Daily Tech Digest - November 27, 2021

Enhancing zero trust access through a context-aware security posture

A policy engine is the “brain” of a ZTA-based architecture, which dictates the level of scrutiny applied to human and machine network agents as they attempt to authenticate themselves and gain access to resources. These engines make decisions about whether to approve or deny access—or demand additional authentication factors—based on different factors including implied geolocation, time of day, threat intelligence indicators, and sensitivity of data being accessed. ZTA does not merely facilitate heightened scrutiny of network actors that behave suspiciously. It also allows for streamlined access by bona fide users to enhance productivity and reduce business interruptions resulting from security measures. Thus, properly implemented zero-trust systems achieve the best of both worlds: enhanced cybersecurity and more rapid generation and delivery of business value. To make this model even more powerful in the face of the evolving ransomware threat, I would suggest that ZTA systems incorporate additional factors—in concert with the aforementioned ones—to allow organizations to assume a context-aware security posture.

Key trends driving the workforce transformation in 2022

As employers look for ways to drive inclusion amidst new work models, connection will become a measurement of workforce culture. ADP Research Institute found that U.S. workers who feel they are Strongly Connected to their employer are 75 times more likely to be Fully Engaged than those who do not feel connected. With connection driving engagement, employers will need to heighten their focus on their people and reflect on the larger purpose that unites their workforce. Workforce flexibility will stretch beyond perceived limits and employers will embrace people-centered initiatives to build a workplace where everyone can thrive. Diversity, equity, and inclusion strategies will additionally evolve to drive true, measurable progress. ADP data shows more than 50 percent of companies that leveraged ADP DataCloud’s DEI analytics capabilities have taken action and realized positive impact on their DEI measures. With employees remaining remote and hybrid, operational and compliance considerations will grow, adding to an already complex regulatory environment. In fact, the survey found nearly 20 percent of U.S.

AI Weekly: UN recommendations point to need for AI ethics guidelines

While the policy is nonbinding, China’s support is significant because of the country’s historical — and current — stance on the use of AI surveillance technologies. According to the New York Times, the Chinese government — which has installed hundreds of millions of cameras across the country’s mainland — has piloted the use of predictive technology to sweep a person’s transaction data, location history, and social connections to determine whether they’re violent. ... Regardless of their impact, the UNESCO recommendations signal growing recognition on the part of policymakers of the need for AI ethics guidelines. The U.S. Department of Defense earlier this month published a whitepaper — circulated among National Oceanic and Atmospheric Administration, the Department of Transportation, ethics groups at the Department of Justice, the General Services Administration, and the Internal Revenue Service — outlining “responsible … guidelines” that establish processes intended to “avoid unintended consequences” in AI systems. NATO recently released an AI strategy listing the organization’s principles for “responsible use [of] AI.” 

From Naked Objects to Naked Functions

Naked Functions runs on .NET 6.0 and you can write your domain code in either C# or F# – I’ll use the former in the following code examples. The persistence layer is managed via Entity Framework Core, either relying on code conventions or explicit mapping. Naked Functions reflects over your domain code to generate a complete RESTful API – not just to the data but to all the functions too – and this RESTful API may be consumed via a Single Page Application (SPA) client. We provide a generic implementation of such a client, written in Angular. But where in Naked Objects you write only behaviourally complete domain objects, with Naked Functions you define only immutable domain types and pure side-effect free domain functions. You do not typically need to write any I/O at all, because the Naked Functions framework handles I/O with the client and the database transparently. Critically, your domain functions never make calls into the Naked Functions framework – it is entirely the other way around.

Introducing the KivaKit Framework

KivaKit is an Apache License open source Java framework designed for implementing microservices. KivaKit requires a Java 11+ virtual machine, but is source-compatible with Java 8 and 9 projects. KivaKit is composed of a set of carefully integrated mini-frameworks. Each mini-framework has a consistent design and its own focus, and can be used in concert with other mini-frameworks or on its own. ... Each mini-framework addresses a different issue that is commonly encountered when developing microservices. This article provides a brief overview of the mini-frameworks in the diagram above, and a sketch of how they can be used. ... In KivaKit, there are two ways to implement Repeater. The first is by simply extending BaseRepeater. The second is to use a stateful trait or Mixin. Implementing the RepeaterMixin interface is the same as extending BaseRepeater, but the repeater mixin can be used in a class that already has a base class. Note that the same pattern is used for the Component interface discussed below.

