2020 was undeniably the year of digital. Organizations that had never dreamed of digitizing their operations were forced to completely transform their approach. And automation was a big part of that shift, enabling companies to mitigate person-to-person contact and optimize costs while ensuring uninterrupted operations. In 2021, hyperautomation seems to be the name of the game. According to Gartner, “Hyperautomation is the idea that anything that can be automated in an organization should be automated.” Especially for companies that implemented point solutions to adapt and survive in 2020, now is the time to intelligently automate repeatable, end-to-end processes by leveraging bots. With hyperautomation, CIOs can implement new-age technologies such as business process management, robotic process automation, and artificial intelligence (AI) to drive end-to-end automation and deliver superior customer experience. A steadily growing customer experience trend is to “be where the customer is.” Over the past decade, forward-thinking organizations have been working to engage customers according to their preferences of when, where, and how.
It's vital first to understand the risk of third-party applications. In an ideal world, each potential application or extension is thoroughly evaluated before it's introduced into your environment. However, with most employees still working remotely and you and your administrators having limited control over their online activity, that may not be a reality today. However, reducing the risk of potential data loss even after an app has been installed is still critically important. The reality is that in most cases, the threats from third-party applications come from two different perspectives. First, the third-party application may try to leak your data or contain malicious code. And second, it may be a legitimate app but be poorly written (causing security gaps). Poorly coded applications can introduce vulnerabilities that lead to data compromise. While Google does have a screening process for developers (as its disclaimer mentions), users are solely responsible for compromised or lost data (it sort of tries to protect you … sort of). Businesses must take hard and fast ownership of screening third-party apps for security best practices. What are the best practices that Google outlines for third-party application security?
Cloud native environments and applications such as mobile, serverless and Kubernetes are constantly changing, and traditional approaches to app security can’t keep up. Despite having many tools to manage threats, organizations still have blind spots and uncertainty about exposures and their impact on apps. At the same time, siloed security practices are bogging down teams in manual processes, imprecise analyses, fixing things that don’t need fixing, and missing the things that should be fixed. This is building more pressure on developers to address vulnerabilities in pre-production. In 2021, we’ll increasingly see organizations adopt DevSecOps processes — integrating security practices into their DevOps workflows. That integration, within a holistic observability platform that helps manage dynamic, multicloud environments, will deliver continuous, automatic runtime analysis so that teams can focus on what matters, understand vulnerabilities in context, and resolve them proactively. All this amounts to faster, more secure release cycles, greater confidence in the security of production as well as pre-production environments, and renewed confidence in the idea that securing applications doesn’t have to come at the expense of innovation and faster release cycles.
Meeting the Challenges of Disrupted Operations: Sustained Adaptability for Organizational Resilience
While one might argue that an Agile approach to software development is the same as resilience - since at its core it is about iteration and adaptation. However, Agile methods do not guarantee resilience or adaptive capacity by themselves. Instead, a key characteristic of resilience lies in an organization’s capacity to put the ability to adapt into play across ongoing activities in real time; in other words, to engineer resilience into their system by way of adaptive processes, practices, coordinative networks in service of supporting people in making necessary adaptations. Adaptability, as a function of day-to-day work, means to revise assessments, replan, dynamically reconfigure activities, reallocate & redeploy resources as the conditions and demands change. Each of these "re" activities belies an orientation towards change as a continuous state. This seems self-evident - the world is always changing and the faster the speed and greater the scale - the more likely changes are going to impact your plans and activities. However, many organizations do not recognize the pace of change until it’s too late. Late stage changes are more costly - both financially at the macro level and attentionally for individuals at a micro-level.
To most people, MS Excel is a spreadsheet application that stores data in tabular format and performs very basic mathematical operations. But in reality, Excel is a powerful computation tool that can solve complicated problems. Excel also has many features that allow you to create machine learning models directly into your workbooks. While I’ve been using Excel’s mathematical tools for years, I didn’t come to appreciate its use for learning and applying data science and machine learning until I picked up Learn Data Mining Through Excel: A Step-by-Step Approach for Understanding Machine Learning Methods by Hong Zhou. Learn Data Mining Through Excel takes you through the basics of machine learning step by step and shows how you can implement many algorithms using basic Excel functions and a few of the application’s advanced tools. While Excel will in no way replace Python machine learning, it is a great window to learn the basics of AI and solve many basic problems without writing a line of code. ... Beyond regression models, you can use Excel for other machine learning algorithms. Learn Data Mining Through Excel provides a rich roster of supervised and unsupervised machine learning algorithms, including k-means clustering, k-nearest neighbor, naive Bayes classification, and decision trees.
