Enhancing zero trust access through a context-aware security posture
A policy engine is the “brain” of a ZTA-based architecture, which dictates the
level of scrutiny applied to human and machine network agents as they attempt to
authenticate themselves and gain access to resources. These engines make
decisions about whether to approve or deny access—or demand additional
authentication factors—based on different factors including implied geolocation,
time of day, threat intelligence indicators, and sensitivity of data being
accessed. ZTA does not merely facilitate heightened scrutiny of network actors
that behave suspiciously. It also allows for streamlined access by bona fide
users to enhance productivity and reduce business interruptions resulting from
security measures. Thus, properly implemented zero-trust systems achieve the
best of both worlds: enhanced cybersecurity and more rapid generation and
delivery of business value. To make this model even more powerful in the face of
the evolving ransomware threat, I would suggest that ZTA systems incorporate
additional factors—in concert with the aforementioned ones—to allow
organizations to assume a context-aware security posture.
Key trends driving the workforce transformation in 2022
As employers look for ways to drive inclusion amidst new work models, connection
will become a measurement of workforce culture. ADP Research Institute found
that U.S. workers who feel they are Strongly Connected to their employer are 75
times more likely to be Fully Engaged than those who do not feel connected. With
connection driving engagement, employers will need to heighten their focus on
their people and reflect on the larger purpose that unites their workforce.
Workforce flexibility will stretch beyond perceived limits and employers will
embrace people-centered initiatives to build a workplace where everyone can
thrive. Diversity, equity, and inclusion strategies will additionally evolve to
drive true, measurable progress. ADP data shows more than 50 percent of
companies that leveraged ADP DataCloud’s DEI analytics capabilities have taken
action and realized positive impact on their DEI measures. With employees
remaining remote and hybrid, operational and compliance considerations will
grow, adding to an already complex regulatory environment. In fact, the survey
found nearly 20 percent of U.S.
AI Weekly: UN recommendations point to need for AI ethics guidelines
While the policy is nonbinding, China’s support is significant because of the
country’s historical — and current — stance on the use of AI surveillance
technologies. According to the New York Times, the Chinese government — which
has installed hundreds of millions of cameras across the country’s mainland —
has piloted the use of predictive technology to sweep a person’s transaction
data, location history, and social connections to determine whether they’re
violent. ... Regardless of their impact, the UNESCO recommendations signal
growing recognition on the part of policymakers of the need for AI ethics
guidelines. The U.S. Department of Defense earlier this month published a
whitepaper — circulated among National Oceanic and Atmospheric Administration,
the Department of Transportation, ethics groups at the Department of Justice,
the General Services Administration, and the Internal Revenue Service —
outlining “responsible … guidelines” that establish processes intended to “avoid
unintended consequences” in AI systems. NATO recently released an AI strategy
listing the organization’s principles for “responsible use [of] AI.”
From Naked Objects to Naked Functions
Naked Functions runs on .NET 6.0 and you can write your domain code in either
C# or F# – I’ll use the former in the following code examples. The persistence
layer is managed via Entity Framework Core, either relying on code conventions
or explicit mapping. Naked Functions reflects over your domain code to
generate a complete RESTful API – not just to the data but to all the
functions too – and this RESTful API may be consumed via a Single Page
Application (SPA) client. We provide a generic implementation of such a
client, written in Angular. But where in Naked Objects you write only
behaviourally complete domain objects, with Naked Functions you define only
immutable domain types and pure side-effect free domain functions. You do not
typically need to write any I/O at all, because the Naked Functions framework
handles I/O with the client and the database transparently. Critically, your
domain functions never make calls into the Naked Functions framework – it is
entirely the other way around.
Introducing the KivaKit Framework
/filters:no_upscale()/articles/introducing-kivakit/en/resources/1mini-frameworks-1637785248958.png)
KivaKit is an Apache License open source Java framework designed for
implementing microservices. KivaKit requires a Java 11+ virtual machine, but
is source-compatible with Java 8 and 9 projects. KivaKit is composed of a
set of carefully integrated mini-frameworks. Each mini-framework has a
consistent design and its own focus, and can be used in concert with other
mini-frameworks or on its own. ... Each mini-framework addresses a different
issue that is commonly encountered when developing microservices. This
article provides a brief overview of the mini-frameworks in the diagram
above, and a sketch of how they can be used. ... In KivaKit, there are two
ways to implement Repeater. The first is by simply extending BaseRepeater.
The second is to use a stateful trait or Mixin. Implementing the
RepeaterMixin interface is the same as extending BaseRepeater, but the
repeater mixin can be used in a class that already has a base class. Note
that the same pattern is used for the Component interface discussed
below.
