Daily Tech Digest - July 16, 2021

Apps Built Better: Why DevSecOps is Your Security Team’s Silver Bullet

Security should never be an afterthought when developing software and applications. However, as technological advances continue to take hold, the security tools many rely on are changing in real-time, and combatting potential breaches or hacks of your wares before they arise now requires new strategies. To stay one step ahead of bad actors, it’s time to reimagine the application-development process from “DevOps” to “DevSecOps.” DevOps is an evolution of the agile development lifecycle for software that bridges the gap between development and operations teams. It breaks down silos and increases an organization’s ability to deliver applications and services faster than traditional software-development models. Previously, the traditional “waterfall method” required long cycles upfront and resulted in strenuous and tedious processes – and by the time these solutions were deemed ready for release, the market had likely changed. Today, agile software teams have release cycles that are a matter of days or hours, which increases the risk of making mistakes and introducing vulnerabilities.

Organizing Complexity

Suppose complex systems can be described as the sum of simpler components. In that case, the complexity of the simpler components affects the parent system exponentially. The parent system will be much more unpredictable if each individual part becomes less predictable. Remember that experts on a complex system can completely understand the simpler components which combine to create the larger system. This means that each individual piece, large or small, must reach a point where it can be thoroughly understood. In addition to managing the complexity of simpler components, these components must also be easily accessible by the system as a whole. Let's go back to our authentication system. Here, we have a perfectly isolated part that predictably handles a specific authentication format and flawlessly retrieves identity information from a single database. Our authentication system is of little use if it can't pass the data to the appropriate authorization system. Likewise, suppose it can give the data, but the authorization system cannot receive the information. In that case, it is also of little use. 

You have a remote workforce – what now?

Unsurprisingly, enterprises may start to look at direct connectivity to the applications themselves. Establishing direct and private connections to your cloud provider can help alleviate some of the new demands on a corporate network caused by remote working. When struggling with maintenance challenges, one approach could be adopting a network model that is flexible and scalable. This is particularly beneficial in the face of unpredictability and potential disruption with connections and bandwidth that can be set up, flexed up, and torn down in near real-time. That’s again where a service that securely connects data centres, clouds, applications and business partners can play a role. By using technologies that interconnect networks and clouds in real-time, businesses can self-provision redundant network links – for a day, a week or even a month – that can be used to carry traffic during maintenance. Furthermore, it is critical to have transparency and visibility over the whole network, allowing IT managers to ensure that business applications are all up-to-date and that employees are running the most secure version. As more and more workers pick up these tools a harsher spotlight has been cast on their suitability.

How to Attract More Computer Science Grads to the Cybersecurity Field

Consider the freshly minted computer science degree holder who comes across a job posting for a cybersecurity "solutions architect" or "presales engineer." Their first reaction might be, "That's a sales position; it doesn't match the skills I've spent the last four (or more) years of my life acquiring." According to the ESG/ISA report, CISOs are doing little to debunk that misperception by only looking for candidates with narrow technical skill sets at the expense of other necessary qualifications. "This may reveal that few CISOs have the blend of business, leadership, communications, and technical skills necessary for success," wrote the report's authors. "CISOs are business, not technical, leaders." Consider the role of a solutions architect. It requires the right mix of social and interpersonal skills and technical strengths. I must be able to dive into the technical weeds with some people and also speak in non-technical terms to employees and their managers. ... So what's the path forward? For college students and midcareer professionals, explore opportunities fully rather than simply reading the title of a job description. 

What is Network as a Service (NaaS)?

It's clear that enterprise customers' move to cloud services is the primary driver for NaaS. And while the networking industry is only now sorting out how the cloud world will be effectively networked, NaaS could play a big role in the future. Networking must be virtualized and automated to enable operations at cloud speed, Pluribus's Gill said. "The big question is what services and business models will prevail. With most applications staying in private cloud environments, private cloud NaaS may be the most important." Another key market opportunity will come from NaaS offerings that simplify use of multiple public clouds, so users do not have to be experts in each cloud's native networking stack to operate a multi-cloud environment, Gil said. "With more and more applications moving to Cloud/SaaS, traffic profiles are shifting dramatically," Anderson said. "We used to build campus networks with tremendous aggregation back to a core network – then to our private data center where our app workloads ran. In the future, if most traffic is headed to Cloud/SaaS, are core networks needed anymore?

