Women In Tech 2019

Every year at the International Women’s Day, Women In Tech is coming to Stockholm. At the event, you get to listen to some of the world’s most talented women discussing their success stories in business, technology and digital transformation. Basefarm attended the event to hear about the latest trends in the tech industry and what buzzwords to look out for during 2019. Here are the most important takeaways:

1. What are the key trends in the tech industry?

Big Data and digital privacy – One word that many of the speakers highlighted, that can be applied to all industries, was digital privacy. Consumers are becoming more aware of their digital footprint and the way companies use data, meaning that they are more careful than ever. But instead of letting this turn towards you and your company, you can create trust with your Big Data. Be transparent, store your data in a secure way and let the customers know why you are collecting their data and what they will get back from it. This will generate a win-win situation and create a better user experience.

Here is a blog post where you can read more about data privacy, GDPR and how to create customer trust trough data – Tick the box on gdpr or go above and beyond?

2. What was everyone talking about at the event? (what were the buzzwords)?

Using Artificial Intelligence (AI) and machine learning in a smart way – Many of the speakers talked about Artificial Intelligence (AI) and its wide opportunity. As you may know, AI is not a new phenomenon. It has actually been around for several years. However, there has been a rising trend for companies to implement Artificial Intelligence and Machine Learning in their digital strategy for the last couple of years. And now when the hype is over, companies need to start using it in a smart way to exploit its full potential.

If you want to learn more about AI you can read our blog post “3rd wave AI tools evolve for solving real world problems” HERE 

Other buzzwords worth mentioning are VR and how it can change the world, the opportunity in CivTech and technology’s impact on the climate.

3. Tell us something you learned at the event? (three key findings?)

• Think outside the box when it comes to digital transformation and technology.
• The importance of having a diverse team to understand the problem from different angles. Use help from experts if needed.
• Always stay updated, things are moving fast in the digital world.

 

Author: Linnea Jonsson, Marketing Assistans, Basefarm

Linnea is a part of Basefarm’s marketing team. She has a passion for the digital world with the mission to help more companies understand the importance of digital transformation and how it can create new opportunities for an organisation.

8 security trends 2019

True to tradition, Basefarm’s Head of Security Operation has looked deep into his crystal ball to see what the new year holds. Here are 8 security trends to look out for in 2019.

1. Workforce gap necessitates different solutions

According to the (ISC)2 organisation, we have a shortage of three million cybersecurity professionals. Without the shortfall, the organisation’s 138,000 membership would be even larger. Europe alone has a workforce gap of 147,000. The shortfall calls for a different approach to meeting security needs, for example, through competence-sharing with other enterprises or security operations centres (SOC).

2. DDoS attacks are becoming less common but more powerful

Distributed Denial of Service (DDoS) attacks is a major worry. Initially, this type of attack was designed to sabotage, but the aim nowadays is often to steal important data and then blackmail the victims. The trend among perpetrators is not to spread their efforts widely, but rather to focus the attacks more aggressively.

3. Cryptojacking less risky for the attackers than DDoS

The downside for the bad guys of DDoS and many other cyberattacks is the risk of discovery. For this reason, many are turning to cryptojacking instead. Cryptojacking involves infiltrating a large number of computers in order to “mine” cryptocurrency. It is a quick way for cybercriminals to earn money, by getting thousands of computers to work for them for free. There’s no obvious damage done and many people are scarcely aware of the extra processing power and electricity used. If the victims discover the intrusion, they will often just be content to block access.

4. IoT made for trouble

The security issues linked to IoT are not new, but the trend is from bad to worse. This is caused, in simple terms, by a steep rise in sales of IoT gizmos. Not only are unit sales increasing, but more manufacturers are also trying to join in the fun. Not all of them take security as seriously as the established big brands. The key concerns here are configuration errors, default passwords and a lack of upgrade options.

5. And you thought GDPR was strict? Now NIS is on the way

GDPR sets a deadline to notify impacted individuals of 72 hours from detection of a data breach. Looking the other way and detecting nothing is not a solution. Businesses therefore need to monitor infrastructure and logs using an in-house or external SIRT (Security Incident Response Team). In certain sectors, breach reporting needs to be done within 24 hours. Key aspects of the NIS Directive apply from November 2018. A lot of businesses will need to get their heads round this.

6. Safer in an unlit back alley than online

According to the UK’s Office for National Statistics, you are 30 times more likely to be robbed online than in ‘real’ life. With people’s purses and wallets containing little more than easily blocked credit cards, street robbery is going out of fashion. Money is moving over to cyberspace, with the thieves hot on its tail.

