Go to Original Article
Low-code/no-code application development has gone mainstream as demand grows for enterprises to turn out increasingly more applications with not enough skilled developers.
A recent Forrester Research study showed that 23% of the 3,200 developers surveyed said their firms have adopted low-code development platforms, and another 22% said their organizations plan to adopt low-code platforms in the next year. That data was gathered in late 2018, so by the end of this year, those numbers should combine to be close to 50% of developers whose organizations have adopted low-code platforms, said John Rymer, an analyst at Forrester.
“That seems like mainstream to me,” he said, adding that low-code/no-code comes up routinely with his clients nowadays. In fact, low-code development could possibly be as impactful on the computing industry as the creation of the internet or IBM’s invention of the PC, he said.
The industry is on the cusp of a huge change to incorporate business people into the way software is built and delivered, Rymer said.
John RymerAnalyst, Forrester Research
“If you believe that there are six million developers in the world and we believe there are probably a billion business people in the world, if you look ahead five years or so, we can see maybe 100 million people –business people — engaged in producing software,” he said. “‘And I think that is the change we’re all starting to witness.”
Meanwhile, Forrester said there are eight key reasons for enterprises to adopt low-code platforms:
- Support product or service innovation.
- Empower departmental IT to deliver apps.
- Empower employees outside of IT to deliver apps.
- Make the app development processes more efficient.
- Develop apps more quickly.
- Reduce costs of app development.
- Increase the number of people who develop applications.
- Develop unique apps for specific business needs.
The top three types of apps built with low-code tools are complete customer-facing apps — web or mobile, business process and workflow apps, and web or mobile front ends, Rymer said. Meanwhile, the top three departments using low-code are IT, customer service or call center, and digital business or e-commerce, he added.
Low-code landscape shaped by business users
Surging interest in low-code/no-code adoption comes not just to help increase developers’ productivity, but also to empower enterprise business users.
A Gartner report on the low-code space, released in August 2019, predicted that by 2024, 75% of large enterprises will use at least four low-code development tools for both IT application development and citizen development, and over 65% of applications will be developed with low-code technology. Upwork, the web platform for matching freelance workers with jobs, recently identified low-code development skills as rapidly gaining in popularity, particularly for developers familiar with Salesforce’s Lightning low-code tools to build web apps.
Low-code analyses from Gartner and Forrester in 2018 did not rank Microsoft as a leader, but the software giant shot up in the rankings with the latest release of its Power Platform and PowerApps low-code environment that broadly supports both citizen developers and professional developers. This helps bring the vast community of Visual Studio and Visual Studio Code developers into the fold, said Charles Lamanna, general manager of application platform at Microsoft.
Other low-code platform vendors have shifted focus to business users. A study commissioned by low-code platform vendor OutSystems showed results quite similar to the Gartner and Forrester analyses. Out of 3,300 developers surveyed, 41% of respondents said their organization already uses a low-code platform, and another 10% said they were about to start using one, according to the study.
Mendix now offers a part of their product that’s aimed at business people as well. With the Mendix platform, eXp Realty, a Bellingham, Wash., cloud-based real estate brokerage, cut its onboarding process for new agents from 18 steps down to nine, said Steve Ledwith, the company’s vice president of engineering.
Gartner’s latest low-code report includes OutSystems and Salesforce Mendix, Microsoft and Appian. The most recent Forrester Wave report on the low-code space, in March 2019, saw the same four core leaders but swapped out Appian for Kony.
The rising popularity of low-code/no-code platforms also means the marketplace itself is active. “Low-code platform leaders are growing fast and the smaller companies are finding a niche,” said Mike Hughes, principal platform evangelist at OutSystems.
Last year, Siemens acquired Mendix for $730 million. And just this week, Temenos, a Geneva, Switzerland-based banking software company, acquired Kony for $559 million plus another $21 million if they meet unspecified goals. Both Temenos and Siemens said they acquired the low-code platforms to speed up their own internal application development, as well as to advance and sell the platforms to customers.
“We wanted to shore up our banking software with Kony’s low-code platform and particularly their own banking application built with their product,” said Mark Gunning, global business solutions director at Temenos. Kony also will help advance Temenos’ presence in the U.S., he added.
As enterprises rely more on these platforms to develop their applications, look for consolidation ahead in the low-code/no-code space. Gartner now tracks over 200-plus companies that claim to serve the low-code market. Acquisitions such as these are another strong indicator that the market is maturing.
