Quote for the day:
“You get in life what you have the courage to ask for.” -- Nancy D. Solomon
The Reality of Platform Engineering vs. Common Misconceptions
In theory, the definition of platform engineering is straightforward. It's a
practice that involves providing a company's software developers with access to
preconfigured toolchains, workflows, and environments, typically through the use
of what's called an Internal Developer Platform (IDP). The goal behind platform
engineering is also straightforward: It's to help developers work more
efficiently and with fewer risks by allowing them to spin up compliant,
ready-made solutions whenever they need them, rather than having to implement
everything from scratch. ... Misuses of the term platform engineering aren't all
that surprising. A similar phenomenon occurred when DevOps entered the tech
lexicon in the late 2000s. Instead of universal recognition of DevOps as a
distinct philosophy that involves melding software development to IT operations
work, some folks effectively began using DevOps as a catch-all term to refer to
anything modern or buzzworthy in the realm of software engineering. The same
thing seems to be happening now in platform engineering. The term is apparently
being used, at least by some professionals, to refer to any work that involves
using a platform of some kind within the context of software development.
Why AI needs a kill switch – just in case
How do you develop your “AI kill switch?” The answer lies in protecting securing
the entire machine-driven ecosystem that AI depends on. Machine identities, such
as digital certificates, access tokens and API keys – authenticate and authorise
AI functions and their abilities to interact with and access data sources.
Simply put, LLMs and AI systems are built on code, and like any code, they need
constant verification to prevent unauthorised access or rogue behaviour. If
attackers breach these identities, AI systems can become tools for
cybercriminals, capable of generating ransomware, scaling phishing campaigns and
sowing general chaos. Machine identity security ensures AI remains trustworthy,
even as they scale to interact with complex networks and user bases – tasks that
can and will be done autonomously via AI agents. Without strong governance and
oversight, companies risk losing visibility into their AI systems, leaving them
vulnerable. Attackers can exploit weak security measures, using tactics like
data poisoning and backdoor infiltration – threats that are evolving faster than
many organisations realise. ... Machine identity security is a critical first
step – it establishes trust and resilience in an AI-driven world. This becomes
even more urgent as agentic AI takes on autonomous decision-making roles across
industries.
Cyber resilience under DORA – are you prepared for the challenge?
Many damaging breaches have originated from within digital supply chains,
through third-party vulnerabilities, or from internal weaknesses. In 2023,
third-party attacks led to 29% of breaches with 75% of third-party breaches
targeting the software and technology supply chain. This evolving threat
landscape has forced financial institutions to rethink their approach. The
future of cyber resilience isn’t about building higher walls - it’s about
securing every layer, inside and out. ... One of the most pressing concerns
for financial institutions under DORA is the security of their digital supply
chains. High-profile cyberattacks in recent years have demonstrated that
vulnerabilities often originate not from within an organization's own IT
infrastructure, but through weaknesses in third-party service providers, cloud
platforms, and outsourced IT partners. DORA places a strong emphasis on
third-party risk management, making it clear that security responsibility
extends beyond a firm’s immediate network. Ensuring supply chain resilience
requires a proactive and continuous approach. FSIs must conduct regular
security assessments of all external vendors, ensuring that partners adhere to
the same high standards of cybersecurity and risk management.
Ask a Data Ethicist: How Can We Ethically Assess the Influence of AI Systems on Humans?
Bezou-Vrakatseli et al provides some guidance in this paper, which outlines
the S.H.A.P.E. framework. S.H.A.P.E. stands for secrecy, harm, agency,
privacy, and exogeneity. ... If you are not aware that you are being
influenced or are unaware of the way in which the influence is taking place,
there might be an ethical issue. The idea of intent to influence while keeping
that intent a secret, speaks to ideas of deception or trickery. ... You might
be wondering – what actually constitutes harm? It’s not just physical harm.
There are a range of possible harms including mental health and well being,
psychological safety, and representational harms. The authors note that this
issue of what is harm – ethically speaking – is contestable, and that lack of
consensus can make it difficult to address. ... Human agency has
“intrinsic moral value” – that is to say we value it in and of itself. Thus,
anything that messes with human agency is generally seen as unethical. There
can be exceptions, and we sometimes make these when the human in question
might not be able to act in their own best interests. ... Influence may be
unethical if there is a violation of privacy. Much has been written about why
privacy is valuable and why breaches of privacy are an ethical issue. The
authors cite the following – limiting surveillance of citizens, restricting
access to certain information, and curtailing intrusions into places deemed
private or personal.
Is It Time to Replace Your Server Room with a Data Center?
Rare is the business that starts its IT journey with a full-fledged data
center. The more typical route involves creating a server room first, then
upgrading to a data center over time as IT needs expand. That raises the
question: When should a business replace its server room with a data center?
Which performance, security, cost and other considerations should a company
weigh when deciding to switch? ... For some companies, the choice between a
server room and a data center is clear-cut. A server room best serves small
businesses without large-scale IT needs, whereas enterprises typically need a
“real” data center. For medium-sized companies, the choice is often less
clear. If a business has been getting by for years with just a server room,
there is often no single tell-tale sign indicating it’s time to upgrade to a
data center. And there is a risk that doing so will cost a lot of money
without being necessary. ... A high incidence of server outages or downtime is
another good reason to consider moving to a data center. That’s especially
true if the outages stem from issues inherent to the nature of the server room
– such as power system failures within the entire building, which are less of
a risk inside a data center with its own dedicated power source.
