Daily Tech Digest - April 02, 2021

Open banking is big. Here’s why open finance is bigger

Open finance will improve the experience for customers in the U.S., but they won’t really notice it directly, Costello says. However, under the hood, they’ll benefit from more reliability and more symmetric customer protection end to end — and that will make a big difference. This move to a regulated open finance experience will give customers not just uniform access to all of the data, but under the same umbrella of symmetric customer protection, their payment account data will be as safe as their loan data, payroll data, and so on. “The customer experience for the person who needs to use these services but is reluctant to is going to be incredibly positively impacted,” he says. “Now they’re going to have enough trust in these tools and services to know that if they’re harmed in some way, if there’s a breach in the system or a bad actor, they’re going to be protected.” “As this ecosystem takes off, the data that is being generated, correlated, and used is beneficial not just for the consumer and their direct third-party service providers, but by all thirdparty service providers,” Costello says

5 key cybersecurity risks in 2021, and how to address them now

Cybersecurity technologies have become more advanced and more available than ever, and this has led to a consistent pattern of over-reliance on point products to defend against threats. While technology is essential to this mission, it isn’t a standalone solution. Oftentimes, mid-market businesses lack dedicated cybersecurity resources that are just as valuable. This skill shortage has been heightened by the pandemic, as the network diagram has expanded to include surfaces like at-home PCs and other WFH access points. According to the Verizon DBIR, almost one in three data breaches in 2020 involved small businesses, and mitigation will take a planned combination of both people, processes and technology. Hiring more security professionals, especially with the growth in demand, can be an expensive undertaking. Rather than investing in an internal 24/7 security operations center (SOC), outsourcing this work has become an appealing option that is a cost-effective and essential addition to your defense strategy. This team can work in a way that unifies disparate technologies with process to create a singular, strong point of visibility.

Is the Future of Manufacturing Automated or Autonomous?

Manufacturing autonomy is not just a good idea, it’s a timely idea, offering a chance to democratize both manufacturing and innovation. By creating autonomous and automated manufacturing solutions, it is possible to substantially reduce the labor cost element in manufacturing, allowing higher labor cost regions to bring manufacturing home. This is extremely timely given the desire of most nations to use manufacturing as part of their post-pandemic recovery strategy. And the pandemic isn’t the only driver or acceleration. The Covid-19 pandemic came on the back of a bitter trade war between the US and China, creating a perfect storm of disruption that has led to a real desire to restore supply chains to make nations more resilient to future risk. Both Theo and Yoav agree that autonomous and automated manufacturing solutions offer the only route to competitiveness for the US and for Western Europe, where the benefits of massive consumer markets are offset by high labor rates. Consumers want to buy products made locally, but they don’t want to pay more for, or get less from, those products. 

CISA Orders Agencies to Recheck for Exchange Compromises

CISA is requiring federal agencies that use on-premises Exchange servers to conduct two exercises by noon Monday. The agencies must run Microsoft's Safety Scanner tool, also known as MSERT, in full scan mode and report those results to CISA. This tool, which was released last month, can detect web shells used during attacks that target the ProxyLogon flaw in Exchange. CISA is also ordering federal agencies to run this same scan every week for four weeks to check for additional compromises. In addition to mandating MSERT sans, CISA is requiring that agencies run a script called Test-ProxyLogon.ps1 to check both Exchange and Internet Information Services, or ISS, logs for any malicious activity related to these attacks. "If attacker activity is identified, the script reports the vulnerabilities for which it found evidence of use and collects logs that it stores in the specified output path in the Test-ProxyLogonLogs directory," CISA notes. After those tasks are complete and the results are returned, CISA is requiring that federal agencies take additional steps to harden networks and infrastructure by June 28.

Quantum computer has the edge for NP verification

The algorithm the researchers use to demonstrate this is known as an interactive proof protocol. Here, one component of the experimental set-up acts as a “prover”, using coherent light pulses to send partial solutions to the NP-complete problem in the form of a quantum state. The second component fills the role of the “verifier”, deciding with high accuracy whether the solution is correct based on the limited information given. When certain bounds are placed on the expected accuracy of the verifier, as well as the protocol’s speed and efficiency in terms of the amount of information that can be communicated throughout the interactions, it is possible to demonstrate that the quantum algorithm far outperforms any classical attempts at doing the same. By showing that a quantum algorithm can verify solutions to NP-complete problems efficiently, the result could allow for new applications in secure remote quantum computing. A client with a rudimentary quantum machine could, for example, verify information they receive from a powerful quantum server without ever having access to the full solution. 

