Daily Tech Digest - November 20, 2021

How midsize companies are vulnerable to data breaches and other cyberattacks

Since almost the start of 2020, businesses have increasingly turned to remote work, grown the number of devices connecting to their networks, and expanded their use of the cloud. In reaction, more cybercriminals have stretched their repertoire to include ransomware attacks via the cloud and email, endpoint malware, Wi-Fi phishing and insider threats. The security industry also has a tendency to focus on the enterprise market with expensive and expansive products, thus sometimes neglecting mid-market companies. Plus, the security products used by smaller businesses are often misconfigured. ... But less than 1% of midsize companies have Wi-Fi phishing protection in place, while 90% of the ones that do have misconfigured them. In this type of environment, midsize companies are vulnerable because many lack the required security teams, the in-house expertise or the advanced and expensive security tools needed to defend themselves. As a result, many such businesses are unable to properly safeguard the company.

Why Sabre is betting against multi-cloud

“We were able to start making that journey, but we had not done a lot in the cloud before. So, originally, we went on path where we made deals with all the major cloud providers. We were thinking: well, let’s go down the multi-cloud path until we see if there’s something better, because, quite frankly, we didn’t know what we didn’t know and we didn’t want to make the mistake of committing to anybody too early.” And while the leadership was behind the move, DiFonzo felt like he had to get an early win, in part because the company’s customers also had to be on board. For that, the team picked one of Sabre’s most important and most CPU-intensive services: its shopping application, which previously ran in its own Tulsa, Oklahoma data center. That’s where a lot of revenue for Sabre’s customers is generated, so by being able to show improved performance and stability for this service, the team was able to build up credibility for the rest of its roadmap. But by mid-2018, the team realized that using multiple clouds became a limiting factor. 

How Artificial Intelligence is Improving Cloud Computing?

Embedding artificial intelligence into the cloud framework helps improve data management by automating redundant tasks, identifying, sorting, and indexing different types of data, managing data transactions on the cloud, identifying any faults in the cloud infrastructure, and ultimately streamlining the whole data management process. With the advent of the SaaS model, it became possible to host not just data but also complex software applications and even entire virtual computers on the cloud which users could access and use as per their requirements. To improve the cloud computing experience further, SaaS application developers began to fuse AI with their applications and the result was the availability of powerful SaaS software applications that were empowered by AI and ready to offer greater functionality to end-users. A popular example is Salesforce Einstein, Salesforce’s intelligent solution for businesses that use the power of artificial intelligence for predictive analytics, deeper data insights, comprehensive user-behavior reports, and much more, thereby providing data that businesses can use to formulate their sales strategies and increase their profits.

CQRS pattern

Having separate query and update models simplifies the design and implementation. However, one disadvantage is that CQRS code can't automatically be generated from a database schema using scaffolding mechanisms such as O/RM tools. For greater isolation, you can physically separate the read data from the write data. In that case, the read database can use its own data schema that is optimized for queries. For example, it can store a materialized view of the data, in order to avoid complex joins or complex O/RM mappings. It might even use a different type of data store. For example, the write database might be relational, while the read database is a document database. If separate read and write databases are used, they must be kept in sync. Typically this is accomplished by having the write model publish an event whenever it updates the database. For more information about using events, see Event-driven architecture style. Updating the database and publishing the event must occur in a single transaction.

Top lesson from SolarWinds attack: Rethink identity security

“You’ve got to maintain that [identity] infrastructure. You’ve got to know when it’s been compromised, and when somebody has already got your credentials or is stealing your tokens and presenting them as real,” he said. Digital identity management is notoriously difficult for enterprises, with many suffering from identity sprawl—including human, machine, and application identities (such as in robotic process automation). A recent study commissioned by identity security vendor One Identity revealed that nearly all organizations — 95% — report challenges in digital identity management. The SolarWinds attackers took advantage of this vulnerability around identity management. During a session with the full Gartner conference on Thursday, Firstbrook said that the attackers were in fact “primarily focused on attacking the identity infrastructure” during the SolarWinds campaign. Other techniques that were deployed by the attackers included theft of passwords that enabled them to elevate their privileges (known as kerberoasting); theft of SAML certificates to enable identity authentication by cloud services; and creation of new accounts on the Active Directory server, according to Firstbrook.

