Salesforce to use AI to boost your sales, marketing, and customer service efforts

Salesforce launched its Einstein Analytics app portfolio on Thursday, leveraging artificial intelligence (AI) to boost the analytics capabilities available to users on its CRM platform. According to a press release, it will help find new insights and recommend “actions to accelerate sales, improve customer service and optimize marketing campaigns.”

Customers already have access to some analytics tools in Salesforce, but Einstein Analytics is supposed to weave AI into those tools so that they provide more effective results. Analytics are more “important than ever before,” the release said, and the new offering could help users improve their approach, without having to write the algorithms themselves.

“With Einstein Analytics, every CRM user can now see not only what happened in their business, but why it happened and what to do about it, without requiring a team of data science experts,” Ketan Karkhanis, general manager of Salesforce Analytics, said in the release.

SEE: The Complete Machine Learning Bundle (TechRepublic Academy)

Some of the apps in the portfolio are specific to roles in areas like sales, customer service, and marketing, the release said. These apps measure a set of key performance indicator (KPIs) that are specific to that role, in order to help the user do their job more effectively. For example, apps specific to marketing professionals will offer certain actions to take to improve a campaign, based on the data presented, the release said.

Salesforce also launched Einstein Discovery, which provides “actionable AI” to users. Einstein Discovery checks the validity of trends in data, explains how it identified the trend, and walks users through next steps they can take to act on it, the release said. After looking at sales data, for example, Discovery can identify what factors most impact the closing of a deal, and how that varies by location and more, the release noted.

As reported by ZDNet’s Larry Dignan, business users can also build their own models in Discovery in order to glean insights from their data.

In order to help its users get started working with analytics, the release said, Salesforce has also released 12 online learning courses to build out user knowledge of Einstein Analytics. Additional apps in the Salesforce AppExchange provide professionals with a way to boost the power of Einstein Analytics as well, the release said.

Einstein Discovery is available now, starting at $75 per user, per month. Custom Einstein Analytics Apps, also available now, cost $150 per user, per month to start. More pricing information is available here.

The 3 big takeaways for TechRepublic readers

  1. Salesforce’s new Einstein Analytics app portfolio wants to add additional AI power to the platform’s analytics tools, making it easier for businesses to get real insights.
  2. Some Einstein Analytics apps geared toward sales, customer service, and marketing are built around the KPIs for those segments.
  3. Salesforce also launched an “Actionable AI” tool called Einstein Discovery, which allows users to build their own models for data analytics, among other features.

Blockchain: The smart person’s guide

The blockchain is powerful technology that enables Bitcoin, Litecoin, Dogecoin, and other virtual currencies to be open, anonymous, and secure.

The code also empowers countless innovations beyond cryptocurrency. The blockchain is a database of details about every Bitcoin transaction. Often referred to as a “public ledger,” the log contains metadata about when and how each transaction occurred. The ledger is publicly accessible through APIs and torrent sites. To prevent tampering with current and past transactions, the database is cryptographically secured. Encryption allows developers to trust the transaction history and build applications from and around transaction information.

SEE: Three ways encryption can safeguard your cloud files (Tech Pro Research report)

Because the blockchain can be confusing, TechRepublic has compiled this guide to help business technology professionals get up to speed quickly. Blockchain innovation iterates rapidly, so our “living” guide will be continuously updated to help provide the most contemporary information about the technology.

Executive summary

    • What is the blockchain? The blockchain is a cryptographically secure index of every Bitcoin transaction. Blockchain technology is also used to enable a number of public and private virtual currencies, such as Litecoin and Ethereum.
    • Why does the blockchain matter? Over time, cryptocurrencies like Bitcoin may fade in and out of fashion. The blockchain is intended to provide a tamper-proof record of transaction metadata, regardless of transaction type.
    • Who does the blockchain affect? Everyone who spends money. Bitcoin evangelists argue that because blockchain-based currencies are based on code, not governments, the code is more reliable and fair than traditional monetary systems.
    • When is the blockchain happening? The blockchain and Bitcoin were coded and released to the public in a white paper by mysterious developer Satoshi Nakamoto in 2008. The currency hit the mainstream in 2012 and peaked in value in 2013.
    • How do I access the blockchain? The blockchain API is available at blockchain.info, and can be downloaded using Bittorrent (a similarly named but unrelated technology) on most major torrent sites.

    SEE: All of TechRepublic’s smart person’s guides

    istockstockphotoastur.jpg

    What is the blockchain?

    The blockchain is a record of every Bitcoin transaction. The name comes from the method by which Bitcoin is unlocked and available to be mined by the public. The code releases nodes in 1 MB chunks, or “blocks,” approximately every 10 minutes. Every coin, and every transaction related to each coin, is logged. Because the blockchain is available to anyone and contains metadata similar to a bank statement, the code is often referred to as a “public ledger.” The database is cryptographically secure and the chain is reliable and can be used to develop applications and protocols that require transparency and complete security.

