Up Your DevOps Game: It’s Time for NoOps
It’s time for the next approach: Limit the number of choices to create
standard best-in-class operations that deliver economies of scale and easily
evolve with minimal hassle. NoOps simplifies cloud operations—everyone can do
things the same way. NoOps aims to “completely automate the deployment,
monitoring and management of applications and the infrastructure on which they
run,” according to Forrester, which coined the term. NoOps is about
standardizing the approach to deployments and reducing the number of
variables, bringing simplicity. At its core, NoOps is focused on automating
deployments and executions that are predictable and repeatable. The
development and increasing adoption of containers are critical to the entire
NoOps philosophy. Containers provide the ability to independently deploy
services and applications, automating and standardizing the process to deploy
anything, anywhere. Using containers delivers the tremendous portability that
hasn’t been seen since the development of generic hardware. With encapsulation
within the container, whatever is running inside will behave the same no
matter where it is deployed. The NoOps-containers movement will transform the
entire DevOps industry.
Today’s Lens of Information Governance (IG)
With the increasing list of data privacy laws and regulations and because
remote workforces have created greater disconnect and information silos among
departments, it is even more important for organizations to not treat data
privacy as a one-department task. Instead, they must work as an organization
to break through organizational data silos to ensure compliance is part of the
entire culture. Though no specific national privacy regulation currently
exists, any nationwide rules would likely follow the standards set forth by
the European Union’s General Data Protection Regulation and the California
Consumer Privacy Act (CCPA). Complicating matters further, online privacy
laws, which differ widely from state to state, could expose companies to
potential fines, reputational risk and damages resulting from data incidents.
The California attorney general, for example, can impose penalties up to
$2,500 for non-willful violations and $7,500 for intentional violations of the
CCPA. Other key data regulations include the Sarbanes–Oxley Act of 2002, which
standardizes record management practices, and the Gramm–Leach–Bliley Act
(1999), which entails financial institutions shielding the nonpublic personal
information of customers.
Disaster Recovery for Multi-Region Kafka at Uber
When disaster strikes the primary region, the active-active service assigns
another region to be the primary, and the surge pricing calculation fails over
to another region. It’s important to note that the computation state of the
Flink job is too large to be synchronously replicated between regions, and
therefore its state must be computed independently from the input messages
from the aggregate clusters. And a key insight from the practices is that
offering reliable and multi-regional available infrastructure services like
Kafka can greatly simplify the development of the business continuity plan for
the applications. The application can store its state in the infrastructure
layer and thus become stateless, leaving the complexity of state management,
like synchronization and replication across regions, to the infrastructure
services. Another multi-region consumption mode is active/passive: only one
consumer (identified by a unique name) is allowed to consume from the
aggregate clusters in one of the regions (i.e. the primary region) at a time.
The multi-region Kafka tracks its consumption progress in the primary region,
represented by the offset, and replicates the offset to other regions. So upon
failure of the primary region, the active/passive mode allows the consumer to
failover to another region and resume its consumption.
Here’s How IT Leaders Can Adapt to Stricter Data Privacy Laws
Data-reliant businesses like Apple and Facebook, which make billions of
dollars annually off personal information, are keeping a close watch on the
shifting privacy landscape. Google’s plans to eliminate third-party cookies
from Chrome was a move towards ensuring consumer trust; and now many
businesses and their IT teams are facing massive changes to their privacy and
data collection practices. Google’s gesture is ironic seeing as the company is
facing a $5B lawsuit after being accused of illegally invading the privacy of
millions of users by continuously tracking internet usage through browsers set
in “private” mode. Many CIOs and tech teams were initially afraid of the
potential impact California’s initial CCPA would have on their businesses,
especially considering the massive GDPR violations that have cost
organizations upwards of $228M. Businesses and their tech teams should
expect to see a continued federal push from the Biden administration to
implement nationalized standards for data protection. The movement is starting
to take shape with the passing of California’s new CPRA law, which gives the
power of consent to consumers around how businesses manage their data. This is
a big win for consumers, as nearly every major data company in the financial
market has holding operations in California.
NSA Warns of Hacking Tactics That Target Cloud Resources
The warning comes after a week's worth of revelations over the SolarWinds
breach that has affected government agencies as well as corporations,
including Microsoft, FireEye, Intel and Nvida. Secretary of State Mike Pompeo,
commenting on the breach, said in a Friday evening radio interview that "the
Russians engaged in this activity." "I can't say much more as we're still
unpacking precisely what it is, and I'm sure some of it will remain
classified," Pompeo said, according to a transcript provided by the State
Department. "But suffice it to say there was a significant effort to use a
piece of third-party software to essentially embed code inside of U.S.
government systems, and it now appears systems of private companies and
companies and governments across the world as well. This was a very
significant effort, and I think it's the case that now we can say pretty
clearly that it was the Russians that engaged in this activity." In a pair of
tweets on Saturday, President Donald Trump appeared to question whether Russia
was involved in the hacking operation and opened up the possibility that China
may have played a role. "The Cyber Hack is far greater in the Fake News Media
than in actuality," Trump tweeted.
