Apps Built Better: Why DevSecOps is Your Security Team’s Silver Bullet
Security should never be an afterthought when developing software and
applications. However, as technological advances continue to take hold, the
security tools many rely on are changing in real-time, and combatting potential
breaches or hacks of your wares before they arise now requires new strategies.
To stay one step ahead of bad actors, it’s time to reimagine the
application-development process from “DevOps” to “DevSecOps.” DevOps is an
evolution of the agile development lifecycle for software that bridges the gap
between development and operations teams. It breaks down silos and increases an
organization’s ability to deliver applications and services faster than
traditional software-development models. Previously, the traditional “waterfall
method” required long cycles upfront and resulted in strenuous and tedious
processes – and by the time these solutions were deemed ready for release, the
market had likely changed. Today, agile software teams have release cycles that
are a matter of days or hours, which increases the risk of making mistakes and
introducing vulnerabilities.
Organizing Complexity
Suppose complex systems can be described as the sum of simpler components. In
that case, the complexity of the simpler components affects the parent system
exponentially. The parent system will be much more unpredictable if each
individual part becomes less predictable. Remember that experts on a complex
system can completely understand the simpler components which combine to create
the larger system. This means that each individual piece, large or small, must
reach a point where it can be thoroughly understood. In addition to managing the
complexity of simpler components, these components must also be easily
accessible by the system as a whole. Let's go back to our authentication system.
Here, we have a perfectly isolated part that predictably handles a specific
authentication format and flawlessly retrieves identity information from a
single database. Our authentication system is of little use if it can't pass the
data to the appropriate authorization system. Likewise, suppose it can give the
data, but the authorization system cannot receive the information. In that case,
it is also of little use.
You have a remote workforce – what now?
Unsurprisingly, enterprises may start to look at direct connectivity to the
applications themselves. Establishing direct and private connections to your
cloud provider can help alleviate some of the new demands on a corporate
network caused by remote working. When struggling with maintenance challenges,
one approach could be adopting a network model that is flexible and scalable.
This is particularly beneficial in the face of unpredictability and potential
disruption with connections and bandwidth that can be set up, flexed up, and
torn down in near real-time. That’s again where a service that securely
connects data centres, clouds, applications and business partners can play a
role. By using technologies that interconnect networks and clouds in
real-time, businesses can self-provision redundant network links – for a day,
a week or even a month – that can be used to carry traffic during maintenance.
Furthermore, it is critical to have transparency and visibility over the whole
network, allowing IT managers to ensure that business applications are all
up-to-date and that employees are running the most secure version. As more and
more workers pick up these tools a harsher spotlight has been cast on their
suitability.
How to Attract More Computer Science Grads to the Cybersecurity Field
Consider the freshly minted computer science degree holder who comes across a
job posting for a cybersecurity "solutions architect" or "presales engineer."
Their first reaction might be, "That's a sales position; it doesn't match the
skills I've spent the last four (or more) years of my life acquiring."
According to the ESG/ISA report, CISOs are doing little to debunk that
misperception by only looking for candidates with narrow technical skill sets
at the expense of other necessary qualifications. "This may reveal that few
CISOs have the blend of business, leadership, communications, and technical
skills necessary for success," wrote the report's authors. "CISOs are
business, not technical, leaders." Consider the role of a solutions architect.
It requires the right mix of social and interpersonal skills and technical
strengths. I must be able to dive into the technical weeds with some people
and also speak in non-technical terms to employees and their managers. ... So
what's the path forward? For college students and midcareer professionals,
explore opportunities fully rather than simply reading the title of a job
description.
What is Network as a Service (NaaS)?
It's clear that enterprise customers' move to cloud services is the primary
driver for NaaS. And while the networking industry is only now sorting out how
the cloud world will be effectively networked, NaaS could play a big role in
the future. Networking must be virtualized and automated to enable operations
at cloud speed, Pluribus's Gill said. "The big question is what services and
business models will prevail. With most applications staying in private cloud
environments, private cloud NaaS may be the most important." Another key
market opportunity will come from NaaS offerings that simplify use of multiple
public clouds, so users do not have to be experts in each cloud's native
networking stack to operate a multi-cloud environment, Gil said. "With more
and more applications moving to Cloud/SaaS, traffic profiles are shifting
dramatically," Anderson said. "We used to build campus networks with
tremendous aggregation back to a core network – then to our private data
center where our app workloads ran. In the future, if most traffic is headed
to Cloud/SaaS, are core networks needed anymore?
