Tag Archives: data

Cloud Computing And Banking Security

Individuals which still worry about cloud security, are those that fall under the financial institution category like banks, brokers, lenders and the like. They do not trust third party cloud computing providers and vendors, at least not with their most sensitive information and data. They might use cloud computing for some things like websites and applications that they think they can risk security with, but they would never consider parting with direct access of their financial and other similar data.

The biggest reason behind this is simpler than most would imagine as it has something to do with numbers and probability, thought they probably would not admit it is something as basic as that and would rather cite some technical issue like migration and data integrity. Those are valid points, but they are not truly even problems. With ease and security of data migration through cloning and inter-server data transfers with services like Cloud Velocity, migration is truly a no pain no worry process. The real reason as I have said is the probability of a successful attack. Government systems and financial data systems are under attack multiple times a day, and a sizeable majority of these fail at the first lines of defense. The probability of a successful attack is always real, and this probability of success increases as the number of attempts increases.

When data systems reside behind closed and secret doors, very few people will be able to access it, never mind knowing about it. However, the moment that data resides in the cloud, a sign bearing the words “Step right! Take your chance to earn millions of dollars!” goes up as well; it is inherently an invite to all attackers of all skill levels to at least try. Inevitably the success of an unscrupulous individual/s will prevail. A basic analogy would be to keeping a jar of cookies on a high table when there are a lot of kids around as opposed to keeping it out of reach and out of sight inside the cupboard.

In this case, it’s not a matter of technology but a matter of probability. No matter how advanced your security measures are men can open locks that are made by other men, it is best to keep those that try to a minimum.

Source: http://www.cloudtweaks.com/2013/02/cloud-computing-and-banking-security/

Did you like this? Share it:

Data Integration is Key Tech Need in 2013

In the past few years, many marketers have tested multiple kinds of campaign management tools, and that has created a multitude of unwieldy data silos.

“Marketers are struggling with integration issues,” says Michael Della Penna, senior vice president, emerging channels, Responsys. “They’re looking for a solution that can collect critical social data and make it actionable.”

This means that integrated solutions will be a key area for tech spending, says Della Penna, who notes that 2011 was very much a testing phase for social media.

“It wasn’t unusual to talk to a brand that has three campaign management tools in place, testing which is the best tool for them,” he says, noting that many tools initially just focused on one specific area, like email or social listening. “But by the end of 2012, many of these tools started morphing and increasing their offerings to increase revenue by account.

Now, brands are realizing that they don’t need three of the same thing, and will look to consolidate into the one that best meets their particular needs.

Where else will marketers focus their  tech budget dollars this year?

Orchestration will be key in 2013, says Della Penna. “All of the different channels [available] have created issues—customers are seeing different voices in different channels, and brands need to be creating messages in a more coordinated way, timed to where the consumer is in the buying process.”

Tied into this is optimization and responsive design, considering how customers experience things in different channels and making sure emails are rendered properly for viewing on a multitude of devices, he adds.

Optimizing systems to deliver localized targeting will also be a key area, as marketers try to take advantage of locally relevant social data. “A lot of social data is unstructured, so the challenge is making this data useful in campaign development.”

Marketing automation has provided amazing results for many firms, and there is a trend to extend that beyond email into other channels, such as display, where what ads are pushed to website visitors can be automated based not only on behavior but whether the prospect has already converted.

“We can pull those who have converted out of market so clients are not wasting money trying to contact them,” he says, noting that display has been making a comeback. “There’s a huge interest in display retargeting, building strategies that are different between known and unknown users for contextually relevant offers.”

On the mobile front, there is a renewed interest in technology to enable SMS. “It’s the workhorse of mobile, and brands are now coordinating it with other channels for things like notifications about product availability or confirming purchases,” says Della Penna. “There’s particular interest in tools to push relevant offers such being able to leverage [the iOS application] Passbook to push out a coupon.”

Is getting C-level buy-in for marketing tech expenditures becoming easier? Della Penna thinks so. “The CMO and CTO relationship is changing. There is rarely a situation where we don’t have IT involved at some point in the buying cycle, and all disciplines are working more closely together.”

The way B2B and B2C firms are looking at marketing tech isn’t all that different, he adds. “The scale just varies. In B2B there may be more of a focus on live events and face-to-face but it’s all about focusing on knowing the customer better and then reaching them at the right touch points.”