Salvation Army recruits low-code
Like many not-for-profits, the Salvation Army was slow to move off of its old Lotus Notes platform. Yet, when they decided to move to Office 365 in 2016, there was no Power Platform or PowerApps, so the organization turned to low-code platform maker AgilePoint, based in Mountain View, Calif., said David Brown, director of applications at the Salvation Army USA West, in Rancho Palos Verdes, Calif. (Gartner ranks AgilePoint as a high-level niche player; the company doesn’t appear on Forrester’s rankings.)
The AgilePoint platform enabled the charitable organization to build more apps and be more responsive to the organization’s demands for new applications. The Salvation Army started to build apps with AgilePoint in 2017 and put 10 new apps into production that year. In 2018, they delivered 20 apps, and the goal for 2019 is 30 new apps, Brown said. The Salvation Army also is considering a training program for citizen developers, Brown said.
“We built an app that replaced a paper process that cost us $10,000 a month,” he said. “When I can invest in a new technology and in the first year save $120,000 using something that I am not spending anywhere that much for, that’s a huge return on investment.”
Low-code, no-code lines begin to blur
No-code typically means the platform is basic and requires no coding, while low-code platforms enable pro developers to go under the hood and hard-code portions if they choose to. However, the distinction between low-code and no-code is not absolute.
“I don’t think you are either low-code or you are no code,” said Jeffrey Hammond, another Forrester analyst. “I think you might be less code or more code. I think the no-code vendors aspire to have you do less raw text entry.”
As a developer, there are times when you can only visually model so much before it’s just more efficient to drop into text and write something. It is the quickest, easiest way to express what you want to do.
“And if you’re typing text, to me you’re coding,” Hammond said.
Michael Beckley, CTO of Appian, based in Tysons, Va., said many of Appian’s developers would agree.
“A lot of our developers believe low-code exists to help developers write less code upfront,” he said. “And when the platform stops [when finished execution of its instructions] they should just start writing code all over the place.”
Next low-code hurdles are AI, serverless
The addition of artificial intelligence to the platforms to help developers build smart apps is one next hurdle for the low-code space. Another is to provide DevOps natively on the platforms, and that is already happening now with platforms from OutSystems and Mendix, among others.
However, there is a potential future connection point between the serverless and low-code spaces, Hammond said.
“They are looking to solve a similar problem, which is extracting developers from a lot of the lower-level grunt work so they can focus on building business logic,” he said.
The serverless side relies on network infrastructure and managed services, not so much with tools. The low-code space does it with tools and frameworks, but not necessarily as part of an open, standards-based approach.
With some standardization in the serverless space around Kubernetes and CloudEvents, there could be some intersections between the tools and the low-code space and the high-scale infrastructure in the cloud-native space.
“If you have a common event model, you can start to build events and you can string them together and you can start to build business rules around them,” Forrester’s Hammond said. “You can go into the editors to write the business logic for them. To me, that’s an extension of low-code — and I think it can open up the floodgates to an intersection of these two different technologies.”
Go to Original Article
In 2017, we published a roadmap to remove Adobe Flash from Microsoft Edge and Internet Explorer by 2020. Since that post, we announced our intent to build Microsoft Edge on the Chromium open source project. In this post, we will provide an update on what to expect for the Flash retirement in Microsoft browsers.Here’s what you can expect for each Microsoft browser:
In the next version of Microsoft Edge (built on Chromium), we will continue to retire Flash in the same timeframe as other Chromium based browsers. You can learn more of that timeline in this blog post. Flash will initially be disabled, and the user will need to re-enable Flash on a site-by-site basis; Flash will be completely removed from the browser towards the end of 2020. Group policies are available for enterprise admins and IT pros to change the Flash behavior prior to that date.
For both the in-market version of Microsoft Edge (built on EdgeHTML) and Internet Explorer 11, the current experience will continue as-is through 2019. Specifically, we no longer intend to update either Microsoft Edge (built on EdgeHTML) or Internet Explorer 11 to disable Flash by default. We still plan to fully remove Flash from these browsers by December 2020, as originally communicated.
– Colleen Williams, Senior Program Manager, Microsoft Edge
[Updated to clarify the in-market EdgeHTML/IE experience – Ed.]
This summer, young women in San Francisco and Seattle spent a weekend taking their creative problem solving to a whole new level through the power of artificial intelligence. The two events were part of a Microsoft-hosted AI boot-camp program that started last year in Athens, then broadened its reach with events in London last fall and New York City in the spring. Check out the wrap-up video from the three U.S. events:
“I’ve been so impressed not only with the willingness of these young women to spend an entire weekend learning and embracing this opportunity, but with the quality of the projects,” said Didem Un Ates, one of the program organizers and a senior director for AI within Microsoft. “It’s just two days, but what they come up with always blows our minds.” (Read a LinkedIn post from Un Ates about the events.)