How to safely dispose of old tech without leaving a security risk
Printers, especially those with built-in memory or hard drives, can retain
copies of documents that were printed or scanned. Routers can store personal
information related to network activity, including IP addresses, usernames,
and Wi-Fi passwords. Meanwhile, smart TVs, home assistants (like Alexa, Google
Home), and smart thermostats may store voice recordings, usage patterns,
personal preferences, and even login credentials for streaming services like
Netflix and Amazon Prime. As IoT devices become more common, they are
increasingly at risk of storing sensitive data. ... Before disposing of a
device, it’s essential to completely erase any confidential data. Deleting
files or formatting the drive alone isn’t enough, as the data can still be
retrieved. The best method for securely wiping data varies depending on the
device. ... Windows users can use the “Reset this PC” feature with the option
to remove all files and clean the drive, while macOS users can use “Erase
Disk” in Disk Utility to securely wipe storage before disposal. Tools like
DBAN (Darik’s Boot and Nuke) and BleachBit can also help securely erase
data. DBAN is specifically designed to wipe traditional hard drives
(HDDs) by completely erasing all stored data. However, it does not support
solid-state drives (SSDs), as excessive overwriting can shorten their
lifespan.
The great software rewiring: AI isn’t just eating everything; it is everything
Right now, most large language models (LLMs) feel like a Swiss Army knife with
infinite tools — exciting but overwhelming. Users don’t want to “figure out”
AI. They want solutions, AI agents tailored for specific industries and
workflows. Think: legal AI drafting contracts, financial AI managing
investments, creative AI generating content, scientific AI accelerating
research. Broad AI is interesting. Vertical AI is valuable. Right now, LLMs
are too broad, too abstract, too unapproachable for most. A blank chat box is
not a product, it is homework. If AI is going to replace applications, it must
become invisible, integrating seamlessly into daily workflows without forcing
users to think about prompts, settings or backend capabilities. The companies
that succeed in this next wave will not just build better AI models, but
better AI experiences. The future of computing is not about one AI that does
everything. It is about many specialized AI systems that know exactly what
users need and execute on that flawlessly. ... The old software model was
built on scarcity. Control distribution, limit access, charge premiums. AI
obliterates this. The new model is fluid, frictionless,and infinitely
scalable.
Cybersecurity: The “What”, the “How” and the “Who” of Change
Cybersecurity is more complex than that: Protecting the firm from cyberthreats
requires the ability to reach across corporate silos, beyond IT, towards
business and support functions, as well as digitalised supply chains. You can
throw as much money as you like to the problem, but if you give it to a
technologist CISO to resolve, they will address it as a technology matter.
They will put ticks on compliance checklists. They will close down audit
points. They will deal with incidents and put out fires. They will deploy
countless tools (to the point where this is now becoming a major operational
issue). But they will not change the culture of your organisation around
business protection and breaches will continue to happen as threats evolve. A
lot has been said and written about the role of the “transformational CISO”,
but I doubt there are many practitioners in the current generation of CISOs
who can successfully wear that mantel. Simply because most have spent the last
decade firefighting cyber incidents and have never been able to project a
transformative vision over the mid to long-term, let alone deliver it. They
have not developed the type of political finesse, of personal gravitas, of
leadership in one word, that they would require to be trusted and succeed at
delivering a truly transformative agenda across the complex and political
silos of the modern enterprise.
CISOs and CIOs forge vital partnerships for business success
“One of the characteristics of a business-aligned CISO is they don’t use the
veto card in every instance,” Ijam explains. “When the CISO is at the table and
understands the importance of outcomes and deliverables from a business
perspective as well as risk management from a security perspective, they are
able to pick their battles in a smart way.” Forging a peer CIO/CISO partnership
also requires the right set of leaders. While CIOs have been honing a business
orientation for years, CISOs need to follow suit, maturing into a role that
understands business strategy and is well-versed in the language so they command
a seat at the table. “The right CISO leader is someone that doesn’t speak in
ones and zeros,” Whiteside says. “They need to be at the table talking in terms
that business leaders understand — not about firewalls and malware.” Becoming a
C-suite peer also means cultivating an independent voice — important because
CIOs and CISOs often have varying points of view, separate priorities, and
different tolerances for risk. It’s equally important to make sure the CISO’s
voice — and security recommendations — are part of every discussion related to
business strategy, IT infrastructure, and critical systems at the beginning, not
as an afterthought.
India’s Digital Personal Data Protection Act: A bold step with unfinished business
The release of the draft Digital Personal Data Protection Rules, 2025, on 3rd of
January aim to operationalise the provisions of the Act. The Act will
undoubtedly go a long way in safeguarding digital personal data. Whilst the
benefits to the common citizen are laudable, there are clearly areas of that
need to be urgently addressed. ... The draft rules mandate data localisation,
restricting the transfer of certain personal data outside India. This approach
has faced criticism for potentially increasing operational costs for businesses
and creating barriers to global data flows. A flexible approach could be taken
with regard to data flows with Friendly and Trusted Nations. Allowing
cross-border data transfers to trusted jurisdictions with robust data protection
frameworks will position India as a key player in Global trade. India wants to
increase exports of goods and services to achieve it’s vision of “Viksit Bharat”
by 2047. ... The introduction of clear, technology-driven mechanisms for age
verification without being overly intrusive need to be determined. Implementing
this rule from a pragmatic perspective will be onerous. Self- declaration may
turn out to be a potential way forward, given India’s massive rural population
that accesses online services and platforms and the difficulty of implementing
parental consent.
No comments:
Post a Comment