Choosing the Right Tech Stack: The Key to Successful App Development
Choosing the right tech stack is critical because the tech stack you opt to use will shape virtually every aspect of your development project. It determines which programming language you can use, as well as which modules, libraries, and other pre-built components you can take advantage of to speed development. It has implications for security, since some tech stacks are easier to secure than others. It influences the application performance and operating cost because it plays an important role in determining how many resources the application will consume. And so on. ... Building a secure application is important in any context. But if you face special compliance requirements — for example, if you're building a finance or healthcare app, which are subject to special compliance mandates in many places — you may need to guarantee an extra level of security. To that end, make sure the tech stack you choose offers whichever level of security controls you need to meet your compliance requirements. A tech stack alone won't guarantee that your app is compliant, but choosing the right tech stack makes it easier for you to build a compliant app.
What is hybrid AI?
Rather than relying on a single method, hybrid AI integrates various systems,
such as rule-based symbolic reasoning, machine learning and deep learning, to
create systems that can reason, learn, and adapt more effectively than AI
systems that have not been integrated with others. ... Symbolic AI, which is
often referred to as rule-based AI, focuses on using logic and explicit rules
to solve problems. It excels in reasoning, structured data processing and
interpretability but struggles with handling unstructured data or large-scale
problems. Machine learning (ML), on the other hand, is data-driven and excels
at pattern recognition and prediction. It works well when paired with large
datasets, identifying trends without needing explicit rules. However, ML
models are often difficult to interpret and may struggle with tasks requiring
logical reasoning. Hybrid AI that combines symbolic AI with machine learning
makes the most of the reasoning power of symbolic systems as well as the
adaptability of machine learning. For instance, a system could use symbolic AI
to follow medical guidelines for diagnosing a patient, while machine learning
analyses patient records and test results to offer individual recommendations.
6 Roadblocks to IT innovation
Innovation doesn’t happen by happenstance, says Sean McCormack, a seasoned
tech exec who has led innovation efforts at multiple companies. True, someone
might have an idea that seemingly comes out of the blue, but that person needs
a runway to turn that inspiration into innovation that takes flight. That
runway is missing in a lot of organizations. “Oftentimes there’s no formal
process or approach,” McCormack says. Consequently, inspired workers must try
to muscle through their bright ideas as best they can; they often fail due to
the lack of support and structure that would bring the money, sponsors, and
skills needed to build and test it. “You have to be purposeful with how you
approach innovation,” says McCormack, now CIO at First Student, North
America’s largest provider of student transportation. ... Taking a
purposeful approach enables innovation in several ways, McCormack explains.
First, it prioritizes promising ideas and funnels resources to those ideas,
not weaker proposals. It also ensures promising ideas get attention rather
than be put on a back burner while everyone deals with day-to-day tasks. And
it prevents turf wars between groups, so, for example, a business unit won’t
run away with an innovation that IT proposed.
Cyber Criminals Hate Cybersecurity Awareness Month
In the world of enterprises, the expectations for restoring data and backing
up data at multi-petabyte scale have changed. IT teams need to increase
next-generation data protection capabilities, while reducing overall IT
spending. It gets even more complicated when you consider all the
applications, databases, and file systems that generate different types of
workloads. No matter what, the business needs the right data at the right
time. To deliver this consistency, the data needs to be secured.
Next-generation data protection starts when the data lands in the storage
array. There needs to be high reliability with 100% availability. There also
needs to be data integrity. Each time data is accessed, the storage system
should check and verify the data to ensure the highest degree of data
integrity. Cyber resilience best practices require that you ensure data
validity, as well as near-instantaneous recovery of primary storage and backup
repositories, regardless of the size. This accelerates disaster recovery when
a cyberattack happens. Greater awareness of best practices in cyber resilience
would be one of the crowning achievements of this October as Cybersecurity
Awareness Month. Let’s make it so.
6 Strategies for Maximizing Cloud Storage ROI
Rising expenses in cloud data storage have prompted many organizations to
reconsider their strategies, leading to a trend of repatriation as enterprises
seek more control during these unpredictable economic times. A February 2024
Citrix poll revealed that 94% of organizations had shifted some workloads back
to on-premises systems, driven by concerns over security, performance, costs,
and compatibility. ... Common tactics of re-architecting applications,
managing cloud sprawl and monitoring spend using the tools each cloud provides
are a great first start. However, these methods are not the full picture.
Storage optimization is an integral piece. Focusing on cloud storage costs
first is a smart strategy since storage constitutes a large chunk of the
overall spend. More than half of IT organizations (55%) will spend more than
30% of their IT budget on data storage and backup technology, according to our
recent State of Unstructured Data Management report. The reality is that most
organizations don’t have a clear idea on current and predicted storage costs.
They do not know how to economize, how much data they have, or where it
resides.
