Category Archives: Big Data

Enforcing Governmental Decryption

Enforcing Governmental Decryption

Governmental Decryption

Recent U.S. bills proposed in California and New York aim to implement a controversial governmental backdoor into mobile devices. The issue concerns forcing manufacturers to provide a mechanism for decrypting any device’s content, without the consent or presence of the owner of the device. But the police already have the right to take your phone and use it against you in the court of law. What good does it do for the manufacturers to be required to decrypt any encrypted content?

DataLock-cloudtweaks-comic

Backdoors for tyrannies

The fundamental argument against the governmental backdoor is that any backdoor will inevitably be exploited by other actors. To comply with the law, manufacturers and vendors create a technical means that can be exploited by anyone as an attack vector. Certainly that is one of the reasons for requiring a backdoor, as the usage pattern scenarios can be expanded rapidly from California and New York. Why would national security intelligence operators want to stay limited to these states? Instead, what they are aiming for is global coverage.

Indeed, the relevant mobile operating system providers are global, and implementing a backdoor will implement it globally, not just in one jurisdiction. The controversial bills include a financial instrument to enforce compliance from the operating system and device vendors—a $2500-per-device fine for any device sold in these areas that doesn’t comply. Surely any mobile device vendor will be more than happy to comply rather than let itself be driven bankrupt.

Good deeds uncovered

While the motivation for the governmental access has largely been justified by referring to petty crime and fighting terrorism, one can perhaps assume that the there is more to the story than just breaking up the encryption of a local drug dealer or global lone wolf. After all, the heaviest users of encryption are intelligence agencies, militaries, and corporations. Surely none of those would want their phone manufacturers to leave any kind of backdoor, even when a local cop had been issued with a search warrant.

mitigation-security

Given that law enforcement agencies around the world have invested hugely in targeted spyware, most of them are already able to intrude on and invade any device they want to. Whatever encryption is in place, they can circumnavigate it by gaining access to the user device before any encryption happens, e.g. by mirroring the screen for remote inspection and often as not permanent storage.

Hence, the question should be more about whether or not governmental access should be institutionalized. It is currently happening, but do we want to increase its use further? And indeed, do we want to throw more oil on the fire of the struggles between historic nation-states, and within the circles of privatized global security providers?

By Kristo Helasvuo

5 Exciting Startups From The Netherlands

5 Exciting Startups From The Netherlands

Promising Netherland Startups

The Netherlands, considered one of the most prominent startup arenas in Europe, provides an environment focused on strong education coupled with a formidable tech infrastructure, and both encourages and rewards entrepreneurs. Though the Dutch government recognizes the limits of their small country, it urges startups to dream big, develop their businesses in the U.S., and finally spread back through Europe. Says Neelie Kroes, special envoy for Dutch startups, “For quite some time we’ve had an open and very transparent attitude, being Dutch, because we are a tiny country.” This approach may encourage local startups to flee the Netherlands, but also instills a sense of loyalty in these aspiring entrepreneurs, as evidenced by Founded In Holland, a portal promoting innovative startups that are proud of their Dutch roots.

amsterdam
(Image Source: T.W. van Urk / Shutterstock)

5 Exciting Startups from the Netherlands

AppSignal

First on the list, AppSignal’s monitoring software helps users improve their own software and ensure customer satisfaction. This solution catches errors, enabling developers to fumigate bugs, monitors performance for detailed lag investigation, and tracks performance issues and queue times for Resque, Sidekiq, and Delayed Job. AppSignal monitors Ruby on Rails, Sinatra, Grape, and Rack, and further provides the option to create your own integration.

bunq

Resocializing money,” bunq promises that tech offers the solution to bad loans, empowering users to focus on what they do with their money. They believe that profiting on interest is ethically wrong, and ensure that all money is securely stored at the Central Bank. Their app lets users easily split restaurant bills with friends, link cards to team accounts when necessary, and all the app services are provided entirely free of charge.

Datatrics

The “affordable Data Nerd” that is Datatrics works around the clock to help organizations understand their customers, perform key actions immediately, and be more relevant. With detailed Next Best Actions, users need never miss a marketing opportunity, and the automatic personalized content ensures company relevance. Amplifying data with predictive properties, customer communication is improved and expanded.