Advice for incident responders on recovery from systemic identity compromises
Once your incident responders and key personnel have a secure place to
collaborate, the next step is to investigate the suspected compromised
environment. Successful investigation will be a balance between getting to the
bottom of every anomalous behavior to fully scope the extent of attacker
activity and persistence and taking action quickly to stop any further activity
on objectives by the attacker. Successful remediation requires as complete an
understanding of the initial method of entry and persistence mechanisms
controlled by the attacker as possible. Any persistence mechanisms missed could
result in continued access by the attacker and potential for re-compromise. ...
There are many ways to detect activity associated with this campaign. Exactly
how your organization will detect attacker behavior depends on which security
tools you have available, or choose to deploy in response. Microsoft has
provided examples publicly for some of the core security products and services
that we offer and are continually updating those documents as new threat
intelligence is identified related to this attacker.
What the antitrust lawsuits against big tech companies could mean for tech leaders
With the Microsoft antirust action more than 20 years in the past, perhaps the
first obvious lesson that's applicable to today's tech giants is that whatever
happens, it will happen slowly. Microsoft was sued in May 1998, and the
settlement reached during the appeals process was approved in 2004. Much can
happen in technology in six years; in fact, Google went from a university
project to preparing for IPO during the full course of the Microsoft lawsuit.
These companies are probably some of the few entities with the breadth and
depth of legal resources to match the US government, so any action as dramatic
as a forced breakup or significant restructuring of these giants that would
significantly impact customers is likely years away at the earliest. In the
nearer term, however, expect the tech giants to launch significant marketing
efforts to polish up their public appearances and present themselves as
champions of consumers and unwitting victims of government overreach. This
campaign to generate goodwill may manifest itself in more transparent
contractual terms, lower pricing, or more transparency for customers, benefits
that will likely come available for little more than mentioning that you're
concerned about the potential outcome of these lawsuits.
Data’s Gender Gap: How to Address Data’s Gender Gap
It is not enough to simply leave positions open to those of different genders
(and races, sexual orientations, abilities, etc.), we must intentionally seek
out those with different backgrounds to fill them. If the majority of those
working on a team are men, a woman may feel unwelcome in that space. She might
question what kind of workplace culture led to an all-male team, and if her
contributions might be second-guessed by others due to her gender. When only
one or a handful of women are present in a workplace, they may feel tokenized.
By deliberately recruiting a representative population of women, an
organization is showing a base level of commitment to welcoming and including
people with different viewpoints and genders. According to LinkedIn’s 2018
Gender Insights Report, women apply to 20% fewer postings than men while on a
job hunt. It is not certain whether this is simply due to women being more
selective and particular than men in their job hunt, or if they are less
likely to apply to a listing they do not precisely fit the requirements for
than men. Either way, recruiters can make an effort to seek out women with
backgrounds that sound intriguing for the positions they are hiring, and ask
those they know to refer non-male candidates they believe would be up for the
job.
The stakeholder–shareholder debate is over
CEOs are now becoming more like politicians, who have to be prepared to answer
questions on just about any aspect of society. That’s a sharp departure for
chief executives, whose compasses were previously pointed in a fixed direction
toward shareholders. “The role is evolving, and it’s going to require a
different kind of intelligence and greater situational awareness,” said George
Barrett, former chairman and chief executive of Cardinal Health. “The job
requires managing multiple levers. It used to be that most of these levers
were behind the scenes. They were operational. There were a couple of
stakeholders who had big, loud voices, and leaders tended to focus on managing
them. Today, everything is louder, and leaders must be attentive to more
engaged stakeholders. That requires a pretty skillful hand.” Chip Bergh, CEO
of Levi Strauss, echoed Barrett’s insights: “You have to navigate all the
different stakeholders and do the right thing. You also have to decide where
you draw the line. Where do you weigh in? Because if you stand for everything,
you stand for nothing. So we pick our spots about when we comment, and
sometimes those are tough calls.”
Do You Think Like a Lawyer, a Scientist, or an Engineer?
Scientific thinking is an entirely different form of logical analysis. The
challenge in science is not to follow the rules or define the rules; the
challenge is to discover them. In any truly scientific investigation, we do not
know the rules in advance. To discover the rules, we use observation and
inference. This contrasts strongly with the IRAC method of logical analysis. The
scientific method emphasizes intellectual humility, treating knowledge as layers
of hypotheses. Accumulating new knowledge requires designing and running
experiments to test new hypotheses. A hypothesis is an idea about what rules may
govern a certain situation. Designing an experiment means imagining how a system
would behave if a certain rule holds true. Running an experiment means carrying
out a scenario to see if the results matched your expectations. In the
scientific method, you validate your mental model against observed results. If
results match your expectations, it gives confidence that the hidden rules match
your hypothesis. The defining characteristic of the scientific method is
building systems that enable us to learn. Learning underlying rules (while
holding our knowledge of them as tentative) is the product of this exercise.
Quote for the day:
"Preconceived notions are the locks on the door to wisdom." -- Mary Browne
No comments:
Post a Comment