Blockchain Comes Under Data Privacy Scrutiny

The decentralized nature of blockchain eliminates the need for an intermediary serving as a central clearing authority and decreases risks associated with traditional centralized systems and their functionality. By removing the intermediary between a given server and the data being collected, distributed, and analyzed, blockchain enables an increase in the speed and efficiency of data processing. Additionally, blockchain reduces the risk of human error, which typically leads to a reduction in costs and expenses. Traceability is one of the major benefits of blockchain that businesses in various industries are exploiting. Tracing transactions on blockchain is simplified because all data is stored on one immutable digital distributed ledger, which makes it easy to review the history of transactions. The traceability element of blockchain has been especially useful for businesses distributing products on a complicated supply chain because blockchain facilitates tracking within a supply chain. Blockchain will increasingly change how businesses operate in various industries and sectors, but this disruptive technology will undoubtedly continue to face legal and regulatory challenges as it becomes more widely accepted.

Cisco streamlines, upgrades its SASE bundle

The offering includes Cisco's Viptella and Meraki SD-WAN software packages, Duo and AnyConnect remote access, Umbrella security as well as Duo zero trust and other security components. The integrated package will be a plus for enterprises, experts say. “Eighty percent of organizations want to reduce the number of security vendors and products to create a more integrated protection/incident-response and easier to manage security operations," said Peter Firstbrook, a Gartner research vice president. “Reducing the barriers to adoption and increasing the level of integration is going to be a major task for multi-product vendors,” Firstbrook said. “At the same time SASE is a hot topic as more network traffic moves off the LAN and into the cloud. The more of this problem that Cisco can address the more successful they will be.” Within the bundle Cisco added features including the ability to support remote browser isolation, data loss prevention (DLP), cloud malware detection, and support for Cisco Meraki MX environments with Umbrella security. “DLP and remote browser isolation are desirable but they are catch-up items," Firstbrook said.

A strategic vision for model risk management

Banks face cost and capacity pressures as they strengthen frameworks and expand model inventories. Validation backlogs and delays mount as existing validation capacity fails to cover expanding demand. Inventory is increasing as new models are developed outside traditional areas of financial risk. The rapid development of AI is increasing model complexity and adding to the backlog. The quality of validation can consequently suffer unless the bank brings in external support. To manage the model-validation budget, leading banks have industrialized validation, using lean fundamentals and automated processes. Models are prioritized for validation based on key factors such as their importance in business decisions and materiality of the model exposure. Validation intensity is customized by model tiers to improve speed and efficiency. Likewise, model tiers are used to define the resource strategy and governance approach. The use of model tiers to improve efficiency varies by region. In Asia and Latin America, where MRM functions are still maturing, about half our surveyed banks report using tiers in their model inventory. 

Bitcoin was always bound to fail its most important mission

Although Bitcoin has been around for more than a decade, the cryptocurrency industry is still in its nascent stages and the process of maturation requires all manner of approaches to be explored. The underlying technology has already come a long way and so have its alternative use cases (look at the rise of DeFi), but crypto is still largely battling the same demons: volatility, limited adoption and regulatory uncertainty. However, Schwartz is convinced the magnetism of cryptocurrency and the commitment of the community to innovation will mean technological solutions are found to some of these most pressing questions. “It’s going to be an interesting growing up process for cryptocurrency, because regulators have legitimate interest in preventing things like money laundering and terrorist financing. But most [members of the crypto space] want to comply with these kinds of measures.” “Generally speaking, it's not a very good business model to be in defiance of regulation. And it has been a drag on the adoption of crypto that people have had difficulty figuring out how to remain compliant.”

Importance of data governance and management in times of a global pandemic

The problem of data governance has now become prominent. Data governance is different from data management. The latter has to do with the engineering aspects of data – how it is created, stored, accessed, processed, secured, and whether it is complete, are issues that are of relevance. Data governance, on the other hand, is concerned with issues of policy, which are larger and have an impact on the economy and society. Data governance has to do with where data originates, who collects it and how, where it is stored, who uses it and for what purpose, how the information obtained from data is used, and how data is erased. Data governance presents many challenges, contradictions, and consequent trade-offs. For example, one challenge is that of maintaining privacy of data on individuals versus using data for surveillance. During the pandemic this contradiction became prominent. Several countries, including India, introduced infection-tracking software that would inform individuals who were using these apps whether they were close to others who were infected.

Quote for the day:

"Great Groups need to know that the person at the top will fight like a tiger for them." -- Warren G. Bennis

No comments:

Post a Comment