Daily Tech Digest - December 21, 2020

Building Trust with Centralized Data Access

As businesses continue to find ways to use, monetize, and aggregate data, they need to effectively share their data in a way that’s more secure than an email and more scalable than sending a thumb drive by courier. They also need methods to use data more efficiently. In particular, businesses that are exploring ML and AI solutions need to look to data trusts to provide these solutions at scale, because the tedious overhead of data prep required to fuel these solutions can derail projects entirely. Data trusts are also a logical next step for any government or government institution looking to achieve greater transparency and drive innovation. After all, a data trust is primarily a vehicle for securely collecting and disseminating public, private, and proprietary information. Government data systems are complex; data trusts are a useful tool that can be used to synthesize, standardize, and audit data that is generated or used internally. The key difference between the value that data trusts bring for businesses is to increase data use within the organization, whereas for governments it is primarily used to audit data assets and better understand internal data environments. 

Five ways COVID-19 will change cybersecurity

Next year, CISOs will have to grapple with the consequences of the decisions they made (or were forced to make) in 2020. One of their first orders of business will be to “un-cut” the corners they took in the spring to stand up remote work capabilities. We’re already starting to see this trend play out, with zero trust – an emerging security mindset that treats everything as hostile, including the network, host, applications, and services – gaining in traction: in November, 60 percent of organizations reported that they were accelerating zero trust projects. That’s due in no small part to CISOs and CSOs retrenching and taking a more deliberate approach to ensuring operational security. The security leaders who help their organizations successfully navigate the zero trust journey will recognize that a zero trust mindset has to incorporate a holistic suite of capabilities including, but not limited to: strong multifactor authentication, comprehensive identity governance and lifecycle, and effective threat detection and response fueled through comprehensive visibility across all key digital assets. To address the increasing digital complexity induced by digital transformation, effective security leaders will embrace the notion of extended detection and response (XDR), striving for unified visibility across their networks, endpoints, cloud assets, and digital identities.

Stop the Insanity: Eliminating Data Infrastructure Sprawl

There are so many projects going on that navigating the tangle is pretty difficult. In the past, you generally had a few commercial options. Now, there might be tens or hundreds of options to choose from. You end up having to narrow it down to a few choices based on limited time and information.  Database technology in particular has seen this problem mushroom in recent years. It used to be you had a small number of choices: Oracle, Microsoft SQL Server, and IBM DB2 as the proprietary choices, or MySQL if you wanted a free and open source choice. Then, two trends matured: NoSQL, and the rise of open source as a model. The number of choices grew tremendously. In addition, as cloud vendors are trying to differentiate, they have each added both NoSQL databases and their own flavors of relational (or SQL) databases. AWS has more than 10 database offerings; Azure and GCP each have more than five flavors. ... If you’re building a new solution, you have to decide what data architecture you need. Even if you assume the requirements are clear and fixed – which is almost never the case – navigating the bewildering set of choices as to which database to use is pretty hard. You need to assess requirements across a broad set of dimensions – such as functionality, performance, security, and support options – to determine which ones meet your needs.

Agility for business — championing customer expectations in 2021

2020 has shown that remote working isn’t just possible for many traditionally office-based industries such as customer service, but also sometimes preferable. It has given many employees a better way to structure their workday and work/life balance while ensuring they stay protected. In 2021, flexible working models will continue to become more prominent. Businesses and their customer experience teams will therefore need to dynamically manage employees and anticipate different working scenarios — remote work, in the office, off-shore, on-shore, in-house or outsourced — and enable them to deliver service across multiple channels. This means managers must be equipped with the tools to address an agile workforce divergence. The workforce must be effectively and efficiently managed as agents work across any channel and from any location. Also, as digital tools continue to increase in prominence, a robotic workforce will need to be managed together with customer service employees as one integrated workforce. By embracing and adapting to these new working conditions, businesses will be better placed to maintain customer service levels whatever the circumstance.

FireEye: SolarWinds Hack 'Genuinely Impacted' 50 Victims

Microsoft on Thursday disclosed that it too was hacked, but says there are no signs that its software was either Trojanized or used to infect anyone else. On Friday, Palo Alto, California-based VMware said it was also a victim of the supply chain attack. "While we have identified limited instances of the vulnerable SolarWinds Orion software in our own internal environment, our own internal investigation has not revealed any indication of exploitation," VMware said in a statement. FireEye's Mandia said in his Sunday interview that the SolarWinds Orion code was altered in October 2019, but that the backdoor wasn't added until March. An unnamed source with knowledge of the investigation told Yahoo News that last October's effort appeared to be a "dry run," adding that the attackers' caution suggested that they were "a little bit more disciplined and deliberate" than the average attacker. Investigators say the attack appears to have been launched by Russia as part of a cyber espionage operation, and potentially by Moscow's SVR foreign intelligence service. U.S. Secretary of State Mike Pompeo on Friday said in a radio interview that "we can say pretty clearly that it was the Russians." On Saturday, President Donald Trump attempted to downplay Pompeo's remarks.

