Daily Tech Digest - December 10, 2021

App Modernization: Why ‘Lift and Shift’ Isn’t Good Enough

App modernization is about creating a set of best practices and competency building. It’s about continuous learning — which is very attractive for highly recruitable tech workers. Kerry Schaffer is senior director of information technology at OneMagnify; her job includes overseeing data center operations. In 2020, OneMagnify had a very tight customer deadline to deliver a feature for taking reservations for the pre-launch of an iconic vehicle. With microservices hosted by the Tanzu application, Schaffer’s team just had to make a few continuous integration/continuous delivery (CI/CD) deployments. The team delivered on time and the customer got double the reservations it anticipated. “The fact that it was on a scalable platform meant that we were able to serve all the customers without any outages,” Schaffer said. Since then, she added, the same customer has launched four other vehicle reservation systems, and “because we wrote that in a modern way, we’ve been able to reuse all that architecture.”

New research shows IoT and OT innovation is critical to business but comes with significant risks

The Ponemon research shows us that a good percentage of the surveyed respondents are encountering IoT and OT attacks. Nearly 40 percent of respondents told us that they’ve experienced attacks where the IoT and OT devices were either the actual target of the attack (for example, to halt production using human-operated ransomware) or were used to conduct broader attacks (such as lateral movement, evade detection, and persist). Most respondents felt these types of attacks will increase in the years to come. 39 percent of respondents experienced a cyber incident in the past two years where an IoT or OT device was the target of the attack; 35 percent of respondents say in the past two years their organizations experienced a cyber incident where an IoT device was used by an attacker to conduct a broader attack; 63 percent of respondents say the volume of attacks will significantly increase. One thing to keep in mind with these last three statistics is that the study also showed that customers have low to average confidence in their ability to detect when IoT and OT devices have been compromised.

Exploring the paradoxical rise and uncertain future of crypto

Interestingly, crypto investors are open to the idea of greater regulation in the market, for the most part. Based on data from GWI, 46% of crypto investors say they support regulation, and this rises to more than half of consumers who say they already use crypto for transactions. Many investors think regulation will work to normalise the budding digital economy. These optimistic crypto enthusiasts hope that some regulation (emphasis on the “some”) will allow more businesses to accept crypto as payment for goods and services, and put crypto on the same plan as conventional money. However, these same investors also worry that any regulation will severely limit the things they value most about crypto. Over a third of current investors predict regulation will result in more government surveillance and reduce the privacy and anonymity currently guaranteed by crypto. The free and anonymous nature of crypto is often used to paint it as a force democratising finance, but the prospect of regulation makes it clear that this future could be on the chopping block.

"Hello Quantum World:" New cybersecurity service uses entanglement to generate cryptographic keys

The product supports RSA and AES algorithms as well as the post-quantum cryptography algorithms being standardized by the National Institute for Standards and Technology. The service is priced per key generated for customers. Jones said that the company has export controls in place to screen customers who want to use the service. "As part of our customer onboard process, we do due diligence to make sure use cases and destination countries are all above board," he said. Khan described Quantum Origin as a defensive technology as opposed to an adversarial one. "We are focused on protecting the technology that creates the key, not selling it," he said. "We are selling the product created by that technology." Cambridge Quantum will offer the new service to financial services companies and cybersecurity vendors initially and later to telecommunications, energy, manufacturing, defense and governments. ... In a proof-of-concept project, Fujitsu used the service in its software-defined wide area network using quantum-enhanced keys with traditional algorithms. 

How will emerging technologies impact the data storage landscape?

Dependence on technology providers and cloud services based outside of their geographies is an increasing concern for global enterprises. Data sovereignty regulations, such as the Data Governance Act in Europe, are an indication of the acknowledged power of data and its increasing role as the emerging currency for digital transformation. Companies are struggling to keep track of the location of their data and meet compliance with local regulations. This will usher in an industry of local and regional service providers offering sovereign cloud services to captive markets by ensuring the data stays within specified borders. ... Even as public cloud investment continues, enterprises will maintain their corporate on-premises data centre infrastructure for reasons of control, performance and cost-efficiency. This will lead to a new level of sophisticated IT management capabilities to optimise multi-data centre, multi-cloud application and data management solutions. 