The problems these girls tackled aren’t kid stuff: The girls chose their weekend projects from among the U.N. Sustainable Development Goals, considered to be the most difficult and highest priority for the world.
The result? Dozens of innovative products that could help solve issues as diverse as ocean pollution, dietary needs, mental health, acne and climate change. Not to mention all those young women – 129 attended the U.S. events – who now feel empowered to pursue careers to help solve those problems. They now see themselves as “Alice,” a mascot created by the project team to represent the qualities young women possess that lend themselves to changing the world through AI.
Organizers plan to broaden the reach of these events, so that girls everywhere can learn about the possibility of careers in technology.
Go to Original Article
Author: Microsoft News Center
They’re tiny compared with the giants of the business intelligence space, and some have only been in existence a few years as organizations have widely adopted analytics, but domain-specific BI vendors touting a specialized area of expertise are popping up across the BI and analytics landscape.
Soundcharts, for example, sells an analytics suite for the music business. The Tessitura Network provides business intelligence, among other services, for arts and culture organizations. Flowhub targets the cannabis industry. Sports Alliance, as its names suggests, is geared toward the sports world.
And there are others.
The challenge for domain-specific BI enterprises as they compete for customers against established BI vendors is differentiation, providing a more adapted analytics platform for a narrow audience based on specialization and expertise than those built for general audiences like Microsoft Power BI or Tableau can.
“Bringing analytics back to the reason they exist — it’s about doing business better,” said Dave Menninger, research director of data and analytics research at Ventana Research. “The whole purpose of analytics is to do your job better. The easier we can make it for line-of-business people to do their jobs better, the better we’re servicing industries.”
If domain-specific vendors are able to overcome the hurdle of establishing differentiation, it becomes their advantage.
Dashboards are all essentially similar.
As a user sits at their desk and views charts and graphs and other data visualizations, whether it’s a Tableau or Domo dashboard or one from a domain-specific BI vendor, the look is largely the same.
The difference between what’s on the screen of a ThoughtSpot user — or Power BI, Qlik, MicroStrategy, etc. — and what’s displayed to a Tessitura or Soundcharts user is how the data got to that dashboard.
“The power is in the data model,” said John Jakovich, Tessitura’s vice president of business intelligence.
Tessitura, which beyond offering BI capabilities is at its core a customer relationship management (CRM) provider, stands out in that it’s a nonprofit organization. It began as a result of the New York Metropolitan Opera House’s frustration with ticketing and fundraising inefficiencies, and in 2001 the “Met,” along with six other cultural organizations, launched the Tessitura Network. Since then, more than 650 arts and culture organizations have joined.
“We’ve built reporting into an optimized data model,” Jakovich said.
With a general audience tool, finding the right data is often difficult. Data is everywhere, and the specific information relevant to a museum or art gallery — or marijuana dispensary or high school athletics department — isn’t necessarily easy to locate.
John JakovichVice president of business intelligence, Tessitura Network
Tessitura, because of its narrow audience, can do much of the searching and transforming of data — data munging — in advance before embedding the relevant data into the BI application it provides to its members.
“If you’re not using [a domain-specific] tool you’re spending time munging data,” Jakovich said. “We’ve premunged the data and put a data model on top of it. We’re doing the hard work for them. We’re making it easy for them to do analytics by doing the data preparation.”
Similarly, Soundcharts uses its specialized knowledge of the music business to make analytics easier for industry insiders than can a general-audience BI vendor.
The data used by the music industry is highly specific: it’s how frequently a song is played on the radio, how many times a song is streamed, what region an artist is selling more albums than another, where tickets for an artist sell out in just a few hours compared with where they don’t sell out at all, and more.
It’s not simply sales figures, or operating costs.
“The data we have is not available to grab and put on Tableau,” said David Weiszfeld, CEO of Soundcharts. “If you need to see the number of radio plays for an artist, you need to find a company that has that data. Our platform is not showing data that’s centralized elsewhere.”
Weiszfeld added that while Soundcharts counts many of the music business’ largest companies among its clients, many of its customers are small and medium-sized businesses.
Their employees are not, and don’t necessarily have the financial resources to hire people with those skills.
“Those people just want to see insights,” Weiszfeld said. “They don’t want to create an [application programming interface]. We still do a lot of education on how to use data in music. If you use [a general-audience platform], you already know.”