As Software Code Proliferates, Security Debt Becomes a More Serious Threat
As AI-generated code proliferates, it compounds an already common problem,
filling code bases with insecure code that will likely become security debt,
increasing the risks to organizations. Just like financial debt, security debt
can accrue quickly over time, the result of organizations compromising
security measures in favor of convenience, speed or cost-cutting measures.
Security debt, introduced by both first-party and third-party code, affects
organizations of all sizes. More than 70% of organizations have security debt
ingrained in their systems — and nearly half have critical debt. Over time,
this accumulated debt poses serious risks because, as with financial debt, the
bill will become due — potentially in the form of costly and consequential
security breaches that can put an organization's data, reputation and overall
stability at stake. ... Amid the dark clouds gathering over security debt,
there is one silver lining. The number of high-severity flaws in organizations
has been cut in half since 2016, which is clear evidence that organizations
have made some progress in implementing secure software practices. It also
demonstrates the tangible impact of quickly remediating critical security
debt.
Why Liability Should Steer Compliance with the Cyber Security and Resilience Bill
First and foremost, the regulations are likely to involve an overhaul that
will require a management focus. In the case of NIS2, for example, the board
is tasked with taking responsibility for and maintaining oversight of the risk
management strategy. This will require management bodies to undergo training
themselves as well as to arrange training for their employees in order to
equip themselves with sufficient knowledge and skills to identify risks and
assess cybersecurity risk management practices. Yet NIS2 also breaks new
ground in that it not only places responsibility for oversight of the risk
strategy firmly at the feet of the board but goes on to state individuals
could be held personally liable if they fail to exercise those
responsibilities. Under article 32, authorities can temporarily prohibit any
person responsible for discharging managerial responsibilities at CEO or a
similar level from exercising managerial functions – in other words they can
be suspended from office. We don’t know if the Cyber Security and Resilience
Bill will take a similar tack but NIS2 is by no means alone in this
approach.
Tackling operational challenges in modern data centers
Supply chain bottlenecks continue to plague data centers, as shortages of
critical components and materials lead to delays in shipping, sliding project
timelines, and increased costs for customers. Many data center operators have
become unable to meet their need for affected equipment such as generators,
UPS batteries, transformers, servers, building materials, and other big-ticket
items. This gap in availability is leading many to settle for any readily
available items, even if not from their preferred vendor. ... The continuous
heavy power consumption of data centers can strain local electrical utility
systems with limited supply or transmission capacity. This poses a question of
whether areas heavily populated with data centers, like Northern Virginia,
Columbus, and Pittsburgh, have enough electricity capacity, and if they should
only be permitted to use a certain percentage of grid power. ... Like the rest
of the world, data centers are now facing a climate crisis as temperatures and
weather events soar. Data centers are also seeking ways to increase their
power load and serve higher client demand, without significantly increasing
their electricity and emissions burdens.
The AI-driven capabilities transforming the supply chain
In today’s supply chain environment, there really is no room for disruption —
be it labor shortages, geopolitical strife or malfunctions within
manufacturing. To keep up with demand, supply chain teams are focused on
continuous improvement and finding ways to remove the burden on expensive
manual labor in favor of automated, digital solutions. When faulty products
come off the production line, it must be addressed quickly. AI can accelerate
the resolution process faster than human labor in many instances — preventing
production standstills and even catching errors before they occur. Engineers
who are creating a product can lean on these insights too, using AI to assess
all the errors that have happened in the past to make sure that they don’t
happen in the future. ... Through camera footage and visual inspections, AI
models can help detect errors, faults or defects in equipment before they
happen. If the technology identifies an issue — or predicts the need for
maintenance — teams can arrange for a technician to perform repairs. This
predictive maintenance minimizes unplanned outages, reduces disruptions across
the supply chain and optimizes asset performance.
What makes a great CISO
Security settings were once viewed as binary — on or off — but today, security
programs need to be designed to help organizations adapt and respond with
minimal impact when incidents occur. Response and resilience planning now
involves cybersecurity and business operations teams, requiring the CISO to
engage across the organization, especially during incidents. ... In the past,
those with a SecOps background often focused on operational security, while
those with a GRC background leaned toward prioritizing compliance to manage
risk, according to Paul Connelly, former CISO now board advisor, independent
director and CISO mentor. “Infosec requires a base competence in technology,
but a CISO doesn’t have to be an engineer or developer,” says Connelly. A
broad understanding of infosec responsibilities is needed, but the CISO can
come from any part of the team, including IT or even internal audit. Exposure
to different industries and companies brings a valuable diversity of thinking.
Above all, modern CISOs must prioritize aligning security efforts with
business objectives. “Individuals who have zig-zagged through an organization,
getting wide exposure, are better prepared than someone who rose through the
ranks focused in SecOps or another single area of focus,” says Connelly.
Quote for the day:
"The great leaders are like best
conductors. They reach beyond the notes to reach the magic in the players."
-- Blaine Lee
No comments:
Post a Comment