    The primary advantage of money—like dollars, euros, and Bitcoin—is that the currency is understood by everyone, yet can be controlled by individuals or institutions. The blockchain, and Bitcoin, offers the additional benefit of transparency. Code, rather than a government, dictates the supply of Bitcoin. In the summary for his white paper Nakamoto explained:

    [Bitcoin is] an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they’ll generate the longest chain and outpace attackers.

    Additional resources

    blockchainprotocol.pngblockchainprotocol.png

    Why does the blockchain matter?

    Virtual currencies offer an alternative to government-issued money. These currencies are exchanged like cash for goods and services. They can also be converted easily by a number of services for traditional currency like dollars, pounds, and euros. Because transaction information is obfuscated, cryptocurrency enables legal, extralegal, and illegal behavior. Using Bitcoin, it’s easy to buy pizza, train tickets, stolen data, drugs, and weapons.

    WATCH: Has Bitcoin inventor revealed his true identity? (CBS News)

    The blockchain is, in theory, future-proof and can be used by private companies and individuals to build private financial networks. This means that a large enterprise could build a financial system internally for use by employees or external vendors. Though most countries require tax to be collected from income, taxing company-to-company virtual currency transactions is tricky.

    The blockchain can also be used as an identity system. Onename and Keybase use the blockchain to generate verifiable identification, like a national ID or driver’s license.

    Additional resources

    Who does the blockchain affect?

    Corporations, small businesses, and individuals all need to be aware of the blockchain. Because the blockchain allows financial transactions to occur anonymously, the technology has empowered the growth of questionable, sometimes illegal, behavior. In recent years ransomware has become a popular method of extorting consumers. Black markets have exploded in popularity. These markets exist on the Dark Web and allow hackers to buy and sell stolen data, zero-day exploits, drugs, weapons, and humans. The United Nations, the FBI, and other law enforcement agencies attempt to track illicit Dark Web transactions, but Bitcoin-based markets continue to flourish.

    Well-funded startups also use the blockchain. Because the blockchain is data-rich, secure, and offers unprecedented transparency the code can be used as the building block (pun intended) for numerous modern, and future, technologies and startup companies. Etherium, for example, is a blockchain startup that helps enterprise companies develop private chains and private currencies. Mycelium builds physical point-of-sale systems and debit cards for cryptocurrency.

    Additional resources

    When is the blockchain happening?

    The blockchain has been available since 2008 and is employed now by millions of users. The great irony of the blockchain is that while Bitcoin transactions can be anonymous, every transaction is logged and can be viewed in a simple web browser. Blockchain.info streams real-time transaction information and contains copious information about personal coin exchanges, Dark Web uses, real-estate firms, and even music streaming services that rely on the blockchain to verify media ownership rights.

    Additional resources

    How do I access the blockchain?

    The most common method of accessing the blockchain is by using the API, located at https://blockchain.info/api. The API defines several types of calls, including transaction details, wallet creation, storage methods, and current Bitcoin market and trading data.

    The chain is a multi-gigabyte (and growing) file and can be downloaded locally, using BitTorrent. It’s updated daily and can be downloaded as a torrent or magnet file.

    Ubuntu 17.10: Finally, an exciting Ubuntu release

    ubuntuhero.jpg

    The days of the boring Ubuntu releases are over.

    The release of Ubuntu 17.10 was going to be the final iteration to include the ousted Unity desktop interface. Instead of following the pattern Ubuntu has held since it attempted to bring convergence to the Linux desktop, Canonical is going to jettison its in-house desktop earlier than originally scheduled. That means the next release of Ubuntu will be the first in years to bring about some major change. That change comes by way of the one-two punch of GNOME Shell and Wayland. You read that correctly…where Ubuntu had been pushing hard for Unity 8/Mir, they’ve scrapped them both and are going with an environment already proven to work well.

    This should be exciting news to the Ubuntu faithful who jumped ship due to either a distaste for Unity or frustration over stagnant development.

    The idea of replacing X.org with Wayland is long overdue. Ubuntu 17.10 will offer the Wayland session along with an X.org session so you can select which one, but my guess is Wayland will be the only X server with the 18.04 release. Even so, the fact that Ubuntu is bringing about these changes one release earlier than expected should be a clear sign that Canonical has finally opened its eyes to what their user base wants and needs.

    SEE: Ubuntu Linux: Go from Beginner to Power User (TechRepublic Academy)

    Already smooth

    I’ve tested the daily build of Ubuntu 17.10, and it’s slicker than any release to come from Canonical in a long time. Why? GNOME.

    I was a fan of Unity for a very long time. I truly enjoyed and relied upon a couple of features (namely the HUD and the Dash), but saw that the Unity desktop, as a whole, was quickly falling further and further behind. GNOME has managed to become one of the most solid and smooth desktops on the market—hands down. Seeing GNOME as the default Ubuntu interface makes one feel that things are as they should be in the world of Ubuntu, and that their new vision can be trusted (Figure A).

    Figure A

    Figure AFigure A

    Which version of GNOME will ship with Ubuntu 17.10?

