COMMONALITY AND DIVERSITY OF OPERATING SYSTEMS 2
Maintaining a strong security system in the networking environment to prevent any form of attack and compromise information has been a formidable problem in recent times. There is fairly a small number of operating systems compared to the vast number of computer systems that are in operation. This situation has created a leeway for cyber attackers to target the systems easily (Palmer, 2010). Cyber attackers have formulated diverse techniques to exploit the homogeneity of the network environment. This article will explore the benefits related to diversity and commonality in the event of a malicious attack.
The purpose of any security strategy is to completely eliminate or at least limit the impact of damage to a successful attack on a particular system. At some point, any computer can be vulnerable to malware attacks, and the most important aspect in a case like this is to achieve an optimum level of preparedness. Diversity of the operating systems is beneficial in several ways, though an organization could incur an extra operational cost. Moving some groups of users to various different operating systems helps avert the overall damage caused by the SQL Slammer and MSBlast worms. Malicious-code attacks directed towards the commonly used operating system, windows, have been so rampant, thereby necessitating the need for improved security procedures of the computers (Anderson & Anderson, 2010).
Significant operational damages have been incurred before by businesses and enterprise to extensive downtime, brought about by malware attacks. Adopting diversity in operating systems comes along with several security benefits;
· Helps contain malicious-code attacks- Virus and worm attacks target and exploit the flaws in windows operating systems. In a case like this, availing an alternative operating system would be critical in helping to contain the spread to other PCs owned by the business. The impact of the attack is leveled down since some core business can be carried out in the event of an attack.
· Directing some pressure towards Microsoft- Health competition among service and commodity provider is beneficial for the consumers. Being diversified in terms of operating systems pushes dominant companies like Microsoft to try so hard to meet the security needs of their customers.
· It helps speed up innovations in the sense that other operating system developers will work towards improving their operating systems to match that of the windows. Such innovations include stable security systems that prevent malware from instilling too much damage to the computer system.
Exercising commonality in the usage of operating systems comes with its own benefits, too, especially when dealing with a malicious attack. The business would not incur too much cost, in the event of a .
Judging the Relevance and worth of ideas part 2.pptx
COMMONALITY AND DIVERSITY OF OPERATING SYSTEMS .docx
1. COMMONALITY AND DIVERSITY OF OPERATING
SYSTEMS
2
Maintaining a strong security system in the
networking environment to prevent any form of attack and
compromise information has been a formidable problem in
recent times. There is fairly a small number of operating
systems compared to the vast number of computer systems that
are in operation. This situation has created a leeway for cyber
attackers to target the systems easily (Palmer, 2010). Cyber
attackers have formulated diverse techniques to exploit the
homogeneity of the network environment. This article will
explore the benefits related to diversity and commonality in the
event of a malicious attack.
The purpose of any security strategy is to completely
eliminate or at least limit the impact of damage to a successful
attack on a particular system. At some point, any computer can
be vulnerable to malware attacks, and the most important aspect
in a case like this is to achieve an optimum level of
preparedness. Diversity of the operating systems is beneficial in
several ways, though an organization could incur an extra
operational cost. Moving some groups of users to various
different operating systems helps avert the overall damage
caused by the SQL Slammer and MSBlast worms. Malicious-
code attacks directed towards the commonly used operating
system, windows, have been so rampant, thereby necessitating
the need for improved security procedures of the computers
(Anderson & Anderson, 2010).
Significant operational damages have been incurred
before by businesses and enterprise to extensive downtime,
brought about by malware attacks. Adopting diversity in
2. operating systems comes along with several security benefits;
· Helps contain malicious-code attacks- Virus and worm attacks
target and exploit the flaws in windows operating systems. In a
case like this, availing an alternative operating system would be
critical in helping to contain the spread to other PCs owned by
the business. The impact of the attack is leveled down since
some core business can be carried out in the event of an attack.
· Directing some pressure towards Microsoft- Health
competition among service and commodity provider is
beneficial for the consumers. Being diversified in terms of
operating systems pushes dominant companies like Microsoft to
try so hard to meet the security needs of their customers.
