Daily Tech Digest - July 07, 2020

Taking Steps To Boost Automated Cloud Governance

Lippis says cloud providers often talk about a shared responsibility model where the users take active roles in the process. The trouble is that the feedback and communication organizations receive is not always clear. He compared cloud providers to landlords who maintain and upgrade apartment buildings with the users as the tenants. Updating the property is the landlord’s responsibility. However, some cloud providers do not always provide much information about what is being changed and upgraded, Lippis says. Such breakdowns in communication and control could throw the enterprises out of compliance, he says, which they might not be known until an audit is conducted. There is a need for better transparency, Lippis says, so organizations know what is happening when changes are made, or events occur. This is can be of particular concern when organizations adopt multicloud approaches, matching workloads to different cloud providers. Security questions may arise because each cloud provider might communicate information to users in varied ways. “It could be the same kind of event, but they’re all coded differently,” Lippis says. “The syntax is different.”

Applying the 80-20 Rule to Cybersecurity

According to Mike Gentile — president and CEO at CISOSHARE and someone who has worked as a chief information security officer for many years — a lot has changed in the security space by 2020, but two things remain the same: Senior executives don't prioritize cybersecurity enough for security programs to be fully effective; and The reason for point No. 1 is not that executives don't care — they do, and they don't want their name in the headlines after a breach — but that they lack a clear definition of security. Each organization's unique definition of security should be set forth in a security charter document, which prescribes a mission and mandate for the security program as well as governance structures and clarified roles or responsibilities. More specifically, the charter defines how and where the security organization reports and answers questions such as: Should the business have a CISO, and should the position report to IT or to the CEO? Typically, a consultant's answer would be "It depends." But don't let that end the discussion: For any one business, there is one right answer. 

Talking Digital Future: Artificial Intelligence

This topic is especially cool in the healthcare domain. Think about how medicine works today. Medical practitioners go to school for many, many years, memorize a lot of information, then treat patients, get experience, and over the span of their career, become quite good at what they do. However, they are ultimately subject to the weaknesses of their own mortal existence. They can forget things; they can be absent-minded or, you know, just not connect the dots sometimes. Now, if we can equip a doctor physician with a computer to improve memory, options and optimization, the tools and the ability to provide medical aid suddenly change. Let’s look at IBM’s AI initiative Watson combined with an oncologist treating a cancer patient, for example. Each patient is different, so the doctor wants to have as many details as possible about this type of cancer and the patient’s medical history to make the best treatment plan. An AI-augmented device produced for the doctor’s team could generate a scenario based on the data of every patient that has had this particular set of circumstances and that person’s characteristics.

How Agile Turns Risk Into Opportunity

Changing the way large numbers of people in a corporation think is a monumental undertaking. It doesn’t come easily or quickly. But what is the alternative? Firms not operating in this way have been struggling, even in normal times, and they are steadily going out of business, exactly as Nokia was forced out of the phone business despite its massive wealth and large market share. Nokia didn’t change in 2010 because of a crisis or because it wanted to: it had to change because its phone business was bankrupt, even though it had been the dominant phone firm in the whole wide world, only three years before. That kind of story is now playing out, in sector after sector all around the world. As a result, there is now huge interest, even in large corporations, to find out what’s involved and learn how to think differently. ... But today, for most people, these changes make life quicker, simpler, more convenient, and, let’s face it: generally better. And people have responded with their wallets. The firms that provide these services have earned their profits and their stratospheric valuations. They have changed our lives fundamentally.

With eCommerce on the rise, tokenization is the ticket to taming fraud

With more merchants and retailers adopting tokenization technology, Visa is scaling our credential-on-file tokenization efforts. Since our first merchant began processing card-on-file tokens in 2017, we have seen more than 13,000 merchants start transacting with Visa tokens. In addition to enhancing security, tokenization also helps reduce friction in the payment process, because customers do not have to manually update stored card information if their Visa card is lost, stolen or expires. Instead, financial institutions can automatically update expired or compromised payment credentials. This can reduce missed payments for merchants, and help consumers avoid unwanted late payment fees or charges. Looking ahead, we are unveiling Token ID, a new solution stemming from our acquisition of the Rambus Payments token services business that expands Visa’s tokenization across all global and domestic networks, as well as tokenizing beyond card use cases. In addition, we are looking for ways to centralize and simplify token management through integration with our CyberSource platform to help to secure customer payment data, improve payment conversions and ease PCI compliance implications. 

