August 2, 2016
Have you ever wondered if the data resting on your hard drive is safe while you are away from your computer? Have you ever worried that a hacker could sneak into your system and steal everything even when the data is resting (not actively being used)? It is a worry that most computer users experience as the traverse the Internet and possibly leaving themselves exposed. Network World describes how a potential upgrade could protect data in databases, “ A New Update To The NoSQL Database Adds Cryptsoft Technology.”
MarkLogic’s NoSQL database version nine will be released later in 2016 with an added security update that includes Cryptsoft’s KMIP (Key Management Interoperability Protocol). MarkLogic’s upgrade will use the flexibility, scalability, and agility of NoSQL with enterprise features, government-grade security, and high availability. Along with the basic upgrades, there will also be stronger augmentations to security, manageability, and data integration. MarkLogic is betting that companies will be integrating more data into their systems from dispersed silos. Data integration has its own series of security problems, but there are more solutions to protect data in transition than at rest, which is where the Cryptsoft KMIP enters:
“Data is frequently protected while in transit between consumers and businesses, MarkLogic notes, but the same isn’t always true when data is at rest within the business because of a variety of challenges associated with that task. That’s where Cryptsoft’s technology could make a difference. Rather than grappling with multiple key management tools, MarkLogic 9 users will be able to tap Cryptsoft’s embedded Key Management SDKs to manage data security from across the enterprise using a comprehensive, standards-compliant KMIP toolkit.”
Protecting data at rest is just as important as securing transitioning data. This reminds me of Oracle’s secure enterprise search angle that came out a few years ago. Is it a coincidence?
July 25, 2016
Sinequa, a French search vendor, is hunting for partners in the US. The news appears in “Sinequa Partner Advantage Program Empowers the Channel to Capitalize on Leading Cognitive Search & Analytics Technology.” If you liked the title of this article, you will love the subtitle:
Company Launches New Partner Program to Drive Cross-Industry Adoption of Cognitive Search & Analytics and Address Growing Customer Demands
Keywords galore. What I noted was the euphony of “leading cognitive search and analytics technology.” A number of outfits are chasing the “cognitive search” pot of gold. Competitors include the champion in declining quarterly revenue IBM. Then there are the assorted machine learning folks at the Alphabet Google thing. Plus there are various and sundry deep learning initiatives appearing on a daily basis from the money crucible in Sillycon Valley; for example, Indico, MetaMind, Ripjar, Synapsify, and, my favorite, Idibon. I just love “idibon.” So many associations from ichibon to bon bon. Good, right?
Partners flock like Zika bearing mosquitoes when there is big money in a reseller/OEM/integrator tie up.
I learned from the Sinequa write up about Sinequa:
Sinequa continues to grow its partnerships with leading global systems integrators and value-add resellers (VARs) as well vendors of enterprise application, cloud and Big Data. In an effort to address rising customer demands from Global Fortune 2000 organizations for turning data into actionable insights, Sinequa extends its worldwide network with partners seeking to enrich their Big Data/analytics offerings in key strategic markets such as banking, defense and security, life sciences, manufacturing, utilities and government. The Sinequa Partner Advantage Program enables channel and service partners to quickly capitalize on the high growth opportunity in cognitive search and analytics. Designed to empower partners with certification programs, technical support and world-class training, Sinequa also offers partners performance-based incentives and marketing support programs…Certified partners access the recently introduced Sinequa ES Version 10. Powered by Machine Learning capabilities at its core, this ground breaking version helps deliver deep analytics of contents and user behavior, offering information with continually improving relevance to users in their work environments.
A point I think is important: Sinequa was founded in 2002. That makes the company 14 years young. Not quite a start up but agile enough when it comes to cognitive technology.
I assume that in today’s economic environment, potential partners will be swarming like the Zika bearing mosquitoes in the river marsh near my home in Harrod’s Creek, Kentucky. These critters seem to fancy my chubby, 72 year old body.
I have noted, however, that some vendors of search are having to work extra hard to close deals. Examples range from Big Blue in Union Square to SLI Systems in New Zealand and parts in between.
