Demands from the cloud fuel hard drive innovation [Byline]

The hard drive is dead. Long live the hard drive!

The cost of NAND flash has dropped precipitously in the last decade, and tape still wins in cost per bit, but hard disk drives (HDDs) continue to rule the data center.

The focus has moved from the individual PCs to scaling the data center with purpose-built hard drives that have their own attributes and with more consideration being given to total cost of ownership (TCO). Energy consumption measured by watt per terabyte is also an important attribute as it plays into TCO and trends toward sustainability.

Read my full story for Fierce Electronics.

Gary Hilson is a freelance writer with a focus on B2B technology, including information technology, cybersecurity, and semiconductors.

5 ways to prepare for PIPEDA’s updates [Byline]

If getting your IT systems to support privacy legislation is your jam, you’re going to love the latest update to the Personal Information Protection and Electronic Documents Act (PIPEDA). Better yet, you can apply your experience meeting the General Data Protection Regulation (GDPR) to your PIPEDA compliance efforts.

Changes to PIPEDA regulations

Like GDPR, Canada’s new privacy breach notification rules were in the works for some time, thanks to amendments to PIPEDA by the Digital Privacy Act. Taking effect November 1, the new rules mean organizations must to notify individuals and Canada’s Privacy Commissioner of all security breaches that could result in a “real risk of significant harm” to an individual. They apply to any organization, except in Quebec, Alberta and British Columbia, which all have their own privacy legislation.

Another pending change to PIPEDA the finalized consent guidelines, released by Office of the Privacy Commissioner of Canada in May. This update also has similarities to GDPR, as it provides guidance on the collection, use, or disclosure—collectively, processing—of the data subject’s personal information. PIPEDA’s “Guidelines for obtaining meaningful consent,” set out both mandatory and suggested steps for organizations. These updates take effect in January 2019.

Latest PIPEDA principles follow in GDPR’s footsteps

If you recall your GDPR prep, you’ll also recall PIPEDA compliance wasn’t enough to meet the demands of the European Union’s legislation that was designed to protect privacy of their citizens regardless of geography. But a culture of privacy protection works in your favour. Just as your PIPEDA compliance was good prep for GDPR, the PIPEDA amendments should be easier to wrap your head around now that you’re GDPR compliant.

These updates impact your IT team, but you’ll need to collaborate across the organization for effective PIPEDA compliance. Security, legal and communications staff all need to be on board. Protecting privacy isn’t just about technology, it’s a mindset, so you’ll need a executive champion to lead and maintain the necessary culture shift in the organization.

But if you want to boil down the latest PIPEDA compliance requirements into a plan of action, here are five things you should do:

  • Know your data: PIPEDA and GDPR both require that you understand how a person’s person data flows through the organization—how it’s collected, how it’s moved, how it’s stored, and most of all, what it’s being used for. You need to map all personal and sensitive data, and you might want to consider not collecting unnecessary data—once you have it, you’re responsible for safeguarding it.
  • Revise policies and procedures and create new ones: GDPR required new ways of thinking, and the PIPEDA update specifically requires a process to notify data subjects of a breach—again, just like the European legislation. Beyond that, you need to think about how it affects your business processes that involve data collection, such as marketing and customer onboarding.
  • Automate where possible: Privacy protection is dependent on good information security practices, which today can no longer depend on people alone. Just as good security takes advantage of artificial intelligence, machine learning, the embedded features of a modern operating system, and smart devices that can help protect against threats, you need be proactive and not reactive, and embrace privacy by design. You should have an information management system that can track breaches, just as you would with any other IT issue.
  • Run fire drills: Like any disaster recovery and data protection plans, you should periodically test your breach response plans to make sure everyone plays their part should a breach occur because it’s not a matter of if, but when. You want your breach response process to be by the book, so you can minimize risk and potential litigation.

Privacy has been the new normal since the initial inception of PIPEDA, but it’s a landscape that continues to evolve—the legislation was intended to be reviewed every five years since being introduced more than 15 years ago. What’s most important to remember with these latest updates is that PIPEDA compliance is a mindset and protecting sensitive data needs to be part of your organization’s culture. Thinking about privacy intentionally will help you stay compliant in the long run, no matter how regulatory frameworks or legislation evolve.

Gary Hilson is a freelance writer with a focus on B2B technology, including information technology, cybersecurity, and semiconductors. A revised version of this article was published on Tektonika Canada.

Flash File Fragmentation Needs A Fix for Automotive [Byline]

Gone are the days of having to manually defrag your hard drive because it’s done automatically, and flash doesn’t experience file fragmentation. Or does it?

It may be that your smartphone is running slow because it can’t keep up with software updates and bloating, but that its flash storage is experiencing file fragmentation. Joel Catala, director of Embedded Solutions at Tuxera, said that contrary to popular belief, fragmentation can significantly affect performance of a flash device. Recent research suggests that as flash storage hardware gets faster, the software I/O stack overhead is an I/O performance bottleneck, he said in a telephone interview with EE Times. It’s not the flash or the controller responsible for the bottleneck.

