Daily Tech Digest - November 19, 2021

The Old Ways Aren’t Working: Let’s Rethink OT Security

Traditionally, OT systems were not connected to the Internet, but that has been changing in recent years as organizations have focused on making OT more efficient, safer, and cost-effective. “One of the ways to do that is to start using IT and connect OT to the Internet,” Masson says. The world of IT has the Internet of Things (IoT). The equivalent in the world of critical infrastructure – the sensors used in manufacturing facilities and out in the field – is the industrial Internet of Things (IIoT). While IT/OT convergence has significant benefits, such as the ability to monitor and manage OT remotely and collect information from sensors located in remote locations, it also introduced threats from the IT world that had never existed before in OT networks, Masson says. ... That is no longer the case. Cybercriminal gangs have figured out that they can make money out of targeting critical infrastructure. While some criminal gangs may be possibly acting on the behalf of nation-states, many are also flowing some of the ransom money “back into their own R&D,” Masson says. The convergence of IT and OT has made it possible for these criminal gangs to adapt their IT-based attacks to target critical infrastructure providers.

How to improve your SaaS security posture and reduce risk

Adaptive Shield’s SaaS Security Posture Management (SSPM) provides proactive, continuous and automated monitoring of any SaaS application, alongside a built-in knowledge base of compliance standards and benchmarks to ensure the highest level of SaaS security available today. As a SaaS offering that integrates with SaaS, the solution can be live in minutes. Once in place, it provides customers with clear visibility into their whole SaaS ecosystem where it can detect any misconfiguration, incorrect permissions, and all possible exposure, wherever they may be. Through its automated remediation capabilities, the solution sends detailed alerts at the first sign of a security misconfiguration. This allows the security team to quickly open a ticket to fix the issue with no go-between and no lengthy additional steps. ... It’s a common occurrence – that “wow” moment when the client sees their SaaS security posture for the first time on Adaptive Shield. They are able right away to glean the potential places for breach or leak and are excited for the map of how to fix it.

Fixing the blind spots in your digital transformation efforts

There’s often a disconnect between what your customers say they want to do and what they actually do. That’s why it is critical to have visibility into your customers’ product journeys. For example, what actions in the product lead to a repeat user? Where are your biggest drop-off rates? Where are users stalling in the purchase process? You can use these insights to optimise your digital product. Facebook famously discovered that the key to great user engagement was adding seven friends in the first 10 days of signing up. The company re-designed its product experience around this insight, and we all know that turned out to be a success. But the tricky part is getting your hands on this product data – the sheer number of data points needed to join, analyse, and correlate customer actions to outcomes makes this incredibly complicated. Companies have tried (and failed) to use web and marketing analytics tools to pull this off, but these products weren’t built for the scale and complexity of today’s digital products. Instead, teams need to utilise product-specific tools that leverage machine learning and offer real-time insights.

Leading With Empathy

Frоm a global реrѕресtіvе, empathy іѕ infinitely important раrtісulаrlу іf іt ends іn соmраѕѕіоn. Emраthу motivates people tо step іn and hеlр those who have bееn struck by major disasters even іf they аrе tоtаl strangers. Empathy brings out the best in us and improves the global quality of life. There is a dire need for collaboration, compassion, kindness, and empathy in these challenging times. Empathy is the ability to emotionally understand what other people feel, see things from their perspective, and imagine yourself in their place. It is a skill and not a trait. One’s upbringing, environment, life experiences, and interactions with other empathic people strongly influence empathy. Empathy is a scarce resource in our organizations and communities today. Contrary to what people believe, you do not need permission to lead with empathy. Anyone can be an empathic leader. Your actions to improve someone’s quality of life in adversity are what make you an empathic leader. Empathic leaders are in short supply in the workforce as well. The stereotype of a workforce leader has been military in nature with no leeway for human emotions. 

CRISP: Critical Path Analysis for Microservice Architectures

At Uber, most services are Jaeger enabled and hence we are able to collect a reliable dependency graph of RPC calls for a given request. However, the amount of data would be prohibitive if all requests were traced. Hence, we employ a sampling strategy to collect a fraction of requests. If a request is tagged for Jaeger monitoring at the system’s entry point, all its subsequent downstream calls made on behalf of the request are collected into a single trace. We store Jaeger traces in different data stores with different shelf lives. We refer the reader to the Jaeger Uber engineering blog and the open-source code base for further details about Jaeger. Unfortunately, in a complex microservice environment, the Jaeger traces are hard to digest via visual inspection. Even a single trace can be very complicated as shown in the call graph and timeline views in Figure 2 below, which are taken from a real-world microservice interaction at Uber. This motivates the need for tooling to analyze and summarize the traces into actionable tasks for developers.

