Daily Tech Digest - September 15, 2021

Understanding the journey of breached customer data

It’s known that hackers often use the names of the breached organisation when marketing, selling or leaking their stolen data. So, it’s worth deploying a system that monitors for supplier names, as well as your own, on forums and ransomware sites. This includes searching for common typos and variants of these names. There are, however, some limitations to this method, as these searches could lead to lots of false positives. Security teams need to filter through the data to find matches, but this can take time. Businesses can use database identifiers to improve monitoring efficiency. These take the form of unique strings within databases, such as server names and IP addresses. Teams can then match metadata included in a data leak when searching through database dumps. Patterns within data, including account numbers, customer IDs and reference numbers, are also useful for identification. Another technique is ‘watermarking’ data by adding synthetic identities to a data set. Unique identifiers are used in your data sets or those you share in your digital supply chain so you can confirm if a breach includes data from your business or a supplier.

Top 12 Cloud Security Best Practices for 2021

In a private data center, the enterprise is solely responsible for all security issues. But in the public cloud, things are much more complicated. While the buck ultimately stops with the cloud customer, the cloud provider assumes the responsibility for some aspects of IT security. Cloud and security professionals call this a shared responsibility model. Leading IaaS and platform as a service (PaaS) vendors like Amazon Web Services (AWS) and Microsoft Azure provide documentation to their customers so all parties understand where specific responsibilities lie according to different types of deployment. The diagram below, for example, shows that application-level controls are Microsoft’s responsibility with software as a service (SaaS) models, but it is the customer’s responsibility in IaaS deployments. For PaaS models, Microsoft and its customers share the responsibility. ... To prevent hackers from getting their hands on access credentials for cloud computing tools, organizations should train all workers on how to spot cybersecurity threats and how to respond to them.

How to Deploy Disruptive Technologies with Minimal Disruption

A disruptive technology can have a particularly hard impact on end users. “Discuss change, and the human reaction to it, as part of your educational process, acknowledging that it’s hard and everyone at every level of the organization must go through it,” says Tammie Pinkston, director of organizational change management at technology research and advisory firm ISG. “We recently held a client training [program] where individuals used a sticker to show where they were on the change curve, mapping themselves each day with indicators so we could see movement.” If a disruptive technology will impact multiple departments, all parties should be involved in the rollout process. “One of the reasons it's important to assess all the different interactions and impacts is to bring in the right expertise and oversight,” Lightman says. This may, for instance, require seeking input and support from HR and security teams. “It's better to be overly cautious than to have an issue arise later when you didn't include representation from a department,” he notes. Still, despite best efforts, it remains possible to overlook some technology stakeholders.

Update on .NET Multi-platform App UI (.NET MAUI)

.NET Multi-platform App UI (.NET MAUI) makes it possible to build native client apps for Windows, macOS, iOS, and Android with a single codebase and provides the native container and controls for Blazor hybrid scenarios. .NET MAUI is a wrapper framework and development experience in Visual Studio that abstracts native UI frameworks already available – WinUI for Windows, Mac Catalyst for macOS/iPadOS, iOS, and Android. Although it’s not another native UI framework, there is still a significant amount of work to provide optimal development and runtime experiences across these devices. The .NET team has been working hard with the community in the open on its development and we are committed to its release. Unfortunately, .NET MAUI will not be ready for production with .NET 6 GA in November. We want to provide the best experience, performance, and quality on day 1 to our users and to do that, we need to slip the schedule. We are now targeting early Q2 of 2022 for .NET MAUI GA. In the meantime, we will continue to enhance Xamarin and recommend it for building production mobile apps and continue releasing monthly previews of .NET MAUI.

8 top cloud security certifications

As companies move more and more of their infrastructure to the cloud, they're forced to shift their approach to security. The security controls you need to put in place for a cloud-based infrastructure are different from those for a traditional datacenter. There are also threats specific to a cloud environment. A mistake could put your data at risk. It's no surprise that hiring managers are looking for candidates who can demonstrate their cloud security know-how—and a number of companies and organizations have come up with certifications to help candidates set themselves apart. As in many other areas of IT, these certs can help give your career a boost. "Cloud security certifications can set professionals up for long-term career success in designing, operating, and maintaining secure cloud environments for today’s enterprises," says Joe Vadakkan, senior director of services alliances at Optiv. "In addition to the process being a fun learning experience, each certification offers a unique benefit to understanding the security controls, associated risks, and dynamic needs of cloud operating models."

