UK government unveils next steps in digital identity plans
The Digital Identity Strategy Board’s six principles: Privacy – When
personal data is accessed, people will have confidence that there are measures
in place to ensure their confidentiality and privacy; for instance, a
supermarket checking a shopper’s age, a lawyer overseeing the sale of a house,
or someone applying to take out a loan; Transparency – When an
individual’s identity data is accessed when using digital identity products,
they must be able to understand by who, why and when; for example, being able
to see how your bank uses your data through digital identity solutions;
Inclusivity – People who want or need a digital identity should be able to
obtain one; Interoperability – Setting technical and operating standards for
use across the UK’s economy to enable international and domestic
interoperability; Proportionality – User needs and other considerations,
such as privacy and security, will be balanced so that digital identity can be
used with confidence across the economy; and Good governance – Digital
identity standards will be linked to government policy and law. Any future
regulation will be clear, coherent and align with the government’s wider
strategic approach to digital regulation.
Iranian Hackers Using LinkedIn, WhatsApp to Target Victims
By personalizing the campaign and using these social media platforms, the
attackers attempt to gain the victims' trust and coax them into opening the
malicious links embedded in follow-up emails, according to the report.
Charming Kitten, also known as APT35, Phosphorous and Ajax, is one of Iran's
top state-sponsored hacking groups. While the group's tactic of impersonating
journalists is not new, ClearSky researchers say the latest campaigns are the
first time the threat actors used mediums other than email or SMS to target
their victims. "This is the first time we identified an attack by Charming
Kitten conducted through WhatsApp and LinkedIn, including attempts to conduct
phone calls between the victim and the Iranian hackers," the researchers note
in the report. "These two platforms enable the attacker to reach the victim
easily, spending minimum time in creating the fictitious social media profile.
However, in this campaign, Charming Kitten has used a reliable, well-developed
LinkedIn account to support their email spear-phishing attacks." ... Charming
Kitten has been targeting journalists and activists since at least 2013.
Dealing with sovereign data in the cloud
Data sovereignty is more of a legal issue than a technical one. The idea is
that data is subject to the laws of the nation where it’s collected and
exists. Laws vary from country to country, but the most common governance
you’ll see is not allowing some types of data to leave the country at any
time. Other regulations enforce encryption and how the data is handled and by
whom. These were pretty easy rules to follow when we had dedicated data
centers in each country, but the use of public clouds that have regions and
points-of-presence all over the world complicates things. Misconfigurations,
lack of understanding, and just general screw-ups lead to fines, impacts to
reputations, and, in some cases, disallowing the use of cloud computing
altogether. Some best practices are emerging to deal with data
sovereignty in the cloud. Data governance systems are worth their weight in
gold. When dealing with regulations that are bound to data, these systems will
keep you out of trouble since they won’t allow humans to violate data policies
that are set to reflect the law of the land where the data
resides. Training is another critical point. Most of the data sovereignty
issues can be traced to human error. Everyone handing the data should be
knowledgeable on the regulations. Many countries mandate this.
How IoT is helping cities become more sustainable than ever before
Sensor-enabled devices have been helping to monitor the environmental impact
of cities for some time, collecting details about sewers, air quality, and
garbage. Recently, air pollution has been a big pain point in cities, such as
London, Paris and Rome, where it is regularly cited as one of the most serious
environment problem which could affect health today. To address this, many are
turning to Air Quality Eggs (AQEs), which are open-source IoT platforms for
air pollution. In simple terms, this is an open system that collates
citizen-contributed data on air quality. ... Connected technologies are also
helping to increase awareness and visibility into individual energy and
resource usage. Smart energy meters provide city livers with transparent data
on their own energy consumption, which has been shown to reduce consumption
across the board. Today, connected smart thermostats can also be used to
integrate with heating systems so that clear cut decisions can be made on when
to turn the heating on based on fluctuating energy costs. Moreover, smart IoT
water management sensors can be combined with data analytics programmes to
provide consumers with increased visibility into the amount of water they use.
Overcoming the challenges of machine learning at scale
As with any emerging technology, another challenge is ensuring a positive
return on investment with respect to business objectives. Success requires
adjustments to both process and culture. “Organizations that are serious about
scaling machine learning and bringing more models from the lab to production
are investing in the processes, tools, and skills to support model management
and operations,” said Isaac Sacolick, President of StarCIO and author of
Driving Digital. “Organizations should start with high-value and
easy-to-execute experiments, but then must recognize that scaling requires an
investment in an end-to-end machine learning lifecycle.” Tim Crawford
, CIO Strategic Advisor with AVOA,
also emphasized the importance of process and culture. “First step, create a
methodology and culture that supports ML and prioritizes how to engage ML,” he
said. “Identifying the right projects, prioritizing, ensuring that you have
enough good data and creating a culture that embraces ML across the
enterprise.” A lack of alignment between ML projects and the business can
hobble efforts to scale the technology, said Will Kelly, a technical writer.
