“One of the many things we have learned from this crisis is how much improvement many of us need as IT leaders. Getting into the habit of working on developing our emotional intelligence daily will make us better leaders. This is often pointed out in others. However, we need to examine ourselves and find better ways to deal with the many emotions that arise from our current circumstances. IT leaders need to examine their own level of empathy as they manage folks they may no longer be able to walk over to and have a conversation with as you please. As we lead during this time of flexible schedules and distributed workforce, focus on developing more empathy and, honestly, just a bit more grace.” “Be vulnerable and provide an atmosphere that will allow your team to feel supported to still do their best work even in this difficult time. Do not be that leader with a team that looks to get as far away from you following this crisis, or the leader whose team members throw in the towel before this crisis ends just to maintain their sanity.” – Cedric Wells, Director, IT Infrastructure Services, The Gorilla Glue Company ... Meditation is a powerful habit that can unlock this superpower. Many top business leaders like Ray Dalio, bestselling authors like Yuval Harari owe all their success to meditation.
A critical observation to make about this attack is that even though the attackers already had a digitally signed backdoor, they still needed to bring additional malicious code into the environment. The backdoor was a pretty big chunk of code and contained several C2 (command and control) functions compiled as part of the legitimate product. And yet, even this unusually big backdoor had no means to spread and perform sophisticated injection and theft scenarios. It required a post-deployment file-less malware (FireEye called it TEARDROP). It is thought that TEARDROP deployed a version of the Cobalt Strike BEACON payload, a penetration testing tool made for red teams that can also be used by attackers. This fact is critical since it is true to almost any attack and most of other backdoor cases. They look like tiny innocent coding oversights – basically, like any other vulnerabilities created as an honest mistake. From this point on, intentional backdoors and incidental vulnerabilities are used in very similar ways. Both are utilized to bring real malicious code – the exploit – into the target environment and perform the actual attack.
In October 2020, the Linux Foundation announced a new Software Developer Diversity and Inclusion project to draw on science and research to deliver resources and best practices that increase diversity and inclusion in software engineering. Following the age-old tenet that “you cannot manage what you don’t measure”, the Hyperledger Diversity, Civility, and Inclusion (DCI) Working Group is focused on “measuring and improving the health of our open source community.” In the OpenJS community, the Node+JS diversity scholarship program provides support to those from traditionally underrepresented or marginalized groups in the technology or open source communities who may not otherwise have the opportunity to attend the event for financial reasons. At KubeCon + CloudNativeCon this year, The Cloud Native Computing Foundation announced The Inclusive Naming Initiative to help remove harmful, racist, and unclear language in software development. At IBM, we had a similar program underway, and we have joined the CNCF initiative to further the cause. ... The AI Inclusive initiative seeks to increase the representation and participation of gender minority groups in AI. They offer offers events, tutorials, workshops, and discussions to guide community members in their AI careers.
The origins of homomorphic encryption date back to 1978. That's when a trio of researchers at MIT developed a framework that could compute a single mathematical operation (usually addition or multiplication) under the cover of encryption. The concept gained life in 2009, when Craig Gentry, now a research fellow at the blockchain-focused Algorand Foundation, developed the first fully homomorphic encryption scheme for his doctoral dissertation at Stanford University in 2009. Gentry's initial proof was simply a starting point. Over the past decade, security concerns related to cloud computing, the Internet of Things (IoT), and the growing demand for shared and third-party data have all pushed the concept forward. Along the way, more powerful homomorphic algorithms have emerged. Today, the likes of IBM and Microsoft have entered the space, along with the US Defense Advanced Research Projects Agency (DARPA) and an array of startups. "There is a tremendous benefit to being able to perform computations directly on encrypted data," says Josh Benaloh, senior cryptographer at Microsoft Research. "This allows computations to be outsourced without risk of exposing the data."
A "salt" is a random piece of data that is often added to the data you want to hash before you actually hash it. Adding a salt to your data before hashing it will make the output of the hash function different than it would be if you had only hashed the data. When a user sets their password (often on signing up), a random salt should be generated and used to compute the password hash. The salt should then be stored with the password hash. When the user tries to log in, combine the salt with the supplied password, hash the combination of the two, and compare it to the hash in the database. Without going into too much detail, hackers commonly use rainbow table attacks, dictionary attacks, and brute-force attacks to try and crack password hashes. While hackers can't compute the original password given only a hash, they can take a long list of possible passwords and compute hashes for them to try and match them with the passwords in the database. This is effectively how these types of attacks work, although each of the above works somewhat differently. A salt makes it much more difficult for hackers to perform these types of attacks. Depending on the hash function, salted hashes take nearly exponentially more time to crack than unsalted ones.
