Daily Tech Digest - June 22, 2021

What makes a real-time enterprise?

Being a ‘real-time’ enterprise today is typically evaluated under two criteria: the ability to capture, collect and store data as it comes in; and the ability to respond to it at the point of consumption. Analytics solutions that allow for this are highly sought after, as it’s considered a huge competitive differentiator and critical capability in our fast-paced digital world. However, while there’s much buzzword bingo about real-time data, decision-making and insight, the readiness of the enterprise to become real-time is varied due to a lack of understanding in how it practically aligns with their goals, resulting in lost opportunities and wasted resources. ... We find the sudden hurried shift among enterprises to grasp real-time analytics typically starts when organisations examine their data and see they are not making decisions fast enough to affect business outcomes. Many organisations potentially misconstrue the cause of these common analytics problems as a lack of real-time analytics capability, when there are likely several other factors at play preventing them from making decisions efficiently and effectively, such as a long and arduous analysis process, analysis fatigue and human bias resulting in accidental discovery, and a lack of guidance in understanding what the insights mean.

Does Your Cyberattack Plan Include a Crisis Communications Strategy?

During a cyberattack, one of the most overlooked — and consequential — areas for enterprises is implementing an effective crisis communications strategy. Just as you need to shore up the technology, legal, financial, and compliance aspects of your cybersecurity preparation plan, you must also prioritize crisis management and communications But where should you start? Below are five crisis communications tips to form the foundation of your strategy. ... Our media landscape is characterized by a 24/7 news cycle, ubiquitous social media channels, and misinformation powered by algorithmic artificial intelligence (AI) and delivered instantly on a global scale to billions of people. This shows no sign of abating. What does that mean? Time is not on your side. But with an actionable plan in place, you will be much better prepared. ... With your crisis communications framework in place, it is time for action. Picture this: your company is the target of a ransomware attack. And while desperately trying to address the incident, media are beginning to report the incident, citing reports on Twitter. 

How to Retain Your IT Talent

It seems easy to create an open and collaborative work culture, but in IT it can be a special challenge. This is because the nature of IT work is factual and introspective. It's easy to get buried in a project and forget to communicate status to a workmate -- or to be consumed by planning or budgeting as a CIO and forget to “walk the floor” and visit with staff members. Those heading up IT can make a conscious effort to improve open communication and engagement by setting an example of personal engagement with staff themselves. When staff members understand IT’s strategic direction because the CIO has directly communicated it to them, as well as why they are undertaking certain projects, work becomes purposeful. Team members also benefit if they know that support is available when they need it, and when they know that they can freely go to anyone's office, from the CIO on down. The net result is that people are happier at work, and less likely to leave an inclusive work culture. ... From here, training and mentoring plans for developing employee potential should be defined and followed. Career and skills development plans should be targeted for up-and-coming employees and recent hires, and also for longer-term staff who want to cross train and learn something new.

The positive levers of a digital transformation journey

It’s not just processes. People play an equally important role in the transformation exercise. Shifting from a traditional workplace to a digital one involves an overall change in the mindset of the people behind the business. A company’s culture and behaviour determine how well it can adapt to being ‘digital first’. To undertake digital transformation seamlessly, many organisations ensure transparency by communicating their expectations clearly to their employees. This transformation also helps in highlighting skill gaps within the organisation and sheds light on which of these gaps can be filled by AI and automation, allowing for the repurposing of employee intelligence. Rahul Tandon, head, digital transformation at BPCL said, “Many initiatives and developments are bringing in a lot of automation and AI with a clear objective to absolve our field teams of all repetitive transactional activities and focus solely on business development and efficient customer interactions.” This approach, he says, has infused new energy to the field teams. “We hope it will become the preferred choice for all stakeholders and eventually impact our bottom line positively.”

How to rethink risks with new cloud deployments

With microservices, you have hundreds of different functions running separately, each with their own unique purpose and triggered from different events. Each one of these functions requires its own unique authentication protocol, and that leaves room for error. Attackers will look for things like a forgotten resource or redundant code, or open APIs with known security gaps to gain access to the environment. This will then allow the attacker to gain access to a website containing sensitive content or functions, without having to authenticate properly. While the service provider will handle much of the password management and recovery workflows, it is up to the customers to make sure that the resources themselves are properly configured. However, things get more complicated when functionality is not triggered from an end-user request, but rather during the application flow, in such a way as to bypass the authentication schema. To address this issue, it is important to have continuous monitoring of your application, including the application flow, so you can identify application triggers. From there, you will want to create and categorize alerts for when resources fail to include the appropriate permissions, have redundant permissions, or the triggered behavior is anomalous or non-compliant.

