found that, globally, 44% of public sector respondents would develop their IT skillset if they had an extra hour in their workday. Travel to seminars and class tuition fees cost money that agencies may not have.

 

Training can have a remarkably positive impact on efficiency. In addition to easing the introduction of new technologies, well-trained employees know how to better respond in the case of a crisis, such as a network outage or security breach. Their expertise can save precious time and be an effective safeguard against intruders and disruption, which can be invaluable in delivering better services to the public.

 

Self-training can be just as important as agency-driven programs. It may be beneficial in the long run for technology professionals to hold themselves accountable for learning about agency objectives and how tools can help them meet those goals, supported with an allocated portion of time that professionals can use for this purpose. People don’t necessarily learn through osmosis, but through action, and at different levels.

 

For this and other education initiatives, technology professionals should use the educational allowances allocated to them by their organizations, which can sometimes run into thousands of dollars. Take the time to learn about the technologies they already have in-house, but also examine other solutions and tools that will help their departments become fully optimized, especially when these may form part of a broader public sector IT strategy.

 

Though surveys like the IT Trends Report have highlighted the existence of a knowledge and information-sharing gap, implementing stronger communication and training initiatives into government organizations could help reduce this. And by producing better-optimized environments for IT teams, the quality of the service that their departments can deliver to the wider public is increased, bringing about better changes for all.

 

Find the full article on Open Access Government.

 

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

Hello THWACKers long time no chat! Welcome to part one in a five-part series on machine learning and artificial intelligence. I figured what better place to start than in the highly contested world of ethics? You can stop reading now because we’re talking about ethics, and that’s the last thing that anyone ever wants to talk about. But before you go, know this isn’t your standard Governance, Risk, and Compliance (GRC) talk where everything is driven by and modeled by a policy that can be easily policed, defined, dictated, and followed. Why isn’t it? Because if that were true, we wouldn’t have a need for any discussion on the topic of ethics and it would merely be a discussion of policy—and who doesn’t love policy?

 

Let me start by asking you an often overlooked but important question. Does data have ethics? On its own, the simple answer is no. As an example, we have Credit Reporting Agencies (CRAs) who collect our information, like names, birthdays, payment history, and other obscure pieces of information. Independently, that information is data, which doesn’t hold, construe, or leverage ethics in any way. If I had a database loaded with all this information, it would be a largely boring dataset, at least on the surface.

 

Now let’s take the information the CRAs have, and I go to get a loan to buy a house, get car insurance, or rent an apartment. If I pass the credit check and I get the loan, the data is great. Everybody wins. But, if I’m ranked low in their scoring system and I don’t get to rent an apartment, for example, the data is bad and unethical. OK, on the surface, the information may not be unethical per se, but it can be used unethically. Sometimes (read: often) a person's credit, name, age, gender, or ethnicity will be calculated in models to label them as “more creditworthy” or “less creditworthy” in getting loans, mortgages, rent, and so on and so forth.

 

That doesn’t mean the data or the information in the table or model is ethical or unethical, but certainly claims can be made that biases (often human biases) have influenced how that information has been used.

 

This is a deep subject—how can we make sure our information can’t be used inappropriately or for evil? You’re in luck. I have a simple answer to that question: You can’t. I tried this once. I used to sell Ginsu knives and I never had to worry about them being used for evil because I put a handy disclaimer on it. Problem solved.

 

Disclaimer

 

Seems like a straightforward plan, right? That’s what happens when policy, governance, and other aspects of GRC enter into the relationship of “data.” “We can label things so people can’t use them for harm.” Well, we can label them all we want, but unless we enact censorship, we can’t STOP people from using them unethically.

 

So, what do we do about it? The hard, fast, and easy solution for anyone new to machine learning or wanting to work with artificial intelligence is: use your powers for good and not evil. I use my powers for good, but I know that a rock can be used to break a window or hurt someone (evil), but it also can be used to build roads and buildings (good). We’re not going to ban all rocks because they could possibly be used wrongly, just as we’re not going to ban everyone’s names, birthdays, and payment history because they could be misused.