Zero Trust Private Networking Rules

SaaS applications and Zero Trust Networking solutions like Cloudflare Access have made it easier to provide a secure experience without a VPN. Administrators are able to configure controls like multi-factor authentication and logging alerts for anomalous logins for each application. Security controls for public-facing applications have far outpaced applications on private networks. However, some applications still require a more traditional private network. Use cases that involve thick clients outside the browser or arbitrary TCP or UDP protocols are still better suited to a connectivity model that lives outside the browser. We heard from customers who were excited to adopt a Zero Trust model, but still needed to support more classic private network use cases. To solve that, we announced the ability to build a private network on our global network. Administrators could build Zero Trust rules around who could reach certain IPs and destinations. End users connected from the same Cloudflare agent that powered their on-ramp to the rest of the Internet. However, one rule was missing.

Natural language processing is shaping intelligent automation

Unstructured information management platforms allow you to automate a lot of research work: for example, lawyers can use them to run intelligent queries over existing patents or case law, and medical researchers can use them in drug discovery or look for relevant gene interactions in the literature. Rather than spending time poring over reams of documents, a human researcher can quickly review the suggestions and insights provided by the UIM platform, making them more productive overall and freeing up their time and mental energy for the more creative and high-level aspects of the job. ... You can use sentiment analysis to perform automatic real-time monitoring of consumer reactions to your brand, especially in response to a new product launch or ad campaign, which will help you to tailor your future products and services accordingly. It can also automatically alert you to any eruptions of criticism or negativity about your brand on social media, without the need for human staff actively monitoring channels 24/7, so that you can respond in time to avert a PR crisis.

Managing Compliance with Continuous Delivery

A typical enterprise application might comprise hundreds of small processes called microservices. Validating the compliance and regulation checks on hundreds of different applications is more manageable than one extensive application. This is because you can easily pin and regulate a noncompliant process during deployment checks. If a microservice isn’t compliant, the team rejects the deployment for that microservice only, not the entire stack. This rejection also alerts the developers responsible for the microservice’s maintenance to ensure compliance in their codebase. Sometimes it’s not technically possible to debug and run the solution locally. For example, if your teams must provision and analyze the logs your app generates, it might not be feasible to run the entire cluster on a developer machine. However, provisioning a test or development environment for every team is expensive in licensing, hardware and staffing. In contrast, with microservices, each team can run their project locally, ensure compliance, and then push it for deployment. 

IT careers: 5 secrets to making a successful change

The fear of being rejected prevents some IT professionals from going after their dreams. But rejection is a fact of life. Failure is always possible when you take risks, so you can’t let that hold you back. Instead, turn your fears into fuel. Before you make a career jump, practice what rejection feels like in small doses. Put yourself in low-risk situations where you can build your muscle for rejection. For instance, if you’re an IT professional just getting started at a new company, offer to perform a planned email migration or server maintenance updates.  ... Think of this as a mirage of uncertainty. Begin a daily practice in which you move beyond the shadow of a doubt. There is a proven power in imagining yourself succeeding in what you’re about to do. If you are doing something new, reframe your inexperience by reminding yourself that you’re not expected to be an expert immediately. Expertise only comes with time. Finally, give yourself the same advice your best friend would give you. This exercise can be a great way to keep you from harboring negative thoughts.

Observability: It’s Not What You Think

Monitoring tells you something is wrong, but it doesn’t tell you why it’s wrong. Monitoring setups also can only monitor things you’ve already thought could be problematic (your ‘known knowns’.) If you didn’t think to instrument the component in question in advance, you can’t monitor it. What’s worse, if you then have a problem there and decide to add monitoring to it, you still don’t have the historical data about how the component performed. Also, monitoring requires special attention before you even know what could go wrong – you have to specifically instrument-specific things and set up specific alerts about them. This takes time and is prone to errors. Also, no matter how well-instrumented your monitoring solution is, it still doesn’t let you explore your business. Looking into ‘unknown unknowns’ isn’t possible with a classic monitoring system, because the data simply doesn’t exist for you to evaluate. Adding in business metrics is generally not supported or poorly supported in traditional monitoring. 

Quote for the day:

"Before you are a leader, success is all about growing yourself. When you become a leader, success is all about growing others" -- Jack Welch

No comments:

Post a Comment