Source: http://chiefmarketer.com/database-marketing/data-integration-key-tech-need-2013

Did you like this? Share it:

Data breach? Virtual bounty hunters will hunt it down

Security expert Dan Clements is building a virtual "lost and found" box for data, a concept he hopes companies suffering from data breaches will embrace to find out just how bad the damage is.

Clements launched his startup, called CloudeyeZ, last September. He has since been nurturing an idea he says could save companies money by getting a better handle on how much data they’ve lost.

"There aren’t a lot of solutions for companies that are hacked," Clements said.

CloudeyeZ in California has a few different services. It works with freelance computer security consultants around the world who specialize in infiltrating forums, for example, that trade in stolen credit card and bank account details.

"We are virtual bounty hunters," Clements said.

If a bank suspects it has been hacked, it could give CloudeyeZ a sample of the data believed to have been stolen, such as a Bank Identification Number (BIN) which identifies a bank associated with a credit or debit card. CloudeyeZ investigators report back where it was found, and leaves the next action to the bank, Clements said.

Contacting law enforcement is sometimes "a last resort" when companies are trying to assess what was hacked, Clements said. The stolen data often isn’t identified, and the perpetrators — many who are likely to live outside the U.S. — are unlikely to be prosecuted.

He envisions CloudeyeZ as a step before contacting law enforcement, where companies can get a grasp on what is lost and figure out the least expensive way of handling it.

CloudeyeZ is building a database called the Blind DB to store small bits of text and numbers, which could be matched with lost data. Only vetted parties would have access. CloudeyeZ hopes law enforcement agencies will eventually contribute stolen data so it can be matched with organizations hit with a data breach, Clements said. CloudeyeZ doesn’t hold all of the data it finds, as it would rather direct people to where the data is actually hosted.

CloudeyeZ is also experimenting with posting bits of information to Twitter: one of the latest cryptic clues revealed is "52082XXX24,5013,110,33617, wesley, IT guy."

The company also has an escrow arrangement where it acts as a middle-man between a finder of information and its seeker, collecting 20 percent of the reward money. CloudeyeZ provides a sample of the suspected stolen data to its bounty hunters, who then search the underground, contacting their own informants for more information.

In one case, a bank paid a reward for finding some of its intellectual property, Clements said. How does an organization ensure it isn’t buying its own property back from the thief? It doesn’t, Clements said.

"It’s up to them how they want to handle that batch of property," Clements said. "We don’t make a judgement call on how the property got out into the cloud. It could be stolen, but we are not going to make that judgment. We are hired by the owner to retrieve it, no questions asked."

Clement said CloudeyeZ is still an edgy concept, but one ready for a post-hack realm. There are so many young males using keyboards as the equivalent of an AK-47 firearm, he said.

"They can get into almost anything," Clements said.

Source:http://www.infoworld.com/d/security/data-breach-virtual-bounty-hunters-will-hunt-it-down-195882

Did you like this? Share it:

Amazon is No. 1. Who’s next in cloud computing?

Amazon Web Services is, by all accounts, the largest cloud service provider by far, although good luck finding third-party numbers to verify that. Amazon, like most of the big cloud providers, doesn’t disclose much about current or planned data centers.

New research from Accenture analyst Huan Liu estimates that Amazon’s Elastic Compute Cloud (EC2) runs on a whopping 450,000 servers. Amazon does not break out AWS revenue, but some say it could already be a billion dollar business.

So, stipulating AWS as No. 1, here are seven cloud rivals that could give it a run for its money over the next few years.

1: Rackspace: While Rackspace encompasses managed services and pure hosting businesses, it’s also a major cloud provider with actual, paying customers.  Measuring by revenue and VMs, Rackspace currently has a lock on the No. 2 slot by a wide margin, said Gartner analyst Lydia Leong. As one data point, Rackspace public cloud revenue rose to $189 million in fiscal year 2011, up from $100M the previous year. Going forward, that business should only grow as Rackspace brings more OpenStack implementations online.