    It is unclear which version of GNOME will ship with Ubuntu 17.10. My up-to-date daily build currently runs GNOME 3.24.2. In September 2017, GNOME 3.26 will be released, and that iteration is important because it will bring really important features to GNOME, including:

    • GNOME Usage, a new app that will display the host system’s current resource usages.
    • A new sharing framework that will make use of portals for sharing files across social networks.
    • GNOME Photos will finally be able to import photos from digital cameras.
    • The Seahorse application for storing passwords and keys will be replaced by a more modern app.
    • Non-integer HiDPI scaling, which means support for Apple retina displays will be rolled in.
    • A new UI that will allow the creation of recurring events.
    • Todoist integration.
    • Control Center redesign.
    • Quarter window tiling.

    My guess is GNOME 3.26 will not make its way into Ubuntu 17.10; it could arrive in the 17.10.1 update.

    What GNOME means for Ubuntu

    The best thing to come from Ubuntu dropping Unity and picking up GNOME is a two-way street of evolution. Not only will the Ubuntu distribution benefit from having a desktop that is developed by top-notch programmers around the globe, but GNOME will get input from the Ubuntu developers, as well as the branding that comes with Ubuntu. This is a win-win for both sides, and it’s a situation that will go a very long way to continue improving GNOME, which will have the added benefit of improving Ubuntu.

    SEE: How Mark Shuttleworth became the first African in space and launched a software revolution (PDF download) (TechRepublic)

    It may not seem like much, but…

    We’ve seen Linux distributions released with far greater new feature lists, though I cannot think of a more important release within the last five years. Ubuntu returning to its GNOME roots will bring about a significant shift in the distribution landscape.

    I’m expecting great things to come of Ubuntu. Now that Canonical can put the “boring releases” behind it, what was once the darling distribution of the Linux community can finally start to evolve at the speed of imagination.

    How to develop tech talent internally to fill gaps in your workforce

    Enterprises struggling to find candidates to fill tech roles should turn to internal training to fill talent gaps, Jared Faris, vice president of technology and solutions at technology consulting firm HMB, told TechRepublic at the recent Code PaLOUsa developer’s conference in Louisville, KY.

    “The biggest challenge we face as a company is finding good mid- and senior-level developers and other tech professionals,” Faris said. “We end up having to hire a lot of college grads and grow them into that level.”

    Companies having a hard time finding tech talent should create a mentor program and work with more junior team members to create a talent pipeline from within, Faris said.

    At HMB, the first six months of the mentor program is an investment, with team members learning new skills quickly, Faris said. At the six month to one year point, they begin creating value for the company, but still need the advice of senior leadership to grow and avoid pitfalls. By the two to three year mark, however, they are usually performing extremely well on their own, Faris said.

    “To get the best people, you need a culture of innovation and training—good people pull good people in,” Faris said. “It takes investment—you have to think of people as your resource that you’re going to invest in, and spend time and energy growing them, or else they’ll go somewhere else to do something more interesting.”

    061317jaredfarisalison.jpg

    Why hiring managers must look beyond first impressions to find the best employees

    image-2.png


    In the business world, it’s no secret that appearance matters. From posting your best profile photo on LinkedIn to assembling a professional wardrobe for job interviews to donning your sharpest suit for a client meeting, it’s widely understood among professionals that first impressions carries weight.

    But just how much weight?

    According to Alexander Todorov, psychology professor at Princeton University, a quick glance makes us instantly differentiate between “who looks like a good guy and who looks like a bad guy.” In his new book, Face Value: The Irresistible Influence of First Impressions, Todorov argues that we make “too much out of too little information”—and that this carries serious consequences.

    Todorov’s research shows that people form quick impressions—within milliseconds—about a person’s character based on their appearance. Not only that, but we all (mostly) come to the same conclusions. And these conclusions play into how we respond to someone in the workplace.

    So, how can business leaders overcome bias in hiring and promotion? TechRepublic spoke to Todorov about some important factors to consider when making decisions about potential employees.

    Do your homework

    Todorov conducted a series of experiments that showed that impressions of a candidate’s face mattered in elections. Political candidates that had facial features that made them appear more trustworthy, in other words, were more likely to be deemed fit for leadership. This finding was not influenced by prior knowledge of a candidate’s background. And, in fact, the less people knew about a candidate’s history, the more likely they were to rely on quick judgments. “It really works for those who know next to nothing about politics,” said Todorov. “These are the guys who are really influenced by appearance.”

    The takeaway? Learn as much as possible about someone’s actual qualifications before making a decision about whether they would be a good fit for a position.

    Understand gender and racial bias

    Faces alone don’t predict our impressions—race and gender are also important factors. And, in many ways, those characteristics can supercede the power of the face.

    “The moment you categorize the person as belonging to a specific gender or a specific race,” said Todorov, “all kinds of stereotypes come into play that might change the nature of the impression.”

    Unfortunately, since the sample sizes for female and African-American CEOs are so small, it’s difficult to do research in this area. Still, when African-American CEOs were studied, it turned out that “they tend to have more baby-faced appearance,” said Todorov. “The story is that this kind of goes against the African-American stereotype. You need to have a particular face as an African-American to succeed at this kind of hierarchy or these sorts of positions.”

