Daily Tech Digest - October 13, 2020

MLOps: More Than Automation

For MLOps to learn from DevOps, we must center the needs of data scientists and the people that are impacted by their models first. It isn’t enough to say that practicing MLOps means advocating for automation and monitoring at all steps to do things faster. Without this focus, we will see an increase in the deployment of models that have uninspected and unintended consequences that often disproportionately impact marginalized communities. So, as a data scientist, what is it that I need? Keeping up with the latest and greatest event streaming services, distributed systems or methods of continuous deployment of integration isn’t where my mind lights up. I would like to spend most of my time understanding the domain space of the model I’m about to build, the nuanced impact of that model and whether it’s going to meet the needs of my customers and the people they serve. There are a few ways to notice if you’re applying MLOps basically as a Band-Aid, a way to just go faster, that will ultimately break down. When looking for a solution to automate, consider if you’re only reducing the work required for manual processes or if you’re also enabling data scientists to focus on the hard problems they’re trained to tackle.

6 Signs DevSecOps Maturity Has a Long Way to Go

Nevertheless, AppSec teams still struggle on many fronts to bake security into the process of delivering software, and the vast majority of organizations are early on in their DevSecOps journey. According to another recent study conducted WhiteSource, only 20% of organizations believe they’ve reached full DevSecOps maturity. And 73% of respondents say they feel forced to compromise on security to meet short development lifecycles. Which is fine in a lot of situations, because what is risk management but a constant exercise in compromise? It’s all about weighing the risks against the benefits of a certain activity, and coming up with a balance in action and controls that minimize the risk while maximizing the benefits. The problem for DevSecOps today is that the indicators show there’s still little rigor or due diligence to come up with a disciplined method for determining that balance, let alone executing on it. ... The disconnect on what DevOps pros prioritize over time—security work versus innovation and feature delivery—ultimately comes down to how they’re measured and incentivized by their bosses. Many executive teams may pay lip service to the need of better cooperation between security , 44% according to security pros interviewed in the Ponemon study. 

Half of all virtual appliances have outdated software and serious vulnerabilities

"Poor processes account for the product age problem in many cases," Orca said in its report. "Out-of-date products remain available after they’ve reached their end-of-life. The overall product is no longer supported, the operating systems may be unsupported, and/or updates and patches are no longer being applied. As a result of Orca Security’s research, 39 products have been removed from distribution." Commercial appliances scored about the same on average as free and open-source ones, with the latter having a slight advantage. However, hardened virtual appliances whose operating systems and software stacks had been stripped down to minimize attack surface, scored much higher than all other appliances -- 94.2 on average. Over half of tested appliances came from system integrators. These images have all the necessary components to run certain Web applications -- for example an image with WordPress, but also the Apache Web server and MySQL database and the OpenSSL security library. Their average score was 77.6, which is close to the overall average score for all appliances, but lower than those from security vendors.

CPRA: More opportunity than threat for employers

The CPRA is actually a lot more lenient than the GDPR in regard to how it polices the relationship between employers and employees’ data. Unlike for its EU equivalent, there are already lots of exceptions written into the proposed Californian law acknowledging that worker-employer relations are not like consumer-vendor relations. Moreover, the CPRA extends the CCPA exemption for employers, set to end on January 1, 2021. This means that if the CPRA passes into law, employers would be released from both their existing and potential new employee data protection obligations for two more years, until January 1, 2023. This exemption would apply to most provisions under the CPRA, including the personal information collected from individuals acting as job applicants, staff members, employees, contractors, officers, directors, and owners. However, employers would still need to provide notice of data collection and maintain safeguards for personal information. It’s highly likely that during this two-year window, additional reforms would be passed that might further ease employer-employee data privacy requirements. While the CPRA won’t change much overnight, impacted organizations shouldn’t wait to take action, but should take this time to consider what employee data they collect, why they do so, and how they store this information.

Digital transformation: 3 hard truths

Digital transformation projects that are born as “IT initiatives” run the risk of being viewed as changes for the sake of new technology. Digital transformations must be viewed as business transformations, with business leaders not only buying into the proposed plans and value but driving the organizational and process changes that are needed to be successful. The widespread adoption of technologies means an organization doesn’t gain a competitive edge when it uses them, but rather how it uses them. Success lies in creating balanced IT-business partnerships that provide experts from both technical and business domains so new technologies can be integrated deep into the business. Intel’s AI projects are a perfect example of this in practice. Together, IT and the business have been able to achieve over $500 million in business value in 2019. Digital transformation isn’t a “from->to” process that reaches a static, determined “end state.” Today’s competitive pressures and the pace of technological change are simply too great to allow for a transformation to ever be “finished.” We need to view digital transformation as always evolving, always underway – with leaders and businesses embracing a dynamic state of constant disruption.