Your supply chain: How and why network security and infrastructure matter
Threats to the supply chain can take many forms, including malware attacks,
piracy, unauthorized access to enterprise resources and data, and
unintentional or maliciously injected backdoors in software source code. In
addition to these threats, the hyper-connected structure of global supply
chains creates additional complexity for organizations to manage and
protect. Although one organization may have a strong security infrastructure
in place, other firms, suppliers, and resellers they are in close
communication with may not. As vendor networks become interconnected, the
sharing of information (both intentional and unintentional) will occur. An
accidental data leak indicates a weak spot in an organization’s network,
giving the green light to malicious actors looking for a way into it.
Attacks can happen at any tier of a supply chain, but most attackers will
look for weaker spots to exploit, which then impacts the entire operation.
Having a security-first mindset will help businesses stay ahead of threats.
This means putting security at the center of the supply chain and making it
a foundational element.
From digital transformation to work-life balance for talent, how the future of management consulting looks
As widespread digital acceleration occurs, a consulting firm will be
expected to provide services along with cyber security, design thinking,
user-interface design, digital transformation and M&A deal-making. There
will be greater expectations from clients that consulting firms own a bit of
the transformation and become private equity-oriented partners. A lot of
consulting firms, like Bain Capital today, are likely to embrace this route.
With geopolitical complexities coming in, supply chain re-alignment for risk
hedging is likely to emerge as a key piece of work. Also, the emerging
countries are likely to drive disproportionate growth for the industry.
Another likely big change will be that all consulting firms offer the same
services of strategy, design, implementation, cyber and M&A. The concept
of Big 3 (McKinsey, BCG, Bain) or Big 4 (PwC, EY, Deloitte, KPMG) will be
outdated since every consulting firm will compete on every deal. No case
will ever be called a strategic piece of work.
What Makes A Good Product Owner?
There are many opinions about this in our community. For example, there are
supposedly eight stances for Product Owners. Others argue that Product
Owners are great when their team doesn’t need them. A common opinion is that
Product Owners should actively experiment and test hypotheses. I gladly
support these opinions. At the same time, I wonder what a scientific
perspective has to offer. From our own quantitative research with 1.200
Scrum Teams, we know that teams are more effective when they are more aware
of the needs of their stakeholders. And Product Owners certainly seem to
play a role there. But as Unger-Windeler and her colleagues write (2019):
“While [the] role is supposed to maximize the value of the product under
development, there seemed to be several scattered results on how the Product
Owner achieve this, as well as what actually constitutes this role in
practice.” In this post, I explore scientific research that addresses the
role of the Product Owner. So I opened Google Scholar and searched for all
academic publications containing the word “Product Owner”.
Emerging tech in security and risk management to better protect the modern enterprise
When it comes to emerging technologies in security and risk management,
Contu focused on eight areas: confidential computing; decentralized
identity; passwordless authentication; secure access service edge (SASE);
cloud infrastructure entitlement management (CIEM); cyber physical systems
security; digital risk protection services; and external attack surface
management. Many of these technologies are geared toward meeting the new
requirements of multicloud and hybrid computing, Contu said. These emerging
technologies also align to what Gartner has termed the “security mesh
architecture,” where security is more dynamic, adaptable, and integrated to
serve the needs of digitally transformed enterprises, he said. ... While
still relatively new, secure access service edge (SASE) has gotten
significant traction in the market because it’s a “very powerful” approach
to improving security, Contu said. The term was first coined by Gartner
analysts in 2019. SASE offers a more dynamic and decentralized security
architecture than existing network security architectures, and it accounts
for the increasing number of users, devices, applications, and data that are
located outside the enterprise perimeter.
UK Legislation Seeks Mandatory Security Standards for IoT
Introduced to Parliament on Wednesday, the bill seeks to to allow "the
government to ban universal default passwords, force firms to be transparent
to customers about what they are doing to fix security flaws in connectable
products, and create a better public reporting system for vulnerabilities
found in those products," according to the government's Department for
Digital, Culture, Media & Sport. The bill was developed by DCMS together
with Britain's national incident response team, the National Cyber Security
Center, which is part of intelligence agency GCHQ. The bill also includes a
proposal to appoint a regulator to oversee compliance with the standards,
backed by the ability to fine violators up to 10 million pounds ($13.3
million), or up to 4% of a firm's global revenue, whichever is greater. "The
regulator will also be able to issue notices to companies, requiring that
they comply with the security requirements, recall their products, or stop
selling or supplying them altogether.
Quote for the day:
"I think the greater responsibility,
in terms of morality, is where leadership begins." --
Norman Lear
No comments:
Post a Comment