While specialization provides vendors an entry into analytics, it’s no guarantee of staying power.
There’s a reason Microsoft Power BI, Qlik and Tableau and others have been around as long as they have and have attracted large numbers of customers. They’re good at what they do. And they evolve to meet the needs of potential customers.
The next wave of innovation will likely center around augmented intelligence and machine learning, tools that will help BI vendors better understand the habits of users in order to better get them the data they need.
Domain-specific BI vendors, just as they’re doing now by using their expertise, will have to find a way to remain apart — just as they have to separate themselves from competition within their specialized domain.
“We’re looking into ways AI can augment our CRM,” Jakovich said. “It’s already happening in our industry. Our licensees are engaging with consultants to do predictive models — so how can we premunge data to push those products forward? We’re looking at how to make it easier to facilitate AI projects on behalf of our members.”
Meanwhile, just as Tessitura is embedding relevant data for its users, general-audience BI platforms are embedding data to streamline the user experience.
“All aspects of BI will have to start being more embedded in applications,” Menninger said. “We predict that by 2021 more than half will be. There’s no reason to have analysts for analysis — it should be part of the application.”
Still another challenge domain-specific BI vendors will face is that general-audience BI vendors are starting to offer products aimed at specific domains.
SAP, for example, has a whole suite of analytics tools for the sports world. And the multinational software giant is not alone.
“Coming out of the Salesforce-Tableau merger I think you can expect to see more Salesforce [analytics products] that could be domain-specific,” Menninger said, adding that Qlik has some domain-specific templates.
But just as some general-audience BI vendors are creating tools aimed at niche audiences, it’s possible that domain-specific BI vendors will push back by expanding their areas of expertise.
Soundcharts is still perfecting its data mining of the music business, and according to Weiszfeld there are still types of music data Soundcharts isn’t yet tracking. But perhaps in the future, once it’s done all it can for music industry insiders, it will look at something new.
“Maybe they would transition into supporting the online video industry, and from there digital media and communication,” Menninger said. “They can create a proven business model, and that’s their specialty more than the platform.”
Specialization, just like AI and machine learning from a technological perspective, might be part of the future of analytics.
Maybe, just as some general-audience vendors are starting to offer tools aimed at specific domains, more and more domain-specific BI vendors are going to begin their own operations and target audiences and industries now in their infancy. For example, it might have been hard to imagine a legal cannabis industry in need of analytics 10 to 15 years ago.
Through hyperspecialized expertise, domain-specific BI vendors are showing that they’re able to provide their audiences somewhat better data than general-audience BI vendors — at least for now. So maybe many other vendors will follow them, using specialization as their entryway into a mature market.
“The question is where are the metrics, and are they clean?” Weiszfeld said. “In music, clean data never existed. You want the platform with the cleanest data, things that are relevant only to your industry. If someone is doing the data for all industries — diaper sales, for example — they’re going to get music wrong.”
Then again, maybe, domain-specific BI vendors and general-audience BI vendors will eventually combine forces.
Many of the major BI platforms popular today — IBM’s Cognos, Tibco’s Spotfire and SAP’s BusinessObjects, for example, were once stand-alone companies. Tableau was just acquired by Salesforce, and Looker by Google.
“It has to do with the business model,” Jakovich said. “It’s about getting the zeitgeist of what’s going on.”
Go to Original Article
VMware unveiled new Workspace One features at its annual user conference. Two standouts include Virtual Assistant, which will help to set up a device and answer frequently asked questions, and Employee Experience Management, which can proactively monitor endpoint security.
Workspace One is VMware’s digital workspace product that enables IT to manage endpoints and provide end users access to their desktops and applications wherever they are. The new features include AI capabilities that are designed to help IT and HR get new employees settled faster, as well as better identify potential security issues before they spread throughout the organization.
In this Q&A from VMworld, Shankar Iyer, SVP of end-user computing at VMware, talks about what the new Workspace One features can provide IT, why a zero-trust model is a security must and what customers can expect in the future from Workspace One.
What do organizations need to do at the start to get the most out of the new Workspace One features?
Shankar Iyer: It’s easy for an organization to latch on to it because it’s running in the cloud. The Virtual Assistant piece, we’ve partnered with IBM Watson and our framework will integrate with any NLP [natural language processing] type of programming that organizations use. We’re also seeing in the market the need for these general purpose questions answered, and Watson is a general purpose machine. We thought it was the best starting point from an NLP perspective.
