6 habits of successful IT leaders in 2021
“One of the many things we have learned from this crisis is how much
improvement many of us need as IT leaders. Getting into the habit of working
on developing our emotional intelligence daily will make us better leaders.
This is often pointed out in others. However, we need to examine ourselves and
find better ways to deal with the many emotions that arise from our current
circumstances. IT leaders need to examine their own level of empathy as they
manage folks they may no longer be able to walk over to and have a
conversation with as you please. As we lead during this time of flexible
schedules and distributed workforce, focus on developing more empathy and,
honestly, just a bit more grace.” “Be vulnerable and provide an
atmosphere that will allow your team to feel supported to still do their best
work even in this difficult time. Do not be that leader with a team that looks
to get as far away from you following this crisis, or the leader whose team
members throw in the towel before this crisis ends just to maintain their
sanity.” – Cedric Wells, Director, IT Infrastructure Services, The Gorilla
Glue Company ... Meditation is a powerful habit that can unlock this
superpower. Many top business leaders like Ray Dalio, bestselling authors like
Yuval Harari owe all their success to meditation.
SolarWinds Attack Gives Rise to New Runtime Security Models
A critical observation to make about this attack is that even though the
attackers already had a digitally signed backdoor, they still needed to bring
additional malicious code into the environment. The backdoor was a pretty big
chunk of code and contained several C2 (command and control) functions
compiled as part of the legitimate product. And yet, even this unusually big
backdoor had no means to spread and perform sophisticated injection and theft
scenarios. It required a post-deployment file-less malware (FireEye called it
TEARDROP). It is thought that TEARDROP deployed a version of the Cobalt Strike
BEACON payload, a penetration testing tool made for red teams that can also be
used by attackers. This fact is critical since it is true to almost any attack
and most of other backdoor cases. They look like tiny innocent coding
oversights – basically, like any other vulnerabilities created as an honest
mistake. From this point on, intentional backdoors and incidental
vulnerabilities are used in very similar ways. Both are utilized to bring real
malicious code – the exploit – into the target environment and perform the
actual attack.
2021 will be the year open source projects overcome their diversity problems
In October 2020, the Linux Foundation announced a new Software Developer
Diversity and Inclusion project to draw on science and research to deliver
resources and best practices that increase diversity and inclusion in software
engineering. Following the age-old tenet that “you cannot manage what you
don’t measure”, the Hyperledger Diversity, Civility, and Inclusion (DCI)
Working Group is focused on “measuring and improving the health of our open
source community.” In the OpenJS community, the Node+JS diversity
scholarship program provides support to those from traditionally
underrepresented or marginalized groups in the technology or open source
communities who may not otherwise have the opportunity to attend the event for
financial reasons. At KubeCon + CloudNativeCon this year, The Cloud Native
Computing Foundation announced The Inclusive Naming Initiative to help remove
harmful, racist, and unclear language in software development. At IBM, we had
a similar program underway, and we have joined the CNCF initiative to further
the cause. ... The AI Inclusive initiative seeks to increase the
representation and participation of gender minority groups in AI. They offer
offers events, tutorials, workshops, and discussions to guide community
members in their AI careers.
Homomorphic Encryption: The 'Golden Age' of Cryptography
The origins of homomorphic encryption date back to 1978. That's when a trio of
researchers at MIT developed a framework that could compute a single
mathematical operation (usually addition or multiplication) under the cover of
encryption. The concept gained life in 2009, when Craig Gentry, now a research
fellow at the blockchain-focused Algorand Foundation, developed the first
fully homomorphic encryption scheme for his doctoral dissertation at Stanford
University in 2009. Gentry's initial proof was simply a starting point. Over
the past decade, security concerns related to cloud computing, the Internet of
Things (IoT), and the growing demand for shared and third-party data have all
pushed the concept forward. Along the way, more powerful homomorphic
algorithms have emerged. Today, the likes of IBM and Microsoft have entered
the space, along with the US Defense Advanced Research Projects Agency (DARPA)
and an array of startups. "There is a tremendous benefit to being able to
perform computations directly on encrypted data," says Josh Benaloh, senior
cryptographer at Microsoft Research. "This allows computations to be
outsourced without risk of exposing the data."
How to securely hash and store passwords in your next application
A "salt" is a random piece of data that is often added to the data you want to
hash before you actually hash it. Adding a salt to your data before hashing it
will make the output of the hash function different than it would be if you
had only hashed the data. When a user sets their password (often on signing
up), a random salt should be generated and used to compute the password hash.
The salt should then be stored with the password hash. When the user tries to
log in, combine the salt with the supplied password, hash the combination of
the two, and compare it to the hash in the database. Without going into too
much detail, hackers commonly use rainbow table attacks, dictionary attacks,
and brute-force attacks to try and crack password hashes. While hackers can't
compute the original password given only a hash, they can take a long list of
possible passwords and compute hashes for them to try and match them with the
passwords in the database. This is effectively how these types of attacks
work, although each of the above works somewhat differently. A salt makes it
much more difficult for hackers to perform these types of attacks. Depending
on the hash function, salted hashes take nearly exponentially more time to
crack than unsalted ones.
