Daily Tech Digest - August 03, 2020

When hybrid multicloud has technical advantages

Big companies can’t turn their ships fast enough, and the CIO must consider setting priorities — based on business impact and time to value — for application modernization. As Keith Townsend, co-founder of The CTO Advisor, put it on Twitter, “Will moving all of my Oracle apps to Amazon RDS net business value vs. using that talent to create new apps for different business initiatives? The problem is today, these are the same resources.” Then ask software developers, and you’ll find many prefer building applications that deploy to public clouds, and that leverage serverless architectures. They can automate application deployment with CI/CD, configure the infrastructure with IaC, and leave the low-level infrastructure support to the public cloud vendor and other cloud-native managed service providers. And will your organization be able to standardize on a single public cloud? Probably not. Acquisitions may bring in different public clouds than your standards, and many commercial applications run only on specific public clouds. Chances are, your organization is going to be multicloud even if it tries hard to avoid it. In the discussion below, we’ll examine a number of scenarios in which a hybrid cloud architecture offers technical advantages over private cloud only or multiple public clouds.

Layering domains and microservices using API Gateways

Bounded contexts are the philosophical building blocks of microservice architectures. If we want to layer our architecture, we need to layer our concepts. And as you might imagine, this is not difficult at all! We have the entire organization’s structure to be inspired, and since domain driven systems tie in very closely with how organizations are organized, there is plenty of opportunity to copy-paste. Our organization’s structure clearly tells us that a “domain” can mean very different things at different levels of abstractions. As soon as we say “abstraction”, we know that we are in a hierarchical world. If you have ever seen a junior developer try to explain a production outage to a senior manager, you know what I am talking about. The minutiae of system implementation don’t matter to the senior manager because at his level of operation, “outage due to timeout in calling payment authentication service from checkout validator service” is interpreted as “outage in checkout due to payment system”. He doesn’t care about “timeout”, “authentication”, “validator” or “service” – he cares about “checkout”, “outage”, and “payment”. The CEO doesn’t even care about “checkout” and “payment”, he probably just hears “tech” and “outage”.

5G: What Does The Future Hold? 

According to David Hardman, until 5G networks cover a much greater area of the UK, major initiatives around the technology are likely to focus more on what is possible in the future, rather than necessarily providing solutions today. “It’s a chicken and egg situation,” he says. “New, innovative products and services need to be developed in parallel with infrastructure roll-out in order to take full commercial advantage. Businesses coming through the 5G incubator, 5PRING, in the early days are likely to be larger established businesses that can plug in to what 5G currently offers. Full implementation will enable real commercial returns for these organisations, with the next wave of innovation then coming from new businesses that establish themselves when the 5G service is fully up and running.” “Although Huawei concerns and covid-19 have impacted progress, the pandemic has also woken people up to what true digital communication is about. Can you imagine what the working world would have looked like if the virus had struck 15 years ago, when none of the remote working technology was readily available? If we look forward another 10 years, the development of 5G will bring a further evolutionary step-jump in what digital has to offer in all aspects of our lives.” 

To lead in the postcrisis tomorrow, put leadership and capabilities in place today

By and large, the great remote-working experiment brought on by the crisis has shown that a lot can be accomplished, immediately and virtually, with small teams, fewer and streamlined cycles, and without so much time expended on travel. As one executive noted when talking about his company’s meetings budget: “The problem isn’t where we are doing the meeting or why, but why did we have to convene two dozen people to all get together to make the decision … instead of just three people on a disciplined conference call.” Why are we talking about speed in a discussion about investing in an organization’s capabilities? Because without equally addressing speed, an organization’s progress innovating and adapting merely grinds along. Often, counterintuitively, it may be necessary to put in some “good bureaucracy.” During the crisis, some companies have traded in traditional videoconferencing, replete with large numbers of contributors, in favor of “wartime councils” in which multiple senior stakeholders gather once to act rapidly as decision makers. Using something as simple as a two-page document, teams can cut straight to the heart of a business issue and get to yes or no quickly, often with better results. Such exercises are worth retaining and propagating.

5G unmade: The UK’s Huawei reversal splits the global telecom supply chain

It would be the quintessential catalyst for market fragmentation. This was the argument being made by every telco, every equipment producer, and every telecom analyst with whom we spoke two years ago, without exception, back when the world seemed more cooperative, and globalization was a good thing.  "What we don't want," explained Enders' James Barford, "is a situation where Huawei and ZTE work in China, Ericsson and Nokia work in the rest of the world, Samsung does a bit here and there. Ultimately, telecoms companies everywhere have reduced choice, and at the basic standards level, suppliers aren't working together. The best ideas aren't winning through. At the moment, if one of Ericsson, Huawei, and Nokia have a good idea, the others have to follow. . . to keep up. But we don't want to be in a situation where one of them has an innovation, and the rest of the world just kind of carries on. If Huawei has an innovation that makes China better, the rest of the world just misses out." Dr. Lewis chuckled a bit at this scenario. His assertion is that technology standards at all levels, but especially technology, become global by nature. Yes, countries may seek to assert some type of sovereign control over Internet traffic — besides China, Germany and Russia have also staked claims to digital sovereignty, and observers do perceive this as a global trend.