Floown

Early access sign up is now open for this new social productivity tool. With tech and automation leaving user free to focus on less mundane tasks, get creative, and enjoy more private time, the Floown platform takes control of scheduling by sharing and synchronizing a user’s on and off hours with connected organizations. Instantly presenting a real-time overview of available connections, Floown makes scheduling a breeze.

Go Weekly

Transforming trends and ideas into tangible product concepts, this startup helps companies “innovate smarter”. The Go Weekly tool enables users to take advantage of promising ideas immediately, ensuring the necessary knowledge is acquired, and vital goals are set, before important branding and sharing go ahead. Says Alberto Savola, “Make sure – as quickly and as cheaply as you can – that you are building the right it before you build it right.

By Jennifer Klostermann

A New CCTV Nightmare: Botnets And DDoS attacks

A New CCTV Nightmare: Botnets And DDoS attacks

Botnets and DDoS Attacks

There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t Tase Me, Bro, esteemed internet celebrity.

However, if you think viral infamy is your worst-case scenario when it comes to CCTV, think again. Keep reading to find out why CCTV cameras and other internet-connected items are open to being hijacked by hackers looking to do DDoS damage, and about the bizarre case of the CCTV botnet located at a mall five minutes from a professional DDoS mitigation service.

The internet of issues with the Internet of Things

CCTV cameras belong to the Internet of Things (IOT), a grouping of, well, things that are linked through both wired and wireless networks, often using the same internet protocol as the internet. They’re embedded with network connectivity, electronics, sensors and software that allow them to collect data and exchange data. Pacemakers, smart thermostats and microchips in animals are all examples of the items that make up the Internet of Things.

bot-net
The Internet of Things is actually very cool. It minimizes the gap between the physical world and computer-based systems. It’s what allows you to turn on your smart washing machine from the office, or lock your front door from the train. Here’s the issue with the Internet of Things, though. Your laptop is connected to the internet, so you’ve secured it. Same for your phone, tablet, probably your router, and any other number of internet-connected devices you use on a daily basis. You wouldn’t leave those open to exploitation, allowing just anyone to hijack and control them.

The Internet of Things is designed to be remotely controlled across network infrastructure. Read that again. These items are designed to be remotely controlled. And yet, how many of those cow microchips do you think are secured? How many smart TVs? How many of the 245 million surveillance cameras that are installed worldwide? (And that’s only counting the professionally installed surveillance cameras. Imagine how many do-it-yourself cameras are out there with even less security.)

Hijacking horror stories

You’ve probably already read about the downside of the Internet of Things, you just may not have realized it. One of the most high-profile instances of this is the recent stories about baby monitors being hacked, with grown men screaming at babies in the dead of the night.

cloud-security-attacks-vendors

(Image Source: Shutterstock)

As you can imagine, the potential for foul play with the Internet of Things is extensive. This is what’s led to the creation of CCTV botnets, which have been behind a number of DDoS attacks. By gaining control of internet-connected devices, attackers are able to direct those resources at a target website or other internet service, overwhelming it with malicious traffic and either driving it offline, or slowing it down enough to be unusable for legitimate users.

The consequences of a DDoS attack are many and dire. Not only will a website that’s not working drive users away and erode consumer trust, but a DDoS attack can also cause hardware damage, software damage, and can act as a smokescreen while attackers steal intellectual property, customer information, and financial data. And in terms of dollars and cents, an unmitigated DDoS attack can cost an organization a staggering $40,000 per hour.

From a virtual battlefield to a physical one

CCTV botnets weren’t anything new to professional DDoS mitigation providers Imperva Incapsula. In fact, they first publicly warned about them in March of 2014 when a steep increase in botnet activity largely traced back to CCTV cameras.

However, it was a slightly different ballgame when Imperva Incapsula began to mitigate repeated HTTP flood attacks on one of their clients. The DDoS attack itself was nothing special – peaking at 20,000 requests per second, no big deal for professional DDoS mitigation – however when Imperva Incapsula began looking through the attacking IPs, they discovered something curious. Some of the botnet devices were located right near their office.

Bot-CCTV

Geo-location of CCTV Botnet devices (Source: Imperva Incapsula)

Further detective work revealed that the botnet devices in question were CCTV cameras that were accessible to attackers through the devices’ default login credentials. Imperva Incapsula employees took a look through the camera lens and recognized a mall not five minutes from their offices. In a stark departure from a normal day spent fighting the evils of the internet, employees were able to head over to the mall and explain to the camera owners in-person what had happened, why it happened, and help them clean the malware from their cameras.

