Daily Tech Digest - September 01, 2020

UK government unveils next steps in digital identity plans

The Digital Identity Strategy Board’s six principles: Privacy – When personal data is accessed, people will have confidence that there are measures in place to ensure their confidentiality and privacy; for instance, a supermarket checking a shopper’s age, a lawyer overseeing the sale of a house, or someone applying to take out a loan; Transparency – When an individual’s identity data is accessed when using digital identity products, they must be able to understand by who, why and when; for example, being able to see how your bank uses your data through digital identity solutions; Inclusivity – People who want or need a digital identity should be able to obtain one; Interoperability – Setting technical and operating standards for use across the UK’s economy to enable international and domestic interoperability; Proportionality – User needs and other considerations, such as privacy and security, will be balanced so that digital identity can be used with confidence across the economy; and Good governance – Digital identity standards will be linked to government policy and law. Any future regulation will be clear, coherent and align with the government’s wider strategic approach to digital regulation.

Iranian Hackers Using LinkedIn, WhatsApp to Target Victims

By personalizing the campaign and using these social media platforms, the attackers attempt to gain the victims' trust and coax them into opening the malicious links embedded in follow-up emails, according to the report. Charming Kitten, also known as APT35, Phosphorous and Ajax, is one of Iran's top state-sponsored hacking groups. While the group's tactic of impersonating journalists is not new, ClearSky researchers say the latest campaigns are the first time the threat actors used mediums other than email or SMS to target their victims. "This is the first time we identified an attack by Charming Kitten conducted through WhatsApp and LinkedIn, including attempts to conduct phone calls between the victim and the Iranian hackers," the researchers note in the report. "These two platforms enable the attacker to reach the victim easily, spending minimum time in creating the fictitious social media profile. However, in this campaign, Charming Kitten has used a reliable, well-developed LinkedIn account to support their email spear-phishing attacks." ... Charming Kitten has been targeting journalists and activists since at least 2013.

Dealing with sovereign data in the cloud

Data sovereignty is more of a legal issue than a technical one. The idea is that data is subject to the laws of the nation where it’s collected and exists. Laws vary from country to country, but the most common governance you’ll see is not allowing some types of data to leave the country at any time. Other regulations enforce encryption and how the data is handled and by whom. These were pretty easy rules to follow when we had dedicated data centers in each country, but the use of public clouds that have regions and points-of-presence all over the world complicates things. Misconfigurations, lack of understanding, and just general screw-ups lead to fines, impacts to reputations, and, in some cases, disallowing the use of cloud computing altogether.  Some best practices are emerging to deal with data sovereignty in the cloud. Data governance systems are worth their weight in gold. When dealing with regulations that are bound to data, these systems will keep you out of trouble since they won’t allow humans to violate data policies that are set to reflect the law of the land where the data resides. Training is another critical point. Most of the data sovereignty issues can be traced to human error. Everyone handing the data should be knowledgeable on the regulations. Many countries mandate this.

How IoT is helping cities become more sustainable than ever before

Sensor-enabled devices have been helping to monitor the environmental impact of cities for some time, collecting details about sewers, air quality, and garbage. Recently, air pollution has been a big pain point in cities, such as London, Paris and Rome, where it is regularly cited as one of the most serious environment problem which could affect health today. To address this, many are turning to Air Quality Eggs (AQEs), which are open-source IoT platforms for air pollution. In simple terms, this is an open system that collates citizen-contributed data on air quality. ... Connected technologies are also helping to increase awareness and visibility into individual energy and resource usage. Smart energy meters provide city livers with transparent data on their own energy consumption, which has been shown to reduce consumption across the board. Today, connected smart thermostats can also be used to integrate with heating systems so that clear cut decisions can be made on when to turn the heating on based on fluctuating energy costs. Moreover, smart IoT water management sensors can be combined with data analytics programmes to provide consumers with increased visibility into the amount of water they use.

Overcoming the challenges of machine learning at scale

As with any emerging technology, another challenge is ensuring a positive return on investment with respect to business objectives. Success requires adjustments to both process and culture. “Organizations that are serious about scaling machine learning and bringing more models from the lab to production are investing in the processes, tools, and skills to support model management and operations,” said Isaac Sacolick, President of StarCIO and author of Driving Digital. “Organizations should start with high-value and easy-to-execute experiments, but then must recognize that scaling requires an investment in an end-to-end machine learning lifecycle.” Tim Crawford , CIO Strategic Advisor with AVOA, also emphasized the importance of process and culture. “First step, create a methodology and culture that supports ML and prioritizes how to engage ML,” he said. “Identifying the right projects, prioritizing, ensuring that you have enough good data and creating a culture that embraces ML across the enterprise.” A lack of alignment between ML projects and the business can hobble efforts to scale the technology, said Will Kelly, a technical writer.