We wanted to build a standard way for these bot frameworks to be able to integrate into our Virtual Assistant product. … But organizations can still customize a lot within Workspace One. Every organization that implements us is different, but there are patterns within industries or types of organizations that can ease that input.
How has the importance of security affected end-user computing?
Iyer: In the old days, the security model was about building this wall and not letting any activity leave the room. Now it’s an open floor: You can go to a company, and sometimes networks are open. Devices come from anywhere. It behooves customers to build this zero-trust security model.
As a result, you’ll need to put up some barriers and gates and that can benefit a platform like Workspace One. You need identity access; you need to establish device compliance and security hygiene. You need to have data collection through every point, and you need this intelligence ability to decode the data in real time and alert you if someone is coming in on a device we haven’t seen before from a place we haven’t seen before, so I’m going to notch up his risk score. If that risk score reaches a point, you can shut off access.
But how do you balance the desire for improved end-user experience with the need for better security?
Iyer: If you implement a zero-trust model you won’t compromise user experience. Because then say an employee comes into a network on a trusted device and, as IT, we’re going to give them the whole experience with no barriers. But through machine learning, if I detect an anomaly, I can start putting up gates. Say you used a friend’s device; the only inconvenience is probably a second login with a login pin. The end user will be OK with that. But if I try to challenge you with dozens of different password logins, that’s when you, as an end user, can get frustrated. It’s progressive enforcement as a need.
The other thing security people are accepting is there’s no way to block everything. Even when a security concern slips through the cracks, with new Workspace One features, it tracks every action that the end user did. The moment you cross a threshold, we can shut off access.
That philosophy of security where you do progressive security boundaries, while not compromising experience by using all this data to fix things when things go wrong, is what we’re going for.
What is VMware looking forward to with Workspace One and what can customers expect?
Iyer: We’re starting to see an adoption of Workspace One features to optimize experience and when we break it down to a new employee’s Day Zero, Day One, Day Two and offboarding, there’s a lot we can do. We can optimize each one of those days and better bridge the physical and virtual world. For example, when you walk into your office, we badge in. Why do that when you have a smartphone? There are capabilities of using those devices as identity.
You’ll see this experience get more automated, and bringing the power of intelligence to IT to make them more productive and adding services, things like ticketing will diminish over time. Those are some areas we can still optimize. To do that, other facets of the platform like zero trust will need to be leveraged.
Go to Original Article
Lenovo has launched its newest ThinkPad laptops, with the goal of providing smarter productivity, connectivity and security for the workforce.
Many of the new features provide updates to already well-known Lenovo laptops for business. The new X1 Carbon runs Intel’s 10th-generation CPU, has an all-day battery life and Wi-Fi 6 connectivity. It is Lenovo’s first commercial platform that is part of Intel’s Project Athena program. Project Athena aims to update PC standards and improve mobile computing by improving battery life, responsiveness, connectivity, charging and security.
Lenovo also updated its commercial lineup, giving the ThinkPad X1 Yoga, ThinkPad X390 and ThinkPad T490 a processor refresh with the 10th-generation Intel Core.
Additionally, Lenovo added ThinkPad L13 and L13 Yoga laptops to its offerings in an effort to provide users with ThinkPad features in a more affordable package.
In order to improve security, all machines now have ThinkShield security features. The HD and IR camera has ThinkShutter to protect users from unwanted eyes. Users also have the option of multifactor authentication using facial recognition through Windows Hello, and there is fingerprint reader.
ThinkPad X1 Carbon
The goal behind the X1 Carbon, according to Lenovo, was to provide a laptop for workers on the go who need a long-lasting battery, responsiveness and the latest connectivity. Full features for the X1 Carbon include the following:
- up to a six-core 10th-generation Intel Core processor that supports 4K content, Wi-Fi 6 and Thunderbolt 3;
- 9 mm thick, starting at 2.4 pounds;
- a variety of 14-inch display options are available, including 500 nit, 10 bit, 4K Dolby Vision-enabled panel or 400 nit FHD display;
- Dolby Atmos speaker system, with two top-firing tweeters and two down-firing woofers;
- four microphones;
- up to 18.5 hours of battery power, with the ability to use Rapid Charge for 80% battery in one hour; and
- Global LTE-A wireless WAN and new Wi-Fi 6 Gig+ option.
The X1 Carbon is expected to be available beginning in September and will start at $1,479.