The idea of partnering is a good one. Endeca rose to its legitimate $100 million plus in search revenue with its carefully crafted partnering program. On the other hand, the Google Search Appliance partners continue to regroup because the wiser minds at Mother Google killed off the pricey Google Search Appliance. I treasure my print out of the GSA schedule with the five and six digit license fees for the wonderful GB 7007 and 9009 models. Imagine a locked down appliance for the price of a pre acquisition Autonomy IDOL license. Then when the document capacity of the search appliance was reached, a customer could license more Google Search Appliances. I found this business model interesting because taxi meter pricing is often an issue for chief financial officers who want to budget for certain products and services.
The upside of partnerships is that, as Endeca learned, unusual opportunities can be discovered. Once the deal is closed, the lucky partner has an opportunity to tailor the search system to meet the needs of the customer. Once up and running, life is good. Renewals, customization, consulting, maintenance fees, and other oddments make a search vendor’s life one of comfort and joy. The downsides include lawsuits, squabbles, and disruptions from competitors.
Worth watching how Sinequa maneuvers in the US market. Other French search vendors have found the costs and cultural issues a bit of a headache. Examples range from Antidot, Pertimm, and Exalead among others. Do you use Qwant?
Stephen E Arnold, July 25, 2016
July 21, 2016
I read “Hey, IBM, OpenText Is Coming for You.” The write up reports that the poobah of OpenText said that its new Magellan system is “a next generation analytics platform.” Getting from Yet another OpenText system (YOTS) to the nemesis of IBM is quite a leap.
But here’s the statement, once again from the OpenText poobah, that caught my attention:
But even more interesting than the product itself, is the bullish way in which OpenText is calling out IBM Watson. “We are going to position it directly against Watson. We’re not going to shy away from that at all,” Mark said. “We think there’s a whole class of problems that enterprises want to solve themselves and what they need is an affordable platform, one that’s open and programmable to them and accessible to them and that’s going to be Magellan. So we’re going to position ourselves and stay focused directly against Watson.”
The write up explains that OpenText Magellan is better, faster, and cheaper. I have heard that before I think. But the details are interesting.
Magellan’s software is open., Its hardware is open. Its IP is owned by the licensee. Its deployment options are “run anywhere.” It is extensible by the licensee. Its ecosystem is open. Its cost is a mere one dollar sign.
And what do you think about IBM Watson? Well, its software is closed. Its hardware is closed. Its IP ownership is not the licensee’s. Watson is extensible only by IBM Global Services. IBM’s ecosystem is closed. Best of the points, IBM’s cost is six dollar signs.
OpenText is a $2 billion a year outfit. The hapless IBM is, despite its being lost in revenue space, is about $90 billion a year.
My view is that OpenText is swinging for the marketing and conceptual fences. IBM is trying to find the secret notebook that unlocks revenues.
I would point out that Fancy Dan software designed to help executives make better decisions is plentiful. Many vendors covet this niche. There is excitement ahead. Both OpenText and IBM may find that talk about smart software flows more rapidly than sustainable revenue and healthy profits. Keep in mind the high cost of technological debt. That’s one dot point which IBM and OpenText share a common point of weakness.
Stephen E Arnold, July 21, 2106
July 13, 2016
What is different about the recent rash of ransomware attacks against hospitals (besides the level of callousness it takes to hold the well-being of hospital patients for ransom)? CyberWatch brings us up to date in, “My Layman’’s Terms: The Java Deserialization Vulnerability in Current Ransomware.” Writer Cheryl Biswas begins by assuring us it is practicality, not sheer cruelty, that has hackers aiming at hospitals. Other entities, like law enforcement agencies, which rely on uninterrupted access to their systems to keep people safe are also being attacked. Oh, goody.
The problem begins with a vulnerability at the very heart of any Java-based system, the server. And here we thought open source was more secure than proprietary software. Biswas informs us:
“This [ransomware] goes after servers, so it can bring down entire networks, and doesn’t rely on the social engineering tactics to gain access. It’s so bad US-CERT has issued this recent advisory. I’ve laid out what’s been made available on just how this new strain of ransomware works. And I’ve done it in terms to help anybody take a closer look at the middleware running in their systems currently. Because a little knowledge could be dangerous thing used to our advantage this time.”