    The good news for women, said Todorov, is that feminine faces are perceived as more trustworthy. The bad news? If you are judging for competence, you look for attractiveness, but also masculinity and dominance—features typically attributed to male faces. “That suggests that when it comes to these impressions, on average, there’s a hidden gender bias,” he said.

    screen-shot-2017-06-14-at-10-59-08-am.pngscreen-shot-2017-06-14-at-10-59-08-am.png

    Men, said Todorov, can appear trustworthy and dominant, or untrustworthy and dominant. In other words, the two characteristics are unrelated. But women face a unique obstacle: “For women, dominance and trustworthiness are highly negatively correlated,” said Todorov. “If you have a dominant-looking woman, people are going to perceive it as untrustworthy.

    “Clearly, this is kind of a bad stereotype, right?”

    Have an explicit strategy

    The Boston Symphony Orchestra is a good case study of how much appearance really matters when judging performance. When blind auditions were introduced in 1952 to increase participation of women in the male-dominated orchestra, almost 50% of the women made it past the first audition. More recent research from the Harvard Kennedy School shows that “the transition to blind auditions from 1970 to the 1990s accounts for a 30 percent increase in the proportion female among new hires and possibly 25 percent of the increase in the percentage female in the orchestras.”

    Introduce blind audition, said Todorov, and “that suddenly changes the nature of the game, and you have an influx of women.” Still, there was a catch—the women had to remove their shoes to avoid stereotyping. As it turns out, even a slight indication of a woman’s heels can be enough reason to downgrade her performance.

    SEE: 10 tools to help your company improve diversity

    In tech, which is notoriously male-dominated, it’s more complicated than blind interviews. “It already starts in middle school, where boys are more likely to go into STEM fields, and then the culture would be different that sort of might be more conducive to kinds of male types of behaviors,” said Todorov. “But if you want to remove these biases, the best is to judge based on performance.”

    If you want to recruit women, he said, create an explicit strategy, including a targeted search. Multiple companies have cropped up in recent years offering solutions such as blind coding tasks and anonymous interview capabilities.

    “If you’re really serious and you’re a good employer, and you want to get the best employees,” said Todorov, “you need to look beyond appearance.”

    57% of executives trust AI security systems ‘as much or more than’ humans

    Enterprises are turning to artificial intelligence (AI) to fight a growing cyber threat landscape, according to the 2017 Executive Application & Network Security Survey from security firm Radware. Some 81% of executives said they have implemented automated solutions for security, while 57% said that they trust these AI systems as much or more than human security professionals to protect their organizations.

    Two in five executives (38%) said that they expected automated security systems to be the primary tool for managing cybersecurity efforts within the next two years.

    “Businesses have to fight fire with fire,” said Carl Herberger, vice president of security solutions at Radware, in a press release. “Today’s threat actors continue to build highly automated and adaptive tools, like the Mirai and Hajime botnets. These attacks can wreak catastrophic damage to a network. Executives that aren’t yet fighting these new dynamic threats with continuously adaptive attack detection and mitigation capabilities are putting their organization at risk.”

    Increasing concerns over cyber attacks that disrupt business have moved security to a CEO- or board-level issue for 85% of companies, according to the report. Some 62% of executives rate security as an “extremely important” priority—up from 53% last year.

    SEE: Information Security Management Fundamentals (TechRepublic Academy)

    istock-644545376.jpg

    Security is the no. 1 driver of digital transformation efforts in organizations, Radware found. Nearly half of executives (47%) cited improving information security as a major goal of their digital transformation projects. And three-quarters of these professionals said that cybersecurity concerns were “critical” in shaping business digital transformation efforts.

    In terms of coming security threats, executives reported that they expect the largest issues to come from network infrastructure (27%), followed by Internet of Things (IoT) devices (22%), and energy/power infrastructure (21%).

    In the event of a cyberattack, executives said their top business worry was a negative customer experience, followed by brand reputation loss, operational and customer loss, and revenue loss.

    “Executives are scrutinizing the gaps in their security like never before, taking a more active approach to defending their customer experience and avoiding the brand damage that hackers can cause,” said Anna Convery-Pelletier, chief marketing officer at Radware, in the release. “Today’s educated consumer is keenly aware of security – as customer experience is now closely tied with reputation management and data protection. Consumers therefore use these critical parameters as the basis for their decision to do business with a company.”

    The 3 big takeaways for TechRepublic readers

    1. Executives are increasingly turning to artificial intelligence (AI) security solutions to protect their organizations, with 81% of executives implementing more automated solutions for security, according to a new Radware report.

    2. Some 57% of executives said that they trust these AI systems as much or more than humans to protect their organizations.

    3. Cybersecurity concerns have been elevated to a board-level issue in most organizations, and are the no. 1 driver of digital transformation efforts, the report found.

    Hybrid IT leads the way in HPE’s revamped business strategy

    futureit.jpg

    When I see a hardware vendor offering help in transitioning to a new operating model, I can’t help but think of a piano company trying to sell an upright piano as a complement to a radio. As an industry shifts, it’s difficult for an incumbent to transform.