SaaS security in 2021
It’s clear to IT leaders that unvetted SaaS solutions (shadow IT) pose a
variety of risks, including exposure of sensitive information, data ownership
issues and regulatory compliance problems. The question is who is best suited
to mitigate those risks, and in 2021, more companies will find that it takes a
multidisciplinary strategy. A proactive governance approach requires a defined
process involving a multidisciplinary team that ensures visibility and
directly addresses risks to keep exposure within acceptable levels. Companies
have to classify data in terms of integrity, confidentiality and availability
to find the ideal balance between security and costs and determine acceptable
risk levels. Cloud providers share responsibility to keep data secure along
with the company, so it’s important to define exactly who is responsible for
what. Companies typically manage user access, endpoint devices and data while
SaaS vendors oversee apps, virtual machines, databases, etc. To fulfill their
governance objectives, IT leaders will look for SaaS providers that offer
multiple configuration options, including password settings/identity
federations and authorization models, as well as availability plans to meet
goals related to recovery time and recovery points.
Top five telecoms trends for 2021
5G has had many false starts, but 2021 could be the year when it really starts
to take a predominant role in the telecoms space. With so many people now
working remotely and using collaboration and messaging tools or video calls to
communicate, we’ve started to see the demise of the traditional phone call. 5G
is the ideal solution to replace landlines, using a SIM card as a fixed
wireless access (FWA) to a cell tower, rather than having to install fibre
cables physically into streets and homes. Investing in 5G infrastructure to
give more workers around the country access to high quality, superfast
connectivity is looking more and more like a political imperative to keep as
much of the economy as possible working and productive. If it’s in the
national interest, we might even see government support being provided to
networks to deliver widespread 5G… or so networks will be hoping. ... Working
from home has been a dominant theme of the coronavirus pandemic. Even if
vaccination programmes soon return life to “normal” next year, some workplaces
may not reopen their doors, on the basis that there is no longer a compelling
commercial case to maintain a physical presence. All the necessary
infrastructure businesses need to function, including telecoms, can be hosted
in the public cloud. Remote connectivity is all they need.
The future of work is happening now thanks to Digital Workplace Services
It’s absolutely true that the pandemic elevated digital workplace technology
from being a nice-to-have, or a luxury, to being an absolute must-have. We
realized after the pandemic struck that public sector, education, and more
parts of everyday work needed new and secure ways of working remotely. And it
had to become instantaneously available for everyone. You had every C-level
executive across every industry in the United States shifting to the remote
model within two weeks to 30 days, and it was also needed globally. Who better
than Dell on laptops and these other endpoint devices to partner with Unisys
globally to securely deliver digital workspaces to our joint customers? Unisys
provided the security capabilities and wrapped those services around the
delivery, whereas we at Dell have the end-user devices. ... One of the big
challenges in a merger or acquisition is how to quickly get the acquired
employees working as first-class citizens as quickly as possible. That’s
always been difficult. You either give them two laptops, or two desktops, and
say, “Here’s how you do the work in the new company, and here’s where you do
the work in the old company.”
7 predictions for what lies ahead for health tech in 2021
The industry has heard about advances in AI for years, but in 2021, healthcare
will start to see the benefits of machine learning in solutions that are
highly scalable, predicts Tom Knight, CEO of Invistics. New technology funded
by the National Institutes of Health (NIH), for example, can detect and fix
many problems with medication administration, while helping to raise hospital
revenues by millions of dollars annually, Knight said. Providers are
increasingly accepting AI’s role in medicine and the capability to identify
sequences and trends in data that humans cannot,” said Yann Fleureau,
co-founder and CEO of Cardiologs. Kimberly Powell, vice president and general
manager at NVIDIA Healthcare, predicts that hospitals will get “smarter.”
Similar to the experience at home, smart speakers and smart cameras will help
automate and inform activities. The technology, when used in hospitals, will
help scale the work of nurses on the front lines, increase operational
efficiency and provide virtual patient monitoring to predict and prevent
adverse patient events, said Powell. ... John Matthews, managing director of
healthcare and life sciences at Teradata, said the smart money is on leaders
that recognize the difference between solutions that solve problems and trends
that attract mob mentality and next-silver-bulletism.
Remote work: 10 ways to upgrade your working from home setup
Cybersecurity is more important than ever for this newly distributed and
heterogeneously equipped workforce, for whom commuting is a fading memory (along
with real-world interaction with colleagues and clients). Although there are
obvious downsides to remote working, including work/life balance and long-term
mental health, many of us are likely to continue working from home on a regular
basis after the pandemic. That being so, it's obviously a good idea to have the
best equipment for the job: there's a big difference between spending a couple
of hours on your laptop at the kitchen table outside normal working hours and
making this arrangement your primary workspace. To get an idea of the kind of
setups that knowledge workers should be looking at in 2021 and beyond, it's
worth examining the contents of ZDNet contributors' home offices, as featured on
this site over recent weeks. These are journalists who have been working from
home for years, and who are also, by definition, up-to-speed with the latest
technology. This means that their gear is mostly at the power-user end of the
knowledge worker spectrum, giving a good indication of what may become standard
fare in the 'new normal'.
Quote for the day:
“People rarely succeed unless they have fun in what they are doing.” -- Dale Carnegie
No comments:
Post a Comment