MLOps: More Than Automation
For MLOps to learn from DevOps, we must center the needs of data scientists
and the people that are impacted by their models first. It isn’t enough to say
that practicing MLOps means advocating for automation and monitoring at all
steps to do things faster. Without this focus, we will see an increase in the
deployment of models that have uninspected and unintended consequences that
often disproportionately impact marginalized communities. So, as a data
scientist, what is it that I need? Keeping up with the latest and greatest
event streaming services, distributed systems or methods of continuous
deployment of integration isn’t where my mind lights up. I would like to spend
most of my time understanding the domain space of the model I’m about to
build, the nuanced impact of that model and whether it’s going to meet the
needs of my customers and the people they serve. There are a few ways to
notice if you’re applying MLOps basically as a Band-Aid, a way to just go
faster, that will ultimately break down. When looking for a solution to
automate, consider if you’re only reducing the work required for manual
processes or if you’re also enabling data scientists to focus on the hard
problems they’re trained to tackle.
6 Signs DevSecOps Maturity Has a Long Way to Go
Nevertheless, AppSec teams still struggle on many fronts to bake security into
the process of delivering software, and the vast majority of organizations are
early on in their DevSecOps journey. According to another recent study conducted
WhiteSource, only 20% of organizations believe they’ve reached full DevSecOps
maturity. And 73% of respondents say they feel forced to compromise on security
to meet short development lifecycles. Which is fine in a lot of situations,
because what is risk management but a constant exercise in compromise? It’s all
about weighing the risks against the benefits of a certain activity, and coming
up with a balance in action and controls that minimize the risk while maximizing
the benefits. The problem for DevSecOps today is that the indicators show
there’s still little rigor or due diligence to come up with a disciplined method
for determining that balance, let alone executing on it. ... The disconnect on
what DevOps pros prioritize over time—security work versus innovation and
feature delivery—ultimately comes down to how they’re measured and incentivized
by their bosses. Many executive teams may pay lip service to the need of better
cooperation between security , 44% according to security pros interviewed in the
Ponemon study.
Half of all virtual appliances have outdated software and serious vulnerabilities
"Poor processes account for the product age problem in many cases," Orca said
in its report. "Out-of-date products remain available after they’ve reached
their end-of-life. The overall product is no longer supported, the operating
systems may be unsupported, and/or updates and patches are no longer being
applied. As a result of Orca Security’s research, 39 products have been
removed from distribution." Commercial appliances scored about the same on
average as free and open-source ones, with the latter having a slight
advantage. However, hardened virtual appliances whose operating systems and
software stacks had been stripped down to minimize attack surface, scored much
higher than all other appliances -- 94.2 on average. Over half of tested
appliances came from system integrators. These images have all the necessary
components to run certain Web applications -- for example an image with
WordPress, but also the Apache Web server and MySQL database and the OpenSSL
security library. Their average score was 77.6, which is close to the overall
average score for all appliances, but lower than those from security vendors.
CPRA: More opportunity than threat for employers
The CPRA is actually a lot more lenient than the GDPR in regard to how it
polices the relationship between employers and employees’ data. Unlike for its
EU equivalent, there are already lots of exceptions written into the proposed
Californian law acknowledging that worker-employer relations are not like
consumer-vendor relations. Moreover, the CPRA extends the CCPA exemption for
employers, set to end on January 1, 2021. This means that if the CPRA passes
into law, employers would be released from both their existing and potential
new employee data protection obligations for two more years, until January 1,
2023. This exemption would apply to most provisions under the CPRA, including
the personal information collected from individuals acting as job applicants,
staff members, employees, contractors, officers, directors, and owners.
However, employers would still need to provide notice of data collection and
maintain safeguards for personal information. It’s highly likely that during
this two-year window, additional reforms would be passed that might further
ease employer-employee data privacy requirements. While the CPRA won’t change
much overnight, impacted organizations shouldn’t wait to take action, but
should take this time to consider what employee data they collect, why they do
so, and how they store this information.
Digital transformation: 3 hard truths
Digital transformation projects that are born as “IT initiatives” run the risk
of being viewed as changes for the sake of new technology. Digital
transformations must be viewed as business transformations, with business
leaders not only buying into the proposed plans and value but driving the
organizational and process changes that are needed to be successful. The
widespread adoption of technologies means an organization doesn’t gain a
competitive edge when it uses them, but rather how it uses them. Success lies
in creating balanced IT-business partnerships that provide experts from both
technical and business domains so new technologies can be integrated deep into
the business. Intel’s AI projects are a perfect example of this in practice.
Together, IT and the business have been able to achieve over $500 million in
business value in 2019. Digital transformation isn’t a “from->to” process
that reaches a static, determined “end state.” Today’s competitive pressures
and the pace of technological change are simply too great to allow for a
transformation to ever be “finished.” We need to view digital transformation
as always evolving, always underway – with leaders and businesses embracing a
dynamic state of constant disruption.