7. Decryption is sneaking up from down under

The Australian Anti-Encryption Bill was passed on 6 December 2018 and comes into force early in 2019. Under the legislation, the law enforcement authorities can oblige the tech giants like Google, Facebook, WhatsApp, Amazon and Microsoft to grant them access to encrypted data. The measures include removing electronic protection, installing existing decryption software and developing new software. Serious financial penalties await non-compliant companies

8. IT pros and the white hats strike back

Some of the largest and best-known cyberhacks have been down to sloppy IT practices. The black hat hackers are becoming more sophisticated, but so too are the white hat hackers and other infosec professionals aswell/too. Measures that go a long way to protect enterprises include scanning applications and fixing detected vulnerabilities, two-factor/multifactor authentication, more user names and long passwords, patching/installation of security updates and controlling user curiosity about funny-looking emails.

SEE ALSO: Star Wars – good versus evil – white hats against black hats.

Author: Fredrik Svantes, Senior Information Security Manager, Basefarm

Fredrik Svantes is the Head of the Basefarm Security Operations department and has also lead the Basefarm Security Incident Response Team for the past seven years. Previously he has worked for companies such as Blizzard Entertainment, doing detective work on logs for massive online platforms running games such as World of Warcraft. Blog: http://bfblogg.wpengine.com . Twitter: @fredriksvantes .

Talking about technology trends

Earlier this summer our Chief Business Development Officer and VP in Sweden, Stefan Månsby, were representing Basefarm in an expert panel, talking about trends in the technology magazine IDG. We thought that you who like technology trends would be interested in reading about what we think about the trends. Below you can see Stefan Månsby’s answers from the magazine.

 shutterstock_70993957

Question1:
Is it reasonable to invest in creating a hosting solution with configuration tools, monitoring, security and other things that comprises the employees own client devices that they bring to work? How flexible should you be when it comes to choice of client devices? Is it best to create a list over a few approved devices or try to handle all of them?

SM: It’s always more effective to let employees work with the tools that they already use or are familiar with. Treat all clients as they were in an open network with as many foreign computers as familiar computers. Then let the systems they work with, qualify if the client should have access or not.

Question 2:
Many vendors, such as HP, is trying to create a toolkit to handle all IT for companies. This solution often means that you are forced to have two solutions because it’s hard to remove older tools. Will it be possible to run entirely with modern solutions in three years, or will we be forced to continue using older tools in parallel?

SM: The important thing is to remember that you first of all create a decommissioning plan for the old tools, and then create a plan for the new tools that are in line with the decommissioning plan. In this way, you avoid to duplicate tools. It’s important that you work with follow-up of the outcome.

Question 3:
How far have Swedish companies come in integrate local recourses with cloud resources in their hosting solutions? Is it a realistic goal to try and do it?

SM: The Swedish companies haven’t gone far in this area. The small percentage that using cloud, use it for e-mail or CRM, which usually isn’t integrated with any internal system. Today, there is too little expertise within cloud integration among Swedish consultants and integrators.

Question 4:
The SOA (Service-oriented architecture) thinking is not that hot anymore, but many companies have actually implemented this type of strategies. Are there any general hosting solutions to manage the services that are created or are proprietary solutions required?

SM: I can’t agree that SOA isn’t still a hot subject. It’s only smaller projects and companies that have started to realize that it’s not profitable to add extra work for SOA. The hosting solution for a SOA or non-SOA architecture have in principle the same set of requirements and needs.

Övervinn e-poststressen

Under min tid på Ericsson höll jag ett antal presentationer i ämnet “E-mail, stress och hur man kan hantera hundratals nya mail om dagen”, och implementerade själv en metod som jag gillade. Jag har normalt en helt tom inbox här på Basefarm. (Och nej, det räknas inte att gömma alla nya mail i en separat mapp!)

Metoden som jag använder är The Four D’s. (Se t.ex. en mycket bra artikel här: http://www.microsoft.com/atwork/productivity/email.aspx#fbid=Fpj5lWnkRNt. En annan artikel om samma ämne.)

Den går ut på att man går igenom inboxen, uppifrån och ner, och ställer nedanstående frågor för vart och ett av mailen:

  1. Delete it
    Innehåller mailet info du kommer behöva inom 6 månader? Kan du hitta informationen någon annan stans? Om ej, ta bort det! Innehåller det viktig eller användbar info kan man i stället arkivera det.
  2. Do it
    Går det att utföra på mindre än 2 minuter? Gör det direkt. (Ta sen bort det!)
  3. Delegate it
    Om det inte går att utföra på 2 minuter, går det att delegera till någon? (Ta bort det ur inboxen efter du skickat det. En fiffig funktion som finns i Outlook är att sätta follow-up-flaggan vilken hjälper dig att hålla koll. Mailet finns kvar i “Skickat”-mappen)
  4. Defer it
    Sätt upp det på en att-göra-lista, eller flagga det med follow-up och lägg det i en “Deferred”-mapp

Enligt Microsoft kan (enligt länken i artikeln ovan)
50% av alla mail kan raderas eller arkiveras
30% av alla mail kan delegeras eller hanteras inom två minuter
20% kan sättas till att-göra-listan eller kalendern

Jag en stor fan av att sätta upp regler för automatisk taggning av de mail som kommer in. Förr var det inne att sortera in alla mail i mappar, men den senaste trenden är att tagga alla mail med kategorier och behålla dem i inkorgen, så de är enkelt sökbara, och bara hantera olästa mail. Är ett mail läst skall det ha hanterats och kan glömmas bort. Du kan således byta ut “ta bort” mot “markera som läst” i stegen ovan om du vill vara trendig.