· It helps speed up innovations in the sense that other operating
system developers will work towards improving their operating
systems to match that of the windows. Such innovations include
stable security systems that prevent malware from instilling too
much damage to the computer system.
Exercising commonality in the usage of operating
systems comes with its own benefits, too, especially when
dealing with a malicious attack. The business would not incur
too much cost, in the event of a malicious attack, similar
operating systems are used for all computers. Common
operating systems are a lot more flexible, and it becomes easier
for IT experts to eliminate the malware threat with ease. With a
common OS, the user gets to learn about the system quickly and
efficiently since they are used to the interface. Learning the
system efficiently helps in a great way in detecting and solving
any observable abnormalities in the systems (Balfour, 2012).
Some operating systems are very effective in terms of security
structures. Using such operating systems for all your computers
would prove to be beneficial since they are less vulnerable to
malicious attacks.
References
3. Anderson & Anderson. (2010). Fundamentals of Operating
Systems. Berlin, Germany: Springer Science & Business Media.
Balfour, M. (2012). Computer Forensics: An Essential Guide for
Accountants,. Lawyers, and Manage,. Hoboken, NJ: John Wiley
& Sons.
Palmer, J. (2010). Regulations and Application of Ethics in
Business Practice,. Basingstoke, England: Springer.
Can You Run the Company with Your iPhone?
Can you run the company just by using your iPhone? Perhaps
not entirely, but there are many business functions today that
can be performed using an iPhone, iPad, or Android mobile
device. Smartphones and tablets have become all-in-one tools
that help managers and employees work more efficiently,
packing a powerful, networked computer into a pocket-size
device. With a tap or flick of a finger, these mobile devices can
access the Internet or serve as a telephone, camera, music or
video player, an e-mail and messaging machine, and,
increasingly, a gateway into corporate systems. New software
applications for document sharing, collaboration, sales, order
processing, inventory management, scheduling, and production
monitoring make these devices even more versatile business
tools.
Network Rail runs, maintains, and develops the rail tracks,
signaling, bridges, tunnels, level crossings, and many key
stations for most of the rail network in England, Scotland, and
Wales. Keeping trains running on time is one of its top
priorities. To maintain 20,000 miles of track safely and
efficiently, skilled workers must be equipped with appropriate
tools and work across thousands of sites throughout the rail
network, 24 hours a day. Network Rail uses a group of custom
apps for its 22,000 iPhone and iPad devices to streamline
4. maintenance operations, quickly capture incident data, and
immediately share critical information.
Several apps help Network Rail improve railway performance
and safety. The Close Call app helps employees report hazards
as they are found so problems can be addressed quickly. The
MyWork app gives maintenance teams all the information they
need to start and complete repair tasks. The Sentinel app allows
field managers to electronically scan ID cards to verify that
workers are qualified to perform specific tasks.
The iPhone and iPad apps provide maintenance technicians with
current technical data, GPS locations, and streamlined reports,
replacing cumbersome reference books and rain-soaked
paperwork that slowed the repair process. Many service calls
start with hazardous conditions reported by Network Rail
employees themselves. Rather than waiting hours to fill out a
report at the depot, workers can take pictures of dangerous
situations right away, using the Close Call app to describe
situations and upload photos to the call center. Once provided
with the hazard’s GPS coordinates, the call center will usually
schedule repairs within 24 hours.
MyWork gives maintenance workers a simple overview of all of
the jobs each team needs to complete during a specific shift.
This mobile app clusters jobs by location, skills required, and
opening and closing times. Using precise map coordinates,
workers can find sites easily and finish jobs more quickly. By
electronically delivering daily job schedules to over 14,000
maintenance staff members, MyWork has enabled them to
complete over a half a million work orders to date while
minimizing interruptions.
British Airways is the largest airline in the United Kingdom,
with operations in more than 200 airports worldwide. The
airline has found many ways to use the iPad to improve
5. customer service and operational efficiency. The airline has
created more than 40 custom apps for over 17,000 iPads for its
workforce that have transformed the way it does business.