It’s clear to IT leaders that unvetted SaaS solutions (shadow IT) pose a variety of risks, including exposure of sensitive information, data ownership issues and regulatory compliance problems. The question is who is best suited to mitigate those risks, and in 2021, more companies will find that it takes a multidisciplinary strategy. A proactive governance approach requires a defined process involving a multidisciplinary team that ensures visibility and directly addresses risks to keep exposure within acceptable levels. Companies have to classify data in terms of integrity, confidentiality and availability to find the ideal balance between security and costs and determine acceptable risk levels. Cloud providers share responsibility to keep data secure along with the company, so it’s important to define exactly who is responsible for what. Companies typically manage user access, endpoint devices and data while SaaS vendors oversee apps, virtual machines, databases, etc. To fulfill their governance objectives, IT leaders will look for SaaS providers that offer multiple configuration options, including password settings/identity federations and authorization models, as well as availability plans to meet goals related to recovery time and recovery points.
5G has had many false starts, but 2021 could be the year when it really starts to take a predominant role in the telecoms space. With so many people now working remotely and using collaboration and messaging tools or video calls to communicate, we’ve started to see the demise of the traditional phone call. 5G is the ideal solution to replace landlines, using a SIM card as a fixed wireless access (FWA) to a cell tower, rather than having to install fibre cables physically into streets and homes. Investing in 5G infrastructure to give more workers around the country access to high quality, superfast connectivity is looking more and more like a political imperative to keep as much of the economy as possible working and productive. If it’s in the national interest, we might even see government support being provided to networks to deliver widespread 5G… or so networks will be hoping. ... Working from home has been a dominant theme of the coronavirus pandemic. Even if vaccination programmes soon return life to “normal” next year, some workplaces may not reopen their doors, on the basis that there is no longer a compelling commercial case to maintain a physical presence. All the necessary infrastructure businesses need to function, including telecoms, can be hosted in the public cloud. Remote connectivity is all they need.
It’s absolutely true that the pandemic elevated digital workplace technology from being a nice-to-have, or a luxury, to being an absolute must-have. We realized after the pandemic struck that public sector, education, and more parts of everyday work needed new and secure ways of working remotely. And it had to become instantaneously available for everyone. You had every C-level executive across every industry in the United States shifting to the remote model within two weeks to 30 days, and it was also needed globally. Who better than Dell on laptops and these other endpoint devices to partner with Unisys globally to securely deliver digital workspaces to our joint customers? Unisys provided the security capabilities and wrapped those services around the delivery, whereas we at Dell have the end-user devices. ... One of the big challenges in a merger or acquisition is how to quickly get the acquired employees working as first-class citizens as quickly as possible. That’s always been difficult. You either give them two laptops, or two desktops, and say, “Here’s how you do the work in the new company, and here’s where you do the work in the old company.”
The industry has heard about advances in AI for years, but in 2021, healthcare will start to see the benefits of machine learning in solutions that are highly scalable, predicts Tom Knight, CEO of Invistics. New technology funded by the National Institutes of Health (NIH), for example, can detect and fix many problems with medication administration, while helping to raise hospital revenues by millions of dollars annually, Knight said. Providers are increasingly accepting AI’s role in medicine and the capability to identify sequences and trends in data that humans cannot,” said Yann Fleureau, co-founder and CEO of Cardiologs. Kimberly Powell, vice president and general manager at NVIDIA Healthcare, predicts that hospitals will get “smarter.” Similar to the experience at home, smart speakers and smart cameras will help automate and inform activities. The technology, when used in hospitals, will help scale the work of nurses on the front lines, increase operational efficiency and provide virtual patient monitoring to predict and prevent adverse patient events, said Powell. ... John Matthews, managing director of healthcare and life sciences at Teradata, said the smart money is on leaders that recognize the difference between solutions that solve problems and trends that attract mob mentality and next-silver-bulletism.
Cybersecurity is more important than ever for this newly distributed and heterogeneously equipped workforce, for whom commuting is a fading memory (along with real-world interaction with colleagues and clients). Although there are obvious downsides to remote working, including work/life balance and long-term mental health, many of us are likely to continue working from home on a regular basis after the pandemic. That being so, it's obviously a good idea to have the best equipment for the job: there's a big difference between spending a couple of hours on your laptop at the kitchen table outside normal working hours and making this arrangement your primary workspace. To get an idea of the kind of setups that knowledge workers should be looking at in 2021 and beyond, it's worth examining the contents of ZDNet contributors' home offices, as featured on this site over recent weeks. These are journalists who have been working from home for years, and who are also, by definition, up-to-speed with the latest technology. This means that their gear is mostly at the power-user end of the knowledge worker spectrum, giving a good indication of what may become standard fare in the 'new normal'.
Quote for the day:
“People rarely succeed unless they have fun in what they are doing.” -- Dale Carnegie