Lessons that need to be learned

What you need to learn from these Internet of Things incidents is two-fold. Firstly, if you have internet-connected devices like smart TVs, washing machines, thermostats, precision farming equipment, anything, they need to be secured. Even if you for some reason did not care if your devices were being used in a botnet to carry out DDoS attacks, rest assured that if attackers can hijack your devices for DDoS attacks, they can take control of them for other reasons. This is an especially frightening thought when it comes to nanny cams and other monitoring devices in your home.

The second lesson that needs to be learned in all of this is for website owners. The Internet of Things is already massive and it’s estimated by Gartner that by the year 2020, it will be comprised of over 25 billion devices. That is billions of devices that could potentially be used in DDoS attacks against websites just like yours.

Professional DDoS protection is already a necessity, and it’s only going to continue to become a bigger necessity. Professional DDoS mitigation services may not be able to protect you from the prying eyes of a CCTV camera during your most embarrassing moments, but they can protect your website, your users, your equipment, your intellectual property, and your finances from CCTV and other Internet of Things botnets.

By Naomi Webb

Hybridization: The Executive Roundtable

Hybridization: The Executive Roundtable

Hybridization

When discussing migration to the cloud, the use of hybrid cloud and all other cloud-related issues, people generally place the focus on the technology itself. What sometimes gets overlooked is the group of individuals who are — or at least, should be — responsible for the precise and successful integration of cloud into a company’s lifecycle. Many people should be sitting at the table for this discussion.

shutterstock_338267159

Because the cloud is largely an IT issue, many companies like to defer the entire package to the IT department. But the IT people should not be the only ones involved. Cloud is just too big, and too all-encompassing, for any one group to shoulder the responsibility. Most IT managers would readily agree to this.

Roundtable Specialists

To this end, an organization should consider a roundtable of specialists, carefully chosen and capable of contributing their particular expertise to the ongoing policy of cloud integration. Ideally, this group should consist of the following, listed in no particular order:

A project manager. A qualified individual who can create and update a project plan and timeline, and make it available to the entire team. A project such as cloud migration requires competent and professional oversight.

People who understand the terminology. There is a great deal of new and sometimes confusing terminology that can offset, delay or just obscure the migration project. This individual must be capable of clearly understanding and translating cloud terminology to the rest of the group, using strategic language.

A person or people capable of identifying, researching and interviewing trustworthy cloud service providers, and creating and maintaining an updatable database of existing suppliers.

People who have a direct connection to the end user, both internal and external. If cloud-based technologies result in a change in performance or usability, then the team needs individuals who can oversee and guide this transition, and most importantly who can listen to the end users.

shadow-IT-cloud

(Image Source: Shutterstock)

A coordinator of shadow IT. Given that most IT departments are already very busy, a shadow IT department, or project-specific group, may be required. Such a team must integrate with the existing IT matrix to ensure clear communication and collaboration, and to balance loads as needed.

A cloud security specialist. Cloud security is a slightly different animal from regular IT security. Cloud security professionals work in conjunction with internal IT security, but are becoming more specialized and certified, in order to deal with the ever-increasing number of threats. This type of specialist could be an external vendor or an internal employee.

A cloud backup/transition specialist. Numerous experts in the cloud field recommend that migrations happen over a series of steps, rather than a general move, and that there always be an “Undo” option that allows quick backtracking to a previously saved state, should something go awry.

A real-time metrics analyst. In the age of cloud, real-time data is king. Cloud-based applications – from customer-facing commerce through to back-end administration – need to be carefully monitored, using the easily available data that digital technology provides.

A specialist in comparative intelligence. Cloud and its related online digital technologies change very quickly. The competitive, global economy allows for new companies to enter the race, sometimes offering a better, more sophisticated approach to sales, fulfilment and every other element of commerce. An individual tasked with the role of constantly observing the competition in the field is essential.

An HR or training specialist. New technologies bring change into an organization. Employees do not always welcome change. In some cases, they will resist and even try to sabotage new techniques that cause fear and insecurity. The specialist from HR or corporate training is an essential player at the table to ensure that new developments are introduced and massaged into the organizational culture, comfortably and proactively.

