5 Steps To Cross the Operational Chasm in Incident Management
A siloed approach to incident management slows down decision-making and harms
cross-team communication during incidents. Instead, organizations must cultivate
a cross-functional culture where all team members are able to collaborate
seamlessly. Cross-functional collaboration ensures that incident response plans
are comprehensive and account for the insights and expertise contained within
specific teams. This communication can be expedited with the support of AI tools
to summarize information and draft messages, as well as the use of automation
for sharing regular updates. ... An important step in developing a proactive
incident management strategy is conducting post-incident reviews. When incidents
are resolved, teams are often so busy that they are forced to move on without
examining the contributing factors or identifying where processes can be
improved. Conducting blameless reviews after significant incidents — and ideally
every incident — is crucial for continuously and iteratively improving the
systems in which incidents occur. This should cover both the technological and
human aspects. Reviews must be thorough and uncover process flaws, training gaps
or system vulnerabilities to improve incident management.
How to transform your architecture review board
A modernized approach to architecture review boards should start with
establishing a partnership, building trust, and seeking collaboration between
business leaders, devops teams, and compliance functions. Everyone in the
organization uses technology, and many leverage platforms that extend the
boundaries of architecture. Winbush suggests that devops teams must also extend
their collaboration to include enterprise architects and review boards. “Don’t
see ARBs as roadblocks, and treat them as a trusted team that provides
much-needed insight to protect the team and the business,” he suggests. ...
“Architectural review boards remain important in agile environments but must
evolve beyond manual processes, such as interviews with practitioners and
conventional tools that hinder engineering velocity,” says Moti Rafalin, CEO and
co-founder of vFunction. “To improve development and support innovation, ARBs
should embrace AI-driven tools to visualize, document, and analyze architecture
in real-time, streamline routine tasks, and govern app development to reduce
complexity.” ... “Architectural observability and governance represent a
paradigm shift, enabling proactive management of architecture and allowing
architects to set guardrails for development to prevent microservices sprawl and
resulting complexity,” adds Rafalin.
Business Internet Security: Everything You Need to Consider
Each device on your business’s network, from computers to mobile phones,
represents a potential point of entry for hackers. Treat connected devices as
a door to your Wi-Fi networks, ensuring each one is secure enough to protect
the entire structure. ... Software updates often include vital security
patches that address identified vulnerabilities. Delaying updates on your
security software is like ignoring a leaky roof; if left unattended, it will
only get worse. Patch management and regularly updating all software on all
your devices, including antivirus software and operating systems, will
minimize the risk of exploitation. ... With cyber threats continuing to evolve
and become more sophisticated, businesses can never be complacent about
internet security and protecting their private network and data. Taking
proactive steps toward securing your digital infrastructure and safeguarding
sensitive data is a critical business decision. Prioritizing robust internet
security measures safeguards your small business and ensures you’re
well-equipped to face whatever kind of threat may come your way. While
implementing these security measures may seem daunting, partnering with the
right internet service provider like Optimum can give you a head start on your
cybersecurity journey.
How Google Cloud’s Information Security Chief Is Preparing For AI Attackers
To build out his team, Venables added key veterans of the security industry,
including Taylor Lehmann, who led security engineering teams for the Americas
at Amazon Web Services, and MK Palmore, a former FBI agent and field security
officer at Palo Alto Networks. “You need to have folks on board who understand
that security narrative and can go toe-to-toe and explain it to CIOs and
CISOs,” Palmore told Forbes. “Our team specializes in having those
conversations, those workshops, those direct interactions with customers.” ...
Generally, a “CISO is going to meet with a very small subset of their
clients,” said Charlie Winckless, senior director analyst on Gartner's Digital
Workplace Security team. “But the ability to generate guidance on using Google
Cloud from the office of the CISO, and make that widely available, is
incredibly important.” Google is trying to do just that. Last summer, Venables
co-led the development of Google’s Secure AI Framework, or SAIF, a set of
guidelines and best practices for security professionals to safeguard their AI
initiatives. It’s based on six core principles, including making sure
organizations have automated defense tools to keep pace with new and existing
security threats, and putting policies in place that make it faster for
companies to get user feedback on newly deployed AI tools.
11 ways to ensure IT-business alignment
A key way to facilitate alignment is to become agile enough to stay ahead of
the curve, and be adaptive to change, Bragg advises. The CIO should also speak
early when sensing a possible business course deviation. “A modern digital
corporation requires IT to be a good partner in driving to the future rather
than dwelling on a stable state.” IT leaders also need to be agile enough to
drive and support change, communicate effectively, and be transparent about
current projects and initiatives. ... To build strong ties, IT leaders must
also listen to and learn from their business counterparts. “IT leaders can’t
create a plan to enable business priorities in a vacuum,” Haddad explains.
“It’s better to ask [business] leaders to share their plans, removing the
guesswork around business needs and intentions.” ... When IT and the business
fail to align, silos begin to form. “In these silos, there’s minimal
interaction between parties, which leads to misaligned expectations and
project failures because the IT actions do not match up with the company
direction and roadmap,” Bronson says. “When companies employ a reactive rather
than a proactive approach, the result is an IT function that’s more focused on
putting out fires than being a value-add to the business.”