How Containers Simplify DevOps Workflows and CI/CD Pipelines

DevOps has created a way to automate processes to build, test and code faster and more reliably. Continuous integration/continuous delivery (CI/CD) isn’t a novel concept, but tools like Jenkins have done much to define what a CI/CD pipeline should look like. While DevOps represents a cultural change in the organization, CI/CD is the core engine that drives the success of DevOps. With CI, teams must implement smaller changes more often, but they check the code with the version control repositories. Therefore, there is a lot more consistency in the building, packing and testing of apps, leading to better collaboration and software quality. CD begins where CI ends. Since teams work on several environments (prod, dev, test, etc.), the role of CD is to automate code deployment to these environments and execute service calls to databases and servers. The CI/CD concept isn’t entirely new, but it’s only now that we have the right tools to fully reap the benefits of CI/CD. Containers make it extremely easy to implement a CI/CD pipeline and enable a much more collaborative culture.

Automation Is a Game Changer, Not a Job Killer

While many businesses embrace the positives of digitization, employees approach these changes with far less enthusiasm. Words like “automation” and “digitization” are loaded with baggage, invoking negative associations of job loss. Employees are quick to assume the worst, fearing they’ll be left behind or eliminated. But is that fear warranted? Not so, according to BDO’s recent survey of middle market executives. The majority of companies are adding new digital enablement projects, with 34% planning to increase headcount and 42% comprehensively re-imagining job roles. Only 22% expect the use of automation to have a negative impact on headcount. In most cases, jobs are changing and evolving, requiring employees to work alongside new technologies, develop new skill sets and integrate automation into their daily work lives. But for these digital initiatives to succeed, organizations need to secure employee buy-in. Otherwise, initiatives will fall well short of reaching maximum ROI. So, how can CIOs and IT leaders change resistance into adoption and dispel unwarranted fears among the workforce?

Bugs in NVIDIA’s Jetson Chipset Opens Door to DoS Attacks, Data Theft

The most severe bug, tracked as CVE‑2021‑34372, opens the Jetson framework to a buffer-overflow attack by an adversary. According to the NVIDIA security bulletin, the attacker would need network access to a system to carry out an attack, but the company warned the vulnerability is not complex to exploit and that an adversary with little to low access rights could launch it. It added that an attack could give an adversary persistent access to components – other than the NVIDIA chipset targeted – and allow a hacker to manipulate and or sabotage a targeted system. “[The Jetson] driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges and denial of service (DoS),” according to the security bulletin, posted on Friday. Oblivious transfer extensions (OTE) are low-level cryptographic algorithms used by Jetson chipsets to process private-set-intersection protocols used to secure data as the chip processes data.

How can technology design be made more inclusive?

With an increasing reliance on screens to communicate, organisations should also look to ensure that product design addresses how the software facilitates this, and make adjustments where necessary. “Brands must consider all forms of disabilities, such as vision and hearing impairments, as well as conditions like autism, at the very beginning of the design process,” said Paul Clark, senior vice-president and EMEA managing director at Poly. “At Poly, we’ve spent a lot of time making our solutions more accessible. For example, one of our customer’s employees is highly motivated to contribute but has Duchenne Muscular Dystrophy and was self-conscious about the loud, high-pitched noises that his ventilator made during calls. Poly’s NoiseBlock AI technology has been built into all of our headsets and video bars to minimise non-human sounds. Our personal video bar was able to tell that the ventilator noises were not speech and blocked them out. “Simple solutions like raised volume buttons enable the user to recognise controls by touch instead of sight. Brands should also consider ease of use and comfort for people who wear headdress, for example.

Driving network transformation with unified communications

As with most digital processes, cybersecurity remains a primary concern for businesses. With the increased use of UC platforms, such as Microsoft Teams, new security challenges are emerging. And quite often these vulnerabilities come from actions that we do not think twice about. Video recordings, for example, often contain sensitive and confidential information that could prove detrimental if discovered outside of the company. Yet, these recordings are typically stored in a server, or downloaded onto a desktop without much consideration. In addition to threats against sensitive content and data, real time collaboration can cause security weaknesses. With the right tools, criminals could acquire the necessary link to access private conferences and documents on a UC platform. Whether to simply eavesdrop or cause disruption, this breach could result in a number of consequences, both in the short and long term. Again, these calls and documents may contain confidential details which could be exploited by criminals if leaked. Disruptions to conferences will not only cause frustrations at the time, but also potentially damage the reputation of organizations.

Quote for the day:

"Keep your fears to yourself, but share your courage with others." -- Robert Louis Stevenson

No comments:

Post a Comment