A neutral mentor. Mentors are an important component of individual professional success, and they should also be part of a company’s ongoing life. A neutral guide sitting at the table can provide wisdom, experience and advice, while not holding a vested interest.

Cloud-savvy legal advice. The global nature of cloud serves up a large palette of legal issues, ranging from compliance to content, and demands up-to-date awareness and guidance.

This makes for a very large table indeed. It is not necessary for these and other members of management to physically sit at an actual table, but it does require ongoing and regular communication even if done virtually. A large team is still manageable, especially when each individual has their specific, clearly defined role. This will allow for the clarification of some obvious but often overlooked must-haves, such as the organization’s mandate of what “cloud” actually means.

With so much of a company’s life force moving to the cloud, this small, coordinated army of specialists is critical in advising senior management in every area of cloud strategy.

For more on this topic, go to http://businessvalueexchange.com, sponsored by Hewlett Packard Enterprise.

By Steve Prentice

Warm Data – Looking Beyond The 1s And 0s Of Big Data

Warm Data – Looking Beyond The 1s And 0s Of Big Data

Properly Utilizing Big Data

Big Data has moved from fad to trend to elemental in a very short space of time and organizations large and small are ensuring they’re gathering and analyzing every byte to the best of their ability. However, as suggested by Satyen Sangani, CEO of Alation, companies need to be careful not to lose their customer in an avalanche of 1s and 0s. The concept of “warm data” is being encouraged wherein less information in the form of appropriate communication and conclusions replaces a flood of impersonal and imprecise data. While leaders typically see great value in data as a means of problem-solving, many are narrowing their focuses to specific challenges rather than merely following the flow of data.DataStorm-comic-cloudtweaks

A data-driven culture

Tara Paider, associate vice president of IT architecture at Nationwide Insurance, believes the primary reason big data projects fail is down to people. Big Data is affecting every part of our world, but ensuring people aren’t threatened by data, but rather excited, requires a data-driven culture. Of this campaign in her own organization, Paider states, “It was the hardest thing to get past; the ‘this was the way we’ve been doing it for 20 years or 30 years, and we know best.’ That’s our biggest challenge.”

PriceWaterhouseCoopers supports this view with their research that suggests culture is one of three obstacles stopping businesses from properly utilizing data. In conjunction with Iron Mountain, PWC found 75% of enterprises obtain little or no advantage from their data. Gartner analysts Alan Duncan and Frank Buytendijk suggest four opportunities for creating a data-driven culture in “How to establish a data-driven culture in the digital workplace”:

  • Leading by example wherein CIOs consciously communicate to employees how they use data to make decisions. “In meetings, in presentations, in all daily interactions, executives need to show they are looking for the right data to base decisions on.”
  • Hiring data-driven people.
  • Creating more transparency to make access to data easier and information governance policies clearer.
  • Conducting data-driven performance reviews to ensure data is used in every aspect of the business.

Monetizing Big Data

money-big-data

As companies are building their data skills, so too are their customers. Today’s consumers quickly research via smartphones and tablets and successful organizations are getting creative with Big Data to improve their offerings.

Customer Data & Cross-Promoting

With the wealth of customer data available, companies are generating advanced marketing strategies that bundle products together and promote across their brand/s.

Creativity

Big Data is further enabling companies to connect with customers by helping them recognize the most appealing branding elements and marketing tactics. Understanding a client’s desires make the final sell far simpler.

Trends

Actuaries have their place, but perhaps not as market fortunetellers. Accessing freely available data through search engines and social media sites indicates emerging trends and customer preferences, allowing increased sales and improved customer loyalty.

Free Services

Finally, a maneuver that’s been resurrected time and again, ‘free’ services are being put to work. Providing businesses with a tool to collect otherwise expensive customer data, the free services offered put paid to the adage there’s no such thing as a free lunch.

By Jennifer Klostermann

Will The Internet Of Things Be Beneficial For The Environment?

Will The Internet Of Things Be Beneficial For The Environment?

The Environmental Internet of Things

Proponents of the Internet of Things tend to play up its strong suits, claiming that it will be all things to all people. This includes potentially benefiting the environment by making electronics more energy-efficient. Yet there are pros and cons to the IoT, particularly when it comes to environmental issues. Here are a few ways that the IoT may be beneficial for the environment, as well as a few eco-friendly challenges this technology will need to overcome.

