As The Cloud Transforms Enterprises, Cybersecurity Growth Soars
Moving beyond password vaults and implementing cloud-based Identity Access
Management (IAM) and Privileged Access Management (PAM) solutions are proving
to be adaptive enough to keep up with cloud-based transformation projects
being fast-tracked to completion before the end of the year. Leaders in
cloud-based IAM and PAM include Centrify, who helps customers consolidate
identities, deliver cross-platform, least privilege access and control shared
accounts while securing remote access and auditing all privileged sessions.
Enterprise spending on cybersecurity continues to grow despite the pandemic,
driven by the compelling cost and time-to-market advantages cloud-based
applications provide. Gartner predicts end-user spending for the information
security and risk management market will grow at a compound annual growth rate
of 8.2% between 2019 and 2024, becoming a $207.7B market in four years. CIOs
and their teams say the pace and scale of cloud transformation in the latter
half of 2020 make cloud-based IAM and PAM a must-have to keep their cloud
transformation initiatives on track and secure.
Azure + Spring Boot = Serverless - Q&A with Julien Dubois
With “lift and shift”, one of the troubles you will have is that you will need
to port all your Spring MVC Controllers to become Spring Cloud functions.
There are different ways and tricks to achieve this, and you will have some
limitations, but that should work without spending too much money. Also, you
wouldn’t touch your business code too much, so nothing important should break.
Then, an Azure Function works in a very different way from a classical Spring
Boot application: you can still benefit from a Hibernate second-level cache or
from a database connection pool, but you can easily understand that they will
not be as efficient, as their time to live will be much lower. Using a
distributed cache will be a huge trouble here. Also, your function can scale
up a lot better than your one-node Tomcat server, so maybe your database will
not work as well as before, as it wasn’t built for that sort of load. You
could use instead of a database like CosmosDB, or a caching solution like
Redis, which are two very widely used options on Azure. This is a lot more
work, but that’s the only way to get all the benefits from a serverless
platform.
The power of feelings at work
Articulating feelings can also bring new understanding to apparent
insubordination or poor performance. For example, our firm was once engaged to
help an oil refinery stymied by a total lack of response from its employees
when it tried to elicit ideas for a cost-reduction effort. To understand what
was behind the disengagement, we held focus groups across functions and grades
and conducted one-on-one interviews with senior executives. We sought out
individuals whom others identified via a questionnaire (e.g., to whom do you
go within the organization if you have a problem?) as particularly in touch
with employee feelings and asked for their input on what was stopping action.
Across the sessions, an articulation of feelings — frustration, fear, and
hopelessness — emerged. ... Because feelings are always messengers of needs,
the next step is to follow the feeling to the need. Needs are actionable and
often multidimensional. Taking action from an understanding of needs sidesteps
recrimination and invites compassion. Psychologist Marshall Rosenberg, founder
of the Center for Nonviolent Communication, which advocates speaking from
needs to navigate conflict, writes, “From the moment people begin talking
about what they need, rather than what’s wrong with one another, the
possibility of finding ways to meet everybody’s needs is greatly increased.”
Cybersecurity Bounces Back, but Talent Still Absent
Leave it to a global pandemic to disrupt industries many of us have assumed to
be stalwart. Companies fortunate enough not to traffic in hard goods are
realizing they can survive (and cut significant costs) by moving to
work-from-home workforces. This shift, with an estimated 62% of the workforce
now working from home, demonstrates the increased need in hiring for
cybersecurity personnel required to manage these new business models. At
first, this sounds great for the resilience of the cybersecurity sector — but
this means the already existent skills shortage for security professionals is
about to get a lot worse. The result is that the lines between what have been
considered "pure" cybersecurity roles and, well, everything else are becoming
blurred. A recent (ISC)² survey shows that many security professionals are
being leveraged to support general IT requirements to accommodate different
needs for work at home amid the pandemic. That makes sense. Companies need to
have the infrastructure in place to support these new remote workers logging
in from their home ISPs while also ensuring the security of sensitive data and
intellectual property.
Secondary DNS - Deep Dive
Secondary DNS has many use cases across the Internet; however, traditionally,
it was used as a synchronized backup for when the primary DNS server was
unable to respond to queries. A more modern approach involves focusing on
redundancy across many different nameservers, which in many cases broadcast
the same anycasted IP address. Secondary DNS involves the unidirectional
transfer of DNS zones from the primary to the Secondary DNS server(s). One
primary can have any number of Secondary DNS servers that it must communicate
with in order to keep track of any zone updates. A zone update is considered a
change in the contents of a zone, which ultimately leads to a Start of
Authority (SOA) serial number increase. The zone’s SOA serial is one of the
key elements of Secondary DNS; it is how primary and secondary servers
synchronize zones. Below is an example of what an SOA record might look like
during a dig query. ... In addition to serial tracking, it is important to
ensure that a standard protocol is used between primary and Secondary DNS
server(s), to efficiently transfer the zone. DNS zone transfer protocols do
not attempt to solve the confidentiality, authentication and integrity triad
(CIA); however, the use of TSIG on top of the basic zone transfer protocols
can provide integrity and authentication.