    SEE: Why HPE Discover is the company’s last opportunity to tell its story and prove its value (TechRepublic)

    At both Dell EMC Word and HPE Discover, the major themes revolved around digital transformation and hybrid IT. I’ve found the messaging odd. Incumbent hardware vendors have the ear of the CIO. Both HPE and Dell EMC are well positioned to tell the stories of how their products and services help provide the foundation of hybrid IT. In an effort to better understand HPE’s story, I attended HPE Discover and queried HPE on their hybrid IT offerings. Here’s a look at their updated strategic vision.

    Hardware at the core

    In an earlier post, I questioned the vision of the new HPE. I didn’t understand the value the new organization offered to enterprises without the large services, software, and end-user computing. During the recent HPE Blogger Talks within HPE Discover, the HPE product teams made the strategic vision of the organization a little bit more clear.

    At HPE Discover, HPE focused on making hybrid IT easier via a high value consulting arm rebranded Pointnext. Their composable infrastructure concept powers their data center and edge offerings—both of which remain core to HPE’s product focus.

    Hardware is a core capability of HPE. Research products such as The Machine show their leadership in the space. The Synergy enclosure platform, alongside the technologies acquired via the purchases of SimpliVity and Nimble, show how HPE is continuing to strengthen the foundation of their hardware offering. In short, HPE has hardware covered, but it still needed to explain its services and software offerings.

    Pointnext consulting

    HPE has rebranded HP Technical Services (HP TS) to Pointnext. Pointnext is the same services organization HPE offered before the acquisition of EDS, and it focuses on project-oriented engagements.

    HPE Pointnext has had a good deal of experience with private cloud and public cloud integration. Before the HP Inc and HPE split, I spoke with the team responsible for delivering the Helion Cloud solution. Much of the work in delivering the OpenStack-based Helion Cloud relied on customized work from project to project. HPE’s position remains similar in that much of the work involved in hybrid cloud relies on custom work from customer to customer.

    Customers looking to integrate public cloud services with public cloud platforms will need white glove professional services until standards and management solutions mature. HPE believes Pointnext is positioned as well as DXC and Accenture to provide these tailored services.

    Software strategy

    Software is one of the most difficult transitions for hardware vendors to make in revamping their products to support hybrid IT. Before the 2017 HPE Discovery event, much of HPE’s hybrid IT strategy focused on their composable infrastructure marketing term. Composable is another term for software-defined, and HPE’s Synergy Chassis is the foundation of HPE’s composable infrastructure technology. HPE retrofitted OpenView to manage Synergy and future composable infrastructure. While Synergy fills a need for scalable private cloud hardware, HPE still had a gap to address in cloud management.

    HPE plans to fill the cloud management gap with project NewStack. Similar to The Machine research project, NewStack isn’t a single project or simply a vision for the future. NewStack takes HPE’s learnings from Synergy and Helion to offer a single view into hybrid IT infrastructure. However, HPE didn’t provide a roadmap for the release of NewStack-based products.

    HPE wants the shed the image of an organization that sells boxes for that of an organization that sells solutions. HPE sees hybrid IT as a full stack solution with hardware as the foundation of the on-premises vision. Synergy and OpenView enable software-defined management of the on-premises assets, while Project NewStack provides the integration point for the HPE-powered data center and public cloud.

    Those critical of HPE’s strategy call out that HPE is primarily a hardware vendor. HPE’s organization is built to sell hardware. However, HPE is out to prove that hardware manufactures best understand how hybrid IT comes together.

    10 ways to immediately improve workstation ergonomics

    endopackistock-517831703.jpg

    A safe and healthy work environment is a productive work environment. All enterprises, regardless of their size or the nature of their business, should strive to create an ergonomically sound workspace for all employees—it’s just good for business. Poor ergonomic practices can lead to lower productivity and in extreme cases physical injury, which is obviously bad for business.

    However, no matter how well an enterprise designs a workspace, it is the responsibility of each employee to make sure they are using good ergonomics at their own workstation. All the fancy chairs, desks, and equipment in the world is not going to help an employee who slouches or slumps awkwardly at their desk.

    Here are 10 ways to create a healthy, productive, and ergonomic working environment. For a comprehensive look at ergonomics, check out the Occupational Safety and Health Administration’s website.

    These tips will concentrate on office settings, but many of the general principles apply to other types of work as well.

    SEE: Is tech killing workplace productivity?

    1. Good working posture

    Whether employees are working on the factory floor or in the corporate office, the number one ergonomic priority is establishing a good working posture at their workstation. They should be able to sit or stand in a neutral body position with a relaxed posture that requires no stressful angles or excessive reaching to complete tasks.

    Office workers should sit with hands, wrists, and forearms that are straight, inline, and parallel to the floor. The head should be level, facing forward with no turn to the left or right, and generally be in line with the torso.

