How to Get Started With Zero Trust in a SaaS Environment
While opinions vary on what zero trust is and is not, this security model
generally considers the user's identity as the root of decision-making when
determining whether to allow access to an information resource. This contrasts
with earlier approaches that made decisions based on the network from which the
person was connecting. For example, we often presumed that workers in the office
were connecting directly to the organization's network and, therefore, could be
trusted to access the company's data. Today, however, organizations can no
longer grant special privileges based on the assumption that the request is
coming from a trusted network. With the high number of remote and geographically
dispersed employees, there is a good chance the connections originate from a
network the company doesn't control. This trend will continue. IT and security
decision-makers expect remote end users to account for 40% of their workforce
after the COVID-19 outbreak is controlled, an increase of 74% relative to
pre-pandemic levels, according to "The Current State of the IT Asset Visibility
Gap and Post-Pandemic Preparedness," with research conducted by the Enterprise
Strategy Group for Axonius.
Tons Of Data At The Company Store
Confidentially, many chief data officers will admit that their companies suffer
from what might euphemistically be called “data dyspepsia:” they produce and
ingest so much data that they cannot properly digest it. Like it or not, there
is such a thing as too much data – especially in an era of all-you-can-ingest
data comestibles. “Our belief is that more young companies die of indigestion
than starvation,” said Adam Wilson, CEO of data engineering specialist Trifacta,
during a recent episode of Inside Analysis, a weekly data- and analytics-focused
program hosted by Eric Kavanagh. So what if Wilson was referring specifically to
Trifacta’s decision to stay focused on its core competency, data engineering,
instead of diversifying into adjacent markets. So what if he was not, in fact,
alluding to a status quo in which the average business feels overwhelmed by
data. Wilson’s metaphor is no less apt if applied to data dyspepsia. It also
fits with Trifacta’s own pitch, which involves simplifying data engineering –
and automating it, insofar as is practicable – in order to accelerate the rate
at which useful data can be made available to more and different kinds of
consumers.
Hyperconverged analytics continues to guide Tibco strategy
One of the trends we're seeing is that people know how to build models, but
there are two challenges. One is on the input side and one is on the output
side. On the input side, you can build the greatest models in the world, but if
you feed them bad data that's not going to help. So there's a renewed interest
around things like data governance, data quality and data security. AI and ML
are still very important, but there's more to it than just building the models.
The quality of the data, and the governance and processes around the data, are
also very important. That way you get your model better data, which makes your
model more accurate, and from there you're going to get better outcomes. On the
output side, since there are so many models being built, organizations are
having trouble operationalizing them all. How do you deploy them into
production, how do you monitor them, how do you know when it's time to go back
and rework that model, how do you deploy them at the edge, how do you deploy
them in the cloud and how do you deploy them in an application?
Gamification: A Strategy for Enterprises to Enable Digital Product Practices
As digital products take precedence, the software ecosystem brings new
possibilities to products. With the rise of digital products, cross-functional
boundaries are blurring. New skills and unlearning old ways are critical.
Gamification can support creating a ladder approach to acquiring and utilizing
new skills for continuous software delivery ecosystems, testing and security.
However, underpinning collective wisdom through gamification needs a systematic
framework where we are able to integrate game ideation, design, validation &
incentives with different persona types. To apply gamification in a systematic
manner to solve serious problems, ideate, and come together to create new
knowledge in a fun way, is challenging. To successfully apply gamification for
upskilling and boosting productivity, it will have to be accompanied by
understanding the purposefulness through the following two critical
perspectives: Benefits of embracing gamification for people – Removing fear,
having fun, and making the desirable shift towards new knowledge; creating an
environment that is inclusive and can provide a learning ecosystem for
all.
Artificial Intelligence: The Future Of Cybersecurity?
Cybersecurity in Industry 4.0 can't be tackled in the same way as that of
traditional computing environments. The number of devices and associated
challenges are far too many. Imagine monitoring security alerts for millions
of connected devices globally. IIoT devices possess limited computing power
and, therefore, lack the ability to run security solutions. This is where AI
and machine learning come into play. ML can make up for the lack of security
teams. AI can help discover devices and hidden patterns while processing large
amounts of data. ML can help monitor incoming and outgoing traffic for any
deviations in behavior in the IoT ecosystem. If a threat or anomaly is
detected, alarms can be sent to security admins warning them about the
suspicious traffic. AI and ML can be used to build lightweight endpoint
detection technologies. This can be an indispensable solution, especially in
situations where IoT devices lack the processing power and need behavior-based
detection capabilities that aren't as resource intensive. AI and ML
technologies are a double-edged sword.
