Daily Tech Digest - July 27, 2020

DevOps: 5 things teams need from CIOs

To keep up with the pace of software and app releases, your developers and product teams need the ability to automate different test scenarios quickly, continuously, and in real-time. Your teams do not have months and weeks to test, analyze, and update code before a new release. Investing in the tools they need to migrate to more modern platforms gives teams the flexibility they need to meet demand. As convenient and trusted as legacy systems are, if you are serious about DevOps, updating your legacy systems and architecture should be a primary focus. This is especially important as technologies like artificial intelligence, augmented reality, and virtual reality gain momentum and popularity. When planning budgets into the next year, consider designating resources to replace these legacy systems. ... Ensure that each team works well on its own before you have teams work together. For different teams to work together successfully, the individuals on each team must be able to work with each other. Make sure that development personnel attends all relevant meetings and discussions with operations/IT teams, and vice versa. Listen. Concentrate on what your team members are communicating. Be mindful; do not take a passive approach or focus only on your response. 

The 4 essential pillars of cloud security

One of the key constructs of zero-trust computing is continuous improvement. An effective cloud security solution should enable ongoing insight into the entire cloud environment, thereby creating the opportunity for ongoing improvement. ... The second pillar involves providing security for end systems, managed services or different workloads running inside the cloud – commonly called platform as a service. This compute-level security has two key components. First is automated vulnerability management, which identifies and prevents vulnerabilities across the entire application lifecycle while prioritizing risk for cloud-native environments. ... Protecting the network is traditionally integral to on-premises environments but is equally important for the cloud. There are two major components of network protections. One is microsegmentation, a method of creating zones to isolate workloads from one another and secure them individually. This is at the heart of zero trust. By putting up roadblocks between applications and workloads, microsegmentation makes it much more difficult for would-be attackers to move laterally from one infected host to another. The method employs containerization (of the app and its operating environment) and segmenting the application itself in order to minimize any damage.

Microsoft told employees to work from home. One consequence was brutal

Perhaps, you might say, no one's really working any harder then. Yet when you're in an office, don't you also take time out to go for a walk (and scream at your boss), have a peaceful lunch (and scream at your boss), call your cable provider (and scream at customer service) or merely stare into space (and scream at the absurdity of existence)? The problem -- and for some bosses, great delight -- of modern technology is that it makes you believe employees are available any time, any place, anywhere. And really, how many humans are at their best earlier than they're used to or later than they'd prefer to Please, I'll get to the happier elements of this research shortly. But when working from home Microsoft's employees apparently spent 10 percent more time in meetings. So, let's see, your work hours have expanded and you're spending more time in meetings. Where's the hope? Well, the researchers muse that there needed to be more meetings because there wasn't the opportunity for chance encounters. You know, in corridors and restrooms. And they believe hope lies in the fact that individual meeting times were shorter.

How to Build a Security Culture

Content is one of the biggest mistakes made in security awareness training. If your content is weak, boring, unrelatable, or filled with legal language, no one will pay attention. Although your intentions are great, you have to understand that dry paragraphs of plain text about hackers will not influence a behavior change. As we learned before, to create a culture you have to drive influence. And to drive influence, you need support. Just sending out an email once a month or once a quarter, or hanging a poster up that says ‘don’t get phished’ will do nothing to make an impact. In order to create a security culture shift, you need to understand what drives change. Change is not easy, and when it comes to employees changing their behavior, you have many barriers ahead. Change requires taking an established habit, associating that habit with negative behavior, and then influencing a new habit with a desired, positive outcome. Essentially know why something they are doing is wrong and learning how to change the negative habit they’ve been demonstrating. So now that we learned all of the challenges in creating a culture of security, how do we actually create one ourselves?

Use cases for blockchain in healthcare

One major issue that is present within healthcare is the production of counterfeit prescription drugs. The World Health Organisation (WHO) has estimated that one in 10 medical products in low and middle income countries are forged or substandard. Companies such as Quant aim to solve this issue using smart contracts and interoperability between blockchains to cut out middlemen and increase efficiency. “Data from embedded identification markers used to track individual products and components, can be recorded onto distributed ledger technology (DLT) to provide a single source of truth with full transparency, accuracy, and accountability at every stage in the supply chain,” explained Gilbert Verdian, founder and CEO of Quant. “This is achieved through the shared nature of the ledger and the immutability that it offers, and with the data available to all participants, this solution has the potential to eliminate the need for intermediaries – and hence, opportunistic criminals – abusing the system. “The impact of such an approach would be dramatic. In fact, according to a new report by the market intelligence company BIS Research, blockchain-based supply chains would reduce revenue loss to pharmaceutical companies by up to $43 billion annually, as well as benefit others who inadvertently purchase counterfeit drugs.”

Data scientists are used to making up the rules. Now they're getting some of their own to follow.

