Daily Tech Digest - December 13, 2021

Rebranding Data Governance

To successfully implement managed self-service business intelligence at any non-trivial scale, you need data governance. To build and nurture a successful data culture, data governance is an essential part of the success. Despite this fact, and despite the obvious value that data governance can provide, data governance has a bad reputation. Many people – likely including the leaders you need to be your ally if you’re working to build a data culture in your organization – have had negative experiences with data governance in the past, and now react negatively when the topic of data governance is raised. ... Data governance, and building a data culture in general, is as much about people as it is about processes and technology, and that means effective communication is key. Effective communication requires a shared vocabulary, and a shared understanding of the meaning of key words. It may be time to think about rebranding. Not unlike how a corporation with a reputation for all the wrong things might change its name in an effort to leave all those negative connotations behind without really changing its ways, maybe we need to rebrand data governance… at least some of the time.

Crypto Banks: The intersection of traditional finance and DeFi?

It is important to note that crypto banks are very much centralized like traditional banks, something which flies in the face of the true crypto experience, predicated on decentralisation and a reduction in intermediaries. This means that the problems of a banking collapse, hacks and attacks can still impact a person's money and they are not achieving the financial independence that crypto offers. However, it also means that these crypto banks have regulatory standing and the ability to be compliant. They are legal entities that can be subject to laws and legislation; legislation that is constantly evolving to meet the changing of the times. At face value, it appears that these Digital Asset Institutions/"Crypto Banks", are appeasing those new to the space who are willing to join the early majority and move to a more crypto-focused financial way of life. Good UX, simple integrations with existing financial platforms, more financial options in a crypto context, and reliable regulation mean a massive open door for users to flood into if they are looking for this kind of experience.

Breakthrough Proof Clears Path for Quantum AI – Overcoming Threat of “Barren Plateaus”

“All hope of quantum speedup or advantage is lost if you have a barren plateau,” Cerezo said. The crux of the problem is a “vanishing gradient” in the optimization landscape. The landscape is composed of hills and valleys, and the goal is to train the model’s parameters to find the solution by exploring the geography of the landscape. The solution usually lies at the bottom of the lowest valley, so to speak. But in a flat landscape one cannot train the parameters because it’s difficult to determine which direction to take. That problem becomes particularly relevant when the number of data features increases. In fact, the landscape becomes exponentially flat with the feature size. Hence, in the presence of a barren plateau, the quantum neural network cannot be scaled up. The Los Alamos team developed a novel graphical approach for analyzing the scaling within a quantum neural network and proving its trainability. For more than 40 years, physicists have thought quantum computers would prove useful in simulating and understanding quantum systems of particles, which choke conventional classical computers. 

Great Engineering Teams Focus On Milestones Instead of Projects

The problem is that we aspire to unnecessary precision. We don’t need to know exact estimates to ensure engineering focuses on the most important work. The cost of producing exact estimates is wasteful. And it doesn’t even produce the outcome you’re looking for. You don’t need to pretend the feature will be done on June 20. This date is most certainly incorrect anyway. Milestones reduce the complexity of putting together high-level estimates. They give a shorthand that can be good enough for most decision-making, without the overhead of rigorous estimation. Occasionally, I see people succeed at rigorous estimation. But it’s rarely systemic – it’s usually one individual that is good at it. And it relies on them. If they go on vacation for a week, nobody is able to feed their model, and it collapses. While this is a great skill, to me it is the exception that proves the rule. Think of it this way: if one in twenty people can estimate in a high complexity situation, how many could be more successful in a less complex situation?

Better management through anthropology

Almost all business leaders and policymakers could benefit by asking the basic question that dogs anthropology: if a Martian was to land here suddenly and look around, what might they see?” writes Tett. In 1997, when GM was struggling to get teams of engineers from its small car group, its Saturn subsidiary, and Germany’s Opel to create a new vehicle together, the company called in anthropologist Elizabeth Briody to figure out what was wrong. Briody discovered the source of the dysfunction in differing cultural assumptions about meetings. The Opel team expected meetings to be agenda-driven, decision-making sessions; the small car group expected working sessions in which ideas would be shared and discussed; and the Saturn teams expected consensus-building sessions. As a result, the meetings were chaotic and frustrating for everyone. Unfortunately, Briody’s insights came too late, and GM’s senior product development leaders shut down the project. Lastly and most intriguingly, anthropology can help surface what Tett calls social silence. 