ThinkPad X1 Yoga
Lenovo aimed to make the fourth generation of the X1 Yoga smaller, thinner and lighter. Full features include the following:
- up to six-core 10th-generation Intel Core processors;
- 5 mm thick and weighs less than 2.0 pounds;
- reinforced Iron Grey aluminum chassis;
- supports all docking products, including the ThinkPad Mechanical Dock;
- up to 18.3 hours of battery, with the ability to use Rapid Charge for 80% battery in an hour;
- Dolby Vision-enabled display and Dolby Atmos speaker system;
- Global LTE-A wireless WAN; and
- integrated with ThinkPad Pen Pro for multimode pen input.
The X1 Yoga will start at $1,609 and is expected to be available beginning in September.
The full list of features includes the following:
- up to i7 10th-generation Intel Core processors;
- 9 mm thick and starts at 3.2 pounds;
- variety of display options, including 500 nit, WQHD Dolby Vision panel and 400 nit FHD display;
- Dolby Audio Premium, with two up-firing speakers;
- dual microphones;
- up to 15 hours of battery on a charge and includes the Rapid Charge feature; and
- Global LTE-A wireless WAN and Wi-Fi 6 Gig+.
The T490 will start at $1,129 and is expected to be available beginning in October.
A full list of features includes the following:
- up to i7 10th-generation Intel Core processors;
- 5 mm thick and starts at 2.8 pounds;
- display options include the 400 nit FHD display;
- Dolby Audio Premium, with two down-firing speakers;
- dual microphone;
- up to 16.8 hours of battery life on a charge, with Rapid Charge feature; and
- Global LTE-A wireless WAN.
The ThinkPad X390 will be available beginning in October, starting at $1,019.
ThinkPad L Series
According to Lenovo, the L13 and L13 Yoga combine enterprise-level performance with a lower price tag. The bezels were designed to be thinner to give the same 13-inch screen size, but in a smaller footprint.
Both laptops feature up to i7 10th-generation Intel Core processors. Its display options include a 300 nit full HD IPS touch display and Dolby Audio Premium with two down-firing speakers. They’re both 17.6 mm thick, with the L13 coming in a hair lighter, starting at 3.1 pounds. The L13 Yoga starts at 3.3 pounds. The L13 also has a better battery life, with 14 hours of productivity compared with the L13 Yoga’s 12 hours. Both feature the Rapid Charge capability.
The L13 and L13 Yoga are expected to be available beginning in October. The L13 will start at $749, while the L13 Yoga will start at $919.
Go to Original Article
A recent healthcare data breach at Massachusetts General Hospital underscores the need for greater transparency when it comes to cybersecurity incidents.
Cybersecurity experts describe MGH’s statement on the breach as being light on details. In its announcement about the healthcare data breach, MGH stated that it is notifying nearly 10,000 individuals of a privacy incident that occurred in research programs within MGH’s department of neurology. The statement said that an unauthorized third party “had access to databases related to two computer applications used by researchers in the Department of Neurology for specific neurology research studies.”
The report provided no insight into how the breach occurred. David Holtzman, a health IT expert and an executive advisor for cybersecurity company CynergisTek Inc., other healthcare organizations that could have potentially learned from the incident.
“Healthcare organizations should consider how their experiences can benefit the larger healthcare industry through greater transparency and sharing of information if they suffer a cybersecurity incident,” he said.
A call for more transparency
MGH and its corporate parent, Partners HealthCare, have invested significantly in information security programs and cybersecurity defenses since 2011, according to Holtzman.
The effort was spurred by a settlement with the Department of Health & Human Services’ Office for Civil Rights related to a 2009 data loss incident. According to the resolution agreement, an MGH employee took home documents containing the protected health information of 192 individuals. The employee left the documents on a train when commuting to work on March 9, 2009. The documents were never recovered.
MGH was charged with a $1 million fine and committed to a corrective action plan to strengthen its information security programs.
It’s MGH’s investment in cybersecurity plus its “good reputation in the healthcare community” that should spur the organization to be more transparent when a cybersecurity incident occurs so that other organizations can learn from the incident and strengthen their own programs, Holtzman said.
He believes details such as whether MGH has evidence that the healthcare data breach was the result of an outside attack as well as the mode of attack would be helpful for other healthcare organizations.
“Was it the type of attack that overwhelmed or pretended to overwhelm the security of the enterprise information system? Was it accomplished through social engineering or an email phishing attack? Or is this the work of a malicious insider,” Holtzman questioned.
Israel Barak, CISO for Boston-based cybersecurity company Cybereason Inc., said MGH sets a high standard for cybersecurity across the healthcare industry, and if it can be breached, CIOs and other healthcare leaders should pay attention.
