Time to rethink cloud strategies in the AI era
The proliferation of AI technologies is busting datacenter boundaries, as
running data close to compute and storage capabilities often offers the best
outcomes. No workload embodies this more than GenAI, whose large language
models (LLMs) require large amounts of compute processing. While it may make
sense to run some GenAI workloads in public clouds – particularly for speedy
proof-of – concepts, organizations also recognize that their corporate data is
one of the key competitive differentiators. As such, organizations using their
corporate IP to fuel and augment their models may opt to keep their data in
house – or bring their AI to their data – to maintain control. The on-premises
approach may also offer a better hedge against the risks of shadow AI, in
which employees’ unintentional gaffes may lead to data leakage that harms
their brands’ reputation. Fifty-five percent of organizations feel preventing
exposure of sensitive and critical data is a top concern, according to
Technalysis Research. With application workloads becoming more distributed to
maximize performance it may make sense build, augment, or train models in
house and run the resulting application in multiple locations.
Zero Trust for Legacy Apps: Load Balancer Layer Can Be a Solution
There are a number of specific strengths inherent to deploying zero trust at
the load balancer layer via SAML. Implementing zero trust at the load balancer
layer allows organizations to enforce a unified access control mechanism for
all applications. This ensures consistent security enforcement across diverse
technological platforms, and extends to internal nodes policing East-West
traffic or externally to cloud native service networking and partner APIs.
Certificate management and rotation is a considerable pain point for cloud
native applications, let alone for hybrid constellations of applications that
might range from a few months old to 30 years old. Load balancers natively
manage TLS certificates, offering a centralized point for efficient
certificate management that is relatively application agnostic. This
centralization not only eases the administrative burden but also enhances
security by ensuring timely certificate renewal and efficient handling of
encryption/decryption processes. By moving zero trust into an infrastructure
point that is already integrated with all other parts of your infrastructure,
this approach significantly reduces the complexity associated with modifying
each application individually to align with zero trust principles.
Is the power of people skills enough to keep gen AI in check?
The first area of interest is with Copilot technologies in the context of
integrated development environments that the company is already using. “First,
we optimize the individual,” he says, using gen AI to make developers more
productive. But it’s not about reducing headcount. “My issue isn’t that we
have too many developers,” he says. “It’s how we can go faster. I have to
compete harder on brain power in a market that’s growing quickly. I’m looking
to turn every developer into the single most productive engineer on the team.”
And even if the engineers do get dramatically more productive, he says,
there’s a big backlog of work the company wants to get done. But just moving
faster isn’t enough, he says. Without communication skills and the curiosity
needed to find out why things are being done, those productivity benefits can
easily go to waste. “I can produce 10 times more useless garbage,” he says.
The company has three full-time people who create internal training materials,
as well as vet third-party training providers. “We’ve actually made
significant investments in learning and development across a variety of
domains,” Merkel says. “Core leadership skills is one.”
Why are many businesses turning to third-party security partners?
As organizations weigh the cost of security solutions alongside the rising
cost of experienced employees, some are electing to prioritize spending in
other areas, forgoing software licenses in favor of third-party partnerships.
While moving from an in-house security program to one that relies on outside
partners can represent a significant shift in mentality for many
organizations, a growing number have found that working with third-party
experts can help them secure their systems in a more effective—and
scalable—manner. As the threat landscape continues to evolve at a rapid pace,
no longer having to track and account for each new development can free up
substantial time and resources for organizations. Another factor driving
organizations toward external partnerships is the challenge of application
onboarding. Enterprises use a massive number of software solutions, cloud
services, and other applications, and ensuring those applications are properly
configured and protected can be a challenge. As data privacy and security
regulations continue to arise in a wide range of jurisdictions, it’s
increasingly critical for today’s businesses to clearly demonstrate that they
are effectively managing and protecting data within their applications.
Why global warnings about China’s cyber-espionage matter to CISOs
Chinese APTs have penetrated networks of companies providing goods and
services to the defense sector, a leading equipment provider of 5G network
equipment, and entities involved in wireless technology. Those compromised not
only permit the pilfering of intellectual property, but China is also able to
leverage their acquired knowledge or capability to continue to engage in both
internal and external efforts to silence those in dissent of the current
government. We have learned of the external effort largely through the various
arrests and prosecutions of individuals, both Chinese nationals and those whom
they have suborned to do their bidding. This effort has a moniker — Operation
Fox Hunt. This operation was ordered created by President Xi Jinping in 2014.
China has had varying degrees of success in its intimidation and coercion
methodologies. FBI Director Christopher Wray described this operation as “a
sweeping bid by Xi to target Chinese nationals who he sees are threats and who
live outside of China, across the world. We’re talking about political rivals,
dissidents, and critics seeking to expose China’s extensive human rights
violations.”
Maximizing Business Value with Generative AI
As C-Suite leaders begin to understand GenAI, they are starting to uncover
some questions: Which use cases will deliver the most value for my business?