Juniper enables Mist to handle network-fabric management

Juniper Networks is embracing an open campus-fabric management technology supported by other major networking vendors and at the same time making it simpler to use by removing much of the manual work it can require. The company is adding Ethernet VPN-Virtual Extensible XLAN (EVPN-VXLAN) support to its Mist AI cloud-based management platform let customers streamline network operations. EVPN-VXLAN separates the underlying physical network from the virtual overlay network offering integrated Layer 2/Layer 3 connectivity as well as programmability, automation and network segmentation among other features. The open technology is offered in a variety of forms by most networking vendors including Cisco, Arista, Aruba and others. “Many of today’s campus networks leverage proprietary technologies and complicated L2/L3 architectures that weren’t designed to meet modern requirement,” wrote Jeff Aaron, vice president of Enterprise Marketing at Juniper in a blog about the announcement. 

Dow CIO: Digital transformation demands rethinking talent strategy

When it comes to investing in digital, companies have many choices. There is a lot you could do, but you need to focus on what you should do. One thing is certain: You should invest in your people if you want to be successful with your digital transformation. This is not just about the technology, but using technology to change the way employees work. My IT organization continually develops its tech skills with curricula on a variety of topics, including cloud computing, machine learning, and the entire data space from architecture to data storage and data visualization. We’re also refreshing our skills around threat identification, user experience design, and expanding our programming skills by learning different programming languages. But IT organizations also need to grow their soft skills. This includes improving employees’ business acumen, so they understand how their company works and how it makes money. This not only helps organizations identify opportunities but connects them to how the tools being implemented help drive value.

Ballerina has unique features that make it particularly worthwhile for smaller programs. Most other scripting languages that are designed for smaller programs have significant differences from Ballerina in that they are dynamically typed and they don't have the unique scalability and robustness features that Ballerina has. Problems in the pre-cloud era that you could solve with other scripting languages are still relevant problems. Except now, network services are involved; robustness is now more important than ever. With standard scripting languages, a 50-line program tends to become an unmaintainable 1000-line program a few years later, and this doesn’t scale. Ballerina can be used to solve problems addressed with scripting language programs but it's much more scalable, more robust, and more suitable for the cloud. Scripting languages also typically don't have any visual components, but Ballerina does.

Tech Nation welcomes tech companies to Net Zero 2.0 programme

For the first time, the Net Zero programme from Tech Nation is welcoming space tech companies, with operations within the space gaining momentum. Satellite imaging, for example, provides a way to observe large areas from space to rapidly identify illegal activities such as deforestation or mining; monitor supply chains; and verify nature-based solutions such as carbon offsetting. This type of technology is gaining traction rapidly as countries across the world look for innovative ways to combat climate change and as multinationals seek to achieve their recently set net zero goals. Earth Blox is using satellite data to identify deforestation or mining activities and monitor supply chains and support nature-based solutions, while Sylvera uses machine learning and satellite data to verify the carbon offsetting industry. Additionally, Satellite Vu looks to measure the thermal footprint of any building on the planet every 1-2 hours, helping to drastically increase the energy efficiency of buildings, factories and power stations globally.

Travis CI Flaw Exposed Secrets From Public Repositories

The effects of the vulnerability meant that if a public repository was forked, someone could file a pull request and then get access to the secrets attached to the original public repository, according to Travis CI's explanation. Travis CI's documentation says that secrets shouldn't be available to external pull requests, says Patrick Dwyer, an Australian software developer who works with the Open Web Application Security Project, known as OWASP. "They [Travis CI] must have introduced a bug and made those secrets available," Dwyer says. Travis CI's flaw represents a supply-chain risk for software developers and any organization using software from projects that use Travis CI, says Geoffrey Huntley, an Australian software and DevOps engineer. "For a CI provider, leaking secrets is up there with leaking the source code as one of the worst things you never want to do," Huntley says. Travis CI has issued a security bulletin, but some are criticizing the company that it's insufficient given the gravity of the vulnerability. 

Quote for the day:

"Leaders must be close enough to relate to others, but far enough ahead to motivate them." -- John C. Maxwell

No comments:

Post a Comment