Read the full EE Time story.

Gary Hilson is a freelance writer with a focus on B2B technology, including information technology, cybersecurity, and semiconductors.

Face the cybercrime prevention challenges of 2018 head-on [Byline]

Consider the first half of 2018 a learning experience in cybercrime prevention. All that’s needed is a tiny vulnerability for hackers to worm their way in. But if there’s one key lesson to take home, it’s that having a handle on your endpoints, such as your printers through managed print services, can improve your security posture.

Last year was the worst year to date for cyberattacks, but the chief security officer of BlackBerry predicts 2018 will be worse. And when the CSO of a tech company best known for secure communications raises the alarm, you should listen.

IT security is taking a beating

Cybercrime is big business, and 2017 was a good year for those making a living as threat actors.

The Online Trust Alliance, an arm of the non-profit Internet Society, release its 2017 Cyber Incident and Breach Trend Report in January, which found that breaches in storage of personal data and cybercrime incidents hit a record high globally. Among the high-profile victims were Equifax Inc., with a massive breach affecting the personal data of 100,000 Canadians, as well as 145 million Americans; Uber waited until 2017 that 57 million of its driver and rider records were held ransom by hackers in 2016; and, Yahoo! revealed that its 2013 breach was far worse than originally reported, ultimately affecting three billion accounts.

In 2018, the hits just keep on coming, with several high-profile brands disclosing their cybersecurity woes in the first quarter. The big one of course, was the revelation that big data analytics firm Cambridge Analytica, improperly tapped into Facebook to harvest more than 50 million user records as part of its efforts to support the Trump presidential campaign organization. Expedia-owned travel site Orbitz announced a data breach that put 880,000 credit cards at risk. Among the other notable victims were regional health organizations in the United States while Equifax breach continued to wide.

Your cybersecurity strategy must be ready for war

The first half of the year certainly supports BlackBerry CSO Alex Manea’s belief that 2018 will be the worst year to date for cyberattacks. The primary reason, he writes in a blog post earlier this year, is the fundamental issues that spurred the majority of recent breaches haven’t been addressed. Increasingly complex networks, new types of endpoints, and more and more sensitive data needing protection are putting even more pressure on IT teams. Legacy systems are still entrenched in many organizations with well-known software vulnerabilities acting as an open-door policy for hackers.

Manea’s not alone in thinking 2018 will be the year of the cyberwar, but ultimately, you can only fight your own battles on your front. And the best defence is often a good offence with the right tools and best practices:

  • Training: Manea warns that hackers will target employees as they become a growing cybersecurity vulnerability. This means you need to prepare everyone for the social engineering hackers use to gain access by impersonating legitimate companies. The culture of your organization should mean every employee is identifying and reporting anything that looks hinky.
  • Outsourcing: Given the complexity of contemporary IT security, outsourcing it to a dedicated IT managed security services means you’re not completely on the hook for knowing about every single threat or vulnerability that rears their ugly head. Managed print services alone will help shore up many endpoints that threat actors seek out.
  • Threat assessments: One of the arrows in a managed security services firm’s quiver is threat assessment. They can help you conduct assessments of your print environment, your Bring-Your-Own-Device (BYOD) policies, your various cloud services, and even your Internet of Things (IoT) deployments.
  • Backup your data: If your critical business information is replicated regularly and securely, you won’t care if a hacker tries to hold data hostage.
  • Automate where possible: Even with the sources of am IT security partner, cybercrime prevention can’t succeed if everything needs to be done manually. New tools and services are taking advantage of artificial intelligence and machine learning, so your infrastructure has its own intelligent immune system to fight off threats. Having a modern operating system takes care of a lot of endpoint security issues automatically.

There are plenty of other ways a CSO can reduce risk, but most of all, you must have a mindset that cybercrime prevention is just the cost of doing business. With private sector companies taking the initiative on cybersecurity with the own “Digital Geneva Accord,” the onus is on everyone in the organization—end users and IT staff– to make good cybersecurity prevention is part of the culture.

Gary Hilson is a freelance writer with a focus on B2B technology, including information technology, cybersecurity, and semiconductors. A revised version of this article was published on Tektonika Canada.

DRAM Boom and Bust is Business as Usual [Byline]

Boom or bust. It’s long been the cycle for established memory technologies. As 3D NAND pricing softens, DRAM still appears to be going strong. But for how long? And will these ups and downs always be the norm despite diversified demand and emerging vendors from China?

One key characteristic of the DRAM market is that there are currently only three major suppliers — Micron Technology, SK Hynix and Samsung Electronics.

“They’re keeping a pretty tight rein on their capacity,” said Brian Matas, vice president of market research at IC Insights, said in a telephone interview with EE Times. “And at the same time, there’s also pretty strong demand for higher performance and higher-density parts, particularly from the data center and server applications.”