Environmental Benefits

Some reports have nothing but a positive picture to paint when it comes to the Internet of Things. According to a report conducted by non-profit Carbon War Room and AT&T, worldwide greenhouse emissions could potentially be reduced by as much as a fifth over the next decade. It’s estimated that 2 billion tons of carbon emissions could be saved by 2020. Due to the technology’s applications in agriculture and transportation, greenhouse gas emissions could be slashed by 7.1 billion tons.

network

How would this work exactly? By enabling machine-to-machine communication, everything from smarter electrical grid systems to more efficient HVAC systems in office buildings could be established. Public transportation could be streamlined to avoid delays or idling in traffic, while in the agricultural and manufacturing industries it would be possible to save water, power, and time. With a combination of sensors and applications providing continual, real-time updates, many different industries would become more efficient at once which could theoretically lead to a drastic reduction in carbon emissions. The Nest thermostat claims on its own blog that it takes just eight weeks of use to save the energy required to become carbon neutral, cancelling out the energy used to manufacture and distribute the device. If other Internet of Things products follow suit, they all could add up to a hefty energy savings and reduction in household carbon footprints.

Potential Drawbacks

Yet what’s important to remember is that many of these environmental benefits are still just at the theoretical stage. The Internet of Things is very much in its infancy, despite devices like Nest now being available.

connected

(Image Source: Shutterstock)

This is just the tip of the iceberg when it comes to how the technology can and will be used, and developers like Nokia Networks are still working out the kinks. In order to roll out a new generation of connected devices, there will certainly be some degree of energy expenditure in their manufacture and distribution, and some devices will leave a heavier footprint than Nest. There’s also the issue of the massive amount of energy needed for wireless networks to consider. The old generation of devices must be disposed of to make room for new devices, clogging landfills with electronic waste. Although these concerns would most likely exist with or without the Internet of Things, it’s something to keep in mind as we work towards a future of new, connected devices.

Building a more Eco-Friendly Internet of Things

When you look at the big picture, the IoT will most likely be beneficial overall for the environment. There may be some hiccups along the way that waste energy, before worldwide standards are set and while consumer devices are updated to reflect the new technology. Perhaps the biggest savings will be when entire cities are connected, allowing public transport and new construction to save energy on a large scale. Because environmental benefits are a major concern for world leaders and government organizations, it’s likely that the Internet of Things will be tweaked with this in mind. In the meantime, we can do our research and make careful purchasing decisions.

By Brent Anderson

The Industrial Internet Arises With Big Data And The Internet of Things

The Industrial Internet Arises With Big Data And The Internet of Things

The Industrial Internet Arises

Both Big Data and the Internet of Things arm us with a near infinite source of data thanks to Internet-connected sensors and data analysis tools, and energy efficiency is a field that’s starting to reap the rewards. Says Jeff Immelt, CEO of General Electric, “The combination of software and machines, from airplane engines to power plants to wind turbines, has laid the foundation for a new wave of innovation – and the economic and environmental impact of industry and software cannot be understated.

Industrial Internet

As the global industrial sector incorporates Big Data and the Internet of Things, so arises the Industrial Internet, with a projected $15 trillion increase in global GDP in the next 20 years thanks to optimized performance, increased productivity, and considerable savings in fuel and energy. A mere 1% decrease in the combined operating expenditures of 2014’s top 40 miners could have resulted in savings of $5.3 billion, making it clear that improved efficiency offers the potential for significant profit escalation. 

industrial-internet

(Infographic Source: Visualcapitalist)

Industry leaders recognize that connecting hardware with predictive analytics through sensors leads to valuable insight and optimization, and the use of heavy-duty machinery is developing with these innovations. Airlines are saving millions by avoiding downtime and delays thanks to warnings of potential engine failure; real-time reporting of engine temperatures, fuel efficiencies, speed, and vibration patterns are available to engineers; and mill assets and process information can be consolidated in one common platform, creating an overall picture for better throughput, recoveries, and quality. Predictive analytics further benefits industrial organizations not only through energy cost savings but with increased productivity and reduced maintenance costs.

