When Kubernetes is not the solution
Automation and orchestration are frequent reasons to leverage Kubernetes. Keep
in mind that automation and orchestration often get confused, and for good
reason. Automation can help make a business process more efficient by reducing
or removing human involvement with software or hardware that performs specific
tasks. For example, automation can launch a process to reorder raw materials
automatically when other processes notice that supplies are below a specific
level. In short, a single task is automated. Orchestration, in contrast, allows
you to automate a workflow. Orchestration can keep track of sequence and
activities, and can even invoke many single-task automations that are part of
the workflow. Orchestration is a powerful Kubernetes tool that also allows you
to invoke services such as database access across disparate systems. What's
happening now is that many developers and architects choose Kubernetes to
automate processes using the orchestration engine. That’s like hitting a
thumbtack with a sledgehammer. You’ll end up spending way too many dollars on
development and cloud resources to solve a simple, specific problem. Another
fact that often gets overlooked is that Kubernetes is a complex system itself;
it requires special expertise and at times can increase risk.
Learning from Incidents
When we use language that wraps up complexity in a neat parcel like “human
error,” or we make counterfactual assertions (“system X should be able to detect
this scenario,”) we give participants in our investigation the opportunity to
agree with something that might be true given what we know in hindsight, but
which does not help us understand the behaviour of the people or systems during
the incident. Everyone in the room can nod and acknowledge that the human did
indeed make a mistake, or that system “X” really should have detected the issue.
Have you understood anything new about how your system really works? Unlikely.
Secondly, when we ignore power structures and the social dynamics of the
organizations we work in, we risk learning less. Asking “why” questions can put
people on the defensive, which might make them less likely to speak frankly
about their own experience. This is especially important when the person being
asked is relatively less powerful in the organisation. “Why did you deploy that
version of the code?” can be seen as accusatory. If the person being asked is
already worried about how their actions will be judged, it can close down the
conversation. “During this incident you deployed version XYZ.
4 Ways Blockchain Could Catapult Into the Mainstream
We are used to storing valuables at home such as money, jewelry or art.
However, when the value of these goods exceed what we can insure, or what we
feel safe in keeping at home, we usually turn to banks or special custodians
as more convenient safeguards for storing our liquid
assets. Cryptocurrency offers alternative storage options via personal
wallets or easy on-ramps to exchanges or a new category of crypto custodians
that possess their own secure vaults. Today, many self-custody wallets already
exist, allowing users to experience the self-service option for assets
storage. Those same wallets also enable the storage of another blockchain
novelty: “digitally unique” artifacts also known as non-fungible tokens (or
NFTs; think CryptoKitties). In the long term, banks and old-style physical
storage services may not be the most popular or safest storage methods
anymore. Being your own custodian is an attractive value proposition that
comes with a degree of freedom and efficiency, as long as its relative ease of
use and trust levels continue to improve. Many users will gradually de-bank
their assets and move them into self-custody to take advantage of new services
that are only available in the blockchain world.
Security's Inevitable Shift to the Edge
Many security architects are initially attracted to the SASE model as it helps
them apply security controls at the optimal location in their rapidly changing
architecture. That optimal location is the edge of the Internet, which will be
close to any infrastructure-as-a-service (IaaS) or co-location facility that
the business uses today or in the future. The edge deployment model provides
agility for hybrid multicloud organizations and is well suited to changes to
IaaS vendor or new locations from mergers and acquisitions. The flexibility of
deploying security inspection at the edge means that, regardless of shifts in
the location of compute, security inspection can be performed at a local edge
node. This provides for optimized routing of traffic and avoids what Gartner
describes as the unnecessary "tromboning of traffic to inspection engines
entombed in enterprise data centers." Furthermore, since multicloud is the
predominant architecture, deploying security at a homogeneous edge makes more
sense than trying to engineer consistent controls using heterogeneous
capabilities available at various cloud security providers (CSPs). Another
driver for SASE is the migration of users outside of the traditional corporate
offices.
Cisco bolsters edge networking family with expanded SD-WAN, security options
Among the four new models is a low-end box – the Cisco Catalyst 8500L – that's
aimed at entry-level 1G/10G aggregation use cases, Cisco stated. The 1RU form
factor 8500L is powered by 12 x86 cores and features up to 64GB memory to
support secure connectivity for thousands of remote sites and millions of
stateful NAT and firewall sessions, wrote Archana Khetan, senior director of
product management for Enterprise Routing and SD-WAN Infrastructure at Cisco,
in a blog about the new boxes. Businesses find that establishing
aggregation sites at either core locations or colocations helps them own the
first mile on their branch and remote-worker connectivity to the internet and
other software-defined cloud interconnects, Khetan stated. "The Catalyst 8500L
provides ultra-fast IPsec crypto performance and advanced flow-based
forwarding to keep up with the demands of today's high-speed, secure
connectivity," Khetan stated. Targeting the branch, Cisco added the
Catalyst 8200, which supports eight CPU cores for high-performance packet
forwarding and 8GB of default RAM to run the latest security services, Khetan
stated. The Catalyst 8200 Series supports up to 1Gbps of aggregate forwarding
throughput, which is double the performance of its ISR 4300 predecessor,
according to Khetan.
Ransomware: Should Governments Hack Cybercrime Cartels?