Unforeseen disruptions can create long lines of passengers
seeking flight information and rebooking. The FlightReact app
used by British Airways mobilizes agents to scan a boarding
pass, review the customer’s booking, look up alternate flight
options, and rebook and reticket passengers—all within four
minutes. iBanner allows agents to identify passengers
transferring onto a specific flight, while iTranslate enables staff
to communicate easily with travelers speaking any language.
Inside the airport, iPads and iPhones communicate with low-
energy wireless Bluetooth signals from iBeacon, notifying
customers of Wi-Fi access, gate locations, and flight updates.
Beyond the terminal, mobile apps are helping British Airways to
improve the aircraft turnaround process. British Airways has
more than 70 planes at London Heathrow Terminal, five turning
around at once, and each requiring a team of around 30 people.
To shorten and streamline this process can generate huge
business benefits.
Loading luggage and cargo onto an aircraft is one of the most
complex parts of the turnaround process, requiring detailed
communications between the turnaround manager (TRM), who
coordinates and manages the services around the aircraft during
departure and arrival, the offsite Centralized Load Control
(CLC) team, and the pilot. With iPads running the iLoad Direct
app, turnaround managers are able to monitor the aircraft
loading process and share data with pilots and back-office staff
in real time. TRMs can receive and input real-time data about
the aircraft load’s contents, weight, and distribution. These data
are essential to help the pilot calculate the right amount of fuel
and position the plane for take-off. By streamlining
communications between the ground crew, the CLC team, and
6. the pilot, iLoad Direct and iPad speed up the pace at which
aircraft become airborne. These mobile tools have helped
British Airways achieve an industry-leading benchmark for
aircraft turnaround.
In addition to facilitating managerial work, mobile devices are
helping rank-and-file employees manage their work lives more
effectively. Shyft is one of several smartphone apps that allow
workers to share information, make schedule changes, and
report labor violations. Thousands of employees at chains like
Starbucks and Old Navy are using these apps to view their
schedules and swap shifts when they’ve got a scheduling
conflict or need extra work.
Sources: “British Airways: Transforming the Travel Experience
from Start to Finish,” Apple at Work, www.apple.com, accessed
February 7, 2018; www.networkrail.co.uk,accessed September
2, 2018; “Network Rail,” iPhone in Business, www.apple.com,
accessed January 4, 2017; and Lauren Weber, “Apps Empower
Employees, Ease Scheduling,” Wall Street Journal, January 3,
2017.
Enterprise Social Networking Helps Sanofi Pasteur Innovate
and Improve Quality
Sanofi Pasteur is the vaccines division of the multinational
pharmaceutical company Sanofi and the largest company in the
world devoted entirely to vaccines. It is headquartered in Lyon,
France, has nearly 15,000 employees worldwide, and produces
more than 1 billion doses of vaccine per year to inoculate more
than 500 million people around the globe. Sanofi Pasteur’s
corporate vision is to work toward a world where no one suffers
or dies from a vaccine-preventable disease. Every day the
company invests more than € 1 million in research and
development. Collaboration, sharing information, ongoing
innovation, and rigorous pursuit of quality are essential for
7. Sanofi Pasteur’s business success and commitment to improving
the health of the world’s population.
Until recently, the company lacked appropriate tools to
encourage staff to have dialogues, share ideas, and work with
other members of the company, including people that they might
not know. As a large, centralized firm with a traditional
hierarchical culture, initiatives were primarily driven from the
top down. The company wanted to give employees more
opportunities to experiment and innovate on their own, and
adopted Microsoft Yammer as the platform for this change.
Ideas for improvement can come from anywhere in the
organization and through Yammer can be shared everywhere.