Remote Work Has Law Firm Cybersecurity in a Fragile State
For even the most vigilant staff, homes are never going to be quite like
offices. It’s too easy for someone to overhear sensitive information, and too
much to expect that no one will ever use a personal email, chat tool or social
media account to offer something that resembles legal advice. There are so
many variables that can no longer be controlled. One firm has gone so far as
to insist its lawyers switch off any smart device when on calls to certain
clients lest an app listen in. Other firms have decided that certain apps
should be banned altogether. Ropes & Gray banned its lawyers and staff
from having social media app TikTok on devices that also receive work emails
following privacy concerns from clients. And these are just the threats that
have been discovered. Research by cybersecurity firm Tessian found that data
loss incidents happen way more often than IT directors think. No wonder such
people are constantly telling workers to take this stuff more seriously.
Unfortunately, it is probably fair to say that there is only one thing that
will really make people pay proper attention to their home working habits. And
that is a major data breach hitting the headlines.
Is Covid-19 a Mental Health Tipping Point?
As more people remain at home in fear of COVID-19, it’s clear that the future
of care is becoming increasingly digital. Even private insurers are stepping
up, with most expanding their telehealth coverage, sometimes with no co-pay.
This has been a windfall for digital behavioral health startups. Venture
funding for this technology has reached unprecedented levels, with a record
$588M raised during the first half of 2020 spurred by the pandemic. It’s clear
that things will never be the same…and, in some ways, that’s a good thing.
This shift has forced many companies to have difficult discussions about staff
mental health and wellbeing that had previously been avoided. This new
openness is helping employees feel more comfortable in acknowledging how
they’re feeling – making it okay not to feel “okay.” This makes the role of
managers more complicated and, more impactful than ever before. Yet, some may
feel reticent to share their own feelings and/or be unable to manage what can
easily become an emotionally charged discussion. And, at the same time, they
may be suffering too. It is essential that companies ensure they have the
training and support they need to, in turn, support their teams.
Underbanked households would benefit from a regulated blockchain
To be clear, distributed ledger technology is not a panacea, but its core
attributes reinforce and strengthen essential controls required by regulators.
First, the immutability of the ledger prevents participants within a network
from changing or tampering with transactions once it has been recorded.
Second, since the technology is decentralized, it provides greater
transparency and decreases risk of important information being concentrated
within one group or organization. Third, the encrypted nature of blockchain
strengthens data privacy and security while enabling secure data-sharing
between counterparties, including with regulators and law enforcement when
necessary. Many financial institutions remain reluctant to incorporate
blockchain tools into their payments or compliance operations. Skepticism from
industry, regulators and policymakers has further dampened interest. Yet,
essential financial products and services are increasingly being facilitated
outside of the traditional banking system, often at a faster pace. Many of
these new tools are accessible across borders, beyond a particular regulatory
jurisdiction.
Cisco: Making remote users feel at home on the new enterprise network
“The fundamental shift is that we need to think about our people working from
home, and the home networks they use, as the default network. What we want is
to create a high-quality micro-branch office in your home,” said Greg Dorai,
vice president of product management and strategy for Cisco’s Enterprise
Infrastructure and Solutions Group. “Now we must consider every work-from-home
worker and every one of their home offices as worthy of the same level of
connectivity support as our company headquarters and branches.” Realistically
every company cannot provide every worker with headquarters-level support for
their home networks, but there are technologies available and coming in the
near future that can address the different needs of different workers, Dorai
said. In Cisco’s case a couple of new offerings address wireless and wide area
networking connectivity for remote users. “For employees for whom
best-effort connectivity isn’t enough, we can replace or augment their
home-networking access point with a Wi-Fi router that acts as an extension of
the corporate network,” Dorai said. “Home wireless access points, configured
by company IT before the employee installs them, can provide advanced security
and monitoring and prioritize bandwidth for applications that need it.”
Interview with RavenDB Founder Oren Eini
RavenDB works with JSON documents, so using JavaScript is a very natural way to
work with the database. There are a few ways that you can work with JavaScript
in RavenDB. RavenDB has a JS interpreter built-in (supporting ECMAScript
5.1 and large parts of 6) which can be used in queries and in patch operations.
That gives you a lot of freedom to express what you want and apply logic on the
database server. ... There are a few things that are on our roadmap that I am
really looking forward to. For example, in RavenDB 5.1 we are going to come with
replication support in Byzantine networks. This is useful when you have RavenDB
nodes deployed in an environment where you don’t trust the remote nodes. A good
example is when you need to integrate with a RavenDB instance that is running on
a user’s machine, and you want to allow that user’s RavenDB instance access to
some of the data in the cloud. That allows you to build systems that use RavenDB
and collaborate, without needing to trust the remote locations. And conversely,
the remote location doesn’t need to trust you. This will allow RavenDB to take
on itself the role of synchronization between these locations.
Quote for the same:
"Remember teamwork begins by building trust. And the only way to do that is to overcome our need for invulnerability." -- Patrick Lencioni
No comments:
Post a Comment