Daily Tech Digest - September 24, 2021

Chef Shifts to Policy as Code, Debuts SaaS Offering

As for ease of use, Chef Enterprise Automation Stack (EAS) will also be available in both AWS and Azure marketplaces. The company has begun a Chef Managed Services program, and Chef EAS is also now available in a beta SaaS offering. All of these together, said Nanjundappa, will make Chef EAS “easy to access and adopt, which will help reduce overall time to value.” Looking forward, Nanjundappa said that the focus will include features like cloud security posture management (CSPM) and Kubernetes security. “We are seeing more and more compute workloads being migrated towards containers and Kubernetes. We currently offer Chef Inspec + content for CIS profiles for K8s and Docker that help secure Containers and Kubernetes,” wrote Nanjundappa. “But we will be adding additional abilities to maintain security posture in containers and Kubernetes platforms in the coming years.” More specifically, upcoming Kubernetes features will offer visibility into containers and the Kubernetes environment, scanning for common misconfigurations, vulnerability management, and runtime security.

Private vs. Public Blockchains For Enterprise Business Solutions

Not all blockchains are created equal. Businesses have always required a reasonable degree of privacy as well as control over their networks. Since the popularisation of the internet, and the advance of eCommerce, it’s been essential that companies protect their systems from outside attackers, both to preserve their workflow but also any sensitive information they might be storing. Hence, as blockchain technology becomes integrated into the modern digital workplace, it is only logical that private networks are often seen as preferable for many organizations. This is no big surprise — especially given that some of the main selling points of blockchain include a completely transparent ledger containing all data as well as the ability to move value around. And it’s clear why a business wouldn’t want just anyone to be able to access their internal network. This way, the company gets many of the benefits of the novel tech but can remain opaque to most of the world. It’s also quite valid that private blockchains are typically much more efficient than public ones. 

10 top API security testing tools

Many organizations likely don’t know how many APIs they are using, what tasks they are performing, or how high a permission level they hold. Then there is the question of whether those APIs contain any vulnerabilities. Industry and private groups have come up with API testing tools and platforms to help answer those questions. Some testing tools are designed to perform a single function, like mapping why specific Docker APIs are improperly configured. Others take a more holistic approach to an entire network, searching for APIs and then providing information about what they do and why they might be vulnerable or over-permissioned. Several well-known commercial API testing platforms are available as well as a large pool of free or low-cost open-source tools. The commercial tools generally have more support options and may be able to be deployed remotely though the cloud or even as a service. Some open-source tools may be just as good and have the backing of the community of users who created them. Which one you select depends on your needs, the security expertise of your IT teams, and budget.

Implementing risk quantification into an existing GRC program

How do risk professionals quantify risk? Using dollars and cents. Taking the information gathered in the Open FAIR model simulations, risk quantification further breaks down primary and secondary losses into six different types for each loss, allowing the organization to determine how best to categorize them. CISOs and other risk professionals can consider data points from the market, their data and additional available information. They can classify each type of data they’re inputting as high or low confidence. Primary loss equals anything that’s a direct loss to the company due to a specific event. Secondary loss includes something which may or may not occur, like reputational damage or potential lost revenue. Risk quantification also enables risk professionals to communicate risk to leaders and other stakeholders in a shared language everyone understands: dollars and cents. Quantifying risk in financial terms enables organizations to assess where their biggest loss exposures may be, conduct cost-benefit analyses for those initiatives designed to improve risk activities, and prioritize those risk mitigation activities based on their impact to the business.

The Architecture of a Web 3.0 application

Unlike Web 2.0 applications like Medium, Web 3.0 eliminates the middle man. There’s no centralized database that stores the application state, and there’s no centralized web server where the backend logic resides. Instead, you can leverage blockchain to build apps on a decentralized state machine that’s maintained by anonymous nodes on the internet. By “state machine,” I mean a machine that maintains some given program state and future states allowed on that machine. Blockchains are state machines that are instantiated with some genesis state and have very strict rules (i.e., consensus) that define how that state can transition. Better yet, no single entity controls this decentralized state machine — it is collectively maintained by everyone in the network. And what about a backend server? Instead of how Medium’s backend was controlled, in Web 3.0 you can write smart contracts that define the logic of your applications and deploy them onto the decentralized state machine. This means that every person who wants to build a blockchain application deploys their code on this shared state machine.