A Perfect Storm: The “New Normal” in Business and CCPA Compliance Enforcement

Privacy compliance, while something we have to do as the CCPA starts active enforcement July 1, is not just a “one and done” task—you need to scale out your privacy program to stay ahead of each new mandate and adapt to today’s evolving landscape, whether COVID or the next major unpredictable event. Simply burying one’s head in the sand in apathy has very costly consequences. Let’s have a look at data subject reporting: While data protection is a critical aspect of avoiding a data breach or misuse, there is also a real cost in handling data subject rights requests from your loyal customers as the CCPA begins enforcement and the GDPR continues on. And this requires transparency into data access and use across your organization. A major industry analyst firm points out in a survey last year on the GDPR that this activity can represent a potential outlay of $1,406 per request to handle inquiries manually, on a case-by-case basis. Without an automated approach to privacy compliance, the costs to manage data subject requests at scale can quickly overwhelm unprepared organizations. And to do that, you’ll need to take advantage of automation and AI to find customer data across your organization and report on its use, or risk privacy regulatory violations with fines and brand reputation at stake.

Is a lack of governance hindering your cloud workload protection?

As operations in the cloud grow together with the teams managing them, company-wide visibility and accountability become critical issues. After all, you can’t accurately detect, stop or respond to something if you can’t see it. In this way, workload events need to be captured, analysed and stored so that security teams can enjoy the visibility they need to detect and stop threats in real-time, as well as to hunt down and investigate threats. Accountability is a critical concern for information security in cloud computing, representing most importantly the trust in service relationships between clients and cloud providers (Microsoft Azure et al). Indeed, without evidence of accountability, a lack of trust and confidence in cloud computing can raise it’s head among those concerned with managing the business. Sensitive data (PII) is processed in the cloud and governance is critical to make sure that such data is always processed and stored in a secure manner. Data protection is big news these days – especially more so with the advent of both PII and General Privacy Data Regulation (GDPR) data compliance regulations. The shared responsibility model between the cloud platform provider you choose and your organisation, means that you (the organisation) remain responsible for the protection and security of any sensitive data from your end customers.

Not seeing automation success? Think like a pilot

Figuring out what processes need to be automated is one thing. Managing them from then on is a whole new ball game – and one that will require constant attention. After all, autopilot only kicks in once the plane is successfully cruising. Process mining technologies help you analyse and discover processes using your business’ data, but process intelligence goes several steps further. This offers the deep understanding and real-time monitoring of your processes that many businesses are missing. Then, it can drill down into the granular details, explain why processes don’t work and how to fix them, and give you the tools to solve problems you didn’t even know existed. It’s vital that business leaders check in on their processes often during this phase, to see where issues lie, which processes are most problematic, and which are ripe for automation. Once this is in good shape, you can move on to intelligent automation – combining process intelligence with automation like RPA. This is the switch to autopilot. Here, the technology can spot potential issues with processes like bottlenecks or delays before they happen, and update bots with corrective actions to fix the failing process. 

What are script-based attacks and what can be done to prevent them?

The use of scripts poses many advantages to the attacker: scripts are easy to write and execute, trivial to obfuscate, and extremely polymorphic. Moreover, attackers can use many types of script files to carry out an attack – the most popular being PowerShell, JavaScript, HTA, VBA, VBS, and batch scripts. Since fileless attacks occur in memory, traditional static file detection is rendered useless. Furthermore, scripts complicate post-event analysis since many artifacts related to the attack only exist in the computer’s memory and may be overwritten or removed through a reboot, for example. In-memory detection and artifact collection are possible through the use of heuristics and behavioral analysis, which can detect malicious in-memory activities. Script-based attacks run on virtually all Windows systems, increasing the potential attack surface and the chance of infection. One major drawback of script-based attacks is that, unless deployed via an exploit, user interaction is required for the script to run. For example, in most cases, the script is contained either as a script file within an email requiring user action or as a VBA macro in a document that requires the user to enable macros.

The Illusion of Digital Transformation in Banking

There are strong indications that leadership lacks experience in implementing such massive transformations. This has resulted in a prioritization of technology being purchased that may only scratch the surface of needed transformation. For instance, purchasing a new mobile banking platform is only as good as the underlying processes that also must be changed to improve the overall digital banking customer experience. It also appears that the current financial strength of the industry is resulting in complacency around making large, overarching changes to what has long been the operating norm in banking. But the challenges don’t end there. On the not-too-distant horizon, banks and credit unions will need to address a digital skills shortage and the internal culture shift requisite to facilitate needed innovation and transformation. ... The organizations with the greatest digital transformation maturity tend to be upgrading the most number of digital technologies. In most cases, the prioritization is determined by a mix of business requirements, cost, ease (or difficulty) of transformation, and skills available either internally or through partners. Organizations with the highest digital transformation maturity have also made progress on implementing the more sophisticated technologies. These include artificial intelligence (AI), robotic process automation (RPA), cloud computing, the Internet of Things (IoT), and blockchain solutions.

Quote for the day:

"Open Leadership: the act of engaging others to influence and execute a coordinated and harmonious conclusion." -- Dan Pontefract

No comments:

Post a Comment