Author: Amy Larsen DeCarlo

As Principal Analyst for Security and Data Center Services at Current Analysis, Amy assesses the managed IT services sector, with an emphasis on security and data center solutions delivered through the cloud including on demand application and managed storage offerings.

Verizon Payment Security Research Exposes Execution Issues

by Amy Larsen DeCarlo, posted in Secure
A. DeCarlo
A. DeCarlo

Summary Bullets:

  • Verizon’s annual Payment Security Report captures a snapshot of organizations struggling to continue successful controls and best practices over time.
  • The evidence shows those who do are rewarded with a better fortified defense against breaches.

Fifteen years after the payment card industry settled on a single data security standard with PCI DSS, there are indications that too many organizations’ security practices haven’t risen to the level of maturity which would have been anticipated at this point.  In Verizon’s annual survey of payment card industry security practices, only 37% of the 302 surveyed enterprises sustain full compliance with the 12 specifications outlined in PCI DSS consistently over time.  Effectively, most organizations are focusing on meeting the basic requirements rather than developing consistent and effective security practices – not unlike a procrastinating student who is just looking to pass the test.  Just 18% check to see if they are meeting PCI DSS specifications more often than what the standard mandates. Continue reading “Verizon Payment Security Research Exposes Execution Issues”

DXC Technology Considers Divesting Non-Core Units After Reporting a Multi-Billion Quarterly Loss

by Amy Larsen DeCarlo, posted in Cloud Enable
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• In the same month DXC announced two new acquisitions, the company said it is may sell off three non-core business units

• DXC wants to invest the proceeds to strengthen its core IT outsourcing business

Less than two months after assuming the role of President and CEO at DXC, Mike Salvino made waves when he told financial analysts on an earnings call the company is considering the sale of non-core business units. Saviano said executives are looking seriously at divesting three organizations: Workplace & Mobility; U.S. State and Local Health Human Services; and Horizontal Business Process Services. This comes as DXC posted dismal Q2 FY 2020 earnings that saw revenues slide 3.4% versus the same quarter a year ago. Continue reading “DXC Technology Considers Divesting Non-Core Units After Reporting a Multi-Billion Quarterly Loss”

AWS and Oracle Protest Microsoft’s Surprise $10 Billion Pentagon JEDI Contract Win

by Amy Larsen DeCarlo, posted in Cloud Enable
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• Microsoft’s JEDI win after an often controversial procurement process that many said favored AWS caught the industry off guard

• Arguing that the process was tainted by Department of Defense (DoD) employee conflicts of interest and political interventions, Oracle and AWS are both contesting the procurement in court

The DoD sent shockwaves through the cloud computing sector in October with the announcement that Microsoft Azure had won the multi-billion single award Joint Enterprise Defense Infrastructure (JEDI). Cloud behemoth AWS, long considered to be the one to beat in the closely watched and often controversial process, expressed surprise at the outcome. Some insiders have suggested that challenges during the bidding gave Microsoft the time to pull together a more cohesive and competitive cloud play. But others, including Oracle, a one-time competitor for the deal, are calling out the process as inherently unfair.
Continue reading “AWS and Oracle Protest Microsoft’s Surprise $10 Billion Pentagon JEDI Contract Win”

Out of Stealth Mode, Edge Computing Startup Pensando Wants to be a Giant Slayer

by Amy Larsen DeCarlo, posted in Cloud Enable
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• With John Chambers leading Pensando’s board as well as HPE making a big investment and stepping up as a partner, the startup is looking to make waves.
• The company has grand ambitions to play a major disruptor role–and the leadership and intellect with a potential to achieve them.

When a startup enters the IT landscape with the kind of backing that Pensando Systems has, the industry takes note. Founded in 2017 by Cisco veterans Mario Mazzola, Prem Jain, Luca Cafiero, and Soni Jiandani, the team behind a number of cutting edge products including the Nexus 9000 switch series, the company disclosed that it has secured third-round funding valued at $145 million from HPE and Lightspeed Venture Partners. Pensando also announced HPE CTO Mark Potter is joining the board of directors and that his company will be a key distribution partner for its technology.
Continue reading “Out of Stealth Mode, Edge Computing Startup Pensando Wants to be a Giant Slayer”

Facebook and Instagram Take a Stand Against Controversial ‘Miracle Claims’ Content

by Amy Larsen DeCarlo, posted in IT Leader
A. DeCarlo
A. DeCarlo

Summary Bullets:

  • The social media giants have been under pressure to shield users from influencer posts that make specious claims.
  • Some questions on policy definition and enforcement remain, but Facebook and Instagram are moving in the right direction with the new rules.

Social media sites Instagram and parent Facebook are tightening their content standards to restrict advertisements and posts from influencers and other users who peddle weight loss and cosmetic procedures to teenagers. In September, the two social media giants disclosed a policy change which aims to prohibit the distribution of content to users under the age of eighteen that promotes the sale of weight-loss products or even mentions or depicts a weight-loss product or supplement. This content, which often makes bold claims about dramatic results with minimal scientific backing, has been linked to a number of negative impacts on users. Continue reading “Facebook and Instagram Take a Stand Against Controversial ‘Miracle Claims’ Content”

Cisco’s Settlement Over Video Surveillance Flap Signifies a New Era in Vendor Accountability

by Amy Larsen DeCarlo, posted in Secure
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• After a protracted legal battle that spanned nearly a decade, Cisco settled a lawsuit accepting accountability for a security flaw in a video surveillance system sold to Homeland Security, the Secret Service, and other U.S. government agencies.