Reducing the Computational Cost of Deep Reinforcement Learning Research
It is widely accepted that the enormous growth of deep reinforcement
learning research, which combines traditional reinforcement learning with
deep neural networks, began with the publication of the seminal DQN
algorithm. This paper demonstrated the potential of this combination,
showing that it could produce agents that could play a number of Atari 2600
games very effectively. Since then, there have been several approaches that
have built on and improved the original DQN. The popular Rainbow algorithm
combined a number of these recent advances to achieve state-of-the-art
performance on the ALE benchmark. This advance, however, came at a very high
computational cost, which has the unfortunate side effect of widening the
gap between those with ample access to computational resources and those
without. In “Revisiting Rainbow: Promoting more Insightful and Inclusive
Deep Reinforcement Learning Research”, to be presented at ICML 2021, we
revisit this algorithm on a set of small- and medium-sized tasks.
IBM shows quantum computers can solve these problems that classical computers find hard
Big Blue's scientists developed a new classification task and found that a
quantum algorithm using the quantum kernel method is capable of finding
relevant features in the data for accurate labeling, while for classical
computers the dataset looked like random noise. "The quantum kernel
estimation routine we use is a general method that can be in principle
applied to a wide range of problems," Kristan Temme, researcher at IBM
Quantum, tells ZDNet. "In our paper, we formally prove that this quantum
kernel estimation routine can give rise to learning algorithms that for
specific problems outperform any classical learner." To prove the
advantage that the quantum method has over the classical approach, the
researchers created a classification problem for which the data can be
generated on a classical computer, and showed that no classical algorithm
can do better than random guessing when attempting to solve the problem.
When viewing the data in a quantum feature map, however, the quantum
algorithm was able to predict the labels with high accuracy and at speed.
The rise of the Developer Experience Engineer, and why it matters
Engineering teams need a leader, a Developer Experience Engineer, who
ensures developers have the right tools, processes, and environment to
maximize productivity and create the greatest business value possible. The
DXE is the foundation for engineering team success. They make it easy for
developer teams to focus on their highest purpose and generate the highest
value by solving, automating, and eliminating the daily toil developers
encounter. They are a major unlocking force that boosts teams to new
heights. A DX owner or function isn’t a new idea. Twitter formed an
“engineering effectiveness” organization in 2014, and Google has a massive
“engineering productivity” team. In many companies, however, the role
emerges organically and is growing. DXEs implement a common set of
principles, maintain the right tools, and create cohesive standards that
clear the path to developer success. Without them, too many languages,
frameworks, engineering styles, and processes can add drag. A drag on
developers is a drag on the business.
Keeping a cohesive and engaged IT team during a pandemic
Like most things in the world of IT, ultimately it boils down to
communication. No matter the awesome technology and tools we have, every
problem comes down to being a people problem. I don’t mean more meetings -
goodness no - but during the meetings we already have make sure to find
some time for small talk about hobbies and interests, and absolutely
ensure successes and victories and personal milestones are made known and
celebrated among the team. The right tools also must come into play; Zoom,
GoToMeeting, Google Meet, AWS Chime, and the rest are brilliant tools but
video meeting after video meeting stifles productivity and drains people.
Instead, consider the other array of tools at your disposal - casual chat
applications, project management software, knowledge bases and
documentation, task tracking systems, and the like. Harness these to keep
your team connected. Consider also the creative options that build up your
virtual culture with good-hearted fun that bonds people together. Some
companies have brought in a weekly Netflix watch party, others a Tik
Tok-style challenge, and some play Jackbox games.
Why Data Science Might Not Be The Right Career For You?
Most people go into data science for the adventure it offers. However, the
reality is slightly different. “In most organisations, you’ll have to
spread your time between doing technical work and the other, less exciting
stuff, ” said Adam Sroka, head of machine learning engineering at Origami.
So, if you are not keen on reporting, writing, documenting and delivering
presentations, or repeatedly explaining the basics of your models or
techniques, project management, administrative overhead, etc to the
stakeholders, then the job might not be a right fit for you. Candidates
coming from an education or research background often fall into the trap
of infinite timescale and infinite budget mindset. “All too often, I have
heard protests from data scientists saying they can not put a ‘timeline’
on when their work will be finished, and it will take as long as it takes.
This simply is not true and won’t fit well with the culture at most
organisations,” said Sroka. ... Communication is pivotal to forge a
successful career in data science. For instance, if you are working
closely with the company’s decision-makers, maintaining a solid
relationship is essential.
Quote for the day:
"It is, after all, the
responsibility of the expert to operate the familiar and that of the
leader to transcend it." -- Henry A. Kissinger
No comments:
Post a Comment