Microsoft Yammer is an enterprise social networking platform
for internal business uses, although it can also create external
networks linking to suppliers, customers, and others outside the
organization. Yammer enables employees to create groups to
collaborate on projects and share and edit documents, and
includes a news feed to find out what’s happening within the
company. A People Directory provides a searchable database of
contact information, skills, and expertise. Yammer can be
accessed through the web using desktop and mobile devices, and
can be integrated with other Microsoft tools such as SharePoint
and Office 365, to make other applications more “social.”
(SharePoint is Microsoft’s platform for collaboration, document
sharing, and document management. Office 365 is Microsoft’s
online service for its desktop productivity applications such as
word processing, spreadsheet, electronic presentations, and data
management.)
How has Sanofi Pasteur benefited from becoming more
“social”? Employees are using Yammer to share updates, ask for
feedback, and connect volunteers to improvement initiatives. A
recent project involving Yammer resulted in a 60 percent
simplification of a key quality process at one manufacturing
8. site, saving the company thousands of Euros, and reducing
overall end-to-end process time. Through Yammer, employees
spread the word about this improvement to other locations
around the globe.
Using Yammer, Sanofi employees set up activist networks for
change in large manufacturing sites. Each group has attracted
more than 1,000 people. These networks help create a more
collegial, personal culture that helps people feel comfortable
about making suggestions for improvements and working with
other groups across the globe. They also provide management
with observations about policies and procedures across
departments and hierarchies that can be used to redesign the
firm’s manufacturing and business processes to increase quality
and cost-effectiveness. For example, a building operator shared
his ideas about how to reduce waste when managing a specific
material in his production facility. The new procedure for
handling the material saved his facility more than 100,000
Euros per year and became a global best practice at all Sanofi
Pasteur production sites. Yammer-powered communities raised
awareness of health, safety, and attention to detail, and more
attention to these issues helped reduce human errors by 91
percent.
Sources: “Yammer Collaboration Helps Sanofi Pasteur Improve
Quality, Make More Life-Saving Vaccines,”
www.microsoft.com, January 24, 2017; www.sanofipasteur.us,
accessed February 4, 2018; and Jacob Morgan, “Three Ways
Sanofi Pasteur Encourages Collaboration,” Forbes, October 20,
2015.
Meltdown and Spectre Haunt the World’s Computers
In early January 2018, computer users all over the world were
shocked to learn that nearly every computer chip manufactured
in the last 20 years contained fundamental security flaws that
9. make it possible for attackers to obtain access to data that were
thought to be completely protected. Security researchers had
discovered the flaws in late 2017. The flaws arise from features
built into the chips that help them run faster. The vulnerability
enables a malicious program to gain access to data it should
never be able to see.
There are two specific variations of these flaws, called
Meltdown and Spectre. Meltdown was so named because it
“melts” security boundaries normally enforced by hardware. By
exploiting Meltdown, an attacker can use a program running on
a computer to gain access to data from all over that machine
that the program shouldn’t normally be able to see, including
data belonging to other programs and data to which only
administrators should have access. (A system administrator is
responsible for the upkeep, configuration, and reliable operation
of computer systems.) Meltdown only affects specific kinds of
Intel chips produced since 1995.
Spectre is not manufacturer-specific and affects nearly all
modern processors. It requires more intimate knowledge of the
victim program’s inner workings. Spectre’s name comes from
speculative execution, in which a chip is able to start work on
predicted future operations in order to work faster. In this case,
the system is tricked into incorrectly anticipating application
behavior. The name also suggests that Spectre will be much
more difficult to neutralize. Other attacks in the same family
will no doubt be discovered, and Spectre will be haunting us for
some time.
With both Meltdown and Spectre, an attacker can make a
program reveal some of its own data that should have been kept
secret. For example, Spectre could harness JavaScript code on a
website to trick a web browser into revealing user and password
information. Meltdown could be exploited to view data owned
by other users and also virtual servers hosted on the same
10. hardware, which is especially dangerous for cloud computing
host computers. The most worrisome aspect of Meltdown and
Spectre is that security vulnerabilities are not from flawed
software but from the fundamental design of hardware platforms
beneath the software.