2: Google: If you’re talking number of physical servers, Google could already be the biggest cloud player. As for paying customers? That’s harder to discern. Google is one of the few companies that can (and does) invest in the pure computing firepower to contend with AWS. If you count all that Google Apps and Gmail storage, then Google’s obviously a huge player. The Google App Engine platform-as-a-service is still around but isn’t a factor for business developers.

3: Microsoft: Two-year-old Windows Azure has big capacity, but actual traction is unclear — but it is clear Microsoft is going for the gusto. Microsoft just launched an Azure-focused startup accelerator in Israel to help boost demand. Next week, it is expected to announce timing for the first of its ERP products — actually the first of any of its major products — to run on Azure. And, going forward, Microsoft Azure’s embrace of Hadoop could attract more of the next-generation big-data workloads that the cloud vendors compete for.

4: IBM: IBM SmartCloud is coming up fast on AWS and Rackspace even now, according to one cloud storage expert. That news surprised me but probably shouldn’t have, given IBM’s size and resources. And face it: IBM knows data centers. Like Microsoft, it is bringing Hadoop into its cloud with its InfoSphere BigInsights service.

5: Hewlett-Packard: HP’s been all over the map on cloud plans, promising an Azure-based implementation a few years ago that has gone nowhere and more recently standing up an OpenStack-based public cloud. Zorawar “Biri” Singh, SVP for HP cloud services, told the New York Times last week that HP’s cloud will add features and capabilities beyond what AWS provides.  HP has also said it wants to challenge AWS for the hearts and minds of cloud developers. HP has had its share of woes lately, but it’s still a tech power, and provided the cloud is a priority with new management, it would be hard to rule out.

6: VMware: VMware’s vCloud already runs a ton of clouds for third-party providers, and the company’s Cloud Foundry platform-as-a-service is gaining traction. All of that plus the Mozy cloud storage service, which VMware manages for parent EMC, means that the company — which dominates server virtualization inside the firewall — is gaining a pretty impressive toehold in the cloud beyond as well.

7: Facebook: Don’t laugh. It’s a wildcard, but Facebook is putting serious sweat into data centers. And it’s applying lessons learned to the Open Compute Project, which aims to apply open source development to hardware design. With more than 800 million users, Facebook knows a thing or two about cloud infrastructure. True, Facebook doesn’t offer cloud services now, but then again, Amazon used to just sell books. Facebook could evolve into many things. GigaOM’s Derrick Harris has already suggested that Facebook could be your next software vendor.

Source: http://gigaom.com/cloud/amazon-is-no-1-whos-next-in-cloud-computing/

Did you like this? Share it:

What kind of automated testing does Facebook do?

We do several kinds of testing. Some specifics:

  • For our PHP code, we have a suite of a few thousand test classes using the PHPUnit framework. They range in complexity from simple true unit tests to large-scale integration tests that hit our production backend services. The PHPUnit tests are run both by developers as part of their workflow and continuously by an automated test runner on dedicated hardware. Our developer tools automatically use code coverage data to run tests that cover the outstanding edits in a developer sandbox, and a report of test results is automatically included in our code review tool when a patch is submitted for review.
  • For browser-based testing of our Web code, we use the Watir framework. We have Watir tests covering a range of the site’s functionality, particularly focused on privacy—there are tons of "user X posts item Y and it should/shouldn’t be visible to user Z" tests at the browser level. (Those privacy rules are, of course, also tested at a lower level, but the privacy implementation being rock-solid is a critical priority and warrants redundant test coverage.)
  • In addition to the fully automated Watir tests, we have semi-automated tests that use Watir so humans can avoid the drudgery of filling out form fields and pressing buttons to get through UI flows, but can still examine what’s going on and validate that things look reasonable.
  • We’re starting to use JSSpec for unit-testing JavaScript code, though that’s still in its early stages at this point.
  • For backend services, we use a variety of test frameworks depending on the specifics of the services. Projects that we release as open source use open-source frameworks like Boost’s test classes or JUnit. Projects that will never be released to the outside world can use those, or can use an internally-developed C++ test framework that integrates tightly with our build system. A few projects use project-specific test harnesses. Most of the backend services are tied into a continuous integration / build system that constantly runs the test suites against the latest source code and reports the results into the results database and the notification system.
  • HipHop has a similar continuous-integration system with the added twist that it not only runs its own unit tests, but also runs all the PHPUnit tests. These results are compared with the results from the same PHP code base run under the plain PHP interpreter to detect any differences in behavior.