Leading Organizations Implementing Renewable Energy

tamara-tj-dicaprioGoogle has been carbon neutral since 2007, buying carbon credits for any emissions made, and the organization claims to be more than a third of the way to being 100% renewable. Microsoft, committed to being carbon neutral since 2013, has implemented an internal carbon fee, reducing emissions of carbon dioxide equivalents by 7.5 million metric tons since 2012, and investing 10.2 billion kilowatt-hours in renewable energy. Writes senior director of environmental sustainability at Microsoft, TJ DiCaprio, “Our carbon fee represents a proactive step to make our business groups accountable for their carbon emissions while creating a fund to support efficiency and innovation.” In Austria, Sony’s CD manufacturing site uses 100% renewable energy, and Sony plans to have a zero environmental footprint by 2050, and by 2020, Ikea intends to be powered entirely by renewable energy while Walmart is committed to buying or producing 7 billion KwH of renewable energy.

How Smaller Businesses Can Maximize Energy Efficiency

Going green isn’t a strategy only big business is opting for; smaller organizations can employ their flexibility to integrate renewable energy by fixing operational inefficiencies to reduce energy bills, improving building infrastructure with green tech, implementing renewable energy tech such as wind turbines and solar panels, and utilizing organic materials for power generation. As global energy needs increase, every venture into renewable energy and energy efficiency benefits both the environment as well as the organization’s potential revenues.

By Jennifer Klostermann

What The FITARA Scorecard Tells Us About Government Cyber Security Preparedness

What The FITARA Scorecard Tells Us About Government Cyber Security Preparedness

Government Cyber Security Preparedness

Last year’s massive data breach of Office of Personnel Management, as well as other recent cyber security incidents affecting federal agencies, underscored the urgency of bringing the federal government’s security infrastructure up to date. Although many agencies have made strides toward hardening their cyber security, outdated IT infrastructure and architecture is still common — making the federal government an easy cyber attack target.

In 2014, Congress enacted the Federal Information Technology Acquisition Reform Act (FITARA), giving CIOs significant powers in IT decisions, including new technology acquisitions. But based on an analysis of a scorecard created to measure the implementation of four key provisions of the legislation, the top 24 federal agencies received an average overall “grade” of D.

This raises the question: How well is the federal government prepared for cyber attacks?

FITARA’s impact on security

mitigation-security

FITARA was “the most comprehensive overhaul of government IT in 18 years,” according to a Gartner analysis. Its purpose was to reform IT procurement and management to make it more agile and efficient.

Because FITARA’s intent was to drastically cut spending on outdated, legacy technology, the expectation was that it would minimize the vulnerabilities that create the perfect storm for cyber attackers.

But a recently published audit of the Department of Homeland Security — considered to have some of the best cyber security measures among federal agencies — showed that its IT infrastructure still relies on dozens of unpatched, vulnerable databases.

The “Evaluation of DHS’s Information Security Program for Fiscal Year 2015” report, by the Office of Inspector General (OIG), found a long list of other shortcomings. They included 220 “sensitive but unclassified,” “secret” and “top secret” systems with “expired authorities to operate,” which would imply that those systems were no longer regularly patched and maintained. And even many systems that were actively maintained didn’t have current security patches.

It’s worth mentioning that the entities where cyber security is especially critical were at the top of the OIG list as having the most vulnerable systems — 26 systems inside the Coast Guard, 25 at FEMA, 11 at DHS’ own headquarters, 14 at Customs and Border Protection and 10 at Transportation Security Administration. This audit shows that the government is still a long way from coming up-to-speed with its cyber attack defenses.

FITARA compliance

While the OIG audit focused on compliance related to the Federal Information Security Modernization Act (FISMA), it reflects the same concerns exposed by the recent FITARA scorecard.

In releasing the scorecard, members of the House Oversight Committee wrote, “For decades, the federal government has operated with poorly managed and outdated IT infrastructure. Cyber attacks are a real threat to this country. Federal agencies must act now.

government-scorecard

(Image Source: Oversight.house.gov)

The scorecard looked at FITARA implementation progress in four areas: data center consolidation, IT portfolio review savings, risk assessment transparency and incremental development. Factors considered for the grades included implementation of best practices for risk assessment, increasing the powers of CIOs and trimming wasteful spending.

The Department of Corrections and the General Services Administration received the only Bs (there were no As), while five agencies including DHS scored Cs. Energy and Education failed, and the other 16 all came in with Ds.

In the data center category, 15 of the agencies received Fs (three of the 24 did not report consolidation), while 16 agencies had Fs in the review savings category.