The article goes on to cover what this strain of ransomware can do, who could be affected, and how. One key point—anything that accepts serialized Java objects could be a target, and many Java-based middleware products do not validate untrusted objects before deserialization. See the article for more technical details, and for Biswas’ list of sources. She concludes with these recommendations:
“Needs to Happen:
“Enterprises must find all the places they use deserialized or untrusted data. Searching code alone will not be enough. Frameworks and libraries can also be exposed.
“Need to harden it against the threat.
“Removing commons collections from app servers will not be enough. Other libraries can be affected.
“Contrast Sec has a free tool for addressing issue. Runtime Application Self-Protection RASP. Adds code to deserialization engine to prevent exploitation.”
Organizations the world over must not put off addressing these vulnerabilities, especially ones in charge of health and safety.
Cynthia Murrell, July 13, 2016
July 4, 2016
Enterprise search is one of the driving forces behind an enterprise system because the entire purpose of the system is to encourage collaboration and quickly find information. While enterprise search is an essential tool, according to Computer Weekly’s article. “Beyond Keywords: Bringing Initiative To Enterprise Search” the feature is stuck in the past.
Enterprise search is due for an upgrade. The amount of enterprise data has increased, but the underlying information management system remains the same. Structured data is easy to make comply with the standard information management system, however, it is the unstructured data that holds the most valuable information. Unstructured information is hard to categorize, but natural language processing is being used to add context. Ontotext combined natural language processing with a graph database, allowing the content indexing to make more nuanced decisions.
We need to level up the basic keyword searching to something more in-depth:
“Search for most organisations is limited: enterprises are forced to play ‘keyword bingo’, rephrasing their question multiple times until they land on what gets them to their answer. The technologies we’ve been exploring can alleviate this problem by not stopping at capturing the keywords, but by capturing the meaning behind the keywords, labeling the keywords into different categories, entities or types, and linking them together and inferring new relationships.”
In other words, enterprise search needs the addition of semantic search in order to add context to the keywords. A basic keyword search returns every result that matches the keyword phrase, but a context-driven search actually adds intuition behind the keyword phrases. This is really not anything new when it comes to enterprise or any kind of search. Semantic search is context-driven search.
June 29, 2016
For all the effort enterprises go to in securing data through technological solutions, there are also other variables to consider: employees. Business Insider released an article, 1 in 5 employees are willing to hand over their work passwords for money, that shares survey research from SailPoint. 20 percent of 1,000 respondents, from organizations with over 1,000 employees, would be willing to sell their work passwords. US employees win the “most likely” award with 27 percent followed by Netherlands with 20 percent, and then UK and France at 16 percent. The article tells us,
“Some employees were willing to sell their passwords for as little as $55 (£38) but most people wanted considerably more, with $82,000 (£56,000) being the global average amount required,according to figures cited by Quartz that weren’t in the report. Unauthorised access to a company’s internal systems could provide a treasure trove of valuable data for criminals. They may be targeting individual user accounts, or they could be after intellectual property, or corporate strategy data.”
Undoubtedly, search and/or cybertheft is easier with a password. While the survey reports findings that may be alarming to organizations, we are left with the question, ‘why’. It may be easy to say morality is the dividing line, but I think this article wrestling with the morality question is on the right track pointing to considering sociological implications, for example, employee engagement and satisfaction cannot be discounted as factors in a decision to sell a password.
Megan Feil, June 29, 2016
April 11, 2016
Impacting groups like Target to JP Morgan Chase, data breaches are increasingly common and security firms are popping up to address the issue. The article Dark Web data hunter Terbium Labs secures $6.4m in fresh funding from ZDNet reports Terbium Labs received $6.4 million in Series A funding. Terbium Labs released software called Matchlight which provides real-time surveillance of the Dark Web and alerts enterprises when their organization’s data surfaces. Consumer data, sensitive company records, and trade secrets are among the types of data for which enterprises are seeking protection. We learned,
“Earlier this month, cloud security firm Bitglass revealed the results of an experiment focused on how quickly stolen data spreads through the Dark Web. The company found that within days, financial credentials leaked to the underground spread to 30 countries across six continents with thousands of users accessing the information.”
While Terbium appears to offer value for stopping a breach once it’s started, what about preventing such breaches in the first place? Perhaps there are opportunities for partnerships with Terbium and players in the prevention arena. Or, then again, maybe companies will buy piecemeal services from individual vendors.