Our test infrastructure records results in a database and sends out email notifications on failure with developer-tunable sensitivity (e.g., you can choose to not get a notification unless a test fails continuously for some amount of time, or to be notified the instant a single failure happens.) The user interface for our test result browser is integrated with our bug/task tracking system, making it really easy to associate test failures with open tasks.

Source: http://www.quora.com/What-kind-of-automated-testing-does-Facebook-do

Did you like this? Share it:

Performance Test Environment and Performance Test Scripts

Know the Test and Production environment
The actual target production environment of the System Under Test needs to be studied by the Performance Test Engineer. The performance test strategy should contain the details about the target system environment on production. The Performance Test Engineer should know the deployment architecture of the application in the target production environment and must educate the development team to setup a similar test environment to run the performance tests. There could be a huge difference in the system performance on test and production environment as both environment uses different hardware platform to deploy the application. The Performance Test Engineer always need to identify the system configuration details of the server machines in the target environment like the number of CPUs, CPU capacity (clock speed), RAM capacity, and disk capacity, free space available in the disk, NIC card capacity and network bandwidth. These details needs to be identified before scheduling the performance test and should be documented in the test plan document for future reference.

Load Generators
The load testing tools are normally used to create the required load on the server. This can be done using the Load Generators. For example, when the performance test tool is configured to simulate 10 Virtual users then the tool generates 10 threads or process (depending on the configuration setting of the tool) which sends the client requests to the server as per the recorded think time intervals available in the test script. The system should have enough hardware resources (CPU and Memory) to handle the running threads. The number of virtual users to be produced from a machine depends on the hardware capability of the machine. If a low configuration desktop is used for load generation, then not more than 15-20 virtual users should be produced. If a high end server is used for load generation, then about 1000 virtual users could also be produced as long as enough hardware resources are available in the system. For example, In case of testing of SAP applications, the virtual users that can be produced from an individual machine become very limited.

Test Data Generators
During the performance tests, most of the time the test environment might not have the required database records as in the target production database. The target production database volume or projected data volume needs to be studied and accordingly the test environment needs to be populated with the required number of records. Depending upon the complexity of the test data, it could be done either by the Performance Test Engineer or DBA.

Real time versus Virtual user Mapping
Though Performance testing is conducted for the target number of user load, it’s Performance Test Engineer’s responsibility to assure that each simulated virtual user is equivalent to the real time user, only then the load generated on the server could be realistic. For applications which have the real time usage history (moving to production environment for second time or later), the server load (requests handled per second) during the peak traffic hour needs to be compared with the server load created on the server during the performance test. This helps to confirm the load simulated during performance test is realistic.

Source: http://www.vietnamesetestingboard.org/zbxe/?mid=download&category=166350&document_srl=319211&listStyle=&cpage=

Did you like this? Share it:

ETL & Data Test Guidelines for Large Applications

QA Guidelines for Data Warehouse Quality Verification

This document describes testing guidelines and steps for verifying data, ETL processes, and SQL during the construction, unit testing, system and integration testing of an application’s data warehouse operational tables and data mart.

1.) Verify and Maintain the Data Low Level Design (LLD)

A first level of testing and validation begins with the formal acceptance of the logical data model and “low level design” (LLD). All further testing and validation will be based on the understanding of each of the data elements in the model.

Data elements that are created through a transformation or summary process must be clearly identified and calculations for each of these data elements must be clear and easily interpreted.

During the LLD reviews and updates, special consideration should be given to typical modeling scenarios that exist in the project. Examples follow:

1. Verify that many-to-many attribute relationships are clarified and resolved.

2. Verify the types of keys that are used: surrogate keys versus natural keys.

3. Verify that the business analyst / DBA reviewed with ETL architect and developers (application) the lineage and business rules for extracting, transforming, and loading the data warehouse?

4. Verify that all transformation rules, summarization rules, and matching and consolidation rules have clear specifications.

2.) Analyze Source Data Before & After Extraction to Staging

Testers should extract representative data from each source file (before or after extract to staging tables) and confirm that the data is consistent with its definition; QA can discover any anomalies in how the data is represented and write defect reports where necessary. The objective is to discover data that does not meet “data quality factors” as described in specification

3.) Verify Corrected, Cleaned, Source Data in Staging

This step works to improve the quality of existing data in source files or “defects” that meet source specs but must be corrected before load.

