App Modernization: Why ‘Lift and Shift’ Isn’t Good Enough
App modernization is about creating a set of best practices and competency
building. It’s about continuous learning — which is very attractive for highly
recruitable tech workers. Kerry Schaffer is senior director of information
technology at OneMagnify; her job includes overseeing data center operations. In
2020, OneMagnify had a very tight customer deadline to deliver a feature for
taking reservations for the pre-launch of an iconic vehicle. With microservices
hosted by the Tanzu application, Schaffer’s team just had to make a few
continuous integration/continuous delivery (CI/CD) deployments. The team
delivered on time and the customer got double the reservations it anticipated.
“The fact that it was on a scalable platform meant that we were able to serve
all the customers without any outages,” Schaffer said. Since then, she added,
the same customer has launched four other vehicle reservation systems, and
“because we wrote that in a modern way, we’ve been able to reuse all that
architecture.”
New research shows IoT and OT innovation is critical to business but comes with significant risks
The Ponemon research shows us that a good percentage of the surveyed respondents
are encountering IoT and OT attacks. Nearly 40 percent of respondents told us
that they’ve experienced attacks where the IoT and OT devices were either the
actual target of the attack (for example, to halt production using
human-operated ransomware) or were used to conduct broader attacks (such as
lateral movement, evade detection, and persist). Most respondents felt these
types of attacks will increase in the years to come. 39 percent of respondents
experienced a cyber incident in the past two years where an IoT or OT device was
the target of the attack; 35 percent of respondents say in the past two years
their organizations experienced a cyber incident where an IoT device was used by
an attacker to conduct a broader attack; 63 percent of respondents say the
volume of attacks will significantly increase. One thing to keep in mind with
these last three statistics is that the study also showed that customers have
low to average confidence in their ability to detect when IoT and OT devices
have been compromised.
Exploring the paradoxical rise and uncertain future of crypto
Interestingly, crypto investors are open to the idea of greater regulation in
the market, for the most part. Based on data from GWI, 46% of crypto investors
say they support regulation, and this rises to more than half of consumers who
say they already use crypto for transactions. Many investors think regulation
will work to normalise the budding digital economy. These optimistic crypto
enthusiasts hope that some regulation (emphasis on the “some”) will allow more
businesses to accept crypto as payment for goods and services, and put crypto on
the same plan as conventional money. However, these same investors also worry
that any regulation will severely limit the things they value most about crypto.
Over a third of current investors predict regulation will result in more
government surveillance and reduce the privacy and anonymity currently
guaranteed by crypto. The free and anonymous nature of crypto is often used to
paint it as a force democratising finance, but the prospect of regulation makes
it clear that this future could be on the chopping block.
"Hello Quantum World:" New cybersecurity service uses entanglement to generate cryptographic keys
The product supports RSA and AES algorithms as well as the post-quantum
cryptography algorithms being standardized by the National Institute for
Standards and Technology. The service is priced per key generated for customers.
Jones said that the company has export controls in place to screen customers who
want to use the service. "As part of our customer onboard process, we do due
diligence to make sure use cases and destination countries are all above board,"
he said. Khan described Quantum Origin as a defensive technology as opposed to
an adversarial one. "We are focused on protecting the technology that creates
the key, not selling it," he said. "We are selling the product created by that
technology." Cambridge Quantum will offer the new service to financial services
companies and cybersecurity vendors initially and later to telecommunications,
energy, manufacturing, defense and governments. ... In a proof-of-concept
project, Fujitsu used the service in its software-defined wide area network
using quantum-enhanced keys with traditional algorithms.
How will emerging technologies impact the data storage landscape?
Dependence on technology providers and cloud services based outside of their
geographies is an increasing concern for global enterprises. Data sovereignty
regulations, such as the Data Governance Act in Europe, are an indication of the
acknowledged power of data and its increasing role as the emerging currency for
digital transformation. Companies are struggling to keep track of the location
of their data and meet compliance with local regulations. This will usher in an
industry of local and regional service providers offering sovereign cloud
services to captive markets by ensuring the data stays within specified borders.
... Even as public cloud investment continues, enterprises will maintain their
corporate on-premises data centre infrastructure for reasons of control,
performance and cost-efficiency. This will lead to a new level of sophisticated
IT management capabilities to optimise multi-data centre, multi-cloud
application and data management solutions.