One proposal has been to ban all ransom payments. Whether such bans could be
enforced is not clear. Also, organizations that did their best to safeguard
themselves, but still saw their systems get crypto-locked, could go out of
business or suffer devastating interruptions due to a ban. Short of a ban,
Ciaran Martin, an Oxford University professor of practice in the management of
public organizations who until last August served as the British government's
cybersecurity chief, says governments should at least crack down on insurers
being able to help victims funnel payoffs to attackers. "I see this as so
avoidable. At the moment, companies have incentives to pay ransoms to make
sure this all goes away," Martin tells The Guardian, expanding on suggestions
he's previously made. "You have to look seriously [at] changing the law on
insurance and banning these payments, or at the very least, having a major
consultation with the industry." Responding to suggestions that ransom
payments be banned, a spokesman for the Association of British Insurers tells
Information Security Media Group: "Insurance is not an alternative to managing
the cyber ransomware risk; it is part of a toolkit to combat this crime." The
spokesman also notes that policyholders must have all "reasonable precautions"
in place.
Experts predict hot enterprise architecture trends for 2021
There is increasing competition in enterprise architecture tools, with a lot of
new players. There's going to be more investing in R&D. Hopefully, that
means customers will get better tools for their EA initiatives. We'll see tools
going in different directions and having different focuses. The newer generation
of tools is typically data-driven. You don't draw your architecture. It is
basically derived from the data you put into the tools. That opens up different
uses for data analytics to create future-state scenarios, quantify the benefits
to the business and use that to make strategic decisions. You can do
organizational modeling. It's difficult to do that unless you have a data-driven
approach, because you would have to create every single future-state scenario.
The entire delivery vehicle for the newer tools is cloud only, so you can deploy
more rapidly. Companies that have moved to the cloud over the last couple of
years realize that you can't be in one cloud anymore. You have to be in multiple
clouds in order to ensure redundancy. That's another area where EA tools are
focusing, creating native integration with these modern-day cloud environments
and using enterprise architecture practices to manage and model them.
Streamlining cloud compliance through automation
The first is inherent in compliance with any cybersecurity and privacy
requirement, and the cloud doesn’t make it go away (in fact, it arguably makes
it worse) – and that’s the time it takes to audit. Companies preparing for
audits must sink significant time and effort (hundreds of hours, every audit,
across multiple requirements) into collecting a vast amount of technical data
on information security controls and processes. Manually collecting data,
taking screenshots, and organizing evidence takes that time away from cloud
and DevOps teams that could otherwise be spent building new products or
services. ... Second, security capabilities meant for on-premises environments
no longer apply when companies begin migrating to the cloud, making evidence
gathering all the more complicated. Quite simply, the cloud creates a new
paradigm, forcing companies to re-architect the best security practices they
have spent years perfecting, i.e., to fundamentally start from scratch. Third,
software development and change management in the cloud moves at light speed
compared to more traditional monolithic application updates, and it can be
difficult for companies to keep up with the security and privacy implications
of that ever-changing cloud environment.
How to deliver an effective technology strategy in 2021
Technology strategies, like data strategies and digital transformations can no
longer be considered in isolation. Having the right technology platform is
just one of a number of critical enablers to being competitive, agile and
innovative in the 2020s. The growing trend for business transformation is a
holistic approach which recognises to succeed, technology, data and digital
transformations need to be tackled together, or at least in parallel. In the
2020s businesses can be divided between those who are disrupting and those
being disrupted. Disruptors enter categories with a transformative new
product, service or customer experience — posing an existential threat to the
existing players. Disruptors are digital, data and technology first companies,
leveraging these as assets in the battleground of customer experience. Any
technology strategy should be intertwined with a data strategy. It should be
focused on delivering the customer approach to serve the overall business
plan. I appreciate that sounds a lot harder than focusing just on technology,
but the alignment needs to be embraced rather than avoided if the desired
outcomes are to be achieved. The world is littered with technology that’s easy
to buy, more challenging to implement and often only partially or completely
unused.
Cybersecurity, Modernization Top Priorities for Federal CIOs
One significant focus not covered by the first 100 day plan but indicated in
the proposed stimulus package is a response to something more recent -- the
SolarWinds hack, which has impacted both government and commercial IT
organizations. In response the new administration is putting a new focus on
cybersecurity, adding provisions that cover this area to the COVID-19 stimulus
package. While it needs to go through Congress, the American Rescue Plan from
the administration calls for a total of more than $10 billion for
cybersecurity and IT modernization efforts, plus some other IT-related areas.
"In addition to the COVID-19 crisis, we also face a crisis when it comes to
the nation's cybersecurity," a brief of the plan says. "The recent
cybersecurity breaches of federal government data systems underscore the
importance and urgency of strengthening US cybersecurity capabilities.
President-elect Biden is calling on Congress to launch the most ambitious
effort ever to modernize and secure federal IT and networks." Even if it
doesn't remain in the stimulus package that Congress ultimately passes, the
Biden administration's inclusion of funding for cybersecurity highlights just
what a priority this area is for the administration going forward.
Quote for the day:
"If we were a bit more tolerant of
each other's weaknesses we'd be less alone." --
Juliette Binoche
No comments:
Post a Comment