Ransomware operators now outsource network access exploits to speed up attacks

"Since the start of 2020 and the emergence of the now-popular "ransomware with data theft and extortion" tactics, ransomware gangs have successfully utilized dark web platforms to outsource complicated aspects of a network compromise," the researchers say. "A successful ransomware attack hinges on the development and maintenance of stable network access which comes with a higher risk of detection and requires time and effort. Access sellers fill this niche market for ransomware groups." As of September this year, Accenture has tracked over 25 persistent network access sellers -- alongside the occasional one-off -- and more are entering the market on a "weekly basis." Many of the sellers are active on the same underground forums haunted by ransomware groups including Maze, NetWalker, Sodinokibi, Lockbit, and Avaddon. Sellers have now begun touting their offerings on single forum threads, rather than separate posts, and RDP remains a popular option for network access. In an interesting twist, rather than sell-off a zero-day vulnerability to one seller, some traders are using these unpatched bugs to exploit numerous corporate networks and sell access to threat actors in separate bundles to generate additional revenue.

What 5G brings to IoT today and tomorrow

IoT devices today are mostly connected via cabled technologies, Engarto says. These include both shielded twisted-pair LAN and coaxial cables. “In some limited areas Wi-Fi may have some usage,” but is not always ideal, she says. “5G enables many more sensors to be put in place without a need for cable and conduit for each cable,” Engarto says. But the newer wireless technology “will be one of many networking solutions designed to address IoT’s full needs,” says Patrick Filkins, senior research analyst, IoT and mobile network infrastructure, at research firm International Data Corp. (IDC). “For example, 5G can address endpoints that require any breadth of latency, reliability, and security,” Filkins says. “While 5G will be a Swiss-army knife solution to IoT, all from a single platform, some enterprises may not need the full breadth of 5G’s capabilities. In many cases, such as LPWAN [low-power WAN], you can achieve connectivity through alternatives such as LoRaWAN.” Wi-Fi 6 and Wi-Fi HaLoW will also play a role in dense, shorter-range IoT use cases, Filkins says, although with a potential loss in reliability. “5G is an uplift from LTE when it comes to promising zero downtime communications, by baking in new technologies enabling near-zero packet loss,” Filkins says.

Why India’s Proposed Data Protection Authority Needs Constitutional Entrenchment

The DPA has been entrusted the role of a fourth branch institution, primarily due to its overarching role in protecting the fundamental right to privacy of citizens against not only possible transgressions of such privacy by the private sector but also possibly by the government itself. As opposed to a sectoral regulator, it is a sector-agnostic body and has wide powers cutting across sectors and economic spheres. It is empowered to penalise both Central and state governments when they fail to protect an individual’s personal data. In fact, it is also empowered to monitor sensitive data processed by other fourth branch watchdogs such as the CAG and the EC and even more significantly, the Legislature and Judiciary itself. As such, the DPA carries out crucial fourth branch oversight and accountability functions against almost all institutions of governance in our system. Why does the DPA, in its current form, lack the independence needed to be a strong fourth branch institution and ward off attempts of political interference? This is primarily attributable to the fact that its structure and composition was inspired from sectoral regulators such as SEBI, IRDA and TRAI, based on the recommendation by the Financial Sector Legislative Reforms Commission as mentioned in the Justice B.N. Srikrishna committee report.

Automation and AI: Challenges and Opportunities

Today, it is widely acknowledged that automation and AI technologies will gradually transform the global workplace, with intelligent machines performing human tasks in some cases and aiding the human in other cases. The presence of robotic machines in the workplace will ultimately increase efficiency and reduce costs. As a result, many human occupations will disappear, while others will adapt to technology-enabled roles. ... Although businesses have shown a recent trend of hiring AI developers at a breakneck speed to fulfill their in-house automation needs, few understand the fundamental challenges that this technology brings with it. As a result, the “AI comfort zone” is still missing in enterprise business circles, and business operators are still doubtful about the cost benefits associated with AI. Everywhere you look today, you come across automated machines or systems driven by powerful computers, multi-channel data, and very smart algorithms. The modern society is grappling with chat bots, PDAs, self-driving vehicles on roads, and automated check-outs in grocery stores. ... Although Data Governance is still a concern among most business operators, it is widely accepted that augmented intelligence has the capability of emulating the human decision-making process. 

Microsoft India Announces Public Preview of Power Automate Desktop Solution

Power Automate Desktop is a part of Microsoft Power Automate service and is claimed to enable coders and non-coders alike to automate processes and tasks across desktop and web applications with minimal effort from a single intelligent platform. According to sources, the design environment allows non-coders to automate processes quickly without writing a single line of code. It also provides complete control and flexibility for advanced users, programmers and developers in a scalable and secure environment. It further democratises the RPA capabilities within Power Automate by providing a desktop automation option for citizen developers and business users. Irina Ghose Executive Director of Cloud Solutions, Microsoft India stated, “Organisations and IT departments are seeking ways to quickly adapt to the unprecedented pace of change across every industry around the world. With Microsoft Power Automate Desktop, we aim to empower organisations automate tasks across the desktop and web, using an integrated platform to complete tasks at speed and scale.”

Quote for the day:

"You get in life what you have the courage to ask for." -- Nancy D. Solomon

No comments:

Post a Comment