    Standing at the workstation is also recommended and potentially ergonomically sound, assuming employees stand straight and their arms and wrists remain in the neutral position. Standing is a good counterpoint to sitting for long periods.

    aergonomictips.pngaergonomictips.png

    2. Adjustable chairs and desks

    To encourage good posture and the neutral body position, enterprises should purchase high-quality adjustable chairs, furniture, and equipment. The more positions a chair and desk can adjust to, the more they can be tailored to the individual using them. When it comes to ergonomics, one size most definitely does not fit all.

    3. Proper display height and distance

    Monitors and other display devices should be placed at eye level with the individual using them. Viewing a display should not require straining of the neck nor squinting of the eyes. Ergonomics dictates that individuals not be required to turn their neck to the left, right, up, or down to view a display. This principle applies to individuals with the conventional single monitor and power users employing multiple displays as well.

    4. Keyboard and mice position

    While often ergonomic afterthoughts, the proper keyboard and mouse configuration is just as important as posture when it comes to neutral body positioning. If individuals are reaching for the mouse at a bad angle or have to violate the inline parallel rule for elbows and wrists, they are going to lose neutral positioning. Reaching for input devices can lead to excessive fatigue, and after lengthy exposure, injury.

    Keyboards and mice should be placed where they can be accessed without breaking any of the neutral positioning rules. In addition, both devices should be tailored for the person using them. This may require adjustable devices or perhaps different devices for different users. Flexibility is the key.

    5. Reducing repetitive movement

    In an enterprise setting, most musculoskeletal disorders (MSDs) are caused by repetitive motion. Even if an individual applies perfect ergonomic principals, repeating the same motion over and over is going to cause stress and eventually lead to injury.

    The best way to combat this problem is by changing tasks. Doing something else and performing a different movement—even for a relatively short length of time—will reduce the potential for injury on the tissues under stress.

    When changing the task is not possible, individuals should periodically change the neutral positioning they are using. For example, in an office setting, individuals can change from the upright sitting position to standing, reclined sitting, or declined sitting. Changing the angle should be just enough to change the musculature used for the task at hand.

    6. Standing up and moving around

    For office workers, this is perhaps the most important tip in the list—get up and move around. It is just that simple. Once an hour, workers should stand up and take a few minutes to walk down the hall, get a drink, look out the window, anything that gets them out of their chair.

    Employers and managers who discourage this ergonomic technique are flat out wrong-headed. Remember, a healthy work environment is a productive work environment.

    7. Environmental setting

    Often overlooked when discussing ergonomics is the overall working environment. Proper lighting, temperature, humidity, and conveniences are ergonomic essentials.

    Lighting should not cause glare on computer screens, which means that many workplace settings should be equipped with softer light systems. Lighting that is good for reading printed material is not necessarily the best lighting for computer displays.

    Temperature settings are a bit trickier since each individual preference differs, but every attempt should be made to maintain a temperature that is comfortable for as many people as possible. To prevent MSD injuries in particular, colder temperatures should be avoided.

    8. Looking around

    Looking at a computer display all day long can cause noticeable eye fatigue. To reduce the stress on the eyes, workers should systematically look away from the monitor every 10 to 20 minutes or so to focus on something more than 20 feet away. The clock on the wall, the tree outside the window—anything will do. Changing focus to something in the distance will cause the eyes to adjust and give the close-in focus muscles a chance to relax.

    9. Ergonomic accessories footrest, headsets, document holder, and ball

    Over the years, office equipment suppliers have developed ergonomic accessories to help enterprises and individuals improve their workspaces. Smaller individuals may benefit from a footrest when workstation desks are not adjustable, for example.

    Those who are required to talk on a phone all day will require a headset to free their hands and save their neck. Individuals required to read printed documents are likely to need a document holder, preferably adjustable, and perhaps task lighting as well. Some individuals swear by the benefits of a balance ball chair.

    When it comes to office equipment, enterprises should do whatever is reasonable to make workstations as healthy and ergonomic as possible.

    10. Getting help

    When all else fails, individuals and enterprises trying to establish sound ergonomics practices should seek professional help. Larger enterprises should have an ergonomics policy and a person tasked with enforcing it. Employees should contact that person for help with their workstation.

    If such a person is not available, employees should talk to a manager or supervisor to request adjustable equipment or accessories that can help them create a more ergonomic workstation. For enterprises lacking expertise in the area of ergonomics, it might be advantageous to hire a consultant who can make suggestions. In the long run, it may be a small price to pay for increased productivity and better (less expensive) employee health.

    Mobile workers

    The modern enterprise working environment is a mobile one. For employees working at mobile locations, formal ergonomics may not be possible. However, even a mobile workforce should take steps to improve the ergonomics of their temporary workspace.

    They should look for a space that allows them to sit or stand in a neutral position and try to find a space with a comfortable temperature and decent lighting. Those working from mobile locations should follow as many of the ergonomic principles as they can. After all, if they don’t do it, who will?

    ClearOS is no Windows Small Business Server, but it’s a cost-effective solution

    clearoshero.jpg

    Small business data centers often rely on unique solutions to typical problems. Why? Cost savings. Many times, the pinching of pennies comes easily by way of the Linux platform. Within the Linux world, you’ll find a number of outstanding server software that can help to power your business in ways you may not have considered.

