Daily Tech Digest - October 19, 2019

Lip-Reading Drones, Emotion-Detecting Cameras: How AI Is Changing The World

Specific lip-reading programs can decipher what people are saying from a distance while gait-analysis software can identify an individual just by the way they walk. "Even if the drone is at 300ft, it can still operate effectively,” Dronestream CEO Harry Howe said. While these particular drones are still in the testing phase, many intruding technologies are being used around the country. Take China, for example. It's Skynet system claims it can scan all 1.3 billion citizens within seconds. There are 200 million cameras scattered around the country which can track identity thieves, find fugitives, catch sleeping students and spot jaywalkers. This particular surveillance system led to 2000 arrests from 2016 to 2018. Countries like Malaysia, Jamaica, Germany and Poland are considering installing similar systems, while a number of facial recognition trials have been conducted right here on Australian soil.

7 mistakes that ISO 27001 auditors make

Checklists are a great way of quickly assessing whether a list of requirements are met, but what they offer in convenience they lack in in-depth analysis. Organisations are liable to see that a requirement has been ticked off and assume that it’s ‘mission accomplished’. However, there may still be room to improve your practices, and it might even be the case that your activities aren’t necessary. A good auditor will use the checklist as a summary at the beginning or end of their audit, with a more detailed assessment in their report, or they’ll use a non-binary system that doesn’t restrict them to stating that a requirement either has or hasn’t been met. ...  In theory, they are a perfect fit. You already have a working relationship and you’ll save time finding a consultant and bringing them up to speed on your organisation’s needs. Unfortunately, there’s clearly a conflict of interest in this relationship, as you run the risk of allowing the auditor to manipulate their findings to persuade you to use them as a consultant.

Looking at the Enterprise Architecture Renaissance

In their enterprise architecture report, Ovum looked at the paradigm shift going on now that’s responsible for transforming EA into architect everything. They reviewed seven EA solutions that have begun the transition from EA to AE. Interestingly, Ovum found that the vendors shared a similar idea on the direction that EA should move toward. Most regarded non-EA features that help with business modeling, business process mapping and analysis, GRC, and portfolio management to be standard features that EA platforms should include in their solutions. ... Today’s enterprise architecture approach needs to promote stronger collaboration and teamwork throughout the organization, so that everyone is on the same page with regard to company goals and desired outcomes. One example on an EA platform that does this effectively is Planview Enterprise One. Planview Enterprise One comes with collaboration and workflow tools that enable process and project-driven work. Elements like Kanban boards and collaborative workspaces make it easy to bring stakeholders and contributors together under one roof, where they can share information and work together to push the company forward.

Top 6 email security best practices to protect against phishing attacks ...

Complicated email flows can introduce moving parts that are difficult to sustain. As an example, complex mail-routing flows to enable protections for internal email configurations can cause compliance and security challenges. Products that require unnecessary configuration bypasses to work can also cause security gaps. As an example, configurations that are put in place to guarantee delivery of certain type of emails (eg: simulation emails), are often poorly crafted and exploited by attackers. Solutions that protect emails (external and internal emails) and offer value without needing complicated configurations or emails flows are a great benefit to organizations. In addition, look for solutions that offer easy ways to bridge the gap between the security teams and the messaging teams. Messaging teams, motivated by the desire to guarantee mail delivery, might create overly permissive bypass rules that impact security. The sooner these issues are caught the better for overall security. Solutions that offer insights to the security teams when this happens can greatly reduce the time taken to rectify such flaws thereby reducing the chances of a costly breach

How operators can make 5G pay

Some operators have started to partner with over-the-top (OTT) service providers to bundle their offerings with connectivity subscriptions, sometimes with an explicit charge and sometimes without (for example, by making certain streams unmetered against the customer’s data bundle). “With the improvements in network capabilities in the 5G era, customers can expect to enjoy more network services bundled with content provider services — including accelerated gaming — and the operator could offer its network service to the customer as part of that bundle,” said a senior executive at an Asian Internet player. In the 5G world, in which the network technology allows a far greater range of functionality that can be monetized, telecom companies have many more opportunities to develop collaborations with a variety of businesses and public agencies. We see four main options for how operators could monetize this greater functionality. The higher the relevance of the telecom operator’s brand to the use case, the greater the operator’s ability to own the customer relationship and claim a bigger share of revenues.