4.) Verifying Matched and Consolidated Data

There are often ETL processes where data has been consolidated from various files into a single occurrence of records. The cleaned and consolidated data can be assessed to very matched and consolidated data.

Much of the ETL heavy lifting occurs in the transform step where combined data, data with quality issues, updated data, surrogate keys, build aggregates, are processed.

5.) Verify Transformed / Enhanced / Calculated Data to Target Tables

At this stage, base data is being prepared for loading into the Application operational tables and the data mart. This includes converting and formatting cleansed, consolidated data into the new data architecture and possibly enhancing internal operational data with external data licensed from service providers.

6.) Front-end UI and Report Testing Using Operational Tables and Data Mart

7.) Operational Table and Data Mart: Build Sanity Test

8.) Sanity Test: Exit and Suspension Criteria

Source: http://www.vietnamesetestingboard.org/zbxe/?mid=download&category=17246&document_srl=595418&listStyle=&cpage=

Did you like this? Share it:

Understanding Configuration Management (CM)

Configuration management plays a vital role in information security of your computer system. Initially, when you first look at information security you would not think of configuration management. However, you need to have an understanding of what items are being protected in order to offer the best security for them. Normally it is more of a challenge to put into operation a good configuration management for an established business than it is for a brand new organization, where you can build from base upwards. Unfortunately, when companies are setting up their computer systems and IT system levels do not take into consideration the extreme importance of implementing a configuration management system.
It can be possible to set up a configuration management process that will align directly with your current IT data retrieval system already in place in your company. This makes it easier for you to have the strongest configuration for the business and results in better security of the data present.

Configuration Management
An important aspect of configuration management is to have clear goals and objectives that you want to obtain with the configuration management. Once you have the goals and objectives set up, the next step is to create methods that will accomplish the objectives.
One recommendation is to begin using a simple objective and modify it to fine-tune it for your particular environment. For instance, your company could basically begin with a hardware and software configuration, data location and data owner.
In preparation for your specific company’s configuration management development it is important to follow a few basic configuration management ground rules.

Source: http://www.vietnamesetestingboard.org/zbxe/?mid=download&category=51883&document_srl=478821&listStyle=&cpage=

Did you like this? Share it:

Store Information technology to keep Details

Retail shop is really a put that buzzes with some other routines in each and every driving hour. In view of which the project is it being sustained an incredibly improved pace, maintaining the details of the appropriate transactions gets to be just out of the question to manage. In that way it can be essential for a shop proprietors to choose full price information technology providers which lowers the prospect of problems in information technology details of the a store.

The providers made available from the full price information technology professionals develop into all the more important notably if you experience a continuing move of income and constant orders taking place in the full price suppliers. Make your best effort, it can be needed to have workers who is able to keep a keep track of of the personal routines which can be conducted.

The cpas who cope with the full price orders are successful more than enough not only to take care of and operate the money in the ideal fashion and also WinZIP report all big and small personal information. The cpas confirm the blog posts converted to the novel of balances from just about every perspective stage. By way of example, what sort of all round buying and selling was held along with various charges? In which there exists a setting for charge-cutting? In that way they assure a perfect and appropriate full price information technology system.

Source: http://www.embracenews.com/legal/store-information-technology-keep-deals-and-details-approximately-date/

Did you like this? Share it:

Top six trends to drive market for software testing in 2012

Companies around the world invest more than $50 billion per year on applications testing and quality assurance, according to Pierre Audoin Consultants (PAC).

Research firms such as IDC and Forrester report a five-year compound annual growth rate (CAGR) of 15.4 percent with spending reaching nearly $19.3 billion by 2015 on testing services alone.

The following 6 trends are in the software testing industry tower:

1) Mobility Application Testing

2) Testing-as-a-Service

3) Cross cloud testing

4) Business Intelligence Testing

5) Crowd sourced Testing

6) Testing catalyzed through test data generation and management

Source: http://www.techjournalsouth.com/2011/11/top-six-trends-to-drive-market-for-software-testing-in-2012/

Did you like this? Share it: