Taking Steps To Boost Automated Cloud Governance
Lippis says cloud providers often talk about a shared responsibility model
where the users take active roles in the process. The trouble is that the
feedback and communication organizations receive is not always clear. He
compared cloud providers to landlords who maintain and upgrade apartment
buildings with the users as the tenants. Updating the property is the
landlord’s responsibility. However, some cloud providers do not always provide
much information about what is being changed and upgraded, Lippis says. Such
breakdowns in communication and control could throw the enterprises out of
compliance, he says, which they might not be known until an audit is
conducted. There is a need for better transparency, Lippis says, so
organizations know what is happening when changes are made, or events occur.
This is can be of particular concern when organizations adopt multicloud
approaches, matching workloads to different cloud providers. Security
questions may arise because each cloud provider might communicate information
to users in varied ways. “It could be the same kind of event, but they’re all
coded differently,” Lippis says. “The syntax is different.”
Applying the 80-20 Rule to Cybersecurity
According to Mike Gentile — president and CEO at CISOSHARE and someone who has
worked as a chief information security officer for many years — a lot has
changed in the security space by 2020, but two things remain the same: Senior
executives don't prioritize cybersecurity enough for security programs to be
fully effective; and The reason for point No. 1 is not that executives
don't care — they do, and they don't want their name in the headlines after a
breach — but that they lack a clear definition of security. Each
organization's unique definition of security should be set forth in a security
charter document, which prescribes a mission and mandate for the security
program as well as governance structures and clarified roles or
responsibilities. More specifically, the charter defines how and where the
security organization reports and answers questions such as: Should the
business have a CISO, and should the position report to IT or to the CEO?
Typically, a consultant's answer would be "It depends." But don't let that end
the discussion: For any one business, there is one right answer.
Talking Digital Future: Artificial Intelligence
This topic is especially cool in the healthcare domain. Think about how
medicine works today. Medical practitioners go to school for many, many years,
memorize a lot of information, then treat patients, get experience, and over
the span of their career, become quite good at what they do. However, they are
ultimately subject to the weaknesses of their own mortal existence. They can
forget things; they can be absent-minded or, you know, just not connect the
dots sometimes. Now, if we can equip a doctor physician with a computer to
improve memory, options and optimization, the tools and the ability to provide
medical aid suddenly change. Let’s look at IBM’s AI initiative Watson combined
with an oncologist treating a cancer patient, for example. Each patient is
different, so the doctor wants to have as many details as possible about this
type of cancer and the patient’s medical history to make the best treatment
plan. An AI-augmented device produced for the doctor’s team could generate a
scenario based on the data of every patient that has had this particular set
of circumstances and that person’s characteristics.
How Agile Turns Risk Into Opportunity
Changing the way large numbers of people in a corporation think is a
monumental undertaking. It doesn’t come easily or quickly. But what is the
alternative? Firms not operating in this way have been struggling, even in
normal times, and they are steadily going out of business, exactly as Nokia
was forced out of the phone business despite its massive wealth and large
market share. Nokia didn’t change in 2010 because of a crisis or because it
wanted to: it had to change because its phone business was bankrupt, even
though it had been the dominant phone firm in the whole wide world, only three
years before. That kind of story is now playing out, in sector after
sector all around the world. As a result, there is now huge interest, even in
large corporations, to find out what’s involved and learn how to think
differently. ... But today, for most people, these changes make life quicker,
simpler, more convenient, and, let’s face it: generally better. And people
have responded with their wallets. The firms that provide these services have
earned their profits and their stratospheric valuations. They have changed our
lives fundamentally.
With eCommerce on the rise, tokenization is the ticket to taming fraud
With more merchants and retailers adopting tokenization technology, Visa is
scaling our credential-on-file tokenization efforts. Since our first merchant
began processing card-on-file tokens in 2017, we have seen more than 13,000
merchants start transacting with Visa tokens. In addition to enhancing
security, tokenization also helps reduce friction in the payment process,
because customers do not have to manually update stored card information if
their Visa card is lost, stolen or expires. Instead, financial institutions
can automatically update expired or compromised payment credentials. This can
reduce missed payments for merchants, and help consumers avoid unwanted late
payment fees or charges. Looking ahead, we are unveiling Token ID, a new
solution stemming from our acquisition of the Rambus Payments token services
business that expands Visa’s tokenization across all global and domestic
networks, as well as tokenizing beyond card use cases. In addition, we are
looking for ways to centralize and simplify token management through
integration with our CyberSource platform to help to secure customer payment
data, improve payment conversions and ease PCI compliance implications.