Why Quantum Computing's Future Lies in the Cloud

The current generation of Noisy Intermediate-Scale Quantum (NISQ) computers are large, temperamental, and complicated to maintain, said Konstantinos Karagiannis, an associate director at business, finance, and technology consulting firm Protiviti. They are also very expensive and likely to be rapidly outdated, he added. Karagiannis, like most other sector experts, believes that the enterprise path to quantum computing access is more likely to go through the cloud than the data center. "Providing cloud access to quantum computers ... allows researchers and companies worldwide to share these systems and contribute to both academia and industry," he said. "As more powerful systems come online, the cloud approach is likely to become a significant revenue source [for service providers], with users paying for access to NISQ systems that can solve real-world problems." The limited lifespans of rapidly advancing quantum computing systems also favors cloud providers. "Developers are still early along in hardware development, so there's little incentive for a user to buy hardware that will soon be made obsolete," explained Lewie Roberts, a senior researcher at Lux Research. "This is also part of why so many large cloud players ... are researching quantum computing," Roberts noted. "It would nicely augment their existing cloud services," he added.

Microsoft Finds Backdoor; CISA Warns of New Attack Vectors

The hacking campaign involved slipping malicious backdoors into software updates for SolarWinds' popular network management software called Orion. Once those updates were installed by organizations, the attackers had free-ranging access to networks and could install other malware and access data, such as email accounts. Orion has powerful, administrative access, says John Bambenek, chief forensic examiner and president of Bambenek Consulting and an incident handler at the SANS Institute."Owning SolarWinds is effectively owning the CIO," Bambenek says. "You've got the infrastructure. You don't need a special tool to sit there and change passwords or create accounts or spin up new VMs [virtual machines]. It's all built in, and you've got full access." As many as 18,000 organizations downloaded the infected updates, SolarWinds has said. But experts believe the hacking group likely only deeply penetrated a few dozen organizations, with many in the U.S. government sphere. The U.S. Cybersecurity and Infrastructure Security Agency warned Thursday, however, that the SolarWinds compromise "is not the only initial infection vector this actor leveraged."

Demystifying Master Data Management

For master data to fuel MDM, it must be organized into relevant business schemas. Reference data, imported from multiple customers, needs to be made relevant to work activities, (e.g. automate account processing, from the example above). Humans intervene with this reference data and add new data or transform it into an information product (e.g. adding transactions to invoices, matching bills). The data transformation throughout the company needs to work within the larger business context, including enhancing the reference data. When customers view the final information (e.g. that bills have been paid), the reference data used throughout the production process needs to be made available. MDM provides the framework needed to move and use raw master data. Since MDM involves a complete 360-degree business view, all company departments contribute to conception of the master data context. What may be relevant information to one business department may not be to another and may not relate to the master data context. Listing what comprises master data, including reference data, and the systems that generate master data, gives a picture toward integrating master data between other systems, throughout the entire business. But this is only a start. Providing cross-organizational commitment to the master data’s relevancy and guidance to its contextual structure becomes critical. A Data Governance program fills this need.

Hackers Use Mobile Emulators to Steal Millions

"This mobile fraud operation managed to automate the process of accessing accounts, initiating a transaction, receiving and stealing a second factor - SMS in this case - and in many cases using those codes to complete illicit transactions," according to IBM. "The data sources, scripts and customized applications the gang created flowed in one automated process, which provided speed that allowed them to rob millions of dollars from each victimized bank within a matter of days." ... They then connected to the account through a matching VPN service, according to the report. The attackers also could bypass protections, such as multifactor authentication, because they already had access to the victims' SMS messages. "A key takeaway here is that mobile malware has graduated to a fully automated process that should raise concern across the global financial services sector," Kesem says. "We have never seen a comparable operation in the past, and the same gang is likely bound to repeat these attacks. But they are also already being offered 'as-a-service' via underground venues to other cybercriminals. We also suspect that these scaled, sporadic attacks are going to become a more common way cybercriminals target banks and their customers through the mobile banking channel in 2021."

How artificial intelligence can drive your climate change strategy

From a business perspective, there is a strong connection between sustainability and business benefits, with nearly 80% of executives pointing to an increase in customer loyalty as a key benefit from sustainability initiatives. Over two thirds (69%) pointed to an increase in brand value. The impact of sustainability credentials on brand value and sales is supported by our consumer research: if consumers perceive that the brands they are buying from are not environmentally sustainable or socially responsible, 70% tell their friends and family about the experience and urge them not to interact with the organisation. The research found that 68% of the organisations also cited improvement in environmental, social and governance (ESG) ratings of their organisation driven by sustainability initiatives, with nearly 63% of organisations saying that sustainability initiatives have helped boost revenues. Another high-impact industry which we are seeing adapt to the new world order is the automotive sector. Automotive and mobility companies worldwide are facing increasing pressure from both consumers and government regulators to prioritise their sustainability efforts. We’re seeing a fundamental potential for a shift in approach as consumers adopt new, greener and more flexible approaches to getting from A to B.

Quote for the day:

"I say luck is when an opportunity comes along and you're prepared for it." -- Denzel Washington

No comments:

Post a Comment