Many, if not most, technology-oriented organizations already have ethical standards of some sort, which were developed to ensure that innovation is designed responsibly within their own ranks. The BCS, for example, asks practitioners to sign up to a code of conduct, which determines among other principles that IT workers should act in the public interest, with integrity, competence and diligence; and that they should never take on a task that they don't have the skills to complete. Similarly, the RSS's code of conduct defends acting in the public interest, fulfilling obligations to employers and clients, and showing competence and integrity. And the RAEng is governed by principles of openness, fairness, respect for the law, accuracy and rigor. Even big tech has jumped on the bandwagon, with Google committing to responsible technology, or Microsoft drafting guidelines for 'ethical and trustworthy AI', to name but two.  But while organizations have been pulling together ethics committees and writing up white papers on the rules that should govern the use of data, not much was done at the individual level. Yet the source of all technology is the brain of those who come up with new ideas. 

Cybersecurity for a Remote Workforce

Start with stopgap measures that can be implemented immediately, such as revising existing cyber risk guidelines, requirements, and controls on how employees access data and communicate with a company’s network. Rules of behavior analytics need to be adjusted to consider changes to the “normal” behavior of employees, many of whom now work outside standard business hours so that security teams can effectively focus investigations. Then examine new security tools and requirements for sharing and maintaining private information with vendors. For example, organizations may need to adopt more robust data loss controls, traffic analysis tools, and access restrictions. Ensure that vendors that aren’t currently prepared for heightened cyberattack risk commit to developing cyber preparedness plans to safely handle information or interact with your corporate network. Review changes to boost your technology and security infrastructure today, even if such changes may take years to implement. Some organizations may want to speed up their cloud strategies so that their IT resources can rapidly meet demand spikes from large-scale remote work.

Digital transformation: 8 ways to spot your organization's rising leaders

The best digital transformation leaders know what the biggest pain points are inside the organization, says Lyke-Ho-Gland – and they create a digital roadmap addressing those points that the larger organization will get behind. ... “Outcome-focused leaders understand the need to drive that focus, assess any midcourse requests against the program commitments, and communicate relentlessly to reinforce expectations of sponsors.” They understand, measure, and report on both qualitative and quantitative benefits and make sure all project actions are structured to deliver those outcomes. ... “The most successful DT leaders can compellingly market those solutions to business stakeholders so that they adopt the new tools and ways of working,” says Lauren Trees, who heads up APQC’s Knowledge Management research group. ISG’s Hall describes one successful CIO he worked with as the best salesperson in the organization: “He had implemented all of the company’s products within IT (eat your own cooking) and talked to prospects daily on the challenges he was able to overcome with the product suite,” Hall recalls.

Block/Allow: The Changing Face of Hacker Linguistics

The most recent wave of changes demonstrates that more, and more powerful, tech organizations take watching their language as a serious concern, even though the history of the terms predates their use in computing, says Christina Dunbar-Hester, an associate professor of communication at the University of Southern California and the author of "Hacking Diversity: The Politics of Inclusion in Open Technology Cultures." "Language is symbolic and powerful but can also feel superficial. Certainly in the moment we're in, some people are asking to abolish the police, not to change unfortunate computer terms," she says. "But Black Lives Matter and the current moment gives people the ammunition to say that language does matter." However, there's a difference between changing word choices in documentation and getting people to change the words they use on a daily basis. Convincing developers, hackers, and other professionals to switch to more inclusive language has been a long struggle that predates the current norms. Tech has long faced a serious imbalance in how it pays and promotes white men more than women and black, indigenous, and people of color.

Data governance and context for evidence-based medicine: Transparency and bias in COVID-19 times

A number of people, including Cochrane excommunicate Peter G√łtzsche, argue that there can be a lot of bias in RCTs. This has largely to do with the fact that the vast majority of RCT data come from pharmaceutical companies, creating a conflict of interest. If aggregators like Cochrane do not validate the raw data they offer access to, they may be whitewashing them. Case in point: Surgisphere. What was initially referred to as the most influential COVID-19 related research up to date was called into question as to the result of lack of transparency regarding the origin and trustworthiness of its data. The research used data sourced from Surgisphere, a startup claiming to operate as a Data Broker, providing access to data from hospitals worldwide. However, whether that data is veracious, or was acquired transparently is not clear. As a result, research findings were put into question, and related decisions made by the WHO were reverted. Scales' opinion is that researchers have a responsibility to verify the source of the data they use. ... Over-reliance on RCTs may be part of the problem. RCTs can be enormous multi-year undertakings, summarized in what's often an eight-page journal article. Many important details and potential biases are left out. 

Quote for the day:

"Leadership means forming a team and working toward common objectives that are tied to time, metrics, and resources." -- Russel Honore

No comments:

Post a Comment