Zero Trust Private Networking Rules
SaaS applications and Zero Trust Networking solutions like Cloudflare Access
have made it easier to provide a secure experience without a VPN.
Administrators are able to configure controls like multi-factor authentication
and logging alerts for anomalous logins for each application. Security
controls for public-facing applications have far outpaced applications on
private networks. However, some applications still require a more traditional
private network. Use cases that involve thick clients outside the browser or
arbitrary TCP or UDP protocols are still better suited to a connectivity model
that lives outside the browser. We heard from customers who were excited to
adopt a Zero Trust model, but still needed to support more classic private
network use cases. To solve that, we announced the ability to build a private
network on our global network. Administrators could build Zero Trust rules
around who could reach certain IPs and destinations. End users connected from
the same Cloudflare agent that powered their on-ramp to the rest of the
Internet. However, one rule was missing.
Natural language processing is shaping intelligent automation
Unstructured information management platforms allow you to automate a lot of
research work: for example, lawyers can use them to run intelligent queries
over existing patents or case law, and medical researchers can use them in
drug discovery or look for relevant gene interactions in the literature.
Rather than spending time poring over reams of documents, a human researcher
can quickly review the suggestions and insights provided by the UIM platform,
making them more productive overall and freeing up their time and mental
energy for the more creative and high-level aspects of the job. ... You can
use sentiment analysis to perform automatic real-time monitoring of consumer
reactions to your brand, especially in response to a new product launch or ad
campaign, which will help you to tailor your future products and services
accordingly. It can also automatically alert you to any eruptions of criticism
or negativity about your brand on social media, without the need for human
staff actively monitoring channels 24/7, so that you can respond in time to
avert a PR crisis.
Managing Compliance with Continuous Delivery
A typical enterprise application might comprise hundreds of small processes
called microservices. Validating the compliance and regulation checks on
hundreds of different applications is more manageable than one extensive
application. This is because you can easily pin and regulate a noncompliant
process during deployment checks. If a microservice isn’t compliant, the team
rejects the deployment for that microservice only, not the entire stack. This
rejection also alerts the developers responsible for the microservice’s
maintenance to ensure compliance in their codebase. Sometimes it’s not
technically possible to debug and run the solution locally. For example, if
your teams must provision and analyze the logs your app generates, it might
not be feasible to run the entire cluster on a developer machine. However,
provisioning a test or development environment for every team is expensive in
licensing, hardware and staffing. In contrast, with microservices, each team
can run their project locally, ensure compliance, and then push it for
deployment.
IT careers: 5 secrets to making a successful change
The fear of being rejected prevents some IT professionals from going after
their dreams. But rejection is a fact of life. Failure is always possible when
you take risks, so you can’t let that hold you back. Instead, turn your fears
into fuel. Before you make a career jump, practice what rejection feels like
in small doses. Put yourself in low-risk situations where you can build your
muscle for rejection. For instance, if you’re an IT professional just getting
started at a new company, offer to perform a planned email migration or server
maintenance updates. ... Think of this as a mirage of uncertainty. Begin
a daily practice in which you move beyond the shadow of a doubt. There is a
proven power in imagining yourself succeeding in what you’re about to do. If
you are doing something new, reframe your inexperience by reminding yourself
that you’re not expected to be an expert immediately. Expertise only comes
with time. Finally, give yourself the same advice your best friend would give
you. This exercise can be a great way to keep you from harboring negative
thoughts.
Observability: It’s Not What You Think
Monitoring tells you something is wrong, but it doesn’t tell you why it’s
wrong. Monitoring setups also can only monitor things you’ve already thought
could be problematic (your ‘known knowns’.) If you didn’t think to instrument
the component in question in advance, you can’t monitor it. What’s worse, if
you then have a problem there and decide to add monitoring to it, you still
don’t have the historical data about how the component performed. Also,
monitoring requires special attention before you even know what could go wrong
– you have to specifically instrument-specific things and set up specific
alerts about them. This takes time and is prone to errors. Also, no matter how
well-instrumented your monitoring solution is, it still doesn’t let you
explore your business. Looking into ‘unknown unknowns’ isn’t possible with a
classic monitoring system, because the data simply doesn’t exist for you to
evaluate. Adding in business metrics is generally not supported or poorly
supported in traditional monitoring.
Quote for the day:
"Before you are a leader, success is
all about growing yourself. When you become a leader, success is all about
growing others" -- Jack Welch
No comments:
Post a Comment