“This should be an indication to the healthcare industry as a whole that we really need to step up our game. Because if this is what’s happening in an organization that sets the high standard, then what can we expect from organizations that look up to Massachusetts General and try to improve based on their example?” he said.
He was also struck by how long it took for MGH to discover the breach in the first place.
Israel BarakCISO, Cybereason
According to MGH’s statement, the organization discovered the breach on June 24. Yet, an internal investigation revealed that between June 10 and June 16, the unauthorized third party “had access to databases containing research data used by certain neurology researchers,” two weeks before the breach was discovered.
Data breaches happen frequently in healthcare, but Barak said becoming aware that a breach occurred two weeks after it happened is “a standard we need to improve.”
Takeaways from MGH healthcare data breach
MGH’s statement said the affected research data could have included participants’ first and last names, some demographic information such as sex or race, date of birth, dates of study visits and tests, medical record number, type of study, research study identification numbers, diagnosis and medical history, biomarkers and genetic information, and types of assessments and results. The data didn’t include Social Security numbers, insurance or financial information and did not involve MGH’s medical records systems, according to the statement.
The MGH communications department has no further information on the healthcare data breach other than what’s contained in the statement, according to Michael Morrison, director of media relations at MGH.
CynergisTek’s Holtzman said all data that contains personally identifiable information should have “reasonable and appropriate safeguards to prevent the unauthorized use or disclosure of the information.” Any organization handling sensitive personal information should take a risk-based approach to assessing threats and vulnerabilities to enterprise information systems, he said.
“Take the results of the risk analysis and develop a plan to mitigate and identify threats and vulnerabilities to reduce the risk to sensitive information to a reasonable level,” he said.
Barak said it’s a given that healthcare security systems will get breached, “but the bigger question is, how quickly and how efficiently we can recover from something that happened. What is our cyber resiliency?”
Go to Original Article
Hybrid cloud solutions provider Unitas Global said it is expecting an uptick in VMware Cloud on AWS migrations ahead, but noted migrations continue to pose problems.
According to the Los Angeles-based company, which provides cloud infrastructure, managed services and connectivity services, VMware Cloud on AWS has gained traction among enterprise clients with extensive VMware-based legacy infrastructure. Those legacy environments in the past have proved difficult to migrate, but VMware Cloud on AWS has smoothed the journey.
“[VMware Cloud on AWS] has given us a path to migrating legacy environments to cloud with less friction,” said Grant Kirkwood, CTO at Unitas Global.
VMware Cloud on AWS has also drummed up customer interest for its disaster recovery capabilities, which can provide significant cost reductions compared with traditional enterprise DR infrastructure. “We are seeing a lot of interest in this particular use case,” he said.
Despite its benefits, however, Kirkwood has found that VMware Cloud on AWS migrations can be problematic for some customers. The biggest challenge usually stems from enterprises’ often complexly interwoven environments. As enterprise environments evolve, they tend to amass lots of hidden dependencies, which can break during cloud migrations, he said. “So no matter how much planning you seem to do, you pick up a database or middleware application and migrate it to the cloud, and [then] five other downstream [apps] break because they were dependent on that and it wasn’t known,” Kirkwood said.
A report from Faction, a Denver-based multi-cloud managed service provider, cited cost management (51%) as the top VMware Cloud on AWS usage challenge, followed by network complexity (37%) and AWS prerequisites (27%). Faction’s report, published in August, was based on a survey of 1,156 IT and business professionals.
VMware poised for multi-cloud opportunities
While enterprise multi-cloud adoption remains in its early stages, Kirkwood said VMware has been successfully redeveloping its portfolio for when it matures.
Each of the leading public cloud providers are trying to differentiate themselves based on their unique capabilities and services, he said. For the most part, enterprise customers today haven’t even scratched the surface of Google, AWS and Microsoft’s rapidly expanding menus of services. As enterprises gradually embrace more public cloud services, “being able to leverage all of them across a common data set [will be valuable] for companies that are sophisticated enough to take advantage of that,” he said.
According to Kirkwood, Google Cloud Platform (GCP) excels in AI and machine learning tooling that can be applied to large data sets. GCP is also “very competitive in large-scale storage,” he noted. Meanwhile, AWS has developed powerful analytics and behavioral tooling. Microsoft, though it “has probably the least sophisticated offerings,” provides “the path of least resistance for Microsoft-centric workloads.”
“What I think is going to be interesting to watch is how VMware adapts what they are doing to provide value across that much broader spectrum of [public cloud] services as they gain popularity,” he said.