A Major Advance in Computing Solves a Complex Math Problem 1 Million Times Faster

That's an exciting development when it comes to tackling the most complex computational challenges, from predicting the way the weather is going to turn, to modeling the flow of fluids through a particular space. Such problems are what this type of resource-intensive computing was developed to take on; now, the latest innovations are going to make it even more useful. The team behind this new study is calling it the next generation of reservoir computing. "We can perform very complex information processing tasks in a fraction of the time using much less computer resources compared to what reservoir computing can currently do," says physicist Daniel Gauthier, from The Ohio State University. "And reservoir computing was already a significant improvement on what was previously possible." Reservoir computing builds on the idea of neural networks – machine learning systems based on the way living brains function – that are trained to spot patterns in a vast amount of data.

Enterprise data management: the rise of AI-powered machine vision

The process of training machine learning algorithms is dramatically hindered for firms acquiring and centralising petabytes of unstructured data – whether video, picture, or sensor data. The AI development pipeline and production model tweaking are both delayed as a result of this centralised data processing method. In an industrial setting, this could result in product faults being overlooked, causing considerable financial loss or even putting lives in peril. Recently, distributed, decentralised architectures have become the preferred choice among businesses, resulting in most data being kept and processed at the edge to overcome the delay and latency challenges and address issues associated with data processing speeds. Deployment of edge analytics and federated machine learning technologies is bringing notable benefits while tackling the inherent security and privacy deficiencies of centralised systems. Take, for example, a large-scale surveillance network that continuously records video. Instead of focusing on hours of film of an empty building or street, effectively training an ML model to differentiate between certain items needs the model to assess footage in which anything new is observed.

The evolution of DRaaS

In the days in which DRaaS was born, it was not unusual for companies to maintain duplicate sets of hardware in an off-site location. Yes, they could replicate the data from their production site to the off-site location, but the expense of procuring and maintaining the secondary site was prohibitive. This led many to use the secondary location for old and retired hardware or even to use less powerful computer systems and less efficient storage to save money. DRaaS is essentially DR delivered as a service. Expert third-party providers either delivered tools or services, or both, to enable organizations to replicate their workloads to data centers managed by those providers. This cloud-based model allowed for increased agility than previous iterations of DR could easily allow, empowering businesses to run in a geographically different location as close to normal as possible while the original site was made ready for operations again. And technology improvements over the course of the 2010s only made the failover and failback process more seamless and granular.

JLL CIO: Hybrid Work, AI, and a Data and Tech Revolution

Offices typically offer multiple services, Wagoner explains. For instance, someone puts the paper in the printers. Someone helps employees with laptop problems. Someone runs the on-site cafeteria. Someone maintains the temperature and air quality of the office. As an employee, if there’s an issue, you need to go to a different group for each one of these different issues. However, JLL’s vision is to remove that friction and collect all those services into a single interface experience app for employees. “With the experience app, we eliminate you having to know that you need to go to office services for one thing and then remember the URL for the IT help desk for another thing,” Wagoner says. “We don’t even necessarily replace any of the existing technology. We just give the end user a much better, easier experience to get to what they need.” This experience app is called “Jet,” and it also can inform workers of rules for particular buildings during the pandemic. For instance, if you book a desk in a building or as you approach a building it might tell you if that building has a vaccine requirement or a masking requirement.

Intel: Under attack, fighting back on many fronts

Each processor architecture has strengths and weaknesses, and all are better or best suited to specific use cases. Intel’s XPU project, announced last year, seeks to offer a unified programming model for all types of processor architectures and match every application to its optimal architecture. XPU means you can have x86, FPGA, AI and machine-language processors, and GPUs all mixed into your network, and the app is compiled to the best suited processor for the job. That is done through the oneAPI project, which goes hand-in-hand with XPU. XPU is the silicon part, while oneAPI is the software that ties it all together. oneAPI is a heterogeneous programming model with code written in common languages such as C, C++, Fortran, and Python, and standards such as MPI and OpenMP. The oneAPI Base Toolkit includes compilers, performance libraries, analysis and debug tools for general purpose computing, HPC, and AI. It also provides a compatibility tool that aids in migrating code written in Nvidia’s CUDA to Data Parallel C++ (DPC++), the language of Intel’s GPU.

Quote for the day:

"Don't measure yourself by what you have accomplished. But by what you should have accomplished with your ability." -- John Wooden

No comments:

Post a Comment