Beyond their value in ensuring consistent, predictable service delivery, SLOs are a powerful weapon to wield against micromanagers, meddlers, and feature-hungry PMs. That is why it’s so important to get everyone on board and signed off on your SLO. When they sign off on it, they own it too. They agree that your first responsibility is to hold the service to a certain bar of quality. If your service has deteriorated in reliability and availability, they also agree it is your top priority to restore it to good health. Ensuring adequate service performance requires a set of skills that people and teams need to continuously develop over time, namely: measuring the quality of our users’ experience, understanding production health with observability, sharing expertise, keeping a blameless environment for incident resolution and post-mortems, and addressing structural problems that pose a risk to service performance. They require a focus on production excellence, and a (time) budget for the team to acquire the necessary skills. The good news is that this investment is now justified by the SLOs that management agreed to.

How open source software is turbocharging digital transformation

Make no mistake, the ever-expanding palette of vendor solutions on the market today remains an indispensable resource for enterprise-scale digital transformation. But there are compelling reasons to explore OSS’s possibilities as well. For example, OSS in emerging technology domains often includes work contributed by highly creative developers with hard-to-find expertise. By exploring OSS projects for artificial intelligence (AI), blockchain, or other trending technologies, companies that lack in-house experts can better understand what the future holds for these disruptive tools. Moreover, CIOs are realizing that when coders can engage with domain experts and contribute their own work to an OSS ecosystem, job satisfaction and creativity often grow, along with engineering discipline, product quality, and efficiency. As any software engineer knows, the ability to take established and tested code from an existing library, rather than having to create it from scratch, can shrink development timelines significantly. These findings spotlight OSS’s formidable promise. But they also make clear that open source is not an all-or-nothing proposition. IT leaders should think of OSS as a potentially valuable complement to their broader ecosystem, vendor, or partner strategy.

Yubico security keys can now be used to log into Windows computers

Starting today, users can use hardware security keys manufactured by Swedish company Yubico to log into a local Windows OS account. After more than six months of testing, the company released today the first stable version of the Yubico Login for Windows application. Once installed on a Windows computer, the application will allow users to configure a Yubico security key (known as YubyKey) to secure local Windows OS accounts. The Yubico key will not replace the Windows account password but will work as a second authentication factor. Users will have to enter their password, and then plug in a Yubico key into a USB port to finish the login process. Yubico hopes the keys will be used to secure high-value computers storing sensitive data that are used in the field, away from secured networks. Such devices are often susceptible to theft or getting lost. If the devices are not encrypted, attackers have various ways at their disposal to bypass normal Windows password-based authentication. Securing local Windows accounts with a YubiKey makes it nearly impossible for an attacker to access the account, even if they know the password.

The Fallacy of Telco Cloud

First, proving the viability of virtualizing Telco workloads, with the investment in defining Network Function Virtualization (NFV) and a global set of trials, beginning in and around the first ETSI NFV working group meeting in 2012. Then, we focused on the optimization of that virtualization technology – investment in Virtual Infrastructure Managers (VIMs), I/O acceleration technologies like Data Plane Development Kit (DPDK), and para-virtualization technologies, such as Single Root Input/Output Virtualization (SR-IOV) for performance and manageability of SLA-backed network functions. Now, we’ve embarked on the next set of technology advancements: separating control and user planes, accelerating I/O functions with FPGAs and SmartNICs, and starting the migration of applications towards containers and cloud native functions. This is the beginning of a second wave of technology-led investments into the Telco Cloud. ... In short, the technology is mature. The real question is – are we actually achieving the benefits of cloud in the Telco network? 

Challenges of Data Governance in a Multi-Cloud World

The traditional contracts that worked in typical telecom network services to mitigate security breaches or other types of noncompliance events have failed to deliver the goods for the cloud. Highly scaled, shared, and automated IT platforms, such as the cloud can hide the geographic location of data — both from the customer and the service provider’s sides. This can give rise to regulatory violations. Thus, contracting for the cloud is still in its infancy, and till some litigation sheds light on regulatory issues and serves to set precedents for future cases, the data-cloud breach issues will remain unresolved. Moreover, data aggregation will increase the potential data risk as more valuable data will occupy the common storage location. On the flip side, multi-cloud environments offer more transparency through event logging, and enterprise-wide solutions via automation tools. Solutions, once detected, can be instantly deployed across cloud networks. In recent years, risk management strategies specifically for the cloud have emerged, and these just have to be tested for the multi-cloud environments.

Quote for the day:

"There are some among the so-called elite who are overbearing and arrogant. I want to foster leaders, not elitists." -- Daisaku Ikeda

No comments:

Post a Comment