Man kan också använda regler för att färglägga mailen för att få en enkel överblick, t.ex. brukar jag göra så här: mail där jag bara är kopierad visas i grått, mail från chefen blir röda, gruppmail är gröna, privata mail blir blå, och övriga svarta.

Ett sista tips – jag ser till att aldrig radera eller rensa min Skickat-mapp. På så vis kan jag alltid ha spårbarhet på alla mail jag hanterat.

Lycka till!

UPnP Vulnerability

On Tuesday, computer security firm Rapid 7 released information that they found approximately 23 million products connected to the Internet that are susceptible to being completely taken over by anyone with bad willed intent, and another 40 million can be shut down remotely by someone who wants to. The vulnerability affects 1500 vendors (including vendors such as Linksys, D-Link and Netgear) and almost 7000 products (ranging from routers, TVs, Media Devices etc). So, if you are for example running a Linksys WRT610N router at home that you use when connecting to the VPN at the office, then someone could potentially access this router and set up a man-in-the-middle attack in order to get your credentials or whatever they want to do. Due to the amount of devices affected, it’s suggested by the vendors that you simply disable UPnP in your router or other devices unless you explicitly need it. You can find information on how to do this on the page of your vendor.

Rapid7-Chart-on-UPnP
Chart courtesy of Rapid7

More information:
http://www.kb.cert.org/vuls/id/922681
http://www.wired.com/threatlevel/2013/01/plug-n-play-security-flaws/
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

Windows Server 2012 is coming!

A week from today Microsoft releases Windows Server 2012. For ordinary computer users this release may not mean a lot, but for us working with running large server systems it will be a game changer.

Fundamental parts of the Windows Server operating system have been changed. Some changes are visible such as the lack of a graphical user interface on a standard server. Other changes are less visible; new storage options, filesystems etc.

A very big change for operations is that PowerShell really have moved into the core of managing Windows. This will allow us to automate more than before, with ease!

I won’t go into all the details here but if you want to be part of the launch event for Windows Server 2012, setup a reminder here.

Alltid kul med nytänkande

Med referens till artikeln i IDG http://www.idg.se/2.1085/1.403348/serverrack-ska-radda-jatte-i-kris .

Nöden är väl ändå uppfinningens moder? Trots alla stora och återkommande framsteg som skett genom åren på prestandasidan i form av minne, cpu och format, har väldigt lite hänt på själva plattformssidan. En server anno 2001 är väldigt lik en server idag. Administration och automation av infrastruktur har alltid varit något av en efterkonstruktion vid framtagandet av t.ex. serverprodukter och vi som arbetar med just automation och drift vill gärna uppmuntra fler leverantörer att följa Ciscos exempel.

Att göra en server tillgänglig för produktion innefattar många fler steg än att bara montera servern i racket och sedan slå på strömbrytaren, snarare handlar det om ett 50-tal moment som ska utföras och testas innan man ger tummen upp för produktion. Verktyg som underlättar för oss att kunna systematiskt integrera dom i våra befintliga system och arbetsflöden för att sedan bara kunna klicka på “Kör” stärker både kvaliteten och flexibiliteten för våra kunder.

För att gå tillbaka till framtiden, så vill jag tro att många av oss går och väntar på äkta multitenancy även på hårdvarusidan, där vi kan avbrottsfritt tillföra eller frigöra maskinkraft på låg nivå, men för att då oundvikligen snegla mot stordatorvärlden, så förutsätts då att både hårdvara, OS och applikationer är framtagna och underhålls i harmoni. Och, den moderna termen för detta är väl ändå Platform as A Service (PaaS) och vi får hoppas på att utvecklare hoppar på tåget och går i den riktningen. Än så länge är adaptionen av PaaS väldigt låg för nya produkter och tjänster på nätet och man fastnar i labb-stadiet.

Så, för att återgå i ämnet, är UCS då räddningen för Ciscos framtid? Vem vet, när fler operatörer börjar bygga PaaS plattformar så är Cisco UCS en tilltalande infrastruktur att bygga den kring. Kommer UCS produkten tilltala IT-chefen som köper en server i månaden och har inga automatiserade arbetsflöden eller ambitioner, förmodligen inte. 🙂

/Stefan Månsby