The grades in these two areas were calculated based on how well the agencies saved money by reviewing their IT portfolios as well as consolidating the data centers. In fact, F. David Powner, director of GAO’s information technology management issues, said during a committee hearing that the number of federal data centers has actually grown, to 11,700, and only 275 of those are considered “core.”

In the incremental development area, the grades were based on how many IT projects that were part of major investments successfully achieved completion and delivery every six months. Again, a dozen agencies failed completely (and three others didn’t have any projects meeting the criteria).

The last area measured how well agencies managed the major IT projects’ risks. This is one category where many agencies fared much better, with only four receiving Fs while 10 receiving As and Bs.

While the entire scorecard poses a major concern, it’s especially troubling to see DHS, which is tasked with overseeing the country’s security, only managing to score a C.

The same goes for the State Department — which scored a D — considering the email server scandal former Secretary of State Hillary Clinton had been embroiled in. Not to mention the major cyber attack that had crippled State’s unclassified email system, which had to be completely shut down and couldn’t be mitigated for months.

It’s also worth calling out OPM, which received a D, since its breach compromised personal data of 21.5 million federal employees. Security experts pointed out that OPM essentially “left the barn doors open” because of its poor security measures.

Veterans Affairs’ “C” and Department of Education’s F add a layer of concern because of the Health Insurance Portability and Accountability Act (HIPAA), which was designed to protect and secure protected health information (PHI).

The VA, which runs the country’s “largest integrated healthcare system” through its Veterans Health Administration, is subject to HIPAA as a “business associate” of the VHA. The rash of cyber security breaches of healthcare providers last year was proof that bad actors are increasingly seeking out PHI because its value on the black market is much higher than financial information. The federal government should practice what it preaches, and make sure its own departments that are subject to HIPAA have strong cybersecurity defenses.

The Department of Education itself is not subject to HIPAA, but many of the public schools and institutions that it funds — and which report data back to the agency — are. The House Oversight Committee Chairman Rep. Jason Chaffetz has warned that OPM’s breach would pale in comparison to the damage that cybercriminals could inflict on the Department of Education.

I think ultimately that’s going to be the largest data breach that we’ve ever seen in the history of our nation,” he said, regarding a breach of Education, at a Brookings Institution event.

The FITARA scorecard, of course, wasn’t intended to point fingers at the federal government for doing a poor job. Still, considering the estimated IT federal budget at $79.8 billion for fiscal year 2016 (which ends on Sept. 30, 2016), the scorecard results pose serious concerns about the nation’s cyber resilience.

As Federal CIO Tony Scott put it during the committee’s hearing, “FITARA presents a historic opportunity to reform the management of information technology across the federal government.” He also said that the work and commitment required to fully implement this law couldn’t be underestimated.

Let’s just hope that the next FITARA scorecard shows much better progress than an average of “D.”

By Sekhar Sarukkai

CloudTweaks Comics
Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in mind when implementing an ERP system. But do you know if cloud-based or on-premise ERP deployment is better for your company or industry? While cloud computing is becoming more and more popular, it is worth…

Using Big Data To Analyze Venture Capitalists’ Ability To Recognize Potential

Using Big Data To Analyze Venture Capitalists’ Ability To Recognize Potential

Big Data To Analyze Using Big Data to Analyze Venture Capitalists’ Ability To Recognize Potential For those who are regularly involved with SMEs, venture capital, and company valuations, it is common knowledge that start-ups that exit for more than $1 billion dollars are extremely rare – often termed ‘unicorn’ companies. Despite their rarity, it should…

Cloud Computing – A Requirement For Greater Innovation

Cloud Computing – A Requirement For Greater Innovation

Cloud Computing Innovation Sao Paulo, Brazil has had trouble with both energy and water supplies as of late. Despite it is the rainy period. Unfortunately Sao Paulo is very dependent on its rain as a majority of its power is generated from large dams. No water, no energy. Difficult situation for a city of some…

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter The city of the future is impeccably documented. Sensors are used to measure air quality, traffic patterns, and crowd movement. Emerging neighborhoods are quickly recognized, public safety threats are found via social networks, and emergencies are dealt with quicklier. Crowdsourcing reduces commuting times, provides people with better transportation…

Is The Fintech Industry The Next Tech Bubble?

Is The Fintech Industry The Next Tech Bubble?