“Curiosity is a skill you can develop”: Microsoft UK’s National Technology Officer on driving innovation forwards

“The pandemic experience has been agreat example of how those values truly help our decision-making and our approach to markets. We faced unprecedented demand for our technologies because of the shift to home working. But we only have finite resources, so we worked out where to focus our attention and apply the most value. It was a strong statement, which came directly down from Satya, that we needed to ensure we are preserving life and that our technology was going to play a critical role.” Of the numerous case studies showing how Microsoft has used its pioneering technology to help with the response to the pandemic, Robinson offers two examples. First, Imperial College Healthcare NHS Trust, one of the largest in England, used mixed-reality HoloLens headsets on its COVID-19 wards to enable an entire team of specialists to join doctors virtually on the frontlines of the pandemic, keeping them safe as they helped patients with the virus. Additionally, Microsoft is driving artificial intelligence innovation at Alder Hey Hospital, a children’s hospital in Liverpool, and allowing doctors to make life-changing decisions remotely.

Overcoming Challenges to Automating DevSecOps

When you first move to security automation, you’ll find some security tasks that can easily be automated and others that are harder to fit in. DevSecOps teams will need to use many tools to cover all their bases, but no one wants teams checking lots of different tool outputs. Making it easier to see what’s going on and where risk lies by consolidating security tools and results in a central platform is the way to go. This makes life easier by giving a single pane of glass. Everyone generally agrees that DevOps teams must adopt cybersecurity best practices, but testing takes time. Development teams don’t have time to learn, use and check lots of security tools on top of their existing workload. Automated solutions get to work without any real need for maintenance or management. These solutions trigger tools to work at the right time depending on the outcomes found without any manual input needed. This gives you and your team valuable time back to focus on other important matters. The goal of CI/CD pipelines is fast delivery of build and release steps, typically through automation. 

Unused identities: A growing security threat

The first step towards taking control over your identities and assets’ authorizations is to know what you have. This starts with scanning across all your XaaS environments – that’s SaaS, IaaS, and PaaS – and taking an inventory of which identities have authorization to which assets. This involves ingesting the data from these different environments, normalizing the data into a workable model, and then correlating it with your identities from your identity provider (IDP) like Okta, Ping, Azure AD, or Google. The goal here is to understand the relationship between the identities and assets, assessing a wide range of factors including their usage and if they are right sized to meet the policies/needs of the organization. Are there identities with permissions to assets that have not been used in at least 60 days? This might be a good time to revoke those authorizations. But that’s just a surface-level case. Once you start analyzing your entitlements on a deeper level, you’ll begin to find that there are more permissions granted to your identities than you’re likely to want to admit.

Digital transformation: 4 CIO tips for 2022

To be more agile, innovation and development teams must be closer to the business and have the entire team involved in new product development, testing, and validation. This ensures that their priorities are met from the beginning and no time or resources are wasted. Performance and regression testing and security scanning must be baked in throughout, in real-time, to shorten the development cycle for maximum efficiency. In our organization, that meant moving to weekly sprints and release cycles for our internal infrastructure. Each week, our business reps prioritized what was most important and participated in the testing and validation process. As we worked to roll out our new partner portal, our marketing and support teams were involved from the very beginning, advising the development team and testing features and functionality. By bringing IT and business operations closer together, we’ve been able to balance innovation and operations without having to sacrifice either, even when talent or resources have been limited.

Report Dissects Conti Ransomware Attack on Ireland's HSE

The HSE attack began on March 18 from a malware infection on an HSE workstation - dubbed "Patient Zero Workstation" - as the result of a user clicking and opening a malicious Microsoft Excel file that was attached to a phishing email sent to the user on March 16. "After gaining unauthorized access to the HSE’s IT environment on March 18, the attacker continued to operate in the environment over an eight week period until the detonation of the Conti ransomware on May 14," the report says. "This included compromising and abusing a significant number of accounts with high levels of privileges, compromising a significant number of servers, exfiltrating data and moving laterally to statutory and voluntary hospitals." ... "There were several detections of the attacker’s activity prior to May 14, but these did not result in a cybersecurity incident and investigation initiated by the HSE and as a result, opportunities to prevent the successful detonation of the ransomware were missed."

Quote for the day:

"Leadership does not always wear the harness of compromise." -- Woodrow Wilson

No comments:

Post a Comment