    The problem with small businesses making use of Linux can often come by way of complexity in deployment. Although Linux has come a long way with regards to user-friendliness, there can sometimes be an added layer of complexity when we’re talking about server software. This extra learning curve is very often easily overcome by anyone with a moderate level of IT skills. And for anyone that has used Linux before, it is generally a no-brainer. But for those in need of a data center solution, without the benefit of a high-level IT expert on hand, where do you turn?

    One solution is ClearOS. What is ClearOS? According to their own marketing material:

    “ClearOS is a simple, open, and affordable operating system with an intuitive graphical web-based user interface and an application marketplace with over 100 apps to choose from, with more being added every day. Leveraging open source software, you decide what applications you need and only pay for the applications and support you want.”

    But does their PR material hold up? Is ClearOS something you could use for your small business? I kicked the tires of the ClearOS Community edition to find out.

    Editions

    Notice I said Community edition. What does that mean? ClearOS offers three flavors of their platform:

    To find how each edition differs, check out the ClearOS feature matrix here.

    Installation

    There’s really no need to go through the installation process for ClearOS, as it is incredibly simple. If you’ve ever installed Linux (or an operating system period), you won’t have any problem with ClearOS. Using VirtualBox, I had a ClearOS virtual machine up and running in about 20 minutes (which included post-install wizard and platform updates). Once you’ve completed the base install, the post-install wizard, and the updates (all done from within an incredibly well-designed web interface), you are ready to start adding apps from the ClearOS Marketplace, which is where the platform really shines.

    Adding apps

    Let’s take a look at the process of adding applications to your ClearOS server, as this will demonstrate just how easy this ecosystem is to use. Once you’ve taken care of the initial setup, you will find yourself on the ClearOS Marketplace Getting Started page (Figure A).

    Figure A

    Figure AFigure A

    On this page (which is actually the ClearOS Marketplace Wizard), you need to select how you would like ClearOS Marketplace apps to be displayed. There are four options:

    • By Function displays apps according to task
    • By Category displays groups of related apps
    • Quick Select File allows you to select pre-configured templates to get you up and running quickly
    • Skip Wizard allows you to skip the ClearOS Marketplace Wizard

    Select the option that best suites your needs and then click the Next button. You will then have the opportunity to walk through the selection of apps/services to install on your ClearOS server (Figure B).

    Figure B

    Figure BFigure B

    App choices include:

    • Directory Server
    • Microsoft Active Directory Connector
    • 1-to-1 NAT
    • Custom Firewall
    • DHCP Server
    • DMZ
    • DNS Server
    • Dynamic DNS
    • Dynamic VPN
    • OpenVPN
    • Gateway Antiphishing
    • Antivirus
    • Intrusion Detection
    • Content Filter Blacklist
    • RADIUS Server
    • Web Access Control
    • Web Proxy Server
    • Google Apps Account Sync
    • IMAP and POP Server
    • BackupPC
    • Remote Data Backup
    • Dropbox Sync
    • Plex Media Server
    • ownCloud for Business

    Some of the apps are free, whereas some do have an associated cost. Go through the listing of available apps to see if any of the apps/services meet your needs and fit your budget. Once you’ve selected all the apps you want to install, click Next, review the install list (Figure C), and click Download and Install.

    Figure C

    Figure CFigure C

    The apps and services will install and prompt you to update the Navigation Menus. When prompted, click that button and then click Next. At this point you are ready to configure your custom dashboard. If you don’t want to bother with customizing the dashboard, click Use Default and you’re ready to go. The default dashboard allows you to select (using drop-down menus) what you would like to appear in the dashboard. You can also, at this time, begin to configure the apps/services you just installed.

    One thing that was quite impressive was how easy ClearOS made setting up the LDAP service. Normally this process can be quite the headache, but ClearOS found a way to make it as painless as possible.

    Its true purpose

    One thing you will not find on ClearOS is the means to create an environment to mimic, feature for feature, that of a Microsoft Small Business Server or its successor Windows Server. So if you’re looking to serve up apps like MS Office, via Terminal Server, you’re out of luck. That’s okay, because you can always install the Dropbox app for free and make use of their Paper server. That, of course, is no real alternative for a full-featured office suite. But that’s not really the point of ClearOS (at the moment), as this is less a productivity server and more a business-class server that can help to protect and expand your small business network. In other words, if you’re looking for an incredibly simple to setup and manage firewall, VPN, DNS, DHCP, and all-round general network appliance, ClearOS is exactly what you want. If you’re looking for something to replace an MS SMB, look elsewhere.

    Maybe, in the future, ClearOS will see to it to connect the likes of Collabora Online (LibreOffice on line), so that it could better compete with the likes of Windows Small Business Server. Until then, make use of ClearOS as your small business network appliance go-to.

