Daily Tech Digest - April 22, 2021

CISA Orders Agencies to Mitigate Pulse Secure VPN Risks

CISA is ordering agencies to use the Pulse Connect Secure Integrity Tool to check the integrity of file systems and take further action as necessary. Ivanti developed the tool, which helps organizations determine if malicious activity is taking place. "CISA has determined that this exploitation of Pulse Connect Secure products poses an unacceptable risk to federal civilian executive branch agencies and requires emergency action," according to the emergency directive. "This determination is based on the current exploitation of these vulnerabilities by threat actors in external network environments, the likelihood of the vulnerabilities being exploited, the prevalence of the affected software in the federal enterprise, the high potential for a compromise of agency information systems, and the potential impact of a successful compromise." The Biden administration has been responding to a series of security incidents, including the SolarWinds supply chain attack, which led to follow-on attacks on nine government agencies and 100 companies and exploits of flaws in on-premises Microsoft Exchange email servers.

Why DevSecOps Should Strive for Effective Enforcement Measures

Applications today – especially in modern development environments – extensively use APIs to share and consume sensitive data, which are just as vulnerable and require dedicated surgical technology to make sure there is no token abuse, excessive utilization, or data theft using injections. Other than API security Many services rely on integrating or serving bots and need to make a clear distinction between the good bots and bots with malicious intent. For the sake of being accepted by AD&D, RASP is vulnerable to some attacks denial of service is just one example. From a DevOps point of view, applying security enforcement is risky. It can affect the user experience or maybe even break the flow, leading to runtime errors. The software development lifecycle (SDLC) has many blind spots in security, especially in today’s hybrid, multi-cloud architecture. For this very reason, many technologies provide alerts which is great. There is some fatigue from tools that only provide visibility. Automated security testing, vulnerability scanners of webservers, Operating Systems, and even container images come short on actual enforcement, making the developer take a few steps back and patch. When such alerts come in mass, it is much harder to prioritize and address them all.

The strange bedfellows of AI and ethics

There is a tendency to assume that computers cannot be biased – but that is not the case. AI-based systems learn from the data that they are fed. If we feed them the “wrong” data, we can inadvertently build in biases that we may not even notice. For example, historically, there have been more men than women in technology jobs. It is a very short step from that data to a position where a hiring algorithm learns that men are more likely to do a technology job, and then “decides” that men must be better than women in those jobs. The good news is that we can manage this. We can, and should, be aware of our own biases. However, we should also build diverse teams to work with AI, as a way of ensuring that we surface more of the inadvertent biases – the ones that we don’t even notice because they have become norms. It is not going to be enough to respond to developments in AI. We need to be proactive in setting up ethical safeguards to protect us all. A recent webcast from SAS Canada on AI and ethics recommends that organisations should develop a code of conduct around AI and foster AI literacy. They should also establish a diverse ethics committee to manage and oversee development and implementation processes.

REvil Ransomware Gang Threatens Stolen Apple Blueprint Leak

The extortion threat was unveiled Tuesday, hours before Apple was scheduled to make a series of major new product announcements. REvil published a number of alleged blueprints for Apple devices, which it claimed to have stolen from Taiwanese manufacturer Quanta Computer, which builds computing devices for a number of vendors. "In order not to wait for the upcoming Apple presentations, today we, the REvil group, will provide data on the upcoming releases of the company so beloved by many," the REvil gang says in a post to its data leak site. "Tim Cook can say thank you Quanta," it adds, referring to Apple's CEO. REvil claims that its previous ransom demands have been rebuffed by Quanta. "From our side, a lot of time has been devoted to solving this problem. Quanta has made it clear to us that it does not care about the data of its customers and employees, thereby allowing the publication and sale of all data we have," REvil says. Quanta and Apple didn't immediately respond to a request for comment. REvil's data-leak site further lists Cisco, Dell, HP, Siemens, Sony and Toshiba as being among the other manufacturers with which Quanta works.

Five Habits Of Highly Successful COOs

The best COOs are effective at building trust with their CEO. This trust allows them to be brutally honest with the leader of their company and gives the endless ideas created by the CEO a filter. This is not No. 1 by accident. The foundation of any great CEO and COO relationship is trust, and all the successful COO I’ve seen have a track record of building genuine trust with their CEOs and with prior teammates before climbing the ranks to second in command. This allows the CEO to confidently pass anything off of his/her plate to the COO so they can focus on the tasks that are the highest and best use of the CEO’s time. One of the most common key responsibilities of the COO is to attract, hire and retain high performers. The COO is basically the hub of the organization and it’s critical they have their finger on the talent pulse. The best-in-class COOs are always hiring. They understand that hiring top talent is one of the most important functions of the company. In addition to hiring high performers, they also spend significant time developing their highest performers. It can be so easy to focus your time and attention on only the lowest performers, but the most effective COOs take the time to continue developing the top 20% in addition to the rest of the team.