Read my EE Times story.

Gary Hilson is a freelance writer with a focus on B2B technology, including information technology, cybersecurity, and semiconductors.

Adesto Touts ReRAM for Automotive [Byline]

With the automotive market presenting potential opportunities of ever-emerging memories such as ferroelectric RAM (FRAM), magnetoresistive RAM (MRAM), and resistive RAM (ReRAM), Adesto Technologies is working hard to make sure that the latter makes the grade.

It recently unveiled new research demonstrating the potential of ReRAM for high-reliability applications such as automotive. The research was led by Adesto Fellow Dr. John Jameson, who shared the results at the ESSCIRC-ESSDERC 48th European Solid-State Device Research Conference earlier this month, and indicates that ReRAM could become a widely used, low-cost, and simple embedded non-volatile memory (eNVM) because it uses simple cell structures and materials that can be integrated into existing manufacturing flows with as little as one additional mask.

Read my latest for EE Times.

Gary Hilson is a freelance writer with a focus on B2B technology, including information technology, cybersecurity, and semiconductors.

NOR Flash is Road Tested [Byline]

TORONTO — As cars get smarter and demand more memory, many technologies are angling for the driver’s seat, but it’s safe to say NOR flash at least gets to ride shotgun.

As a successor to EEPROM in many applications thanks to its programmability capabilities, NOR flash is finding new opportunities in application areas that need fast, non-volatile memory, including communications, industrial and automotive. The latter, of course, is getting a lot of attention thanks to autonomous vehicle development.

Macronix International, which describes itself as the leading supplier of NOR flash overall, find itself in the third position for automotive. But Anthony Le, senior director of marketing, ecosystem partnership and North America automotive, said the company is confident it will lead that segment in the next two to three years.

Read the full story on EE Times.

Gary Hilson is a freelance writer with a focus on B2B technology, including information technology, cybersecurity, and semiconductors.

Micron Talks 3D NAND Sans Intel [Byline]

TORONTO — On the heels of shaking up its partnership with Intel, Micron Technology Chief Technology Officer Ernie Maddock took the stage at the J.P. Morgan 16th Annual Tech Forum at the 2018 International CES to field questions about the road ahead.

In a Q&A and session moderated by Harlan Sur, analyst for U.S. Semiconductor and Semiconductor Capital Equipment Research at J.P. Morgan, Maddock emphasized that the update to Micron’s working relationship with Intel is only related to NAND development.

At the top of the week, the companies announced they have mutually agreed to work independently on future generations of 3D NAND. Micron and Intel will complete development of their third-gen 3D NAND technology toward the end of the year and into 2019. Maddock said based on evolving roadmaps and the needs of each company’s respective markets, it made sense to diverge for the next node.

Read the full article over at EE Times.

Gary Hilson is a freelance writer with a focus on B2B technology, including information technology, cybersecurity, and semiconductors.

NVM Express Set for Busy 2018 [Portfolio]

TORONTO — Following on the heels of a major specification update and its eighth annual plug fest, NVM Express is poised to have a busy year as it continues to develop the base NVMe specification while expanding the NVMe Management Interface (NVMe-MI) specification and one for accessing SSDs on a PCIe bus over fabrics.

In June, the NVMe specification got its first major update in nearly three years, putting it on the cusp of becoming the defacto standard for SSD interfaces. Version 1.3 added a significant number of new features, something that hasn’t been done since November 2014, encompassing 24 technical proposals spread across three major buckets that address client, enterprise and cloud features. Most significant was improved support for virtualization so developers can more flexibly assign SSD resources to specific virtual machines, thereby addressing latency.

Meanwhile, the eighth NVMe Plugfest at the University of New Hampshire Interoperability Laboratory last fall offered the first official NVMe Over Fabrics (NVMe-oF) compliance and interoperability transport layer testing for RoCE, Remote Direct Memory Access (RDMA) over Converged Ethernet, and the Fibre Channel. UNH-IOL fills the role of independent testing provider of standards conformance solutions and multi-vendor interoperability, and the latest plugfest generated 14 new certified products for the base NVMe integrators list and one for the NVMe-MI integrators list. Eight inaugural products were also approved for the newly launched NVMe-oF integrators list, which accepts RoCE initiators and targets, Ethernet switches, as well as Fibre Channel initiator, targets and switches and software.

Read the full story over at EE Times.

Go green with clean tech business solutions [Portfolio]

You’re probably all getting pretty tired of the debate raging on about the role of oil pipelines in our economy, but hopefully some info on clean tech has cut through all the noise. Behind the scenes, Canadian clean tech has been soldiering on, leveraging information technology, the Internet of Things (IoT), and even quantum computing to promote sustainability as modern tech drives us forward.

And with Canada’s Environment Minister as one of 30 committed to the Paris Accord, there are plenty of greenfield opportunities to build business solutions around clean tech in Canada. Better yet: There’s an important role for skilled IT people to play.

Read the full story over at HP Tektonika.