Daily Tech Digest - February 09, 2021

Digital transformation strategy: 7 factors to re-examine about yours now

In the rush to adjust to work-from-home orders, seismic supply and demand shifts, changing customer and partner needs, and a global health crisis, some shortcuts may have been taken, or longer views set aside. Heading into 2021, IT leaders can take a step back to reassess some important aspects of their digital transformation efforts to make sure they’re on the right track not only for 2021 but beyond. ... While the urgency to transform was necessary, some initiatives conceived or implemented in haste may deserve a second or even third look. “Some may have implemented changes at a pace that didn’t allow for the standard level of care and detail that would normally go into digital transformation projects. Others pivoted away from their technical roadmap,” says Greg Stam, managing director in the CIO advisory at digital business consultancy AHEAD. “It’s critical to re-baseline your digital transformation strategy, starting with any new business goals.” ... “As so many IT leaders scrambled to implement new technologies to help employees remain productive and connected from home, some may be starting to find that the tools they implemented aren’t really serving their true purpose,” says Rob Wiley

Understanding Linus's Law for open source security

Some people assume that because major software is composed of hundreds of thousands of lines of code, it's basically impossible to audit. Don't be fooled by how much code it takes to make an application run. You don't actually have to read millions of lines. Code is highly structured, and exploitable flaws are rarely just a single line hidden among the millions of lines; there are usually whole functions involved. There are exceptions, of course. Sometimes a serious vulnerability is enabled with just one system call or by linking to one flawed library. Luckily, those kinds of errors are relatively easy to notice, thanks to the active role of security researchers and vulnerability databases. Some people point to bug trackers, such as the Common Vulnerabilities and Exposures (CVE) website, and deduce that it's actually as plain as day that open source isn't secure. After all, hundreds of security risks are filed against lots of open source projects, out in the open for everyone to see. Don't let that fool you, though. Just because you don't get to see the flaws in closed software doesn't mean those flaws don't exist. In fact, we know that they do because exploits are filed against them, too. The difference is that all exploits against open source applications are available for developers (and users) to see so those flaws can be mitigated.

World Economic Forum calls cybersecurity one of the "key threats of the next decade"

The analysts behind the report called cybersecurity failure among the "highest likelihood risks" of the next 10 years and IT infrastructure breakdown "among the highest impact risks of the next decade." In a survey of experts included in the report, 39% of respondents said cybersecurity failure was a critical threat to the world right now and ranked as the most pertinent risk on the list after infectious disease, extreme weather events, and livelihood crises. Nearly 50% said it would be a concern for the next three to five years. The report suggests that in order to make the transition to a fully digital world more smooth, multiple things need to be changed, including "insisting on security and privacy by design in the development of new technologies and digital services." Hitesh Sheth, president and CEO at cybersecurity firm Vectra, said the only surprise in the World Economic Forum Global Risks Report is that cybersecurity failure wasn't ranked higher. "Without secure, high-functioning IT, addressing all the other crises the report names, from climate to digital inequality, becomes much harder. For years our well-understood cyber vulnerabilities have been met with too much rhetoric, too little real action," Sheth said.

UK's leading AI startup and scaleup founders highlight the main pain points of running a fast growth business in the AI sector

“Finding enough time to really invest in strategy” is a significant challenge, according to Miriam Cha, COO and co-founder at Rahko. “We work in two very rapidly evolving areas — AI for drug/material discovery and quantum computing — so developing and continually adapting and refining a strategy that will win requires a lot of careful thought and deep discussion. “We have four founders at Rahko, and we come together very regularly for strategy sessions that can last several days, with the understanding that no one does anything else until we have answered the questions we need answered. This has taken a huge amount of discipline to maintain, but has meant that we are able to make really well thought-out decisions and head in what we believe between us to be the right direction.” Ky Nichol, CEO at Cutover, adds that “it’s hard to maintain focus on strategic goals, with new opportunities and use cases for our capabilities emerging constantly, it’s important to maintain a resilient perspective and prioritise our strategic objectives.” Tim Weil, CEO at Navenio, also agrees that developing a solid business strategy with a team that is all moving in the right direction is essential for the success of any fast growth business, in the AI sector or otherwise.

The future of work: Coming sooner than you think

Zero trust is a general framework in which every user and every system must authenticate itself continually, so if a breach occurs, attackers can’t move laterally to compromise other systems across the organization. SASE is a more recent scheme that combines SD-WAN and security into a single, simplified cloud service that can be scaled easily. Together, they can go a long way to reduce the risks incurred by remote work at scale. But there’s more to a bright future of work than technology solutions. Effective remote management, an area where software development managers tend to have extensive experience, may be most important of all. InfoWorld contributor and former CIO Isaac Sacolick has been there, and in “7 best practices for remote development teams,” he outlines some tried-and-true techniques – including continuous, transparent planning. Sacolick also observes that automation can help simplify remote development, such as automated testing and change management. It’s important to acknowledge, though, that not all jobs can be remote. Network World contributor Zeus Kerravala pinpoints the skills necessary to run the data center of the future in “How the data center workforce is evolving,” which cites an Uptime Institute study predicting a 15% rise in on-prem data center jobs over six years.