The Mindset of an Impactful Component Team in Agile

Developing a solution that doesn't exist or which needs to be modified to fit into the layers of architecture is a huge responsibility. In the beginning, the right solution might look like a far-away dream for a number of reasons such as time taken in selection and availability of tools, initial prototype failures, lack of ideas, solution stuck on a unique point which requires significant exploration or help from open sources adding to the delay, infrastructure issues, etc. Successful component teams I have seen, don’t get carried away from the situational setbacks; they understand the inherent challenges in the technology they work with and remain determined to get the job done. They take the challenges on daily basis, exhibit perseverance, possess a never say die attitude, are open for discussions, and reach out to people they need help from. Leadership support, sessions by agile coaches, and grooming by experienced SMEs play a good role in helping the teams develop this mindset which assures desired outcome in the long run.

How to Build a Security Awareness Training Program that Yields Measurable Results

Employees represent security risks mainly because they are unaware of how their actions and decisions cause security incidents. To address this cause, enterprises undertake extensive security awareness training efforts to help employees know what they should and shouldn't do when working digitally. The mere act of exposing employees to security training is not enough; a program is not effective unless it produces results in building real skills that change employee behavior and empower them to make the right choice in the face of a cyberattack. To achieve this, companies must select a security awareness training that is data-driven, adaptive per employee location, takes into account role and behavior towards cyber training, is continuous and high-frequency, and engages each employee at least once a month. Some of the key features organizations should be looking for in a security awareness program can be divided into the following. The more employees are exposed to real-life phishing emails and other security risks, the more likely they are to succeed in protecting the organization and assets against phishing, malware, and many other threats. 

How Automation is Changing Entry-Level Career Paths in IT

“It is important to realize that AI and automation won’t be replacing IT workers,” says venture advisor and investor Frank Fanzilli. “These technologies simply enable an IT worker to effectively manage ever more complex and rapidly changing systems.” Fanzilli says with automation on the way to becoming an entirely new discipline within IT -- one that will radically change how IT work is delivered -- it makes it a great opportunity for entry-level IT workers to exploit the skill gap and become the next generation of IT leaders. He says entry-level engineers should make sure they understand transformative automation technologies such as robotic process automation and digital platform conductors and then build a career path that leverages these technologies to drive ever greater business value. “You’re already seeing this happen with the rapid adoption of platforms such as UIPath and ReadyWorks and the effect these human/automation interfaces are having in driving down costs and improving overall quality,” Fanzilli notes.

Tackling the root of the public sector’s cyber security problem

Many governmental organisations rely on outdated systems, choosing to retain platforms that are increasingly frustrating to use. Budgetary constraints and responsibility of public money can lead the public sector to veto new technology investments in favour of a ‘if it ain’t broke’ mentality. Of course, stringing along outdated systems is a false economy. Built in a different era for different demands, legacy IT impedes the work of individuals, teams or entire organisations and often requires a complex estate of specialised and tailored legacy applications. Over time, these outdated ecosystems become more expensive to support, patch and update, consuming up to 50% of annual IT budgets, in the case of the UK government itself. On the flipside, newer systems, applications and platforms open a wealth of benefits, from bottom-line financial improvements, efficiency gains, or even the positivity of a much better user experience. The problem is, the longer outdated technology is in place, the more difficult it is to replace. Rewriting those applications from scratch to ensure compatibility with modern platforms can be expensive and time consuming. 

Faster Financial Software Development Using Low Code: Focusing on the 4 Key Metrics

To that end, low-code/no-code platforms are rapidly accelerating the capabilities of the enterprise to develop robust, bespoke applications with speed and security as part of their remit to clients. Examples of these range from the extremely targeted Genesis, a low-code/no-code platform built specifically for financial markets to the “one-size-fits-all” Appian, a general purpose low-code/no-code platform used to build many enterprise applications. With low code and no code, “citizen” developers are empowered to build applications and help unclog always-under-pressure IT departments. Achieving speed, stability, and availability in software development is possible; in fact, these are all complementary outcomes. In this article, I’ll share actionable tips to achieve an effective pace of software development, as defined by the 4 key performance metrics described in Accelerate, a book by Dr. Nicole Forsgren et al., and with current industry data from the 2021 State of CD report from the Continuous Delivery Foundation.

Quote for the day:

"The person who sees the difficulties so clearly that he does not discern the possibilities cannot inspire a vision in others." - J. Oswald Sanders

No comments:

Post a Comment