Leadership lessons from Accenture’s CIO
The only certain thing about technology is that what we use today is not what
we will use tomorrow. In my senior team, I look for a mindset of flexibility,
which not everyone has. In my interviews I assess the candidate’s willingness
to rotate to the new and untried, while at the same time protecting our core
systems. The second competency stems from the fact that we live in a world of
publicity and social media, where people are always watching what you are
doing. When you live in this world, and represent your company, you need an
identifiable personal brand. I’m not talking about a being a big shiny icon
and writing a lot of white papers. It’s about having the confidence in who you
are and communicating, in a few simple words, your unique value. My
responsibility is to help people recognize their personal brand and to use it
as the foundation of their confidence to lead. We put out a capability called
ALICE (Accenture Legal Intelligent Contract Exploration), which uses applied
intelligence and machine learning for natural language processing across all
of our contracts.
TOGAF and the history of Enterprise Architecture
TOGAF assumes it will be used by companies with many departments and that are
hierarchical in terms of structure and decision-making. Thus, the framework
maps directly onto these types of organizational structures. For example, a
whole chapter is devoted to describing how to establish and operate an
Architectural Board. An Architectural Board is a central planning committee
that oversees the design and implementation of the Enterprise Architecture.
There're chapters about Risk Management, Architecture Partitioning, and
Architectural Contracts. Remember, as mentioned earlier, TOGAF has 52
chapters. It's exhaustive. However, while TOGAF is highly structured, it can
accommodate other methodologies, such as Agile and DevOps. TOGAF understands
it's best for companies that are highly structured organizations, but it also
understands that no two companies are alike. TOGAF supports versatility. TOGAF
accepts the iterative model, which is a critical component of Agile. In fact,
there is a chapter in TOGAF titled "Applying Iteration to the ADM" that
discusses the nature and implementation of iteration in the Application
Development Model. Also, DevOps can be accommodated by TOGAF.
Renault’s blockchain project aims at vehicle compliance
Deployed in collaboration with IBM, XCEED is based on ‘Hyperledger Fabric’
blockchain technology. It is designed to track and certify the compliance of
components and sub-components. The tool looks to enable greater responsiveness
and efficiency at a time of what Renault believes is ‘ever-greater regulatory
stringency.’ Here, the carmaker is referring to the European Parliament’s new
market surveillance regulations which came into effect at the start of
September. These rules mean enhanced controls for vehicles already on the
market. Therefore, the production chain must adjust its structure to respond
to regulations within shorter timeframes. With XCEED, blockchain is used to
create a trusted network for sharing compliance information between
manufacturers. Each party maintains control and confidentiality over its data,
without compromising its integrity, while also increasing security and
confidentiality. Testing was conducted at Renault’s Douai plant, with over one
million documents archived and a speed of 500 transactions per second.
Blockchain in Mortgages – Adopting the New Kid on the Block
The world is fast progressing within the technology domain and digital
services have penetrated to the unexplored corners of life. Digital
transformation has become the backbone of companies and industries throughout
the planet. Traditional banking and lending which were thriving a couple of
years back, are dying a quick death. Post the pandemic the banks and other
financial institutions have increased the push on digital channels for
acquisition and customer servicing. Agile and scalable lending platforms are
cutting acquisition costs and convey in growth in loan volumes. India’s eleven
largest banks namely ICICI Bank Ltd, Axis Bank Ltd, Kotak Mahindra Bank, HDFC
Bank, Yes Bank, Standard Chartered Bank, RBL Bank, South Indian Bank, etc.
have come together to form a consortium for leveraging the blockchain
technology. Blockchain solutions will help increase operational efficiency,
faster TAT, enhanced customer delight, increase transparency, and authenticity
of transactions. Banks are going to be ready to make better credit decisions
thanks to the globally shared and distributed network and increased
communication between banks. Blockchain will reduce fraud and data
manipulation and can deliver better portfolios.
How Microsoft is looking to MetaOS to make Microsoft 365 a 'whole life' experience
Microsoft's highest level MetaOS pitch is that it is focused on people and not
tied to specific devices. Microsoft seems to be modeling itself a bit after
Tencent's WeChat mobile social/payment app/service here, my sources say.
Microsoft wants to create a single mobile platform that provides a consistent
set of work and play services, including messaging, voice and video, digital
payments, gaming, and customized document and news feeds. The MetaOS consists
of a number of layers, or tiers, according to information shared with me by my
contacts. At the lowest level, there's a data tier, which is implemented in
the Office substrate and/or Microsoft Graph. This data tier is all about
network identity and groups. There's also an application model, which includes
work Microsoft is doing around Fluid Framework (its fast co-authoring and
object embedding technology); Power Apps for rapid development and even the
Visual Studio team for dev tools. Microsoft is creating a set of services and
contracts for developers around Fluid Core, Search,
personalization/recommendation, security, and management. For software vendors
and customers,
Quote for the day:
"As a leader, you set the tone for your entire team. If you have a positive attitude, your team will achieve much more." -- Colin Powell
No comments:
Post a Comment