Quantum Leap: Scientists Build Chip That Can Handle Thousands Of Qubits

Quantum computers are at a similar stage that classical computers were in their 40s when machines needed control rooms to function. However, this chip, according to the scientists, is the most advanced integrated circuit ever built to operate at deep cryogenic temperatures. “The quantum computers that we have now are still lab prototypes and are not commercially relevant yet. Hence, this is definitely a big step towards building practical and commercially relevant quantum computers,” said Mr Viraj Kulkarni, “But I think that we are still far away from it. “This is because of the ‘Error Correction’. Any computing device always has errors in it and no electronic device can be completely perfect. There are various techniques that computers use to correct those errors. “Now the problem with quantum computing is that qubits are very fragile. Even a slight increase in temperature, vibrations, or even cosmic rays can make qubits lose their quantumness, and this introduces errors. So the key question of whether we can really control these errors is still relevant.” Nivedita Dey, research coordinator at Quantum Research and Development Labs, said the qubit noise is still a roadblock in developing quantum computers.

A Beginners Guide to Using Django’s Impressive Data Management Abilities

Django is a Python Web framework which helps developers to bring applications from concept to completion as fast as possible.¹ A High-level framework like Django offers a comprehensive set of features for web development like an HTTP application server, a storage mechanism such as a database, a template engine, a request dispatcher and an authentication module. As I mentioned before, I try to focus on the part of Django that allows you to interact with your relational databases, the Object-Relation Mapper (ORM).³ The ORM brings you all functions to create and manipulate data and tables of your database without using any SQL commands. What I tried to explain with the following image, each Django App includes a module named mocels.py, which defines the structure of the database tables you want to create. To translate the Python Objects into database tables, the ORM comes into place. The ORM is responsible for the communication with your database, which includes the translation of your defined models into the right database structure and the execution of any database operations.

A Day with Intel on Hacking and Scaling Machine Learning with Open Source

Machine learning models are designed to be resilient, flexible and meet business goals but often, engineers who build the product and algorithms face obstacles to ensure that it works reliably, quickly and at scale. Frameworks are not easy to use. As many of the world’s leading organizations embrace approaches to scaling machine learning, Intel is offering the tools, applications and hardware to make it easier for developers to build, deploy and manage artificial intelligence and machine learning models that can be used by tens of thousands of people instead of just a few. ... Join us on Feb. 10 at 9 a.m. PT for a live Day of Machine Learning with Intel discussion, where we’ll dive deeper into oneAPI. We’ll explore the software at scale issues with machine learning and the hardware needed for it. We’ll look at the tools and the infrastructure that is used for developing, deploying and managing the algorithms. We’ll also dive into questions around how Intel’s oneAPI toolkit is a way to resolve problems that teams face, and how oneAPI fits with existing frameworks such as PyTorch and TensorFlow.

What's New in IT Security?

If the plan is to install a new software or security package, or to update software from a vendor across a plurality of devices, the coordination of the software or software upgrade release should be uniformly executed across all end users and locations, and across all devices and platforms. Commercially available software distribution platforms are available to assist with this task. The preferred method of performing software and security upgrades is a “push” distribution of any new software release in which IT pushes out the new software or software upgrade to the end device, network or platform automatically. This is in contrast to the “pull” method that notifies the user that a new version of software is available, but that depends upon the user to pull or download the new release onto his or her device or network. “Pull” is the better methodology because you don’t have to worry about users failing to perform a download, leaving themselves (and the company) open to security vulnerabilities that a new software release can resolve. The SolarWinds compromise occurred because malware had gotten embedded in a software release that clients were installing. The lesson for IT is to vet your vendors’ security practices as they pertain to data centers, operational software, business partners and the end products that they are selling to you.

Hacker Breached Florida City's Water Treatment System

A hacker breached a Florida city's water treatment network on Friday, increasing the amount of lye that would have been added to the water to a dangerous level. But city officials in Oldsmar, Florida, say they were able to spot the intrusion and quickly reverse the setting before it took effect. Reuters reports that the intruder was able to access the water treatment network software after first gaining access to TeamViewer remote access and control software. "Importantly, the public was never in danger," Pinellas County Sheriff Bob Gualtieri said during a Monday press conference. Oldsmar, Florida, which is about 17 miles northwest of Tampa, has a population of about 15,000. In recent years, officials have focused increasing attention on the security of industrial control systems used to manage municipalities' electricity and water. Such systems often are connected to the internet and could pose vast public safety risks if infiltrated by hackers. Questions will likely now be raised about how the city used and configured TeamViewer for remote access, including which access controls were in place. TeamViewer has long been an attractive target because it's designed to give administrators full, remote access to and control of systems.

Quote for the day:

"At the heart of great leadership is a curious mind, heart, and spirit." -- Chip Conley

No comments:

Post a Comment