Daily Tech Digest - October 30, 2021

Ransomware Attacks Are Evolving. Your Security Strategy Should, Too

Modern ransomware attacks typically include various tactics like social engineering, email phishing, malicious email links and exploiting vulnerabilities in unpatched software to infiltrate environments and deploy malware. What that means is that there are no days off from maintaining good cyber-hygiene. But there’s another challenge: As an organization’s defense strategies against common threats and attack methods improve, bad actors will adjust their approach to find new points of vulnerability. Thus, threat detection and response require real-time monitoring of various channels and networks, which can feel like a never-ending game of whack-a-mole. So how can organizations ensure they stay one step ahead, if they don’t know where the next attack will target? The only practical approach is for organizations to implement a layered security strategy that includes a balance between prevention, threat detection and remediation – starting with a zero-trust security strategy. Initiating zero-trust security requires both an operational framework and a set of key technologies designed for modern enterprises to better secure digital assets. 

Stateful Applications in Kubernetes: It Pays to Plan Ahead

Maybe you want to go with a pure cloud solution, like Google Kubernetes Engine (GKE), Amazon Elastic Kubernetes Service (EKS) or Azure Kubernetes Service (AKS). Or perhaps you want to use your on-premises data center for solutions like RedHat’s OpenShift or Rancher. You’ll need to evaluate all the different components required to get your cluster up and running. For instance, you’ll likely have a preferred container network interface (CNI) plugin that meets your project’s requirements and drives your cluster’s networking. Once your clusters are operational and you’ve completed the development phase, you’ll begin testing your application. But now, your platform team is struggling to maintain your stateful application’s availability and reliability. As part of your stateful application, you’ve been using a database like Cassandra, MongoDB or MySQL. Every time a container is restarted, you begin to see errors in your database. You can prevent these errors with some manual intervention, but then you’re missing out on the native automation capabilities of Kubernetes.

Understanding Kubernetes Compliance and Security Frameworks

Compliance has become crucial for ensuring business continuity, preventing reputational damage and establishing the risk level for each application. Compliance frameworks aim to address security and privacy concerns through easy monitoring of controls, team-level accountability and vulnerability assessment—all of which present unique challenges in a K8s environment. To fully secure Kubernetes, a multi-pronged approach is needed: Clean code, full observability, preventing the exchange of information with untrusted services and digital signatures. One must also consider network, supply chain and CI/CD pipeline security, resource protection, architecture best practices, secrets management and protection, vulnerability scanning and container runtime protection. A compliance framework can help you systematically manage all this complexity. ... The Threat Matrix for Kubernetes, developed from the widely recognized MITRE ATT@CK (Adversarial Tactics, Techniques & Common Knowledge) Matrix, takes a different approach based on today’s leading cyberthreats and hacking techniques.

Authentication in Serverless Apps—What Are the Options?

In serverless applications, there are many components interacting—not only end users and applications but also cloud vendors and applications. This is why common authentication methods, such as single factor, two-factor and multifactor authentication offer only a bare minimum foundation. Serverless authentication requires a zero-trust mentality—no connection should be trusted, even communication between internal components of an application should be authenticated and validated. To properly secure serverless authentication, you also need to use authentication and authorization protocols, configure secure intraservice permissions and monitor and control incoming and outgoing access. ... A network is made accessible through a SaaS offering to external users. Access will be restricted, and every user will require the official credentials to achieve that access. However, this brings up the same problems raised above—the secrets must be stored somewhere. You cannot manage how your users access and store the credentials that you provide them with; therefore, you should assume that their credentials are not being kept securely and that they may be compromised at any point.

The economics behind adopting blockchain

If we take the insurance sector as a use case, we can see how blockchain mitigates various issues around information asymmetries. One fundamental concern in the insurance sector is the principal-agent problem, which stems from conflicting incentives amidst information asymmetry between the principal (insurer company) and the agent (of the company). Some adverse outcomes of this include unprofessional conduct, agents forging documents to meet assigned targets as well as a misrepresentation of the compliances, often leading to misselling of insurance products. These problems occur primarily due to the absence of an integrated mechanism to track and prevent fraudulent conduct of the agent. In such a scenario, blockchain has the ability to bridge the gaps and enhance the customer experience by virtue of providing a distributive, immutable and transparent rating system that allows agents to be rated according to their performance by companies as well as clients.