 

We have to make a concerted effort to realize the impacts of our actions and find ways to better the world around us through them. There’s still so much more on this topic to even discuss, but approaching it with an open mind and realizing there is so much good we can do in the world will leave you feeling a lot happier than looking at the darkness of and worry surrounding things you cannot control.

 

Was this too deep? Probably too deep a subject for the first in this series, but it was timely and poignant to a Lightning Talk I was forced (yes, I said forced) to give on machine learning and ethics at the recent ML4ALL Machine Learning Conference.

 

ML4ALL Lightning Talk on Ethics

 

https://youtu.be/WPZd2dz5nfc?t=17238

 

Feel free to enjoy the talk here, and if you found this useful, terrifying, or awkward, let’s talk about it. I find ethics a difficult topic to discuss, mainly because people want to enforce policy on things they cannot control, especially when the bulk of the information is “public.” But the depth of classifying and changing the classification of data is best saved for another day.

In Seattle this week for the Seattle SWUG. If you're in the room reading this, then you aren’t paying attention to the presentation. So maybe during the break you should find me, say hello, and we can talk data or bacon.

 

As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy!

 

The productivity pit: how Slack is ruining work

Making me feel better about my decision to quit Slack last year.

 

Dead Facebook users could outnumber living ones within 50 years

Setting aside the idiocy of thinking Facebook will still be around in 50 years, the issue with removing deceased users from platforms such as Facebook or LinkedIn is real and not easily solved.

 

Hackers went undetected in Citrix’s internal network for six months

For anyone believing they are on top of securing data, hackers went undetected in Citrix’s internal network for six months. Six. Months.

 

Dutch central bank tested blockchain for 3 years. The results? ‘Not that positive’

One of the more realistic articles about blockchain, a company that admits it's trying, not having smashing success, and willing to keep researching. A refreshing piece when compared to the marketing fluff about blockchain curing polio.

 

Docker Hub Breach: It's Not the Numbers; It's the Reach

Thanks to advances in automation, data breaches in a place like Docker can end up resulting in breaches elsewhere. Maybe it’s time we rethink authentication. Or perhaps we rethink who we trust with our code.

 

Los Angeles 2028 Olympics budget hits $6.9B

Imagine if our society was able to privately fund $6.9B towards something like poverty, homelessness, or education instead of arranging extravagant events that cost $1,700 a ticket to attend in person.

 

A Not So Fond Look Back At Action Park, America's Scariest Amusement Park

Is it weird that after watching this video it makes me want to go to this park even more?

 

I like it when restaurants post their menu outside:

By Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering

 

Here’s an interesting article from my colleague Sascha Giese on strategies for digital transformation in the public sector. Our government customers here in the states have similar challenges and should benefit from the discussion.

 

For an organization like the NHS, digital transformation can present challenges, but the need for faster service delivery, cost management efficiency, and improvements to patient care make the adoption of technology a strategic priority.

 

Digital transformation refers to a business restructuring its systems and infrastructure to avoid a potential tipping point caused by older technologies and downward market influences. This transformation can also be disrupting, as it affects nearly every aspect of the organization.

 

For an organization like the U.K. NHS, this can present more challenges than for private-sector businesses.

 

Outdated infrastructure often struggles to keep up with the amount and type of data being produced, and with the volume of data the NHS processes now being supplemented by data coming in from private healthcare providers as well, the technology deployed could fall further behind. There are also growing concerns regarding management and security of this data.

 

Because of this, the NHS is in the perfect position to benefit from implementing a digital transformation strategy. No matter how small, starting now could help keep doctors away from paperwork and closer to their patients, which, at the end of the day, is what really matters.

 

For the NHS to reap the benefits of digital transformation, it’s important for IT decision makers to consider emerging technologies, such as cloud, artificial intelligence (AI), and predictive analytics.

 

Without the knowledge of how and why digital transformation can benefit the NHS, it is understandable that a recent survey from SolarWinds, conducted by iGov, found that nearly one in five NHS trusts surveyed have no digital transformation strategy, and a further 24% have only just started one.