    Report: 10 trends in application security that will impact your cyberdefense strategy

    On Tuesday at Infosecurity Europe 2017, web and mobile application security testing company High-Tech Bridge released a first-quarter report on application security trends. The report drew from data collected on the ImmuniWeb Application Security Testing Platform and High-Tech Bridge’s free web security services, as well as other open sources.

    Here are the main findings:

    1. No end in sight for “Bug Bounty fatigue”

    According to the report, “9 out of 10 web applications in the scope of a private or public bug bounty program, running for a year or longer, contained at least two high-risk vulnerabilities undetected by the crowd security testing.”

    Because understanding these bugs involves thorough research from crowd security testing platforms, which are paid for catching flaws, attackers often look first to newcomers to the market—often the most vulnerable. However, as illustrated by the fact that no one entered Google’s Project Zero Prize, researchers are not likely to pursue projects for which they are not paid. To discourage researchers from sticking to this “easy-money” strategy, Qualys and BugCrowd joined up to employ researchers in the industry.

    SEE: How to develop a bug bounty program (TechRepublic)

    2. Enterprises are still vulnerable to breaches via mobile backends

    A great majority of mobile apps in banking and retail—83%—have a mobile backend (web services and APIs) that is susceptible to a security breach, according to the report. These vulnerabilities mostly arise from inadequate authorization measures. The report says that “various injections, mainly represented by SQL and XML injections, are also quite common, aggravated by a frequently missing WAF on the mobile backend.”

    3. Mobile applications are not as vulnerable to risks as the hype suggests

    According to the report, nearly all vulnerabilities in mobile app code—95%—are not susceptible to a major breach. The most common vulnerability is “insecure, or cleartext storage of sensitive or authentication data on a mobile device,” the report stated. After that, the next most popular susceptibility is “insecure, or otherwise unreliable, components used in the application code putting mobile phone privacy at risk.” Mobile communications are also vulnerable, and must be secured with a mobile backend, (APIs and Web Services), in order to prevent sensitive data to be intercepted.

    4. IoT devices’ web interfaces and panels are at risk

    The Internet of Things (IoT) is another area rife with security risks: According to the report, “nearly all (98%) of web interfaces and administrative panels of various IoT devices had fundamental security problems.” Among these include hardcoded and unmodifiable admin credentials, outdated software (such as web servers) without any means to update it, lack of HTTP traffic encryption, and several critical vulnerabilities in the interface.

    SEE: How the DoD uses bug bounties to help secure the department’s websites (TechRepublic)

    5. Humans represent a weak link in DevSecOps

    In two-thirds of companies with a DevSecOps strategy, at least one critical vulnerability was discovered due to human error, such as a secure web app being located on a database backup or easily-discovered location, the report stated. According to the report, “the bigger the organization is, the more complicated it is to prevent such incidents, as numerous data and process owners change their decisions and requirements much faster than IT has time to properly adopt them, following internal processes.”

    6. Most popular vulnerabilities: XSS, CSRF and information disclosure

    The Open Web Application Security Project (OWASP)’s Top Ten vulnerabilities still include these three as major risks for the enterprise, the report stated. In the financial, insurance, and retail industries, they are lower risk—accounting for around 60% of flaws. According to the report, “thorough and mature security testing, greater security awareness, compliance and regulatory requirements in these industries can probably explain this disparity.”

    SEE: Job description: Security Architect (Tech Pro Research)

    7. Vulnerabilities such as XSS are more difficult to catch

    Some 53% of simple flaws from the OWASP Top Ten, according to the report, cannot be found by tools like vulnerability scanners and other fully automated solutions. “For example, many [at a first glance] simple XSS flaws require a valid client ID or Google’s reCAPTCHA, or is only reproducible with a long set of other valid HTTP parameters. Moreover, complicated authentication systems (e.g. using 2FA and session expiration in case of abnormal behavior) preclude vulnerability scanners from testing the authenticated part of the applications.” In other words, humans should always been in the loop when it comes to securing web applications.

    8. Web server security needs to get tougher

    Only 2.4% of global web servers are fully implementing “a Content Security Policy (CSP), various security-related HTTP headers and other options of web server security,” putting them at risk, according to the report.

    9. Web application firewalls (WAF) still can’t guard against high-end flaws

    The report shows that “22% of SQL injections in web applications protected by a commercial WAF were fully exploitable (i.e. allowing to extract sensitive data from the database). However, 58% of these vulnerabilities were partially exploitable (e.g. show SQL server version or user) using different WAF bypass techniques.”

    However, a majority of cases (88.7) showed that “various types of complicated improper access control, chained vulnerabilities and flawed application business logic were not detected, and thus remained unremediated by WAFs,” the report stated.

    10. The growth of HTTPS encryption reliability is slowing down

    More than 2.2 million unique web security server tests were conducted using High-Tech Bridge’s free SSL/TLS server test in June. These tests mostly demonstrated that web servers had strong security measures—64.4% received an “A.” Still, growth is slow: This figure represents only 0.2% and 0.1% of the growth over the last six months. Countries with the most secure web servers, in terms of HTTPS configuration, are the US, Germany, France, Netherlands and the UK.