Reducing the Computational Cost of Deep Reinforcement Learning Research

It is widely accepted that the enormous growth of deep reinforcement learning research, which combines traditional reinforcement learning with deep neural networks, began with the publication of the seminal DQN algorithm. This paper demonstrated the potential of this combination, showing that it could produce agents that could play a number of Atari 2600 games very effectively. Since then, there have been several approaches that have built on and improved the original DQN. The popular Rainbow algorithm combined a number of these recent advances to achieve state-of-the-art performance on the ALE benchmark. This advance, however, came at a very high computational cost, which has the unfortunate side effect of widening the gap between those with ample access to computational resources and those without. In “Revisiting Rainbow: Promoting more Insightful and Inclusive Deep Reinforcement Learning Research”, to be presented at ICML 2021, we revisit this algorithm on a set of small- and medium-sized tasks. 

IBM shows quantum computers can solve these problems that classical computers find hard

Big Blue's scientists developed a new classification task and found that a quantum algorithm using the quantum kernel method is capable of finding relevant features in the data for accurate labeling, while for classical computers the dataset looked like random noise. "The quantum kernel estimation routine we use is a general method that can be in principle applied to a wide range of problems," Kristan Temme, researcher at IBM Quantum, tells ZDNet. "In our paper, we formally prove that this quantum kernel estimation routine can give rise to learning algorithms that for specific problems outperform any classical learner." To prove the advantage that the quantum method has over the classical approach, the researchers created a classification problem for which the data can be generated on a classical computer, and showed that no classical algorithm can do better than random guessing when attempting to solve the problem. When viewing the data in a quantum feature map, however, the quantum algorithm was able to predict the labels with high accuracy and at speed.

The rise of the Developer Experience Engineer, and why it matters

Engineering teams need a leader, a Developer Experience Engineer, who ensures developers have the right tools, processes, and environment to maximize productivity and create the greatest business value possible. The DXE is the foundation for engineering team success. They make it easy for developer teams to focus on their highest purpose and generate the highest value by solving, automating, and eliminating the daily toil developers encounter. They are a major unlocking force that boosts teams to new heights. A DX owner or function isn’t a new idea. Twitter formed an “engineering effectiveness” organization in 2014, and Google has a massive “engineering productivity” team. In many companies, however, the role emerges organically and is growing. DXEs implement a common set of principles, maintain the right tools, and create cohesive standards that clear the path to developer success. Without them, too many languages, frameworks, engineering styles, and processes can add drag. A drag on developers is a drag on the business.

Keeping a cohesive and engaged IT team during a pandemic

Like most things in the world of IT, ultimately it boils down to communication. No matter the awesome technology and tools we have, every problem comes down to being a people problem. I don’t mean more meetings - goodness no - but during the meetings we already have make sure to find some time for small talk about hobbies and interests, and absolutely ensure successes and victories and personal milestones are made known and celebrated among the team. The right tools also must come into play; Zoom, GoToMeeting, Google Meet, AWS Chime, and the rest are brilliant tools but video meeting after video meeting stifles productivity and drains people. Instead, consider the other array of tools at your disposal - casual chat applications, project management software, knowledge bases and documentation, task tracking systems, and the like. Harness these to keep your team connected. Consider also the creative options that build up your virtual culture with good-hearted fun that bonds people together. Some companies have brought in a weekly Netflix watch party, others a Tik Tok-style challenge, and some play Jackbox games.

Why Data Science Might Not Be The Right Career For You?

Most people go into data science for the adventure it offers. However, the reality is slightly different. “In most organisations, you’ll have to spread your time between doing technical work and the other, less exciting stuff, ” said Adam Sroka, head of machine learning engineering at Origami. So, if you are not keen on reporting, writing, documenting and delivering presentations, or repeatedly explaining the basics of your models or techniques, project management, administrative overhead, etc to the stakeholders, then the job might not be a right fit for you. Candidates coming from an education or research background often fall into the trap of infinite timescale and infinite budget mindset. “All too often, I have heard protests from data scientists saying they can not put a ‘timeline’ on when their work will be finished, and it will take as long as it takes. This simply is not true and won’t fit well with the culture at most organisations,” said Sroka. ... Communication is pivotal to forge a successful career in data science. For instance, if you are working closely with the company’s decision-makers, maintaining a solid relationship is essential.

Quote for the day:

"It is, after all, the responsibility of the expert to operate the familiar and that of the leader to transcend it." -- Henry A. Kissinger

No comments:

Post a Comment