3 reasons devops must integrate agile and ITSM tools

Devsecops practices alone don’t cement the collaboration required to bring development, operations, and security functions together to meet these objectives. It requires implementing, tracking, and measuring workflows that span these functions. For many organizations, these workflows bring together agile methodologies used by development teams, including scrum and kanban, with IT service management (ITSM) practices managed by ops, including request management, incident management, problem management, change management, and maintaining a configuration management database (CMDB). Yet, many IT organizations fail to integrate their agile and ITSM tools. The development teams might be using Azure DevOps, Digital.ai, Jira Software, or another agile tool to manage backlogs of user stories, sprints, and releases in the development process. Independently, ops may be using BMC, Cherwell, Ivanti, Jira Service Management, Micro Focus, ServiceNow, or another ITSM tool to manage tickets, track systems, and oversee change management.

An Important Skill for Data Scientists and Machine Learning Practitioners

Data Science as a discipline and profession demands its practitioners possess various skills, ranging from soft skills such as communication, leadership to hard skills such as deductive reasoning, algorithmic thinking, programming, and so on. But there’s a crucial skill that should be attained by Data Scientists, irrespective of their experience, and that is writing. Even Data Scientists working in technical fields such as quantum computing, or healthcare research need to write. It takes time to develop strong writing ability, and there are challenges that Data Scientists confront that might prevent them from expressing their thoughts easily. ... Many experts believe that blogs and articles have a unique role in the machine learning community. Articles are how professionals stay up to date on software releases, learn new methods, and communicate ideas. Technical and non-technical ML articles are the two most frequent sorts of articles you’ll encounter. 

What the hell is the difference between a data analyst and a data scientist?

Just like data analysts, data scientists work towards answering a particular business question that requires data-driven insight. However, data scientists are primarily concerned about estimating unknowns, using algorithms and statistical models to answer these questions. As a result, a key difference is the extent of coding employed in data scientist roles. In this respect, data science roles can be challenging as they require a blend of technical skills and an understanding of business problems in context. A data scientist will often find himself or herself trying out different algorithms to solve a particular problem and might even have to be familiar with pipeline automation. Data scientists also get their hands dirty with much larger sets of data than analysts do and are thus required to possess the skills to explore and model huge amounts of unstructured data, often in a parallel fashion using languages like Scala. Many data scientists eventually realize that a big part of their job involves just cleaning and processing raw data from a multitude of sources and making sure that this process can be replicated for actual deployment and prediction.

Building multichain is a new necessity for DeFi products

This trend is fueled, in part, by the Polkadot and Kusama ecosystem that was built with a multichain philosophy at its core. Parachains connected to the relay chain easily communicate with one another, raising the bar even higher for the entire space. With the second set of parachain slot auctions just around the corner, they continue to set the standard for the multichain industry. Projects that make it easier for the average user to connect more systems — such as the Moonbeam protocol and the Phantom wallet — are raising millions of dollars to simplify this new multichain reality for users. But how do you navigate this as a developer? We can see clearly that the market is shaped by user demands. Depending on their needs, your users are turning to blockchains that better serve them — and to the platforms that offer access to them. As a result, projects that support multiple chains gain larger audiences and more liquidity. This means that at a minimum, your DeFi product needs to support Ethereum and a “niche” blockchain — there are established leaders for trading, staking, nonfungible tokens (NFTs) and more. And the more chains with which you can interact, the better.

The 5 Biggest Blockchain Trends In 2022

Blockchain is hugely compatible with the idea of the Internet of Things (IoT) because it is great for creating records of interactions and transactions between machines. It can potentially help to solve many problems around security as well as scalability due to the automated, encrypted, and immutable nature of blockchain ledgers and databases. It could even be used for machine-to-machine transactions – enabling micropayments to be made via cryptocurrencies when one machine or network needs to procure services from another. While this is an advanced use case that may involve us traveling a little further down the road before it impacts our day-to-day lives, it’s likely we will start to hear about more pilot projects and initial use cases in this field during 2022. Innovation in this field is likely to be driven by the ongoing rollout of 5G networks, meaning greater connectivity between all manner of smart, networked equipment and appliances – not simply in terms of speed, but also new types of data transactions including blockchain transactions.

Quote for the day:

"Good leadership consists of showing average people how to do the work of superior people." -- John D. Rockefeller

No comments:

Post a Comment