And how do we transition from a Proof of Concept (PoC) to full-scale
implementation or enterprise-level deployment? A lot of the work currently
remains in the PoC stage, though some industries are ahead of the curve, such
as chatbots for HR and legal contracts, which have become relatively common.
So, now what remains to be seen is how enterprises move toward widespread
adoption by integrating GenAI into other business processes. To move from the
PoC to the deployment stage, organizations must identify their strategy, as we
covered earlier, as well as the use cases with high impact. Prioritizing these
use cases based on their impact, cost, data readiness, and resistance to
adoption is essential. Becoming familiar with the limitations and capabilities
will also be important for decision-makers. A roadmap must be developed, and
you must leave room for the possibility of failure. Once this is done, various
PoCs and pilots can be launched, based on the problems an organization
genuinely wants to solve. Additionally, transparency with your internal
stakeholders is key.
How to answer “why should we hire you?” in a job interview
In an ever-increasingly automated world, problem-solving and critical thinking
are more important than ever. Here’s your chance to place yourself as a solution
to current challenges. First state your understanding of the big issue you see
the company or industry is facing, be that tech disruption, changing customer
preferences, in-house inefficiencies, or something else. Next, state the
transferrable experience that would help solve this. For example, “In my current
role, I led a cross-functional team that delivered an AI integration that added
value to our customers, which had a shorter time-to-market, and helped to
increase product subscriptions by 12 per cent in three months.” Lastly, bring it
back to this organisation. “For this role, I’m very interested to leverage this
experience and to collaborate with different teams to find a solution to X that
works for the company in the short and long-term.” ... Finally, show how you’ll
fit in, and this doesn’t mean highlighting how you went to the same school or
uni as someone in the C-suite. Here you should focus on the company’s values,
and how they align with your own experience. Look for natural fits like customer
focus, transparency, collaboration, or trust.
Securing Open Source Software, the Cyber Resilience Act Way
The European Union (EU) figured this out a while back. In its Cyber Resilience
Act (CRA), it asked the open source community to establish common specifications
for secure software development. The Eclipse Foundation and a host of other
leading open source organizations, including the Apache Software Foundation,
Blender Foundation, OpenSSL Software Foundation, PHP Foundation, Python Software
Foundation and the Rust Foundation, are up for the challenge. The Eclipse
Foundation is spearheading the effort to create a unified framework for secure
software development. The foundations and allies are doing this via a new
working group, established under the Eclipse Foundation Specification Process.
The collaboration is spurred by more than regulatory compliance. In an era where
open source software is pivotal to modern society, the imperative for safety,
reliability and security in software has never been more critical. As Arpit
Joshipura, the Linux Foundation‘s senior VP of networking, said at the Open
Source Summit Europe in Bilbao, Spain, last year, “We must look at the end goal.
The end goal for all of us is the same. We want to secure software, and we want
to secure open source software.”
7 Top IT Challenges in 2024
“Government agencies at all levels are issuing an increasing number of
regulations or mandates that need to be complied with. Some are inconsistent,
some are duplicative but require separate reporting. They all have penalties
for non-compliance so that creates liability concerns that shifts the focus
from security and compliance,” says Scott Algeier, executive director of
industry association Information Technology-Information Sharing and Analysis
Center (IT-ISAC). “Security and compliance are not the same thing, so you may
need to make additional investments to be both secure and compliant.” ...
Return on investment is a key metric for financial services companies.
However, after years of regulation, mergers, and growth, technology estates
have become bloated and underperforming. As a result, financial institutions
want technology that is user-friendly, value-drive and rapidly adaptable to
new technologies like AI. “To accomplish this goal, CIOs and CTOs are facing
the need to streamline enterprises by reducing spans and layers, increasing
reuse of architectural patterns and ultimately increasing [the] productivity
of their organizations,” says Fredric Cibelli.
US Bipartisan Privacy Bill Contains Cybersecurity Mandates
The bill's main focus is on creating rights of access and correction and
allowing consumers the right to opt out from their data being used for
targeted advertising. It would prohibit corporations from retaliating against
individuals for exercising their opt-out rights, such as by denying service or
charging different rates. It would also create oversight requirements for
large companies with minimum revenues of $250 million that use decision-making
algorithms, including algorithms that facilitate human decision-making. Those
companies would need to annually assess their algorithms for potential biases
and evaluate them for bias prior to putting them into production. Annual
assessment would be publicly available and transmitted to the Federal Trade
Commission. Consumers would have a right to opt out of algorithmic assessment
in matters such as access to housing, employment, education, healthcare and
financial activities. The FTC would publish guidance on how to comply with
that section within two years. Individuals could sue companies for violations
of most sections of the act. This would preempt the bevy of state data privacy
laws that have come up in recent years, including in California.
Quote for the day:
“People are not lazy. They simply
have important goals – that is, goals that do not inspire them.” --
Tony Robbins
No comments:
Post a Comment