Edge Extending the Reach of the Data Center
Savings in communications can be achieved, and low-latency transactions can be
realized if mini-data centers containing servers, storage and other edge
equipment are located proximate to where users work. Industrial manufacturing
is a prime example. In this case, a single server can run entire assembly
lines and robotics without the need to tap into the central data center. Data
that is relevant to the central data center can be sent later in a batch
transaction at the end of a shift. ... Organizations are also choosing to
co-locate IT in the cloud. This can reduce the cost of on-site hardware and
software, although it does increase the cost of processing transactions and
may introduce some latency into the transactions being processed. In both
cases, there are overarching network management tools that enable IT to see,
monitor and maintain network assets, data, and applications no matter where
they are. ... Most IT departments are not at a point where they have all of
their IT under a central management system, with the ability to see, tune,
monitor and/or mitigate any event or activity anywhere. However, we are at a
point where most CIOs recognize the necessity of funding and building a
roadmap to this “uber management” network concept.
Orchestrator agents: Integration, human interaction, and enterprise knowledge at the core
“Effective orchestration agents support integrations with multiple enterprise
systems, enabling them to pull data and execute actions across the
organizations,” Zllbershot said. “This holistic approach provides the
orchestration agent with a deep understanding of the business context,
allowing for intelligent, contextual task management and prioritization.” For
now, AI agents exist in islands within themselves. However, service providers
like ServiceNow and Slack have begun integrating with other agents. ...
Although AI agents are designed to go through workflows automatically, experts
said it’s still important that the handoff between human employees and AI
agents goes smoothly. The orchestration agent allows humans to see where the
agents are in the workflow and lets the agent figure out its path to complete
the task. “An ideal orchestration agent allows for visual definition of the
process, has rich auditing capability, and can leverage its AI to make
recommendations and guidance on the best actions. At the same time, it needs a
data virtualization layer to ensure orchestration logic is separated from the
complexity of back-end data stores,” said Pega’s Schuerman.
The Transformative Potential of Edge Computing
Edge computing devices like sensors continuously monitor the car’s
performance, sending data back to the cloud for real-time analysis. This
allows for early detection of potential issues, reducing the likelihood of
breakdowns and enabling proactive maintenance. As a result, the vehicle is
more reliable and efficient, with reduced downtime. Each sensor relies on a
hyperconnected network that seamlessly integrates data-driven intelligence,
real-time analytics, and insights through an edge-to-cloud continuum – an
interconnected ecosystem spanning diverse cloud services and technologies
across various environments. By processing data at the edge, within the
vehicle, the amount of data transmitted to the cloud is reduced. ... No matter
the industry, edge computing and cloud technology require a reliable,
scalable, and global hyperconnected network – a digital fabric – to deliver
operational and innovative benefits to businesses and create new value and
experiences for customers. A digital fabric is pivotal in shaping the future
of infrastructure. It ensures that businesses can leverage the full potential
of edge and cloud technologies by supporting the anticipated surge in network
traffic, meeting growing connectivity demands, and addressing complex security
requirements.
The risks and rewards of penetration testing
It is impossible to predict how systems may react to penetration testing. As
was the case with our customer, an unknow flaw or misconfiguration can lead to
catastrophic results. Skilled penetration testers usually can anticipate such
issues. However, even the best white hats are imperfect. It is better to
discover these flaws during a controlled test, then during a data breach.
While performing tests, keep IT support staff available to respond to
disruptions. Furthermore, do not be alarmed if your penetration testing
provider asks you to sign an agreement that releases them from any liability
due to testing. ... Black hats will generally follow the path of least
resistance to break into systems. This means they will use well-known
vulnerabilities they are confident they can exploit. Some hackers are still
using ancient vulnerabilities, such as SQL injection, which date back to 1995.
They use these because they work. It is uncommon for black hats to use unknown
or “zero-day” exploits. These are reserved for high-value targets, such as
government, military, or critical infrastructure. It is not feasible for white
hats to test every possible way to exploit a system. Rather, they should focus
on a broad set of commonly used exploits. Lastly, not every vulnerability is
dangerous.
How Data Breaches Erode Trust and What Companies Can Do
A data breach can prompt customers to lose trust in an organisation,
compelling them to take their business to a competitor whose reputation
remains intact. A breach can discourage partners from continuing their
relationship with a company since partners and vendors often share each
other’s data, which may now be perceived as an elevated risk not worth
taking. Reputational damage can devalue publicly traded companies and
scupper a funding round for a private company. The financial cost of
reputational damage may not be immediately apparent, but its consequences
can reverberate for months and even years. ... In order to optimise
cybersecurity efforts, organisations must consider the vulnerabilities
particular to them and their industry. For example, financial institutions,
often the target of more involved patterns like system intrusion, must
invest in advanced perimeter security and threat detection. With internal
actors factoring so heavily in healthcare, hospitals must prioritise
cybersecurity training and stricter access controls. Major retailers that
can’t afford extended downtime from a DoS attack must have contingency plans
in place, including disaster recovery.
Quote for the day:
"Leadership is a matter of having
people look at you and gain confidence, seeing how you react. If you're in
control, they're in control." -- Tom Landry