Megan Feil, April 11, 2016
March 7, 2016
The article titled Microsoft Delve Faces Challenges in Enterprise Search Role on Search Content Management posits that Microsoft Delve could use some serious enhancements to ensure that it functions as well with on-premises data as it does with data from the cloud. Delve is an exciting step forward, an enterprise-wide search engine that relies on machine learning to deliver relevant results. The article even goes so far as to call it a “digital assistant” that can make decisions based on an analysis of previous requests and preferences. But there is a downside, and the article explains it,
“Microsoft Delve isn’t being used to its full potential. Deployed within the cloud-based Office 365 (O365) environment, it can monitor activity and retrieve information from SharePoint, OneDrive and Outlook in a single pass — and that’s pretty impressive. But few organizations have migrated their entire enterprise to O365, and a majority never will: Hybrid deployments and blending cloud systems with on-premises platforms are the norm… if an organization has mostly on-premises data, its search results will always be incomplete.”
With a new version of Delve in the works at Microsoft, the message has already been received. According to the article, the hybrid Delve will be the first on-premise product based on SharePoint Online. You can almost hear the content management specialists holding their breaths for an integrated cloud and on-premise architecture for search.
Chelsea Kerwin, March 7, 2016
February 26, 2016
A ZDNet article covers Arrests made over Bitcoin laundering scheme, Dark Web drug deals
Dutch police made several arrests related to laundering of criminal profits orchestrated through an unindexed section of the web called the Dark Web. The article says suspects allegedly laundered up to 20 million euros from online drug deals. With the information originating from Reuters, this article summarizes the arrests made by Dutch Fiscal Information and Investigation Service and public prosecution department:
“According to the publication, some of the men arrested are traders, while others are “Bitcoin cashers” — traders of Bitcoin online who cash these funds then withdraw money from ATMs. It is possible to find cashers online who run shadow services which exchange “dirty” coins for clean currency. Law enforcement in the United States, Australia, Lithuania and Morocco also participated in the raid.”
Just as criminal offenses are taking place increasingly online, so too must the law enforcement industry have turn to technology to aid its efforts. As the case unfolds, it will be interesting to uncover how these suspects were identified. Perhaps something innovative will be at the source.
Megan Feil, February 26, 2016
January 6, 2016
Google Search has worked its way into our culture as an indispensable, and unquestioned, tool of modern life. However, the algorithms behind the platform have become more sophisticated, allowing Google to tinker more and more with search results. Since so many of us regularly use the search engine to interact with the outside world, Google’s choices (and ours) affect the world’s perception of itself. Researcher Safiya Umoja Noble details some of the adverse effects of this great power in her paper, “Google Search: Hyper-Visibility as a Means of Rendering Black Women and Girls Invisible,” posted at the University of Rochester’s InVisible Culture journal. Not surprisingly, commerce features prominently in the story. Noble writes:
“Google’s algorithmic practices of biasing information toward the interests of the powerful elites in the United States,14 while at the same time presenting its results as generated from objective factors, has resulted in a provision of information that perpetuates the characterizations of women and girls through misogynist and pornified websites. Stated another way, it can be argued that Google functions in the interests of its most influential (i.e. moneyed) advertisers or through an intersection of popular and commercial interests. Yet Google’s users think of it as a public resource, generally free from commercial interest15—this fact likely bolstered by Google’s own posturing as a company for whom the informal mantra, ‘Don’t be evil,’ has functioned as its motivational core. Further complicating the ability to contextualize Google’s results is the power of its social hegemony.16 At the heart of the public’s general understanding and trust in commercial search engines like Google, is a belief in the neutrality of technology … which only obscures our ability to understand the potency of misrepresentation that further marginalizes and renders the interests of Black women, coded as girls, invisible.”
Noble goes on to note ways we, the users, codify our existing biases through our very interaction with Google Search. To say the paper treats these topic in depth is an understatement. Noble provides enough background on the study of culture’s treatment of Black women and girls to get any non-social-scientist up to speed. Then, she describes the extension of that treatment onto the Web, and how certain commercial enterprises now depend on those damaging representations. Finally, the paper calls for a critical approach to search to address these, and similar, issues. It is an important, and informative, paper; we suggest interested readers give it a gander.
Cynthia Murrell, January 6, 2016