 

Being aware is the first hurdle to overcome, and the NHS is already on its way to conquering it.

 

Getting to grips with new technology is always going to be a challenge, and even more so for those handling some of the U.K.’s most-critical data—that of our health and wellbeing—so acknowledging that legacy technology is holding the NHS back means they’re best placed to start implementing these changes.

 

Next, IT leaders should consider implementing a transformation strategy that supports these goals. Enlisting the right people from within the organization with expertise that can guide the process and implementing the best tools can help enable visibility and management throughout the whole process. Some methods to think about executing first include:

 

  • Simplifying current IT: Complexity often leads to mistakes, longer processes, and increased costs across the board.
  • Keeping IT flexible: Hybrid environments are the norm for many agencies. NHS trusts should consider technology that enables the use of private, public, or hybrid cloud, where data, workloads, and applications can be moved from one platform to another with a simple click.
  • Maintaining IT resilience: Trusts that need to run 24/7 should use systems that ensure both data availability and data protection.
  • Creating a transformational culture: Changing the culture starts at the top; if trust leaders are unwilling to consider change, it’s likely that their subordinates are also resistant.

 

With the right preparation and tools in place, the journey to digital transformation can be a positive experience for improving NHS IT solutions and can yield impressive results.

 

The healthcare industry can benefit greatly from implementing transformation strategies, so the sooner these can be integrated, the quicker we can see improvements across the board.

 

Find the full article on Building Better Healthcare.

 

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

Happy May Day! We are one-third of the way through the calendar year. Now is a good time to check on your goals for 2019 and adjust your plans as needed.

 

As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy!

 

Departing a US Airport? Your Face Will Be Scanned

My last two trips out of DTW have used this technology. I had initial privacy concerns, but the tech is deployed by Border Patrol, and your data is not shared with the airline. In other words, the onus of passport control at the gate is being removed from the airlines and put into the hands of the people that should be doing the checking.

 

Password "123456" Used by 23.2 Million Users Worldwide

This is why we can’t have nice things.

 

Hacker Finds He Can Remotely Kill Car Engines After Breaking Into GPS Tracking Apps

“…he realized that all customers are given a default password of 123456 when they sign up.”

 

Some internet outages predicted for the coming month as '768k Day' approaches

The outage in 2014 was our wake-up call. If your hardware is old, and you haven’t made the necessary configuration changes, then you deserve what's coming your way.

 

Password1, Password2, Password3 no more: Microsoft drops password expiration rec

Finally, some good news about passwords and security. Microsoft will no longer force users to reset passwords after a certain amount of time.

 

Ethereum bandit makes off with $6.1M after bypassing weak private keys

Weak passwords are deployed by #blockchain developers, further eroding my confidence in this technology and the people building these systems.

 

Many Used Hard Drives Sold on eBay Still Contain Leftover Data

Good reminder to destroy your old hard drives and equipment.

 

By Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering

 

Here’s an interesting article on critical cyber roles within the federal government that require improved IT skills and stronger leadership.

 

The public sector faces an incredible number of cybersecurity threats and given that the government houses some of our most sensitive data, the number of attacks will continue to grow. What’s worse than the number of attacks is that, statistically, about one in three targeted attacks results in a security breach. As these breaches continue to grow more dangerous, it’s critical to identify and recruit the right personnel to ensure a stronger security posture.

 

Meeting that need head on, the Office of Personnel Management (OPM) has put out a call for data to identify the most vital cybersecurity needs across the federal agencies. Beginning in 2019, federal agencies will be required to submit reports annually through 2022. The OPM is asking agencies to:

 

  1. Identify critically needed cybersecurity roles
  2. Determine the root causes of cyber workforce shortages
  3. Develop an action plan to combat those root causes

 

While this is a great step toward stronger agency security, what can federal IT pros do today to help combat increasing threats?

 

Enhancing the Technical Team

According to a recent report by Accenture, government executives are less confident that they are successfully monitoring, identifying, and measuring breaches. In fact, most feel their current federal cybersecurity monitoring efforts are insufficient. In fact, more than half specifically mention cyberthreat analytics as a key cybersecurity gap.