Advice for Aspiring Data Scientists

Some ideas for what to include in your portfolio: analyses, code gists, webapps, data documentation and blogs (+ README files!). You don’t need all of these by any means but if I had to choose two, I’d choose a webapp and accompanying blog post. A webapp is a great way to show your ability to link together different pieces of software and create something dynamic, hosted on the web. But why a blog? As I argued in my last post, communication is one of, if not the most important aspects of your job as a data scientist. Written communication is especially vital, and even more so if your job is remote. A well-written blog post (with linked code) allows the reader to get a sense of how you communicate, code, and think. If they get good signal from this, they will want to talk with you. This matters because getting your resume looked at is the hardest step in the job search process, so if you can increase your chances of conversion here, you’ll be in a great place. You may now be wondering how to get inspiration for your portfolio. What about starting with a cool dataset you see referenced on Twitter or Kaggle? Are there any data quality issues like leakage, truncation, missing data? How do they impact an analysis?

Cloud archiving: A perfect use case, but beware costs and egress issues

There are still issues that may inhibit the move to the cloud. While there are many examples of companies that want the move to boost operating expenditure and cut down on capital expenditure, there are instances of organisations that want to maintain the latter for accountancy reasons. And, says Betts, there are organisations that have pulled everything back from the cloud because it’s easier to control costs. Some companies have been reluctant to move to the cloud for off-site archiving because of a perceived lack of cloud skills – this may apply particularly to small and medium-sized enterprises (SMEs). But, as Betts points out, there’s still a need for skills if they’re going to implement an on-premise policy, so it’s not such a straightforward swap. SMEs may well lack some of these specialist skills too, and may find it particularly the case when adhering to GDPR compliance. It is clear there are plenty of advantages to archiving in the cloud. By freeing CIOs from the pain of choosing a hardware medium for long-term storage, moving to the cloud offers greater flexibility.

A Reference Architecture for Fine-Grained Access Management on the Cloud

The key insight underpinning this architecture is the delegation of user authentication to a single service (the Access Controller) rather than placing that responsibility with each service to which the user may need access. This kind of federation is commonplace in the world of SaaS applications. Having a single service be responsible for authentication simplifies user provisioning and de-provisioning for application owners and accelerates application development. The Access Controller itself will typically integrate with an identity provider, such as Auth0 or Okta, for the actual authentication sequence, thus providing a useful abstraction across a wide array of providers and protocols. Ultimately, the identity provider guarantees non-repudiation of the user’s identity in the form of a signed SAML assertion, a JWT token, or an ephemeral certificate. This obviates the need to rely on a trusted subnet as a proxy for the user’s identity. It also allows configuring access policies down to the granularity of a service unlike VPNs which permissively grant users access to all services on the network.

Why Big Data is Crucial for Agricultural Growth

Big data technologies have significantly increased the amount of information modern farmers possess for enhancing the efficiency of agricultural production. But what’s even more important than collecting and analyzing data is the ability to pull out the most important insights from it. The large number of variables affecting crop yield creates a wide range of possibilities for interpretation. This includes data on crop health, growth uniformity, stage of growth, etc. Having all of this data automatically collected and analyzed in one online tool enables farmers to make the most accurate predictions on crop yields. Such tools can use different algorithms for assessing the yield potential taking into account weather conditions, historical yield data, and other necessary information. Based on yield forecasts, farmers can timely perform field activities to impact it, plan its storage and sales. Ultimately, yield prediction enables growers to decide which crop to plant, where, and when, based on the accurate analysis of historical and current data. Environmental threats and global climate change have a huge impact on the agricultural sphere.

Building Confidence with Data Resilience

The first step in any digital transformation journey starts with the data and the development of a foundational storage layer. Resilience starts with data, too. It is the fuel that drives the company and it permeates every aspect of the technical infrastructure, from storage to AI, across the hybrid cloud, from the core data center to the edge. Lose data and you can lose your ability to function and, often, lose money. A recent study by KPMG found that cyber security risk will pose the greatest threat to a company’s growth over the next three years. The KPMG 2021 CEO Outlook Pulse Survey surveyed 500 CEOs in 11 markets around the world. Organizations like Pitney-Bowes, the University of California, San Francisco, and the many others are living proof of the risks. But breaches tell only part of the story. According to a recent report by Harvard Business Review, the mean time it took businesses in 2019 to discover a cyberattack was 196 days. Cloud migrations are only compounding the challenge and risk by 51%, according to the report. The point is, for most organizations, the problem is not only losing data and vital corporate information, but also not realizing it for six months.

Quote for the day:

"Always remember that you are absolutely unique. Just like everyone else." -- Margaret Mead

No comments:

Post a Comment