- Insight Enterprises, a technology solutions and services provider based in Tempe, Ariz., has completed its acquisition of PCM Inc., a provider of IT products and services. The deal expands Insight’s reach into the mid-market, especially in North America, and adds more than 2,700 salespeople, technical architects, engineers, consultants and service delivery personnel, according to the company.
- Iland, a hosted cloud, backup and disaster recovery services provider, said it is reaching “a broader audience of enterprise customers” through a growing network of resellers and managed services providers. SMBs had been the traditional customer set for the company’s VMware-based offerings. The Houston-based company also said it has expanded its channel program. The program provides a partner portal for training, certification and sales management; a new data center in Canada for regional partners in North America; and an updated Catalyst cloud assessment tool.
- MSP software vendor ConnectWise launched an organization that aims to boost cybersecurity among channel partners. The Technology Solution Provider Information Sharing and Analysis Organization, or TSP-ISAO, offers its members access to threat intelligence, cybersecurity best practices, and other tools and resources.
- Accenture disclosed two acquisitions this week. The company acquired Northstream, a consulting firm in Stockholm that works with communications service providers and networking services vendors, and Fairway Technologies, an engineering services provider with offices in San Diego; Irvine, Calif.; and Austin, Texas.
- Ensono, a hybrid IT services provider, launched a managed services offering for VMware Cloud on AWS and said it has achieved a VMware Cloud on AWS Solution Competency.
- Sparkhound, a digital solutions firm, said its digital transformation project at paving company Pavecon involved Microsoft Office 365, SharePoint, Azure SQL Database and Active Directory. The project also drew upon Power BI for business analytics and PowerApps for creating mobile apps on Android, iOS and Windows, according to the company.
- US Signal, a data center services provider based in Grand Rapids, Mich., unveiled its managed Website and Application Security Solution. The offering builds upon the company’s partnership with Cloudflare, an internet security company, according to US Signal. The managed website and application security offering provides protection against DDoS, ransomware, malicious bots and application layer attacks, the company said.
- Cloud communications vendor CoreDial rolled out its CoreNexa Contact Center Certification Program. The program offers free sales and technical training on the vendor’s contact center platform.
- Security vendor Kaspersky revealed that more than 2,000 companies have joined its global MSP program. Kaspersky launched its MSP program in 2017.
- Service Express, a third-party maintenance provider based in Grand Rapids, Mich., has opened an office in the Washington, D.C., area. The company specializes in post-warranty server, storage and network support.
Market Share is a news roundup published every Friday.
Go to Original Article
Customer retention platform CleverTap has collaborated with mobile consultancy Phiture to create a new acknowledgement, interest and conversion framework to better understand customer interactions.
To enable app companies to understand the depth and intensity of user interactions, the framework categorizes levels of user activity into one of three tiers of engagement: acknowledgment, interest or conversion (AIC), with conversion holding the highest value. CleverTap intends the customer experience analytics framework to help marketers improve user retention strategies and move customers from the acknowledgement layer through to the conversion layer.
With the AIC framework, marketers can recognize which in-app activities contribute the most to revenue growth. Marketers can choose which customer activities trigger classification into which layer for their specific app.
For the acknowledgement layer, triggers might include launching the app, opening an app-generated email or interacting with push notifications. Interest triggers include activity with more intent, but not quite at conversion yet, like sharing in-app links, scrolling through a news feed or moving through different pages within the app.
The conversion layer triggers include activities that suggest users are committed to the app and have taken actions, such as making a purchase, booking a flight, posting a message to a news feed or completing a level in a game.
Gartner noted customer engagement center interaction analytics as a top priority in its 2019 Hype Cycle for Customer Service and Customer Engagement report. According to Gartner, visualizing the customer journey and predicting customer behavior are essential abilities of service leaders and agents to bolster customer experience and, ultimately, company growth.
CleverTap and Phiture’s framework competes with products such as Google Analytics, Adobe Analytics, Mixpanel and Smartlook that also offer tools and dashboards that break down customer interaction and provide insight for better marketing.
CleverTap claims that typical dashboard metrics such as daily active users and monthly active users are not enough to see a clear picture of engagement and don’t provide actionable insight. The AIC framework incorporates the relative value of actions to inform user engagement strategy, according to Phiture.
The AIC framework accounts for the fact that users may not stay within one level and may move from interest to acknowledgement, or vice versa, or may even exist within multiple layers; tracking this movement in addition to activity contributes to informing and improving campaign strategies, according to the vendors.
Go to Original Article