For too long in too many organizations, IT and security have viewed themselves as two different disciplines with fundamentally different missions that have been forced to work together. In companies where this tension exists, the disconnect stems from the CIO’s focus on delivery and availability of digital services for competitive advantage and customer satisfaction – as quickly as possible – while the CISO is devoted to finding security and privacy risks in those same services. The IT pros tend to think of the security teams as the “Department of No.” Security pros view the IT teams as always putting speed ahead of safety. Adding to the strain, CISOs are catching up to CIOs in carving out an enhanced role as business strategists, not merely technology specialists. The CIO’s main role was once to deliver IT reliably and cost-effectively across the organization, but while optimizing infrastructure remains a big part of the job, today’s CIO is expected to be a key player in leading digital transformation initiatives and driving revenue-generating innovation. The CISO is rapidly growing into a business leader as well.
Working from home means many of us are now living online for between 10 and 12 hours a day, getting very little respite with no gaps between meetings and no longer having a commute. We’ll see more human errors causing cyber security issues purely driven by employee fatigue or complacency. This means businesses need to think about a whole new level of IT security education programme. This includes ensuring people step away and take a break, with training to recognise signs of fatigue. When you make a cyber security mistake at the office, it’s easy to go down and speak to a friendly member of your IT security team. This is so much harder to do at home now without direct access to your usual go-to person, and it requires far more confidence to confess. Businesses need to take this human error factor into consideration and ensure consistent edge security, no matter what the connection. You can no longer just assume that because core business apps are routing back through the corporate VPN that all is as it should be. ... It took most companies years to get their personally identifiable information (PII) ready for GDPR when it came into force in 2018. With the urgent shift to cloud and collaboration tools driven by the lockdown this year, GDPR compliance was challenged.
The tactic of adding a layer of data extraction and then a threat to make the stolen information public if the victim refuses to pay the ransom became the go-to tactic for many ransomware groups in 2020. This technique first appeared in late 2019 when the Maze ransomware gang attacked Allied Universal, a California-based security services firm, Malwarebytes reported. "Advanced tools enable stealthier attacks, allowing ransomware operators to target sensitive data before they are detected, and encrypt systems. So-called 'double extortion' ransomware attacks are now standard operating procedures - Canon, LG, Xerox and Ubisoft are just some examples of organizations falling victim to such attacks," Cummings says. This exploded this year as both Maze and other gangs saw extortion as a way to strong-arm even those who prepared for a ransomware attack by properly backing up their files but could not risk the data being exposed, says Stefano De Blasi, threat researcher at Digital Shadows. "This 'monkey see, monkey do' approach has been extremely common in 2020, with threat actors constantly seeking to expand their offensive toolkit by mimicking successful techniques employed by other criminal groups," De Blasi says.
Most experts see edge and cloud approaches as complementary parts of a larger strategy. Nebolsky said that cloud AI is more amenable to batch learning techniques that can process large data sets to build smarter algorithms to gain maximum accuracy quickly and at scale. Edge AI can execute those models, and cloud services can learn from the performance of these models and apply to the base data to create a continual learning loop. Fyusion's Miller recommends striking the right balance -- if you commit entirely to edge AI, you've lost the ability to continuously improve your model. Without new data streams coming in, you have nothing to leverage. However if you commit entirely to cloud AI, you risk compromising the quality of your data -- due to the tradeoffs necessary to make it uploadable, and lack of feedback to guide the user to capture better data -- or the quantity of data. "Edge AI complements cloud AI in providing access to immediate decisions when they are needed and utilizing the cloud for deeper insights or ones that require a broader or more longitudinal data set to drive a solution," Tracy Ring, managing director at Deloitte said. For example, in a connected vehicle, sensors on the car provide a stream of real-time data that is processed constantly and can make decisions, like applying the brakes or adjusting the steering wheel.
We can ensure the quality of testing by: Making sure we have enough information about a new client requirement and the team understands it; Validating results including results which are stochastic; Making sure the results make sense; Making sure the product does not break; Making sure no repetitive bugs are found, in other words, a bug has been fixed properly; Making sure to pair up with developers and data scientists to understand a feature better; If you have a front end dashboard showcasing your results, making sure the details all make sense and have done some accessibility testing on it too; and Testing the performance of the runs as well, if they take longer due to certain configurations or not. ... As mentioned above, I learned that having thresholds was a good option for a model that delivers results to optimise a client’s requests. If a model is stochastic then that means certain parts will have results which may look wrong, but they are actually not. For instance, 5 + 3 = 8 for all of us but the model may output 5.0003, which is not wrong, but with a stochastic model what was useful was adding thresholds of what we could and couldn’t accept. I would definitely recommend trying to add thresholds;
Quote for the day:
“Failure is the opportunity to begin again more intelligently.” -- Henry Ford