 

Assume an agency already has a solid network and application monitoring platform—one that provides a unified view of all the information throughout the infrastructure. This is the most critical first step.

 

The platform by itself isn’t enough. Understand your inventory (software, hardware, tools, people); understand the data that’s being stored and passing through these systems; and shore up the team tasked with monitoring, analyzing, and acting on the data being provided. Adding more highly-skilled staff or upskilling your current team should be your first priority.

 

It can be imperative to have a security management platform that can detect anomalies or abnormalities as well as the personnel to analyze and understand the implications of the information being provided.

 

Agency Leadership

The second half of the equation for a stronger cybersecurity posture is strong cybersecurity leadership.

 

The adage that the tone of any organization comes from the top is absolutely true in the world of cybersecurity. Sound leadership should espouse good cyberhygiene and help to create a culture of cybersecurity awareness and diligence. Cybersecurity leaders should emphasize accountability and build and support a strategy to make that possible.

 

Conclusion

There are two distinct approaches when considering where your agency can enhance its hiring and personnel support: the highly technical end, where experts can identify and act on anomalies before they become threats, and the managerial end, where leaders can encourage and enable a culture of awareness, diligence, and accountability.

 

Find the full article on Government Technology Insider.

 

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

I hope everyone had a Happy Easter this past weekend. We celebrated in the usual way, with the burning of the Christmas tree and eating our weight in ham.

 

As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy!

 

Mueller report forced Congress to find PCs with disc drives

The Mueller report is a nice reminder for those of us that have tried restoring a system, but can’t find an O/S old enough for the app to run.

 

Delta is reducing how much seats recline to protect your personal space

My biggest complaint about airlines is the “business” seat doesn’t allow you to use your laptop when the person in front of you decides to recline. Here’s hoping Delta sets a new standard for everyone to follow.

 

5-star phonies: Inside the fake Amazon review complex

Fake Amazon reviews are about as surprising as inaccurate Wikipedia articles. But I like this article for their attempt at using data to show the extent of Amazon’s review problem.

 

America’s Great College Boom Is Winding Down

A handful of local schools have closed their doors; one was mid-semester. I suspect the closings are linked to the student loan bubble.

 

A ransomware attack took The Weather Channel off the air

They should film an episode of “It Could Happen Tomorrow” dedicated to malware.

 

Encryption: A cheat sheet

I found this guide to be a helpful overview and thought you may find it useful to share as well. I think it was this sentence: “Encryption won't stop your data from being stolen.” Truth.

 

How to Detect Hidden Surveillance Cameras With Your Phone

As someone that travels frequently, I’ve hit the point where I feel it necessary to scan for hidden cameras in my room.

 

Another Easter tradition for our family meal and yes, those are bacon crumbles:

 

By Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering

 

Here’s an interesting article from my colleague Sascha Giese with some U.K. public sector predictions for 2019. I always like articles like this and I believe that we have a pretty good track record with them.

 

As we delve further into the year, public sector organizations should ensure that they have the systems and support they need to round off FY19 successfully, as well as make sure that they are fully prepared for the new FY20.

 

1. Cloud Adoption Will Keep Rising

 

Public cloud adoption continues to increase. With 61% of central government departments and 30% of NHS trusts now adopting some public cloud solutions, these organizations may be in the midst of migrating applications into the technology stack, both in the cloud and on-premises. With this trend, tools that can help facilitate app migration and detangling should be a focus, to help bring simplicity back to ever more complicated environments.

 

2. DataOps is the Next Big Thing

 

“Data culture” will become increasingly implemented into technology environments, and public sector organizations will become more data-driven and data-first than they have been previously. This shift will also give rise to DataOps. Operations teams should start to adopt a data mindset to discern the type of data that exceeds their own department and can be polished into something that adds value to the organization overall—especially if this can be used to provide better services to citizens.