Ransomware operators now outsource network access exploits to speed up attacks
"Since the start of 2020 and the emergence of the now-popular "ransomware with
data theft and extortion" tactics, ransomware gangs have successfully utilized
dark web platforms to outsource complicated aspects of a network compromise,"
the researchers say. "A successful ransomware attack hinges on the development
and maintenance of stable network access which comes with a higher risk of
detection and requires time and effort. Access sellers fill this niche market
for ransomware groups." As of September this year, Accenture has tracked over
25 persistent network access sellers -- alongside the occasional one-off --
and more are entering the market on a "weekly basis." Many of the sellers
are active on the same underground forums haunted by ransomware groups
including Maze, NetWalker, Sodinokibi, Lockbit, and Avaddon. Sellers have
now begun touting their offerings on single forum threads, rather than
separate posts, and RDP remains a popular option for network access. In an
interesting twist, rather than sell-off a zero-day vulnerability to one
seller, some traders are using these unpatched bugs to exploit numerous
corporate networks and sell access to threat actors in separate bundles to
generate additional revenue.
What 5G brings to IoT today and tomorrow
IoT devices today are mostly connected via cabled technologies, Engarto says.
These include both shielded twisted-pair LAN and coaxial cables. “In some
limited areas Wi-Fi may have some usage,” but is not always ideal, she says.
“5G enables many more sensors to be put in place without a need for cable and
conduit for each cable,” Engarto says. But the newer wireless technology “will
be one of many networking solutions designed to address IoT’s full needs,”
says Patrick Filkins, senior research analyst, IoT and mobile network
infrastructure, at research firm International Data Corp. (IDC). “For example,
5G can address endpoints that require any breadth of latency, reliability, and
security,” Filkins says. “While 5G will be a Swiss-army knife solution to IoT,
all from a single platform, some enterprises may not need the full breadth of
5G’s capabilities. In many cases, such as LPWAN [low-power WAN], you can
achieve connectivity through alternatives such as LoRaWAN.” Wi-Fi 6 and Wi-Fi
HaLoW will also play a role in dense, shorter-range IoT use cases, Filkins
says, although with a potential loss in reliability. “5G is an uplift from LTE
when it comes to promising zero downtime communications, by baking in new
technologies enabling near-zero packet loss,” Filkins says.
Why India’s Proposed Data Protection Authority Needs Constitutional Entrenchment
The DPA has been entrusted the role of a fourth branch institution, primarily
due to its overarching role in protecting the fundamental right to privacy of
citizens against not only possible transgressions of such privacy by the
private sector but also possibly by the government itself. As opposed to a
sectoral regulator, it is a sector-agnostic body and has wide powers cutting
across sectors and economic spheres. It is empowered to penalise both Central
and state governments when they fail to protect an individual’s personal data.
In fact, it is also empowered to monitor sensitive data processed by other
fourth branch watchdogs such as the CAG and the EC and even more
significantly, the Legislature and Judiciary itself. As such, the DPA carries
out crucial fourth branch oversight and accountability functions against
almost all institutions of governance in our system. Why does the DPA, in its
current form, lack the independence needed to be a strong fourth branch
institution and ward off attempts of political interference? This is primarily
attributable to the fact that its structure and composition was inspired from
sectoral regulators such as SEBI, IRDA and TRAI, based on the recommendation
by the Financial Sector Legislative Reforms Commission as mentioned in the
Justice B.N. Srikrishna committee report.
Automation and AI: Challenges and Opportunities
Today, it is widely acknowledged that automation and AI technologies will
gradually transform the global workplace, with intelligent machines performing
human tasks in some cases and aiding the human in other cases. The presence of
robotic machines in the workplace will ultimately increase efficiency and reduce
costs. As a result, many human occupations will disappear, while others will
adapt to technology-enabled roles. ... Although businesses have shown a recent
trend of hiring AI developers at a breakneck speed to fulfill their in-house
automation needs, few understand the fundamental challenges that this technology
brings with it. As a result, the “AI comfort zone” is still missing in
enterprise business circles, and business operators are still doubtful about the
cost benefits associated with AI. Everywhere you look today, you come across
automated machines or systems driven by powerful computers, multi-channel data,
and very smart algorithms. The modern society is grappling with chat bots, PDAs,
self-driving vehicles on roads, and automated check-outs in grocery stores. ...
Although Data Governance is still a concern among most business operators, it is
widely accepted that augmented intelligence has the capability of emulating the
human decision-making process.
Microsoft India Announces Public Preview of Power Automate Desktop Solution
Power Automate Desktop is a part of Microsoft Power Automate service and is
claimed to enable coders and non-coders alike to automate processes and tasks
across desktop and web applications with minimal effort from a single
intelligent platform. According to sources, the design environment allows
non-coders to automate processes quickly without writing a single line of code.
It also provides complete control and flexibility for advanced users,
programmers and developers in a scalable and secure environment. It further
democratises the RPA capabilities within Power Automate by providing a desktop
automation option for citizen developers and business users. Irina Ghose
Executive Director of Cloud Solutions, Microsoft India stated, “Organisations
and IT departments are seeking ways to quickly adapt to the unprecedented pace
of change across every industry around the world. With Microsoft Power Automate
Desktop, we aim to empower organisations automate tasks across the desktop and
web, using an integrated platform to complete tasks at speed and scale.”
Quote for the day:
"You get in life what you have the courage to ask for." -- Nancy D. Solomon
No comments:
Post a Comment