The challenges of cloud data management
IT departments are facing a growing challenge to stay abreast of advancements in
cloud technologies, provide day-to-day support for increasingly complex systems,
and adhere to ever-changing regulatory requirements. In addition, they must
ensure the systems they support are able to scale to meet performance objectives
and are secured against unauthorized access. ... Much like data security,
adhering to regulatory compliance frameworks is a shared responsibility between
the customer and cloud provider. Larger cloud vendors will provide third-party
auditor compliance reports and attestations for the regulatory frameworks they
support. It will be up to each organization to read the documentation and ensure
the contents meet specific compliance needs. Most leading platforms will also
provide tools to help clients configure identity and access management, secure
and monitor their data, and implement audit trails. But the responsibility for
ensuring the tools' configuration and usage meet the framework's control
objectives relies solely with the customer. ... We know one of IT's core
responsibilities is to transform raw data into actionable insights.
Learning to learn: will machines acquire knowledge as naturally as children do?
We create new-to-the-world machines, with sophisticated specifications, that are
hugely capable. But to reach their potential, we have to expose them to hundreds
of thousands of training examples for every single task. They just don’t ‘get’
things like humans do. One way to get machines to learn more naturally, is to
help them to learn from limited data. We can use generative adversarial networks
(GANs) to create new examples from a small core of training data rather than
having to capture every situation in the real world. It is ‘adversarial’ because
one neural network is pitted against another to generate new synthetic data.
Then there’s synthetic data rendering – using gaming engines or computer
graphics to render new scenarios. Finally, there are algorithmic techniques such
as Domain Adaption which involves transferable knowledge (using data in summer
that you have collected in winter, for example) or Few Shot Learning, which
making predictions from a limited number of samples. Taking a different
limited-data route is multi-task Learning, where commonalities and differences
are exploited to solve multiple tasks simultaneously.
IT hiring: 5 signs of a continuous learner
Whatever you call it, it’s an important attribute to consider when hiring or
grooming the most capable IT professionals today. A continuous learner can offer
more bang for the buck in one of the strongest job markets in recent years. “We
have found that many companies, while their job descriptions state they are
looking for a certain number of years of experience in a laundry list of
technologies, are being more flexible and hiring candidates that may be more
junior, or those who lack a few main technologies,” Spathis says, noting that
many organizations are willing to take the risk on more junior or less
specifically experienced candidates who are eager, trainable, and able to learn
new skills. There’s definite agreement on the demand for continuous learners in
the IT function today. “To thrive during these changing times, it’s imperative
that IT organizations continuously grow and change with changing needs,” says
Dr. Sunni Lampasso, executive coach and founder of Shaping Success. “As a
result, IT organizations that employ continuous learners are better equipped to
navigate the changing work world and meet changing demands.”
Ethical and Productivity Implications of Intelligent Code Creation
AI technology is changing the working process of software engineers and test
engineers. It is promoting productivity, quality, and speed. Businesses use AI
algorithms to improve everything from project planning and estimation to quality
testing and the user experience. Application development continues to evolve in
its sophistication, while the business increasingly expects solutions to be
delivered faster than ever. Most of the time, organizations have to deal with
challenging problems like errors, defects, and other complexities while
developing complex software. Development and Testing teams no longer have the
luxury of time when monthly product launches were the gold standard. Instead,
today’s enterprises demand weekly releases and updates that trickle in even more
frequently. This is where self-coded applications come into play. Applications
that generate the code themselves help the programmers accomplish a task in less
time and increase their programming ability. Artificial intelligence is the
result of coding, but now coding is the result of Artificial intelligence. It is
now helping almost every sector of the business and coders to enhance the
software development process.
How To Transition From Data Analyst To Data Scientist
Before even thinking about making the transition, one has to be very clear
about what a data scientist does and introspect what has to be done to fill
the gaps that are needed to make the transition and the skills the person has
now. A data scientist not only handles data but provides much deeper insights
from it. Other than gaining the right mathematical and statistical know-how,
training yourself to look at business problems with the mindset of a data
scientist and not just like a data analyst will be of great help. This means
that while looking into a problem, developing your critical thinking and
analytical skills, getting deep into the problem to be solved at hand, and
coming up with the right way to approach the solution will train you for the
future. A data analyst might not have great coding skills but surely has to
know it well. Data scientists use tools like R and Python to derive
interpretations from the massive data sets they handle. As a data analyst, if
you are not great at coding or don’t know the common tools, it would be wise
to start taking basic courses on them and use them then in real-world
applications.
Application Security Manager: Developer or Security Officer?