 

3. Security Should Be Taken Seriously

 

We’ll see the attack vectors facing public sector organizations continue to shift as government cybersecurity systems increasingly become always-on, extending the window of access for would-be attackers. To combat this, we’re already seeing public sector IT teams look into new techniques, such as DevSecOps, to try and outpace the hackers, alongside tried and true ones like penetration testing.

 

Helping make sure every employee is fully aware that they should not click on everything on the internet and is continuously trained on the best ways to reduce risk and prevent vulnerabilities will be invaluable when helping keep organizations secure, regardless of what the next threat might be.

 

4. Automation Will Become Second-nature

 

Despite its transformative potential, automation is still too often perceived as a significant threat to technology professionals’ careers. However, we expect that technology professionals will realize that contrary to widespread “automation anxiety,” they can actually automate themselves into a job rather than out of a job.

 

Cloud-based workloads see a greater number of IT teams become successful at using APIs, GUIs, and command-line interfaces to define not only networks, storage, and services, but also several other processes, such as managing container queues. At the same time, automation technology will deliver significant benefits to those who are focused on the systems side of the house, who must begin to think more in terms of command-line actions and transition to an automation and orchestration-led way of doing things.

 

As U.K. public sector organizations continue to work under increasing pressure, implementing a range of supporting technologies can assist in the day-to-day running of their departments. And as technology professionals start off another year, having some or all of the above technologies in place could help make this process much simpler, and set them up well for the future.

 

Find the full article on Open Access Government.

 

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

Back from Copenhagen and back writing the Actuator after Suzanne’s takeover last week. Thanks to everyone for their supporting comments, both public and private. I’ve got more travel coming up, so maybe we will have more takeovers. Stay tuned.

 

As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy!

 

Tesla boom lifts Norway's electric car sales to record market share

One thing I noticed last week in Copenhagen was the quiet. Electric cars do more than cut down on fossil fuels; they also reduce noise pollution.

 

Amazon wants to launch 3,236 satellites so it can rain down internet from space

Pretty ambitious project for an online bookstore.

 

Yahoo tries again to settle lawsuit over massive data breach. This time it offers $118 million

This works out to about 4 cents per breached account. Sorry, not sorry, that’s the message being sent here.

 

Walmart says its new robots will make human employees happier

Looking forward to a kid hacking the robots and rolling back prices.

 

Internet Explorer security flaw allows hackers to steal files

The old “file association” trick that has been used for various exploits over the past 20 years. Microsoft doesn’t think this is critical, but you might want to push an update to your devices that removes the default association for now.

 

540 million Facebook records left exposed due to sloppy third-party developer security

I am really starting to believe that Facebook might not be good at security.

 

Facebook spent $22.6m to keep Mark Zuckerberg safe last year

Well, Facebook can secure and protect the privacy of at least one person. That’s a start, I guess.

 

One of many beautiful views from walking around Copenhagen last week. This is Nyhavn, a fancy word for "New Haven":

 

By Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering

 

Here’s an interesting article on hybrid IT and how to maintain visibility to performance. We’re also discussing leveraging automation to respond to threats.

 

Choosing which providers to use—let alone whether to choose a public or private cloud approach in the first place—can be paralyzing and confusing. In fact, 65% of respondents to the 2017 SolarWinds IT Trends Report stated that their agencies use up to three cloud providers.

 

Many agencies have embraced a hybrid IT model. Yes, they still have to choose which cloud providers to use and which applications to move offsite. Effectively overseeing a hybrid IT environment poses significant challenges, particularly regarding monitoring and security.

 

Expand the Visibility Horizon

 

IT managers may be accustomed to having unfettered authority over all aspects of their networks, but a hybrid IT environment often requires sharing those duties with cloud providers.

 

Plus, as packets pass between private and public clouds (and vice versa), there may be blind spots where administrators lose track of those packets. That can be nerve-wracking for security-conscious network administrators.

 

While many administrators have become highly adept at monitoring what is happening within their networks, a hybrid approach can require that they expand their horizons to see what is taking place beyond their own borders. What’s occurring with their information as it moves on-premises, in the cloud, and in between?