• As part of the settlement, the partner’s employee who originally reported the vulnerability will receive $1.5 million.

Eight years after the filing of a lawsuit against Cisco on behalf of U.S. public sector customers and more than a decade after a Cisco contractor initially called attention to a serious security flaw in one of the vendor’s video surveillance solutions, the IT equipment maker reached an $8.6 million settlement with the aggrieved parties and admitted culpability. In a blog posted in late July, Cisco General Counsel Mark Chandler wrote that software developed by Broadware – a company acquired by Cisco – used an open architecture that could be vulnerable to a breach. The settlement amount equates to a partial refund to the U.S. federal government and 16 states that bought products between 2008 and 2013. And the $8.6 million settlement included a $1.6 million payment to the person who first identified the vulnerability, although ultimately, no breach ever occurred. Continue reading “Cisco’s Settlement Over Video Surveillance Flap Signifies a New Era in Vendor Accountability”

Research Finds Facebook Posts Could Help Doctors Diagnose Medical Conditions

by Amy Larsen DeCarlo, posted in Big Data
A. DeCarlo
A. DeCarlo

Summary Bullets:

  • Newly published research shows language in Facebook posts can be a more accurate tool than demographic data for helping medical professionals make a diagnosis.
  • The Facebook data is particularly effective in shedding light on certain health issues including diabetes and mental illness.

Facebook has been under fire for years for everything from the Cambridge Analytica scandal to the platform’s part in aiding the dissemination of false information about the Rohingya Muslims that led to the deaths of thousands in Myanmar. Though it is sometimes derided as a tool that does more to isolate than connect, newly published findings by researchers from Penn Medicine and Stony Brook University show Facebook posts can provide important clues to puzzle out a number of medical conditions including diabetes, depression, and psychosis. Continue reading “Research Finds Facebook Posts Could Help Doctors Diagnose Medical Conditions”

New Research Reveals C-Level Execs Are Prime Targets for Cyber Attackers

by Amy Larsen DeCarlo, posted in Secure
A. DeCarlo
A. DeCarlo

Summary Bullets:

  • Due to their privileged access to high-value corporate assets, executives are in the crosshairs of cyber attackers, according to the latest Verizon Data Breach Investigations Report.
  • The Verizon report found that the combination of access and the need to make quick decisions made C-level executives more vulnerable to social engineering attacks.

Enterprising cyber attackers driven by a money motive are setting their sights on objects that will deliver the highest returns. Thanks to their access to high-value systems and data, C-level executives are a prime target for social engineering hacks. This year’s Verizon Data Breach Investigation Report (DBIR) found social attacks, including business e-mail compromises (BECs) against enterprise executives, are on the rise. Speculating that the combination of proximity to high-value assets and the intensive pressure of their roles, which limits executive time to scrutinize messages, makes them more vulnerable than most employees with less critical roles, the Verizon DBIR claimed that staffers in leadership are 12 times more likely to be the victims of credential theft or other social incidents, such as being tricked into transferring money to an adversary’s bank account. Continue reading “New Research Reveals C-Level Execs Are Prime Targets for Cyber Attackers”

Amazon Catches Heat for Alexa’s Dependence on Human Intellect

by Amy Larsen DeCarlo, posted in Secure
A. DeCarlo
A. DeCarlo

Summary Bullets:

  • Amazon Alexa is relaying recorded consumer speech for analysis by Amazon staff and contractors for product improvements.
  • There is a simple workaround to turn off the default communications between Alexa and Amazon employees.

Alexa apparently needs a little help from human sources to better decipher user requests. Amazon acknowledged that individual staff and contractors in a number of countries including Romania, India, Costa Rica, and the U.S. each evaluate as many as 1,000 recorded requests to Alexa during their nine-hour shift. The staffers feed notes into software that provides better context to requests, which Amazon said will ultimately produce a better user experience. Continue reading “Amazon Catches Heat for Alexa’s Dependence on Human Intellect”

Google in Hot Water Over Latest Privacy Misstep

by Amy Larsen DeCarlo, posted in Secure
A. DeCarlo
A. DeCarlo

Summary Bullets:

  • Google is under fire for failing to disclose that its Nest Secure home alarm system has an embedded microphone.
  • Privacy advocates are calling for significant change in light of the digital giant’s checkered data handling history.

When Google announced in early February that the company had added a feature to its Google Nest Secure system that allows it to work with Google Assistant to become a smart speaker, some consumers were surprised to learn the home security and alarm system has an embedded microphone. Google copped to failing to disclose the integrated microphone, admitting that detail should have been included in product information. Continue reading “Google in Hot Water Over Latest Privacy Misstep”