Debunking the Myths about Artificial Intelligence
Organizations should not look for decades of experience in any given field of
science if the entire organization is new to that field. Culture will eat
those kinds of unconscious attempts. First, we need advocates to focus on
people, character, and talent, not tech per se. Transformation starts at the
individual level. In response, you are right to say that “Speed is important.”
but that consideration is due to the fact that you feel FOMO, organizational
isomorphism, and speed hunger as a result of digital disruption. When
organizations see the AI show-offs by disruptors, they impatiently consider it
as an overnight success/fail. Once you build the foundation for an appropriate
digital culture, you can first elaborate on leaner-faster-better AI
initiatives. Finally, among the 5W1H questions about AI, “Why” and “How” are
critical instead of “What.” We should not directly rush into learning the new
digital technologies. Rather, we should focus on “Why” and “How” those
technologies popped up nowadays, not a decade ago, though they were there for
decades in the literature.
Remote workers aren't taking security seriously. Now that has to change
Darren Fields, VP of Networking EMEA at Citrix, told TechRepublic: "The
rapid shift to working from home has created the conditions for shadow IT to
become an increasingly important issue. Whilst it is understandable that
employees needed to adapt quickly to new pressures and concerns, given the
global pandemic, it is important that businesses tighten up on these
procedures going forward in order to safeguard their organisation from
external threats." Citrix isn't the only organization to have spotted this
trend: a recent study from Trend Micro also found people showing a lax
attitude to following their company's IT security policies, with 56% of
respondents admitted to using a non-work application on a work device and a
third of respondents saying they did not give much thought to whether the
apps they use are approved by IT or not. Earlier research also commissioned
by Citrix found that seven in 10 respondents were concerned about
information security as a result of employees using shadow IT or
unsanctioned software, with three in five seeing shadow IT as a significant
risk to their organisation's data compliance.
Smarter spending can accelerate Covid-19 recovery and renewa
Decision makers must not fear spending unless it is done on the wrong
things. Prioritise and accelerate income-generated activities, whilst
carefully reassessing the risk of business activities that rely on consumer
presence and human interaction, considering the safety of staff and
customers. Business activities that aren’t delivering value, either as
revenue or investment, should be deprioritised. ... Openly discuss
emotions and their power to obstruct recovery. When problems arise, work
through diagnostics calmly, utilising the information gathered to earn
revenue in the new situations. Although we can’t use past data to predict
the future with certainty, we can take advantage of early indicators of
revenue recovery. Actively seek out more useful data, but be wary of
confirmation bias — interpreting data as a validation of preconceived ideas.
... Confront preconceptions in a challenging market. Communicate clearer
business vision to overcome emotional reactions, adapting to find the right
balance between positive affirmation and realistic expectations. Inform
investors and suppliers of business expectations, building confidence that
you’re best able to manage the risks through innovation.
How to select the right IoT database architecture
Static databases, also known as batch databases, manage data at rest. Data
that users need to access resides as stored data managed by a database
management system (DBMS). Users make queries and receive responses from the
DBMS, which typically, but not always, uses SQL. A streaming database
handles data in motion. Data constantly streams through the database, with a
continuous series of posed queries, typically in a language specific to the
streaming database. The streaming database's output may ultimately be stored
elsewhere, such as in the cloud, and accessed via standard query mechanisms.
Streaming databases are typically distributed to handle the scale and load
requirements of vast volumes of data. Currently, there are a range of
commercial, proprietary and open source streaming databases, including
Google Cloud Dataflow, Microsoft StreamInsight, Azure Stream Analytics, IBM
InfoSphere Streams and Amazon Kinesis. Open source systems are largely based
around Apache and include Apache Spark Streaming provided by Databricks,
Apache Flink provided by Data Artisans, Apache Kafka provided by Confluent
and Apache Storm, which is owned by Twitter.
11 Patterns to Secure Microservice Architectures
Third-party dependencies make up 80% of the code you deploy to production.
Many of the libraries we use to develop software depend on other libraries.
Transitive dependencies lead to a large chain of dependencies,
some of which might have security vulnerabilities. You can use a scanning
program on your source code repository to identify vulnerable dependencies.
You should scan for vulnerabilities in your deployment pipeline, in your
primary line of code, in released versions of code, and in new code
contributions. ... You should use HTTPS everywhere, even for static sites. If
you have an HTTP connection, change it to an HTTPS one. Make sure all aspects
of your workflow—from Maven repositories to XSDs—refer to HTTPS URIs. HTTPS
has an official name: Transport Layer Security. It’s designed to ensure
privacy and data integrity between computer applications. How HTTPS Works is
an excellent site for learning more about HTTPS. ... OAuth 2.0 has provided
delegated authorization since 2012. OpenID Connect added federated identity on
top of OAuth 2.0 in 2014. Together, they offer a standard spec you can write
code against and have confidence that it will work across IdPs.
Quote for the day:
No comments:
Post a Comment