Techstinction - How Technology Use is Having a Severe Impact on our Climate

Like most large organisations, there is a general consciousness of the impact the Financial Services Industry is having on the environment. All three of these banks are taking serious measures to reduce their CO2 emissions and to change the behaviours of their staff. The Natwest group (who own RBS) for example recently published a working from home guide to their employees containing tips on how to save energy. Whilst this and all sustainability measures should be applauded, it’s important to acknowledge that "Sustainability in our work place" is very different and less important than "sustainability in our work", simply because there is more to be gained by optimising what we are doing as opposed to where we do it, both financially and for the environment. Sustainability in our work involves being lean in everything we do, including the hardware infrastructure being used, being completely digital in the services provided as well as how we produce software to deliver these services. All the major cloud providers invest heavily in providing energy efficient infrastructure as well using renewable energy sources.

How machine learning speeds up Power BI reports

Creating aggregations you don't end up using is a waste of time and money. "Creating thousands, tens of thousands, hundreds of thousands of aggregations will take hours to process, use huge amounts of CPU time that you're paying for as part of your licence and be very uneconomic to maintain," Netz warned. To help with that, Microsoft turned to some rather vintage database technology dating back to when SQL Server Analysis Service relied on multidimensional cubes, before the switch to in-memory columnar stores. Netz originally joined Microsoft when it acquired his company for its clever techniques around creating collections of data aggregations. "The whole multidimensional world was based on aggregates of data," he said. "We had this very smart way to accelerate queries by creating a collection of aggregates. If you know what the user queries are, [you can] find the best collection of aggregates that will be efficient, so that you don't need to create surplus aggregates that nobody's going to use or that are not needed because some other aggregates can answer [the query].

How GitOps Benefits from Security-as-Code

The emergence of security-as-code signifies how the days of security teams holding deployments up are waning. “Now we have security and app dev who are now in this kind of weird struggle — or I think historically had been — but bringing those two teams together and allowing flexibility, but not getting in the way of development is really to me where the GitOps and DevSecOps emerge. That’s kind of the big key for me,” Blake said. ... Developers today are deploying applications in an often highly distributed microservices environment. Security-as-code serves to both automate security for CI/CD with GitOps while also ensuring security processes are taking interconnectivity into account. “It’s sort of a realization that everything is so interconnected — and you can have security problems that can cause operational problems. If you think about code quality, one of your metrics for ‘this is good code’ doesn’t cause a security vulnerability,” Omier said. “So, I think a lot of these terms really come from acknowledging that you can’t look at individual pieces, when you’re thinking about how we are doing? ..."

The role of Artificial Intelligence in manufacturing

There are few key advantages which make the adoption of AI particularly suitable as launching pads for manufacturers to embark on their cognitive computing journey – intelligent maintenance, intelligent demand planning and forecasting, and product quality control. The deployment of AI is a complex process, as with many facets of digitisation, but it has not stopped companies from moving forward. The ability to grow and sustain the AI initiative over time, in a manner that generates increasing value for the enterprise, is likely to be crucial to achieving early success milestones on an AI adoption journey. Manufacturing companies are adopting AI and ML with such speed because by using these cognitive computing technologies, organisations can optimise their analytics capabilities, make better forecasts and decrease inventory costs. Improved analytics capabilities enable companies to switch to predictive maintenance, reducing maintenance costs and reducing downtime. The use of AI allows manufacturers to predict when or if functional equipment will fail so that maintenance and repairs can be scheduled in advance.

What the metaverse means for brand experiences

The metaverse is best described as a 3D World Wide Web or a digital facsimile of the physical world. In this realm, users can move about, converse with other users, make purchases, hold meetings, and engage in all manner of other activities. In the metaverse, all seats at live performances are front and center, sporting events are right behind home plate or center court, and of course, all avatars remain young and beautiful — if that’s what you desire — forever. As you might imagine, this is a marketer’s dream. Anheuser-Busch InBev global head of technology and innovation Lindsey McInerney explained to Built In recently that marketing is all about getting to where the people are, and a fully immersive environment is ripe with all manner of possibilities, from targeted marketing and advertising opportunities to fully virtualized brand experiences. Already, companies like ABB are experimenting with metaverse-type marketing opportunities, such as virtual horse racing featuring branded NFTs.

Quote for the day:

"Making those around you feel invisible is the opposite of leadership." -- Margaret Heffernan

No comments:

Post a Comment