Remote Work Has Law Firm Cybersecurity in a Fragile State

For even the most vigilant staff, homes are never going to be quite like offices. It’s too easy for someone to overhear sensitive information, and too much to expect that no one will ever use a personal email, chat tool or social media account to offer something that resembles legal advice. There are so many variables that can no longer be controlled. One firm has gone so far as to insist its lawyers switch off any smart device when on calls to certain clients lest an app listen in. Other firms have decided that certain apps should be banned altogether. Ropes & Gray banned its lawyers and staff from having social media app TikTok on devices that also receive work emails following privacy concerns from clients. And these are just the threats that have been discovered. Research by cybersecurity firm Tessian found that data loss incidents happen way more often than IT directors think. No wonder such people are constantly telling workers to take this stuff more seriously. Unfortunately, it is probably fair to say that there is only one thing that will really make people pay proper attention to their home working habits. And that is a major data breach hitting the headlines.

Is Covid-19 a Mental Health Tipping Point?

As more people remain at home in fear of COVID-19, it’s clear that the future of care is becoming increasingly digital. Even private insurers are stepping up, with most expanding their telehealth coverage, sometimes with no co-pay. This has been a windfall for digital behavioral health startups. Venture funding for this technology has reached unprecedented levels, with a record $588M raised during the first half of 2020 spurred by the pandemic. It’s clear that things will never be the same…and, in some ways, that’s a good thing. This shift has forced many companies to have difficult discussions about staff mental health and wellbeing that had previously been avoided. This new openness is helping employees feel more comfortable in acknowledging how they’re feeling – making it okay not to feel “okay.” This makes the role of managers more complicated and, more impactful than ever before. Yet, some may feel reticent to share their own feelings and/or be unable to manage what can easily become an emotionally charged discussion. And, at the same time, they may be suffering too. It is essential that companies ensure they have the training and support they need to, in turn, support their teams.

Underbanked households would benefit from a regulated blockchain

To be clear, distributed ledger technology is not a panacea, but its core attributes reinforce and strengthen essential controls required by regulators. First, the immutability of the ledger prevents participants within a network from changing or tampering with transactions once it has been recorded. Second, since the technology is decentralized, it provides greater transparency and decreases risk of important information being concentrated within one group or organization. Third, the encrypted nature of blockchain strengthens data privacy and security while enabling secure data-sharing between counterparties, including with regulators and law enforcement when necessary. Many financial institutions remain reluctant to incorporate blockchain tools into their payments or compliance operations. Skepticism from industry, regulators and policymakers has further dampened interest. Yet, essential financial products and services are increasingly being facilitated outside of the traditional banking system, often at a faster pace. Many of these new tools are accessible across borders, beyond a particular regulatory jurisdiction.

Cisco: Making remote users feel at home on the new enterprise network

“The fundamental shift is that we need to think about our people working from home, and the home networks they use, as the default network. What we want is to create a high-quality micro-branch office in your home,” said Greg Dorai, vice president of product management and strategy for Cisco’s Enterprise Infrastructure and Solutions Group. “Now we must consider every work-from-home worker and every one of their home offices as worthy of the same level of connectivity support as our company headquarters and branches.” Realistically every company cannot provide every worker with headquarters-level support for their home networks, but there are technologies available and coming in the near future that can address the different needs of different workers, Dorai said. In Cisco’s case a couple of new offerings address wireless and wide area networking connectivity for remote users. “For employees for whom best-effort connectivity isn’t enough, we can replace or augment their home-networking access point with a Wi-Fi router that acts as an extension of the corporate network,” Dorai said. “Home wireless access points, configured by company IT before the employee installs them, can provide advanced security and monitoring and prioritize bandwidth for applications that need it.”

Interview with RavenDB Founder Oren Eini

RavenDB works with JSON documents, so using JavaScript is a very natural way to work with the database. There are a few ways that you can work with JavaScript in RavenDB. RavenDB has a JS interpreter built-in (supporting ECMAScript 5.1 and large parts of 6) which can be used in queries and in patch operations. That gives you a lot of freedom to express what you want and apply logic on the database server. ... There are a few things that are on our roadmap that I am really looking forward to. For example, in RavenDB 5.1 we are going to come with replication support in Byzantine networks. This is useful when you have RavenDB nodes deployed in an environment where you don’t trust the remote nodes. A good example is when you need to integrate with a RavenDB instance that is running on a user’s machine, and you want to allow that user’s RavenDB instance access to some of the data in the cloud. That allows you to build systems that use RavenDB and collaborate, without needing to trust the remote locations. And conversely, the remote location doesn’t need to trust you. This will allow RavenDB to take on itself the role of synchronization between these locations.

Quote for the same:

"Remember teamwork begins by building trust. And the only way to do that is to overcome our need for invulnerability." -- Patrick Lencioni

No comments:

Post a Comment