The Fintech Industry Banks offered a wide variety of services such as payments, money transfers, wealth management, selling insurance, etc. over the years. While banks have expanded the number of services they offer, their core still remains credit and interest. Many experts believe that since banks offered such a wide multitude of services, they have…

Disaster Recovery – A Thing Of The Past!

Disaster Recovery – A Thing Of The Past!

Disaster Recovery  Ok, ok – I understand most of you are saying disaster recovery (DR) is still a critical aspect of running any type of operations. After all – we need to secure our future operations in case of disaster. Sure – that is still the case but things are changing – fast. There are…

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring One of the hottest topics in Information and Communication Technology (ICT) is the Internet of Things (IOT). According to the report of International Telecommunication Union (2012), “the Internet of things can be perceived as a vision with technological and societal implications. It is considered as a…

Why Hybrid Cloud Delivers Better Business Agility

Why Hybrid Cloud Delivers Better Business Agility

Why Hybrid Cloud Delivers Better Business Agility A CIO friend of mine once told me that a hybrid cloud model enables him to “own the base, rent the spike” when it comes to unplanned events. Let’s face it – maintaining unused infrastructure for rare or random IT events is expensive and unnecessary in a cloud…

Cloud Infographic – Big Data Predictions By 2023

Cloud Infographic – Big Data Predictions By 2023

Big Data Predictions By 2023 Everything we do online from social networking to e-commerce purchases, chatting, and even simple browsing yields tons of data that certain organizations collect and poll together with other partner organizations. The results are massive volumes of data, hence the name “Big Data”. This includes personal and behavioral profiles that are stored, managed, and…

How Your Startup Can Benefit From Cloud Computing And Growth Hacking

How Your Startup Can Benefit From Cloud Computing And Growth Hacking

Ambitious Startups An oft-quoted statistic, 50% of new businesses fail within five years. And the culling of startups is even more dramatic, with an estimated nine out of ten folding. But to quote Steve Jobs, “I’m convinced that about half of what separates the successful entrepreneurs from the non-successful ones is pure perseverance.” So while…

Data Breaches: Incident Response Planning – Part 1

Data Breaches: Incident Response Planning – Part 1

Incident Response Planning – Part 1 The topic of cybersecurity has become part of the boardroom agendas in the last couple of years, and not surprisingly — these days, it’s almost impossible to read news headlines without noticing yet another story about a data breach. As cybersecurity shifts from being a strictly IT issue to…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but also a lot of risks if done in the wrong way. So what are the most important risks? The European Network Information Security Agency did extensive research on that, and…

How To Overcome Data Insecurity In The Cloud

How To Overcome Data Insecurity In The Cloud

Data Insecurity In The Cloud Today’s escalating attacks, vulnerabilities, breaches, and losses have cut deeply across organizations and captured the attention of, regulators, investors and most importantly customers. In many cases such incidents have completely eroded customer trust in a company, its services and its employees. The challenge of ensuring data security is far more…

Connecting With Customers In The Cloud

Connecting With Customers In The Cloud

Customers in the Cloud Global enterprises in every industry are increasingly turning to cloud-based innovators like Salesforce, ServiceNow, WorkDay and Aria, to handle critical systems like billing, IT services, HCM and CRM. One need look no further than Salesforce’s and Amazon’s most recent earnings report, to see this indeed is not a passing fad, but…

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises The surface costs might give you pause, but the cost of diminishing your differentiators is far greater. Will a shift to the cloud save you money? Potential savings are historically the main business driver cited when companies move to the cloud, but it shouldn’t be viewed as a cost-saving exercise. There…

The Fully Aware, Hybrid-Cloud Approach

The Fully Aware, Hybrid-Cloud Approach

Hybrid-Cloud Approach For over 20 years, organizations have been attempting to secure their networks and protect their data. However, have any of their efforts really improved security? Today we hear journalists and industry experts talk about the erosion of the perimeter. Some say it’s squishy, others say it’s spongy, and yet another claims it crunchy.…

The Importance of Cloud Backups: Guarding Your Data Against Hackers

The Importance of Cloud Backups: Guarding Your Data Against Hackers

The Importance of Cloud Backups Cloud platforms have become a necessary part of modern business with the benefits far outweighing the risks. However, the risks are real and account for billions of dollars in losses across the globe per year. If you’ve been hacked, you’re not alone. Here are some other companies in the past…