3 ways any company can guard against insider threats this October
Companies don’t become cyber smart by accident. In fact, cybersecurity is
rarely top-of-mind for the average employee as they go about their day and
pursue their professional responsibilities. Therefore, businesses are
responsible for educating their workforce, training their teams to identify
and defend against the latest threat patterns. For instance, phishing scams
have increased significantly since the pandemic’s onset, and each malicious
message threatens to undermine data integrity. Meanwhile, many employees can’t
identify these threats, and they wouldn’t know how to respond if they did. Of
course, education isn’t limited to phishing scams. One survey found that 61
percent of employees failed a basic quiz on cybersecurity fundamentals. With
the average company spending only 5 percent of its IT budget on employee
training, it’s clear that education is an untapped opportunity for many
organizations to #BeCyberSmart. When coupled with intentional accountability
measures that ensure training is implemented, companies can transform their
unaware employees into incredible defensive assets.
VMware gears up for a challenging future
“What we are doing is pivoting our portfolio or positioning our portfolio to
become the multi-cloud platform for our customers in three ways,” Raghuram
said. “One is enabling them to execute their application transformation on the
cloud of their choice using our Tanzu portfolio. And Tanzu is getting
increased momentum, especially in the public cloud to help them master the
complexities of doing application modernization in the cloud. And of course,
by putting our cloud infrastructure across all clouds, and we are the only one
with the cloud infrastructure across all clouds and forming the strategic
partnerships with all of the cloud vendors, we are helping them take their
enterprise applications to the right cloud,” Raghuram said. Building useful
modern enterprise applications is a core customer concern, experts say. “Most
new apps are built-on containers for speed and scalability. The clear winner
of the container wars was Kubernetes,” said Scott Miller, senior director of
strategic partnerships for World Wide Technology (WWT), a technology and
supply-chain service provider and a VMware partner.
Software cybersecurity labels face practical, cost challenges
Cost and feasibility are among the top challenges of creating consumer labels
for software. Adding to these challenges is the fact that software is
continually updated. Moreover, software comes in both open-source and
proprietary formats and is created by a global ecosystem of firms that range
from mom-and-pop shops all the way up to Silicon Valley software giants. "It's
way too easy to create requirements that cannot be met in the real world,"
David Wheeler, director of open source supply chain security at the Linux
Foundation and leader of the Core Infrastructure Initiative Best Practices
Badge program, said at the workshop. "A lot of open-source projects allow
people to use them at no cost. There's often no revenue stream. You have to
spend a million dollars at an independent lab for an audit. [That] ignores the
reality that for many projects, that's an impractical burden." ... Another
critical aspect of creating software labels is to ensure that they don't
reflect static points in time but are instead dynamic, taking into account the
fluid nature of software.
Work’s not getting any easier for parents
Part of many managers’ discomfort with remote work is that they are unsure how
to gauge their off-site employees’ performance and productivity. Some business
leaders equate face time with productivity. I’ll never forget a visit I had to
a Silicon Valley startup in which the manager showing me around described a
colleague this way: “He’s such a great worker. He’s here every night until 10,
and back in early every morning!” In my work helping businesses update their
policies and cultures to accommodate caregivers, I often have to rid managers
of this old notion. There’s nothing impressive, or even good, about being in
the office so much. To help change the paradigm, I work with managers to find
new ways of measuring an individual’s performance and productivity. Instead of
focusing on hours worked per day, we look at an employee’s achievements across
a broader time metric, such as a month or quarter. We ask, what did the
employee do for the company during that time? It’s often then that businesses
realize how little overlap there is between those who are seen working the
most and those who have the greatest impact on the company.
How to use feedback loops to improve your team's performance
In systems, feedback is a fundamental force behind their workings. When we fly
a plane, we get feedback from our instruments and our co-pilot. When we
develop software, we get feedback from our compiler, our tests, our peers, our
monitoring, and our users. Dissent works because it’s a form of feedback, and
clear, rapid feedback is essential for a well functioning system. As examined
in “Accelerate”, a four-year study of thousands of technology organizations
found that fostering a culture that openly shares information is a sure way to
improve software delivery performance. It even predicts ability to meet
non-technical goals. These cultures, known as “generative” in Ron Westrum’s
model of organizational culture, are performance–and learning–oriented. They
understand that information, especially if it’s difficult to receive, only
helps to achieve their mission, and so, without fear of retaliation,
associates speak up more frequently than in rule-oriented (“bureaucratic”) or
power-oriented (“pathological”) cultures. Messengers are praised, not shot.
Quote for the day:
"A pat on the back is only a few
vertebrae removed from a kick in the pants, but is miles ahead in
results." -- W. Wilcox
No comments:
Post a Comment