Your supply chain: How and why network security and infrastructure matter

Threats to the supply chain can take many forms, including malware attacks, piracy, unauthorized access to enterprise resources and data, and unintentional or maliciously injected backdoors in software source code. In addition to these threats, the hyper-connected structure of global supply chains creates additional complexity for organizations to manage and protect. Although one organization may have a strong security infrastructure in place, other firms, suppliers, and resellers they are in close communication with may not. As vendor networks become interconnected, the sharing of information (both intentional and unintentional) will occur. An accidental data leak indicates a weak spot in an organization’s network, giving the green light to malicious actors looking for a way into it. Attacks can happen at any tier of a supply chain, but most attackers will look for weaker spots to exploit, which then impacts the entire operation. Having a security-first mindset will help businesses stay ahead of threats. This means putting security at the center of the supply chain and making it a foundational element.

From digital transformation to work-life balance for talent, how the future of management consulting looks

As widespread digital acceleration occurs, a consulting firm will be expected to provide services along with cyber security, design thinking, user-interface design, digital transformation and M&A deal-making. There will be greater expectations from clients that consulting firms own a bit of the transformation and become private equity-oriented partners. A lot of consulting firms, like Bain Capital today, are likely to embrace this route. With geopolitical complexities coming in, supply chain re-alignment for risk hedging is likely to emerge as a key piece of work. Also, the emerging countries are likely to drive disproportionate growth for the industry. Another likely big change will be that all consulting firms offer the same services of strategy, design, implementation, cyber and M&A. The concept of Big 3 (McKinsey, BCG, Bain) or Big 4 (PwC, EY, Deloitte, KPMG) will be outdated since every consulting firm will compete on every deal. No case will ever be called a strategic piece of work.

What Makes A Good Product Owner?

There are many opinions about this in our community. For example, there are supposedly eight stances for Product Owners. Others argue that Product Owners are great when their team doesn’t need them. A common opinion is that Product Owners should actively experiment and test hypotheses. I gladly support these opinions. At the same time, I wonder what a scientific perspective has to offer. From our own quantitative research with 1.200 Scrum Teams, we know that teams are more effective when they are more aware of the needs of their stakeholders. And Product Owners certainly seem to play a role there. But as Unger-Windeler and her colleagues write (2019): “While [the] role is supposed to maximize the value of the product under development, there seemed to be several scattered results on how the Product Owner achieve this, as well as what actually constitutes this role in practice.” In this post, I explore scientific research that addresses the role of the Product Owner. So I opened Google Scholar and searched for all academic publications containing the word “Product Owner”.

Emerging tech in security and risk management to better protect the modern enterprise

When it comes to emerging technologies in security and risk management, Contu focused on eight areas: confidential computing; decentralized identity; passwordless authentication; secure access service edge (SASE); cloud infrastructure entitlement management (CIEM); cyber physical systems security; digital risk protection services; and external attack surface management. Many of these technologies are geared toward meeting the new requirements of multicloud and hybrid computing, Contu said. These emerging technologies also align to what Gartner has termed the “security mesh architecture,” where security is more dynamic, adaptable, and integrated to serve the needs of digitally transformed enterprises, he said. ... While still relatively new, secure access service edge (SASE) has gotten significant traction in the market because it’s a “very powerful” approach to improving security, Contu said. The term was first coined by Gartner analysts in 2019. SASE offers a more dynamic and decentralized security architecture than existing network security architectures, and it accounts for the increasing number of users, devices, applications, and data that are located outside the enterprise perimeter.

UK Legislation Seeks Mandatory Security Standards for IoT

Introduced to Parliament on Wednesday, the bill seeks to to allow "the government to ban universal default passwords, force firms to be transparent to customers about what they are doing to fix security flaws in connectable products, and create a better public reporting system for vulnerabilities found in those products," according to the government's Department for Digital, Culture, Media & Sport. The bill was developed by DCMS together with Britain's national incident response team, the National Cyber Security Center, which is part of intelligence agency GCHQ. The bill also includes a proposal to appoint a regulator to oversee compliance with the standards, backed by the ability to fine violators up to 10 million pounds ($13.3 million), or up to 4% of a firm's global revenue, whichever is greater. "The regulator will also be able to issue notices to companies, requiring that they comply with the security requirements, recall their products, or stop selling or supplying them altogether. 

Quote for the day:

"I think the greater responsibility, in terms of morality, is where leadership begins." -- Norman Lear

No comments:

Post a Comment