First, an ASM has to understand what a supervised project is about. This is
especially important for agile development, where, unlike the waterfall model,
you don’t have two months to perform a pre-release review. An АSМ’s job is to
make sure that the requirements set at the design stage are correctly
interpreted by the team, properly adopted in the architecture, are generally
feasible, and will not cause serious technical problems in the future.
Typically, the ASM is the main person who reads, interprets, and assesses
automated reports and third-party audits. ... Second, an ASM should know about
various domains, including development processes and information security
principles. Hard skills are also important because it’s very difficult to
assess the results provided by narrow specialists and automated tools if you
can’t read the code and don’t understand how vulnerabilities can be exploited.
When a code analysis or penetration test reveals a critical vulnerability,
it’s quite common for developers (who are also committed to creating a secure
system) to not accept the results and claim that auditors failed to exploit
the vulnerability.
Top Open Source Security Tools
WhiteSource detects all vulnerable open source components, including
transitive dependencies, in more than 200 programming languages. It matches
reported vulnerabilities to the open source libraries in code, reducing the
number of alerts. With more than 270 million open source components and 13
billion files, its vulnerability database continuously monitors multiple
resources and a wide range of security advisories and issue trackers.
WhiteSource is also a CVE Numbering Authority, which allows it to responsibly
disclose new security vulnerabilities found through its own research. ...
Black Duck software composition analysis (SCA) by Synopsys helps teams manage
the security, quality, and license compliance risks that come from the use of
open source and third-party code in applications and containers. It integrates
with build tools like Maven and Gradle to track declared and transitive open
source dependencies in applications’ built-in languages like Java and C#. It
maps string, file, and directory information to the Black Duck KnowledgeBase
to identify open source and third-party components in applications built using
languages like C and C++.
Why You Don't Need to Be a Business Insider in Order to Succeed
No matter what anyone tells you, it’s not a zero-sum game. There is abundance
out there for everyone. Of course, money becomes concentrated with various
people, but wealth-mobility is very real and happening all the time. We hear
people talk about the 1% all the time (often in an effort to paint them as a
monolithic, evil, controlling class). What they fail to recognize is that
people are constantly moving in and out of the 1% all the time. Some of this
is down to inherited wealth, and some is down to hard work — but it’s
happening all the time. What really lies at the heart of this is fear. We
abdicate our power to an imagined ruling class because we’re afraid of the
unknown. And before you think this is about blaming you: It is our
subconscious being unwilling to take the risk that stops us. You have a
built-in stowaway in your mind who wants to maintain a status quo. Therefore,
any new growth opportunities — while intellectually exciting and appealing —
will be met with emotional resistance at some point. I’m sure you’ve had this
happen to you before: You get a new career-changing offer, you do a little
dance and head off to celebrate.
Why a new approach to eDiscovery is needed to decrease corporate risk
For businesses, the combination of these factors has led to a big increase in
corporate risk, putting significant pressure on any corporate investigations
that need to be conducted and making the eDiscovery process much more
difficult. Not only are employees and their devices a lot less accessible than
they used to be, but the growing use of personal devices, many of which lack
proper security protocols or use unsecured networks, leaves company data much
more vulnerable to theft or loss. If that wasn’t enough, heightened privacy
concerns and the likelihood that personal data will be unintentionally swept
up in any eDiscovery processes can make employees even more reluctant to hand
over their devices to investigators if/when needed (if investigators can even
get hold of them). As a result, many companies are suddenly finding themselves
between a rock and a hard place. How can they operate a more employee friendly
hybrid working model while still maintaining the ability to carry out
corporate investigations and eDiscovery in the event it’s required?
Three key areas CIOs should focus on to generate value
CIOs and IT executives should focus on three types of partner connections:
one-to-one, one-to-many and many-to-many. A one-to-one connection can be taken
to the next level and become a generative partnership where the enterprise and
technology partner work together to create and build a solution that doesn’t
currently exist. The resulting assets are co-owned and produce benefits and
revenue for both partners. Generative partnerships are becoming more common.
In fact, Gartner forecasts that generative-based IT spending will grow at 31%
over the next five years. Beyond one-to-one connections is the formation of
ecosystems of multiple partners. One-to-many partnerships work best when a
single enterprise needs to focus many players on jointly solving a single
problem – such as a city bringing together public and private entities to
serve the citizen. Many-to-many partnerships are created when a platform
brings many different enterprises’ products and services together, to be
offered to many different customers. Often called platform business models,
these marketplaces and app/API stores enable the many to help the many at
ecosystem scale.
Quote for the day:
"Leaders are people who believe so
passionately that they can seduce other people into sharing their dream." --
Warren G. Bennis
No comments:
Post a Comment