Daily Tech Digest - December 22, 2020

Up Your DevOps Game: It’s Time for NoOps

It’s time for the next approach: Limit the number of choices to create standard best-in-class operations that deliver economies of scale and easily evolve with minimal hassle. NoOps simplifies cloud operations—everyone can do things the same way. NoOps aims to “completely automate the deployment, monitoring and management of applications and the infrastructure on which they run,” according to Forrester, which coined the term. NoOps is about standardizing the approach to deployments and reducing the number of variables, bringing simplicity. At its core, NoOps is focused on automating deployments and executions that are predictable and repeatable. The development and increasing adoption of containers are critical to the entire NoOps philosophy. Containers provide the ability to independently deploy services and applications, automating and standardizing the process to deploy anything, anywhere. Using containers delivers the tremendous portability that hasn’t been seen since the development of generic hardware. With encapsulation within the container, whatever is running inside will behave the same no matter where it is deployed. The NoOps-containers movement will transform the entire DevOps industry.

Today’s Lens of Information Governance (IG)

With the increasing list of data privacy laws and regulations and because remote workforces have created greater disconnect and information silos among departments, it is even more important for organizations to not treat data privacy as a one-department task. Instead, they must work as an organization to break through organizational data silos to ensure compliance is part of the entire culture. Though no specific national privacy regulation currently exists, any nationwide rules would likely follow the standards set forth by the European Union’s General Data Protection Regulation and the California Consumer Privacy Act (CCPA). Complicating matters further, online privacy laws, which differ widely from state to state, could expose companies to potential fines, reputational risk and damages resulting from data incidents. The California attorney general, for example, can impose penalties up to $2,500 for non-willful violations and $7,500 for intentional violations of the CCPA. Other key data regulations include the Sarbanes–Oxley Act of 2002, which standardizes record management practices, and the Gramm–Leach–Bliley Act (1999), which entails financial institutions shielding the nonpublic personal information of customers.

Disaster Recovery for Multi-Region Kafka at Uber

When disaster strikes the primary region, the active-active service assigns another region to be the primary, and the surge pricing calculation fails over to another region. It’s important to note that the computation state of the Flink job is too large to be synchronously replicated between regions, and therefore its state must be computed independently from the input messages from the aggregate clusters. And a key insight from the practices is that offering reliable and multi-regional available infrastructure services like Kafka can greatly simplify the development of the business continuity plan for the applications. The application can store its state in the infrastructure layer and thus become stateless, leaving the complexity of state management, like synchronization and replication across regions, to the infrastructure services. Another multi-region consumption mode is active/passive: only one consumer (identified by a unique name) is allowed to consume from the aggregate clusters in one of the regions (i.e. the primary region) at a time. The multi-region Kafka tracks its consumption progress in the primary region, represented by the offset, and replicates the offset to other regions. So upon failure of the primary region, the active/passive mode allows the consumer to failover to another region and resume its consumption.

Here’s How IT Leaders Can Adapt to Stricter Data Privacy Laws

Data-reliant businesses like Apple and Facebook, which make billions of dollars annually off personal information, are keeping a close watch on the shifting privacy landscape. Google’s plans to eliminate third-party cookies from Chrome was a move towards ensuring consumer trust; and now many businesses and their IT teams are facing massive changes to their privacy and data collection practices. Google’s gesture is ironic seeing as the company is facing a $5B lawsuit after being accused of illegally invading the privacy of millions of users by continuously tracking internet usage through browsers set in “private” mode. Many CIOs and tech teams were initially afraid of the potential impact California’s initial CCPA would have on their businesses, especially considering the massive GDPR violations that have cost organizations upwards of $228M. Businesses and their tech teams should expect to see a continued federal push from the Biden administration to implement nationalized standards for data protection. The movement is starting to take shape with the passing of California’s new CPRA law, which gives the power of consent to consumers around how businesses manage their data. This is a big win for consumers, as nearly every major data company in the financial market has holding operations in California.

NSA Warns of Hacking Tactics That Target Cloud Resources

The warning comes after a week's worth of revelations over the SolarWinds breach that has affected government agencies as well as corporations, including Microsoft, FireEye, Intel and Nvida. Secretary of State Mike Pompeo, commenting on the breach, said in a Friday evening radio interview that "the Russians engaged in this activity." "I can't say much more as we're still unpacking precisely what it is, and I'm sure some of it will remain classified," Pompeo said, according to a transcript provided by the State Department. "But suffice it to say there was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. government systems, and it now appears systems of private companies and companies and governments across the world as well. This was a very significant effort, and I think it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity." In a pair of tweets on Saturday, President Donald Trump appeared to question whether Russia was involved in the hacking operation and opened up the possibility that China may have played a role. "The Cyber Hack is far greater in the Fake News Media than in actuality," Trump tweeted.