There is no evidence that Spectre and Meltdown have been
exploited, but this would be difficult to detect. Moreover, the
security flaws are so fundamental and widespread that they
could become catastrophic, especially for cloud computing
services where many users share machines. According to
researchers at global security software firm McAfee, these
vulnerabilities are especially attractive to malicious actors
because the attack surface is so unprecedented and the impacts
of leaking highly sensitive data are so harmful. According to
Forester, performance of laptops, desktops, tablets, and
smartphones will be less affected. The fundamental
vulnerability behind Meltdown and Spectre is at the hardware
level, and thus cannot be patched directly. Technology software
vendors are only able to release software fixes that work around
the problems. Such fixes mitigate vulnerabilities by altering or
disabling the way software code makes use of speculative
execution and caching features built into the underlying
hardware. (Caching is a technique to speed computer memory
access by locating a small amount of memory storage on the
CPU chip rather than from a separate RAM chip for memory.)
Since these features were designed to improve system
performance, working around them can slow systems down.
Experts initially predicted system performance could be
degraded as much as 30 percent, but a slowdown of 5 to 10
percent seems more typical.
Major software vendors have rolled out workaround patches.
Cloud vendors have taken measures to patch their underlying
infrastructures, with their customers expected to install the
patches for their operating systems and applications. Microsoft
11. released operating system patches for Windows 7 and all later
versions, which also apply to Microsoft’s Internet Explorer and
Edge browsers. Apple released patched versions of its Safari
browser and iOS, macOS, and tvOS operating systems. Google
provided a list of which Chromebook models will or won’t need
patches and released a patch for its Chrome browser. Older
operating systems such as Windows XP and millions of third-
party low-cost Android phones that don’t get security updates
from Google will most likely never be patched. Organizations
should apply updates and patches to browser software as soon as
they are available. And since these vulnerabilities could enable
attackers to steal passwords from user device memory when
running JavaScript from a web page, it is recommended that
users be instructed to always close their web browsers when not
in use. Forrester also recommends that enterprises should use
other techniques to protect data from users and organizations
that have not applied the fixes.
However, the only way to truly fix Meltdown and Spectre is to
replace affected processors. Redesigning and producing new
processors and architectures may take five to ten years to hit the
market. If anything good can be said about Spectre and
Meltdown, it is that they have focused more global attention on
software and hardware security and the need to develop more
robust system architectures for secure computing.
Sources: Josh Fruhlinger, “Spectre and Meltdown Explained:
What They Are, How They Work, What’s at Risk,” CSO,
January 15, 2018; Warwick Ashford, “Meltdown and Spectre a
Big Deal for Enterprises,” Computer Weekly, January 9, 2018;
Laura Hautala, “Spectre and Meltdown: Details You Need on
Those Big Chip Flaws,” CNET, January 8, 2018.
AbbVie Builds a Global Systems Infrastructure
AbbVie, headquartered in Chicago, Illinois, is a global
12. research-based biopharmaceutical company that was spun off
from Abbott Laboratories in January 2013. As a separate entity,
AbbVie is still a very large company, with more than 29,000
employees in over 70 countries and 19 research and
manufacturing sites across the globe. In 2017, AbbVie produced
$28.2 billion in revenue. Humira for treating rheumatoid
arthritis and Crohn’s disease is among its top-selling global
products.
When AbbVie separated from Abbott Laboratories, the company
had inherited 50 or 60 disparate legacy systems that were
supporting mission-critical processes in over 100 worldwide
locations. The legacy systems were supported by Abbott under a
transitional services agreement (TSA) and were due to be
terminated at the end of 2015. AbbVie’s management had to
make a choice: Should the company continue to run these legacy
systems on its own or should it invest in a more up-to-date
platform for supporting business processes across all of its
global affiliates and manufacturing locations?
Complicating the decision were time pressures: AbbVie had
only until the end of 2015 (three years) to implement a solution
and slightly over two years to establish an infrastructure
stipulated by the TSA. AbbVie decided to create standard
business processes for all its affiliates and manufacturing
facilities and to support these processes with a single instance
of SAP ERP across the globe. The project was very ambitious:
The new system had to be globally operational in more than 150
countries within 3 years. AbbVie designed a new operating
model that included many organizational changes, including
business process outsourcing, centers of excellence, and
regional shared services.
AbbVie didn’t waste any time. It selected IBM Global Business
Services consultants to guide the global SAP deployment.
Starting in August 2013, AbbVie rolled out SAP ERP to 110
affiliates and manufacturing sites within 18 months. The
company standardized end-to-end processes using a global SAP
template, and allowed the software to be customized only for
13. country-specific requirements. These requirements were
identified in advance by teams creating local implementation
guides.
AbbVie business process teams hammered out standard
definitions for end-to-end processes such as procure-to-pay,
order-to-cash, record-to-report, and warehouse management.
AbbVie made the template usable globally by extending the
functionality for multiple currencies and languages and
updating it on a country-by-country basis depending on local
regulations or legal requirements.
Each time an affiliate requested a customization, the AbbVie
project team reviewed it against the list of local legal
requirements it had collected. AbbVie then determined if the
customization was required by other countries or was for only
one, and it pushed back on one-of-a-kind requests. Testing and
confirming with several affiliates helped ensure that the
template met the requirements of most countries, so the need for
future customization was minimal.
AbbVie tested the effectiveness of its global template during
development, capturing metrics around adoption—number of
adoptions, adaptations, additions, and abstentions. The project
team compared the percentages of those metrics from country to
country and reported the results to AbbVie’s business unit
leaders. If, for instance, the metrics showed that Germany had
adopted 82 percent of the template and France 70 percent,
business support could investigate to see if there was a process
that needed to be changed in France. This was key to deploying
the entire global instance of SAP ERP in 18 months.
The project team was also tasked with migrating data from
different legacy applications to the data structure for the global
SAP ERP system. For each stand-alone legacy system, the team
extracted raw data, stored them in a secure data warehouse, and
then identified any missing or inaccurate fields and other data
cleansing requirements. While the team was consolidating and
cleansing the data, it taught business users about SAP-specific
data fields, how the fields were used, and how they changed
14. previous business processes. The team would obtain data from
the business, put it in a data mapping template, and load the
data in various test environments. Once business users verified
the accuracy of data, it would be ready to go live in production.
These activities facilitated change management by placing a
high value on both system transparency and training. About six
months before rolling out a new location, country-specific
transition leaders would train users on the template and
familiarize them with any process changes. The transition
leaders were liaisons between AbbVie’s technology team and its
business process team, helping the company to quickly address
change management issues as they arose.
AbbVie also took the time during implementation to verify it
was in compliance with all local data privacy regulations. In
May 2015, the company completed the global rollout of SAP
ERP. The company was thus able to successfully standardize
global processes and meet the TSA. Other major benefits of the
new global system were unprecedented levels of agility and
transparency.
AbbVie now has a set of key metrics that are measured at the
end of every month, such as the length of time to create new
customers, vendor payments, payment terms, or order
fulfillments. The global system features dashboards for
managers to look at every country, measure results, find the
root cause of problems, and take corrective action more easily.
Reporting from the system is more accurate.
AbbVie was able to pull off a major global system
implementation because it was far-sighted and well organized
and did the difficult work of streamlining processes on a global
scale at the project outset. The global SAP project team
questioned existing processes and found it could streamline
many of them, making the enterprise much more agile.
AbbVie’s business efficiency also improved because corrective
actions often led to additional process improvements. By
looking at the metrics, the project team can suggest measures to
improve a process to get more out of the company’s investment.
15. AbbVie can now operate as a single business across countries.
Source: “AbbVie Builds a Global Pharmaceuticals Company on
New Foundations with SAP and IBM,” https://www-
01.ibm.com, accessed January 6, 2018; Ken Murphy,
“Biopharmaceutical Startup AbbVie Receives Healthy Long-
Term Prognosis,” SAP Insider Profiles, September 19, 2017;
and www.abbvie.com, accessed January 6, 2018.