 

Automate and Virtualize Security to Proactively Respond to Threats

 

Being able to enforce security policies and ensure compliance across hybrid IT networks is another top security challenge. Agencies must ensure that their security protocols are being enforced across their networks and that data moving between private and public clouds is protected under those blanket policies. Policies must be automatically enforced as incidents arise, and administrators must be confident that any policies they make in-house are updated, applied, and enforced across the entire spectrum of their hybrid IT networks.

 

Employing automation to immediately address and remediate potential threats is also important. Hybrid IT networks can potentially include hundreds of applications. Automated monitoring and response can help identify and mitigate issues in minutes, rather than hours or days, minimizing risk and greatly reducing system downtime.

 

Agencies should also consider replacing legacy hardware systems, including firewalls, with next-generation virtualization solutions. Virtual firewalls can be far more scalable than traditional hardware and can be automatically deployed and configured. They can also help improve security responses and threat mitigation across the entire hybrid network. These updates be done in a piecemeal fashion, making it easier—and more budget-friendly—to manage the progression from legacy solutions to network modernization.

 

Although adopting a hybrid IT approach relieves administrators from having to choose between private or public clouds, an abundance of decisions remain. Administrators must commit to their cloud providers and decide which applications to keep on-premises, for example.

 

Fortunately, those choices don’t have to come at the expense of end-to-end network management and security for government agencies. Both of those can be well within reach, even in a hybrid IT world.

 

Find the full article on Government Computer News.

 

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

Hi there! While Tom is delivering a presentation for the Intelligent Cloud Summit here in Copenhagen, I've decided to get started on the Actuator for this week to free up his time for sightseeing later. My name is Suzanne--the other half of team LaRock-Larocque. The name thing is a long story. I'll save it for another time.

 

I'm not sure how Tom usually does things here, so bear with me. I'm sure he'll decide to scrap this whole thing anyway.

 

Lately, I've been really interested in sustainable architecture and design. I think it all started when I ordered a Dwell magazine subscription for a school fundraiser. Ever since, I've become more interested in the idea of building a Passivhaus of our own. And since we're in Copenhagen, it's the perfect time to learn about the building practices they're putting into effect here. Copenhagen has a goal to be the world's first carbon-neutral city by 2025. I was in NYC a couple weeks ago, and I know it's a much larger city, but it's noticeably more quiet here. Maybe it's the electric buses. Whatever they've put into place so far, it's working!

 

I love daydreaming about the type of house I would build. And in terms of design, my "Dream Spaces" Pinterest board is filled with all sorts of architectural styles. It's like I'm trying to channel my inner Chip and Joanna or Shea McGee. Speaking of Chip and Joanna--it's amusing how everyone who has had their home renovated by Fixer Upper just ends up putting it up on Airbnb. Apparently the "Fixer Upper effect" is alive and well in Waco, TX, and turns out to be a great investment.

 

Not sure about you, but our family is very excited for Avengers: Endgame. The Marvel movies came at just the right time for our kids. Watching them together as a family has been a great experience. But why is no one talking about Outlander getting picked up for its 5th and 6th seasons? I mean, let's be honest, Claire is a superhero. She travels through time, has executed more than one prison rescue, performs surgery in 18th Century conditions, and committed murder--but only when justified.

 

So far, I'm really enjoying Copenhagen. It's very walkable and has all the charm that a European city should. And evidence of hygge is everywhere--the blankets that are provided in outdoor café seating, the candles, and fireplaces. But more so, it's how laid back everyone seems to be here.

 

Tom is just about done with his talk so I'm going to wrap this up. We've got more hygge to experience! Suzanne out.

 

And now, there is one left standing alone having vanquished foe after foe after foe after foe after foe after foe. (Six match-ups in all)

 

In a battle of questionable skills and worthless superpowers, there was one gift that the community found more valuable than others, more useful than not.

 

An underdog of 140-character proportion capable of understanding before a word has been uttered.

 

Our Superhero of Uselessness, our Champion of Mediocrity…

 

TWEETZ!

 

From the moment TWEETZ entered the ring, we were enthralled with the idea of reading 140-characters of anyone’s thoughts. We believe that TWEETZ is the best of the worst, the most helpful of the least useful…

 

TWEETZ, today we celebrate you.