Advice for incident responders on recovery from systemic identity compromises

Once your incident responders and key personnel have a secure place to collaborate, the next step is to investigate the suspected compromised environment. Successful investigation will be a balance between getting to the bottom of every anomalous behavior to fully scope the extent of attacker activity and persistence and taking action quickly to stop any further activity on objectives by the attacker. Successful remediation requires as complete an understanding of the initial method of entry and persistence mechanisms controlled by the attacker as possible. Any persistence mechanisms missed could result in continued access by the attacker and potential for re-compromise. ... There are many ways to detect activity associated with this campaign. Exactly how your organization will detect attacker behavior depends on which security tools you have available, or choose to deploy in response. Microsoft has provided examples publicly for some of the core security products and services that we offer and are continually updating those documents as new threat intelligence is identified related to this attacker. 

What the antitrust lawsuits against big tech companies could mean for tech leaders

With the Microsoft antirust action more than 20 years in the past, perhaps the first obvious lesson that's applicable to today's tech giants is that whatever happens, it will happen slowly. Microsoft was sued in May 1998, and the settlement reached during the appeals process was approved in 2004. Much can happen in technology in six years; in fact, Google went from a university project to preparing for IPO during the full course of the Microsoft lawsuit. These companies are probably some of the few entities with the breadth and depth of legal resources to match the US government, so any action as dramatic as a forced breakup or significant restructuring of these giants that would significantly impact customers is likely years away at the earliest. In the nearer term, however, expect the tech giants to launch significant marketing efforts to polish up their public appearances and present themselves as champions of consumers and unwitting victims of government overreach. This campaign to generate goodwill may manifest itself in more transparent contractual terms, lower pricing, or more transparency for customers, benefits that will likely come available for little more than mentioning that you're concerned about the potential outcome of these lawsuits.

Data’s Gender Gap: How to Address Data’s Gender Gap

It is not enough to simply leave positions open to those of different genders (and races, sexual orientations, abilities, etc.), we must intentionally seek out those with different backgrounds to fill them. If the majority of those working on a team are men, a woman may feel unwelcome in that space. She might question what kind of workplace culture led to an all-male team, and if her contributions might be second-guessed by others due to her gender. When only one or a handful of women are present in a workplace, they may feel tokenized. By deliberately recruiting a representative population of women, an organization is showing a base level of commitment to welcoming and including people with different viewpoints and genders. According to LinkedIn’s 2018 Gender Insights Report, women apply to 20% fewer postings than men while on a job hunt. It is not certain whether this is simply due to women being more selective and particular than men in their job hunt, or if they are less likely to apply to a listing they do not precisely fit the requirements for than men. Either way, recruiters can make an effort to seek out women with backgrounds that sound intriguing for the positions they are hiring, and ask those they know to refer non-male candidates they believe would be up for the job.

The stakeholder–shareholder debate is over

CEOs are now becoming more like politicians, who have to be prepared to answer questions on just about any aspect of society. That’s a sharp departure for chief executives, whose compasses were previously pointed in a fixed direction toward shareholders. “The role is evolving, and it’s going to require a different kind of intelligence and greater situational awareness,” said George Barrett, former chairman and chief executive of Cardinal Health. “The job requires managing multiple levers. It used to be that most of these levers were behind the scenes. They were operational. There were a couple of stakeholders who had big, loud voices, and leaders tended to focus on managing them. Today, everything is louder, and leaders must be attentive to more engaged stakeholders. That requires a pretty skillful hand.” Chip Bergh, CEO of Levi Strauss, echoed Barrett’s insights: “You have to navigate all the different stakeholders and do the right thing. You also have to decide where you draw the line. Where do you weigh in? Because if you stand for everything, you stand for nothing. So we pick our spots about when we comment, and sometimes those are tough calls.”

Do You Think Like a Lawyer, a Scientist, or an Engineer?

Scientific thinking is an entirely different form of logical analysis. The challenge in science is not to follow the rules or define the rules; the challenge is to discover them. In any truly scientific investigation, we do not know the rules in advance. To discover the rules, we use observation and inference. This contrasts strongly with the IRAC method of logical analysis. The scientific method emphasizes intellectual humility, treating knowledge as layers of hypotheses. Accumulating new knowledge requires designing and running experiments to test new hypotheses. A hypothesis is an idea about what rules may govern a certain situation. Designing an experiment means imagining how a system would behave if a certain rule holds true. Running an experiment means carrying out a scenario to see if the results matched your expectations. In the scientific method, you validate your mental model against observed results. If results match your expectations, it gives confidence that the hidden rules match your hypothesis. The defining characteristic of the scientific method is building systems that enable us to learn. Learning underlying rules (while holding our knowledge of them as tentative) is the product of this exercise.

Quote for the day:

"Preconceived notions are the locks on the door to wisdom." -- Mary Browne

No comments:

Post a Comment