Daily Tech Digest - March 13, 2020

The Digital Services Act: The Next GDPR

social media app icons on smartphone screenWhile we do not expect legislation to be complete in 2020, this year will be to a large extent where the lines around the initial proposals are drawn. Businesses need to engage now to ensure that the new Commission understands the plethora of services they are due to regulate. While the work will be led by Internal Market Commissioner Thierry Breton, it will become a joint effort across the College. With policy issues like consumer protection, disinformation, workers’ rights in the gig economy and competition also on the agenda, businesses will need to widen engagement efforts to the cabinets of Didier Reynders (Justice), Věra Jourová (Rule of Law), Nicolas Schmit (Employment) and Margrethe Vestager (Digital and Competition). Meanwhile, businesses must also be aware of the risk of the Digital Services Act becoming a belated Christmas tree bill, where policymakers in the Council and European Parliament can reopen old arguments concerning copyright or privacy. Of immediate concern to businesses is the expected consultation and communication on the scope of the DSA in the first quarter of 2020, followed by the first legislative proposals in the latter part of the year.

4 questions to determine your IT team's "electability"

Just as voters generally want candidates who reflect their values, organizations want to see an IT shop that reflects their values. For example, a financial institution that values (and needs) trust and security would suffer "organ rejection" with a technology leader that played fast and loose with security and put the overall company at significant risk. Ask yourself if your leadership style and technology organization reflect the broader company's risk appetite, speed of working and communicating, and overall culture. It's difficult to become a trusted advisor when you don't speak the same language or value the same organizational traits. While politicians who can reach across party lines seem to be an increasingly rare commodity, IT is an area ripe for cross-organizational collaboration. By virtue of working with most of the organization in some capacity, we're uniquely positioned to forge relationships that provide value to the company. Rather than acting as an order-taker who diligently implements a project for a defined stakeholder, look for opportunities to leverage the company's technology assets in new ways.

Secrets from cybersecurity pros: How to create a successful employee training program

Two Professional IT Programers Discussing Blockchain Data Network Architecture Design and Development Shown on Desktop Computer Display. Working Data Center Technical Department with Server Racks
The first step in developing a training program is finding the skills gap in your organization. Begin by determining what cybersecurity areas employees are most unfamiliar with, Papatheodorou said.  "Their needs can be assessed via an online survey, or by asking employees and managers directly," Papatheodorou said. Another avenue for preparation is looking at outcomes. "Start by deciding what outcomes you most desire, and pick the right modality of training to best meet those outcomes -- which varies per organization," Lucas said. For example, "ask the security team and leadership some questions: What are our biggest risks? What are we protecting? All of this data will help you clarify where you should start." Plaggemier said. The organization could decide to do a general cybersecurity threat overview, a basic education that could teach employees how to spot and prevent breaches. Or, depending on the company's needs, the training could be more specialized, focusing on password security, email and social media policies, and protection of company data, Papatheodorou said.

Next wave of digital transformation requires better security, automation

Binary stream passing over rows of monitors, each also displaying binary streams.
Modern networks require application services—a pool of services necessary to deploy, run, and secure apps across on-premises or multi-cloud environments. Today, 69% of companies are using 10 or more application services, such as ingress control and service discovery. Ingress control is a relatively new application service that has become essential to companies with high API call volumes. It's one of many examples of the growing adoption of microservices-based apps. Security services remain as the most widely deployed, with these in particular dominating the top five: SSL VPN and firewall services (81%); IPS/IDS, antivirus, and spam mitigation (77%); load balancing and DNS (68%); web application firewalls (WAF) and DDoS protection (each at 67%). Over the next 12 months, the evolution of cloud and modern app architectures will continue to shape application services. At the top of the list (41%) is software-defined wide-area networking (SD-WAN). SD-WAN enables software-based provisioning from the cloud to meet modern application demands. Early SD-WAN deployments focused on replacing costly multi-protocol label switching (MPLS), but there is now greater emphasis on security as a core requirement for SD-WAN.

The algorithmic trade-off between accuracy and ethics

Building fairness into algorithms requires identifying a model that minimizes unfairness. This rather tautological quest is pursued by purposely imposing restraints on the algorithm, such as equalizing the false rejection rate for bank loans across different groups of people. Deciding what these restraints should be is a chore more appropriate for leaders than for engineers — it entails human judgement, policy, and ethics. The remaining pitfalls described by Kearns and Roth are caused not so much by algorithms as by humans trying to optimize algorithmic outcomes for themselves. For instance, people who live in residential neighborhoods that offer alternative routes to traffic-jammed freeways have been known to report nonexistent accidents to the navigation app Waze to induce it to steer drivers away from them. The solution set to these pitfalls includes teaching algorithms to anticipate and adjust for efforts to game them, using concepts such as simulated self-play. Gerald Tesauro of IBM Research first applied this idea successfully in 1992, when he created a world-class backgammon program by inducing it to learn by playing itself. 