Debunking the Myths about Artificial Intelligence

Organizations should not look for decades of experience in any given field of science if the entire organization is new to that field. Culture will eat those kinds of unconscious attempts. First, we need advocates to focus on people, character, and talent, not tech per se. Transformation starts at the individual level. In response, you are right to say that “Speed is important.” but that consideration is due to the fact that you feel FOMO, organizational isomorphism, and speed hunger as a result of digital disruption. When organizations see the AI show-offs by disruptors, they impatiently consider it as an overnight success/fail. Once you build the foundation for an appropriate digital culture, you can first elaborate on leaner-faster-better AI initiatives. Finally, among the 5W1H questions about AI, “Why” and “How” are critical instead of “What.” We should not directly rush into learning the new digital technologies. Rather, we should focus on “Why” and “How” those technologies popped up nowadays, not a decade ago, though they were there for decades in the literature.

Remote workers aren't taking security seriously. Now that has to change

Darren Fields, VP of Networking EMEA at Citrix, told TechRepublic: "The rapid shift to working from home has created the conditions for shadow IT to become an increasingly important issue. Whilst it is understandable that employees needed to adapt quickly to new pressures and concerns, given the global pandemic, it is important that businesses tighten up on these procedures going forward in order to safeguard their organisation from external threats." Citrix isn't the only organization to have spotted this trend: a recent study from Trend Micro also found people showing a lax attitude to following their company's IT security policies, with 56% of respondents admitted to using a non-work application on a work device and a third of respondents saying they did not give much thought to whether the apps they use are approved by IT or not. Earlier research also commissioned by Citrix found that seven in 10 respondents were concerned about information security as a result of employees using shadow IT or unsanctioned software, with three in five seeing shadow IT as a significant risk to their organisation's data compliance.

Smarter spending can accelerate Covid-19 recovery and renewa

Decision makers must not fear spending unless it is done on the wrong things. Prioritise and accelerate income-generated activities, whilst carefully reassessing the risk of business activities that rely on consumer presence and human interaction, considering the safety of staff and customers. Business activities that aren’t delivering value, either as revenue or investment, should be deprioritised.  ... Openly discuss emotions and their power to obstruct recovery. When problems arise, work through diagnostics calmly, utilising the information gathered to earn revenue in the new situations. Although we can’t use past data to predict the future with certainty, we can take advantage of early indicators of revenue recovery. Actively seek out more useful data, but be wary of confirmation bias — interpreting data as a validation of preconceived ideas. ... Confront preconceptions in a challenging market. Communicate clearer business vision to overcome emotional reactions, adapting to find the right balance between positive affirmation and realistic expectations. Inform investors and suppliers of business expectations, building confidence that you’re best able to manage the risks through innovation.

How to select the right IoT database architecture

Static databases, also known as batch databases, manage data at rest. Data that users need to access resides as stored data managed by a database management system (DBMS). Users make queries and receive responses from the DBMS, which typically, but not always, uses SQL. A streaming database handles data in motion. Data constantly streams through the database, with a continuous series of posed queries, typically in a language specific to the streaming database. The streaming database's output may ultimately be stored elsewhere, such as in the cloud, and accessed via standard query mechanisms. Streaming databases are typically distributed to handle the scale and load requirements of vast volumes of data. Currently, there are a range of commercial, proprietary and open source streaming databases, including Google Cloud Dataflow, Microsoft StreamInsight, Azure Stream Analytics, IBM InfoSphere Streams and Amazon Kinesis. Open source systems are largely based around Apache and include Apache Spark Streaming provided by Databricks, Apache Flink provided by Data Artisans, Apache Kafka provided by Confluent and Apache Storm, which is owned by Twitter.

11 Patterns to Secure Microservice Architectures

Third-party dependencies make up 80% of the code you deploy to production. Many of the libraries we use to develop software depend on other libraries. Transitive dependencies lead to a large chain of dependencies, some of which might have security vulnerabilities. You can use a scanning program on your source code repository to identify vulnerable dependencies. You should scan for vulnerabilities in your deployment pipeline, in your primary line of code, in released versions of code, and in new code contributions. ... You should use HTTPS everywhere, even for static sites. If you have an HTTP connection, change it to an HTTPS one. Make sure all aspects of your workflow—from Maven repositories to XSDs—refer to HTTPS URIs. HTTPS has an official name: Transport Layer Security. It’s designed to ensure privacy and data integrity between computer applications. How HTTPS Works is an excellent site for learning more about HTTPS. ... OAuth 2.0 has provided delegated authorization since 2012. OpenID Connect added federated identity on top of OAuth 2.0 in 2014. Together, they offer a standard spec you can write code against and have confidence that it will work across IdPs.

Quote for the day:

"Your greatest area of leadership often comes out of your greatest area of pain and weakness." -- Wayde Goodall

No comments:

Post a Comment