 

(If GIFTZ had won, we would have been able to bestow TWEETZ on everyone, but alas… the spoils of the bracket battle)

 

Thanks to all who voted and debated this year’s battle. What are your suggestions for year 8?

By Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering

 

Here’s an interesting article from my colleague Sascha Giese on how tech inventions from the public sector can be used to better the world. This has been true for years and remains true today.

 

According to a recent policy paper published by the U.K.’s Government Digital Service, “Technology innovation is vital for the public sector.” Having the latest artificial intelligence (AI) or cloud abilities can make a huge difference to the type and quality of work able to be produced by organizations such as the NHS and central government, including the potential to truly save lives.

 

There are already ways in which these technologies are being used in the public sector.

 

AI

 

One example of where AI is being implemented to benefit the public sector is in cancer screening. Researchers have developed a device that can use light to detect tiny electromagnetic changes present in tissue when cancer cells develop. This means patients don’t need to experience high levels of radiation when being diagnosed.

 

Cloud Computing

 

Government cloud solutions could benefit a range of organizations by providing flexible and cost-effective services and increasing the ability for collaboration between departments and organizations, leading to better services for the public. It also provides an essential foundation for adopting other technologies, such as AI and big data analytics, which are also in demand.

 

Big Data Analytics

 

Predictive crime-mapping is a big data technique beginning to be implemented by some police forces in the U.K. By using previous crime statistics, police officers can estimate the likelihood of a crime occurring in a given location at various times.

 

How to Turn Transformative Tech Into Typical

 

As these examples show, a range of technologies currently available can benefit society as a whole if they could all be implemented more widely in the public sector. These innovative technologies can not only save lives, but they can also help save money. The cost savings can be reinvested in other under-funded areas of the public sector, and they will increase efficiency and productivity, as employees save time on the tasks that these technologies are taking on.

 

However, more foundational work needs to be done to successfully integrate these exceptions into becoming the norm, not the exception. Taking the examples above. For the new AI device used for cancer screening to be rolled out across every hospital, the NHS would require increased investment in new skills for its employees to help them understand how AI can be used to the best of its abilities. And while the Cloud First policy is making great waves in central government, adoption is still not widespread, as many institutions still do not see the overall benefit. For the police, predictive crime mapping is only being used in Manchester and Kent, but the value that this technique could have if carried out in every U.K. police force would be immense. However, it would require more network coordination and insight sharing to become a reality.

 

It is clear there are challenges facing these organizations that are slowing down the integration process. But what are these, and how can they be overcome?

 

Understanding the Benefits

 

Despite the improvements that employees working directly with these transformative technologies are undoubtedly seeing, there can be a lack of understanding at a senior level around how investing in tech now will pay off in the long term. The senior staff responsible for determining new investments may benefit from considering the different developments that are being made, along with taking a step-by-step approach to implementation to ensure that the technology is being deployed in a way that creates the greatest good for the general public.

 

Employee Training

 

Across the public sector, there will be a need for increased training for employees to enable them to work with any innovative technologies before they can be introduced. While systems such as AI can take on many tasks themselves, it’s important to not forget the need for employees to monitor and manage these to receive the best results, as most AI still needs to be supervised.

 

Supporting Infrastructure

 

Having the right infrastructure in place is one of the most crucial aspects of tech integration. For an organization like the NHS, for example, being on a predominantly paper-based system means that some newer technologies would be more challenging to adopt, as the technology foundations should be in place before more varied systems are added. Ensuring aspects like the security, longevity, and manageability of a system from the design phase onwards will be critical to ensure that new technologies are deployed effectively and achieving the desired return on investment.

 

At the same time, these types of management tools will help overcome many of the early concerns that public sector leaders have about new initiatives, such as the ability to demonstrate value, or ensuring security and managing risk. As a result, choosing and deploying these types of tools should go hand-in-hand with new technology deployments to ensure that the public sector is achieving the greatest possible results.

 

Find the full article on IT Pro Portal.

 

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.