Breaking Through Three Common Engineering MythsMyth: Engineers Are Very Logical and Not Creative. This one seems to make sense – if engineers were creative, wouldn’t they have decided to be artists, writers, or some other "Fine Arts" profession? Wrong! The key word in being creative is right there – to create! Engineers create products, services, and processes that influence people every day. Whether your work goes into consumer applications, devices, or machines, the end product of engineering work is used by other people. If engineers suppressed their creativity, they would miss out on a lot of insights into ways to solve problems than they otherwise would. Every day, engineers need to find new ways to think outside the box to tackle new challenges. They have the fabulous opportunity and responsibility of imagining ways in which the world could be different and then creating ways to make that happen. That is at the heart of what creativity is all about and it should be inspiring and exciting for engineers. For example, engineering innovations have been a big part of healthcare improvement over the years. 

AI could help with the next pandemic—but not with this one

Darren Schulte, an MD and CEO of Apixio, which has built an AI to extract information from patients’ records, thinks that medical records from across the US should be opened up for data analysis. This could allow an AI to automatically identify individuals who are most at risk from Covid-19 because of an underlying condition. Resources could then be focused on those people who need them most. The technology to read patient records and extract life-saving information exists, says Schulte. The problem is that these records are split across multiple databases and managed by different health services, which makes them harder to analyze. “I’d like to drop my AI into this big ocean of data,” he says. “But our data sits in small lakes, not a big ocean.” Health data should also be shared between countries, says Inam: “Viruses don’t operate within the confines of geopolitical boundaries.” He thinks countries should be forced by international agreement to release real-time data on diagnoses and hospital admissions, which could then be fed into global-scale machine-learning models of a pandemic.

Sumo Logic: cultural process shifts should precede platform lifts

For IT teams at new companies, this approach often involves making use of cloud services and systems to quickly construct what would have previously needed armies of consultants and huge amounts of hardware to deliver. What an opportunity to make the most of modern IT. For companies with existing investments, the sheet of paper is not so blank, but it still probably has plenty of scope for development. Digital transformation projects may be more complex due to the mix of old and new technology, but they should still provide great opportunities to modernise. ... The issue here is that these individual technology elements – cloud services offering more power, applications and information sources proffering more data, analytics tools providing the ability to work with data in real time – is that they lack context. Each of these projects might be a good opportunity to modernise, but they also have to join up with each other and with how people actually work in order to succeed. To achieve this, we have to look at the processes involved, the business objectives that we are looking to meet, and what intelligence gaps exist.

The report lists two major ransomware attacks that had dramatic effects on production supply chains in 2019.  The March 19 cyberattack on aluminum producer Norsk Hydro involved LockerGoga, a previously seen ransomware tool that "halted operations at the company's corporate headquarters in Norway and impeded productivity in its extruded solutions division throughout Europe and North America."  "Analysts believe the attack marks a worrying trend, due to its international scope and direct impact on production and logistics assets," the report added. On June 7, there was another ransomware attack on Belgian aerospace supplier ASCO Industries that forced the company to shut down production lines at four different factories across North America and Europe.  The attack was so damaging that the company furloughed nearly 1,000 employees temporarily and was out of operation for more than a month. "Greater connectivity and digitalization are making manufacturing and supply chain operations more vulnerable to cyber-threats. Factories and logistics facilities can be caught in the crossfire of large-scale cyberattacks by criminals or state-sponsored groups, but they are also being targeted directly by a variety of actors," the report said.

Raspberry Pi is your new private cloud

Raspberry Pi is your new private cloud
If you’ve not guessed by now, this makes running a Raspberry Pi-based Kubernetes cluster feasible since this Kubernetes distribution is really purpose-built for the Pi, of course with some limitations. ... This enabling technology lets cloud architects place Kubernetes clusters running containers outside of the centralized public cloud on small computers that will work closer to the sources of the data. The clusters are still tightly coordinated, perhaps even spreading an application between a public cloud platform and hundreds or even thousands of Raspberry Pis running k3s. Clearly it’s a type of edge computing with thousands of use cases. What strikes me about this pattern of architecture is that cheap, edge-based devices are acting like lightweight private clouds. They provision resources as needed and use a preferred platform such as containers and Kubernetes. Of course, they have an upper limit of scalability. This is what hybrid cloud was supposed to be, but never was. Pairing a private and public cloud meant…well…you had to use a private cloud. Purpose-built private clouds fell way behind in features and functionality, so much so that enterprises are moving away from them in 2020, no matter if they are already deployed or not yet.

Quote for the day:

"It is time for a new generation of leadership to cope with new problems and new opportunities for there is a new world to be won." -- John E Kennedy

No comments:

Post a Comment