Using Event-Driven Architecture With Microservices
The implementation of microservices is more complex than one may first think,
exacerbated by the fact that many DevOps teams fall into the trap of making
false assumptions about distributed computing. The list of distributed computing
fallacies was originally addressed in 1994 by L. Peter Deutsch and others at Sun
Microsystems, and still holds true today. There are key fallacies that hold
special importance to microservices implementation: reliable, homogenous, and
secure networks, latency is zero and transport cost is zero. The smaller you
make each microservice, the larger your service count, and the more the
fallacies of distributed computing impact stability and user experience/system
performance. This makes it mission-critical to establish an architecture and
implementation that minimizes latency while handling the realities of network
and service outages. ... Microservices require connectivity and data to perform
their roles and provide business value, however, data acquisition/communication
has been largely ignored and tooling severely lags behind.
How AI will drive the hybrid work environment
The best way to begin is to establish a strong AI foundation, says Alex Smith,
global AI product lead for knowledge work platform iManage. Since AI thrives on
data, a central repository for all enterprise data is essential, and this can
only be done in the cloud. In a world where access to data must be maintained
for workers at home, in the office and anywhere in between, only the cloud has
the capacity to deliver such broad connectivity. At the same time, the cloud
makes it easier to search and share documents, email and other files, plus it
provides advanced security, zero-touch architectures, threat analysis and other
means to ensure access to data is managed properly – all of which can be
augmented by AI as the data ecosystem scales in both size and complexity. Once
this foundation is established, organizations can strategically implement AI
across a range of processes to help ensure the work gets done, no matter where
the employee is sitting. Knowledge management, for one, benefits tremendously
from AI to help identify those with the needed experience and skillsets to
accomplish a particular project.
Thousands of enterprise servers are running vulnerable BMCs, researchers find
The iLOBleed implant is suspected to be the creation of an advanced persistent
threat (APT) group and has been used since at least 2020. It is believed to
exploit known vulnerabilities such as CVE-2018-7078 and CVE-2018-7113 to inject
new malicious modules into the iLO firmware that add disk wiping functionality.
Once installed, the rootkit also blocks attempts to upgrade the firmware and
reports back that the newer version was installed successfully to trick
administrators. However, there are ways to tell that the firmware was not
upgraded. For example, the login screen in the latest available version should
look slightly different. If it doesn't, it means that the update was prevented,
even if the firmware reports the latest version. It's also worth noting that
infecting the iLO firmware is possible if an attacker gains root (administrator)
privileges to the host operating system since this allows flashing the firmware.
If the server's iLO firmware has no known vulnerabilities, it is possible to
downgrade the firmware to a vulnerable version.
The End Of Digital Transformation In Banking
Playing a game of catch up, banks and credit unions have accelerated their
digital banking transformation efforts. They have invested increasing
amounts of capital and human resources into data and advanced analytics,
innovation, modern technologies, back-office automation, and a reimagined
workforce with a mission to improve the customer experience while reducing
the cost to serve. Much of the impetus is because the fintech and big tech
competitive landscape continues to expand, offering simple engagement and
seamless experiences, causing customers to fragment existing relationships
with their existing bank and credit union providers. The good news is that
there are a multitude of options available to work with third-party
providers that can deploy solutions faster than can be done if developed
internally. Incumbent institutions can also partner with fintech and big
tech competitors while modernizing their existing systems and processes at
the same time. With every financial institution looking to become more
digitally future-ready, it is more important than ever to understand the
evolving financial industry landscape.
CISO As A Service Or Security Executive On Demand
As a company grows, so do its compliance and security obligations. Having a
virtual CISO to turn to when needed can be incredibly helpful and save a
company a lot of headaches when trying to navigate an ever-changing world of
regulations or keep up with rapidly evolving security threats. In addition,
having a vCISO in place can make the compliance process much more
manageable. The vCISOs are tailored to each company’s needs. They are
professionals with extensive experience in cybersecurity, developing
strategies, plans and applying different security methodologies to other
organizations. In any case, the specific scope of vCISO services must be
customized based on each company’s available internal resources and security
needs. Obviously, as with any decision to outsource services, it must be
supported by a preliminary analysis that shows that the effort and budgets
allocated to information security legal and regulatory compliance are
effectively optimized.
AI to bring massive benefits, but also cause great concern
The powerful lure of harnessing the great power of AI to transform digital
technology across the globe may blind users to the necessity of mitigating
the accompanying risks of unethical use. The ethical ramifications often
start with developers asking ‘can we build’ something novel versus ‘should
we build’ something that can be misused in terrible ways. The rush to AI
solutions has already created many situations where poor design, inadequate
security, or architecture bias manifested unintended consequences that were
harmful. AI Ethics frameworks are needed to help guide organizations to act
consistently and comprehensively when it comes to product design and
operation. Without foresight, proper security controls, and oversight,
malicious entities can leverage AI to create entirely new methods of attack
which will be far superior to the current defenses. These incidents have the
potential to create impacts and losses at a scale matching the benefits AI
can bring to society. It is important that AI developers and operators
integrate cybersecurity capabilities to predict, prevent, detect, and
respond to attacks against AI systems.
Why Is Data Destruction the Best Way to Impede Data Breach Risks?
Secure and certified media wiping helps in eradicating the data completely
without leaving any traces behind for compromising the sanctity of the data
and the device owner. Formatting and deleting generally allow retrieval of
data from empty spaces. Secure data erasure would mean that experts and
hackers can retrieve no data even in a laboratory setup. When data is no
more usable and serves no purpose, it is known as “data at rest.” This type
of data stored on digital devices is prone to malicious attacks. To prevent
this data from being accessed, altered or stolen by people with malicious
intent, organizations today use measures such as encryption, firewall
security, etc. These measures aren’t enough to protect this “data at rest.”
Over 70% of breach events come from off-network devices that are at rest.
Data destruction is the most secure way to protect such data that is not in
use anymore. Devices that are no longer needed are required to be wiped
permanently with a certified data sanitization tool using reliable data
erasure standards.
Creating Psychological Safety in Your Teams
Successful organisations allow certain mistakes to happen. It is crucial
that we distinguish between four types of mistakes and know how to deal with
them. This way, we can foster a culture of learning from mistakes. I created
the first two mistake types below inspired by the research of Amy Edmondson
and the last two mistake types are taken directly from Amy Edmondson’s book
“The Fearless Organization”. Unacceptable mistakes: When an employee does
not wear a safety helmet in a factory in spite of all the training,
resources, support, and help, and suffers an injury, that is an unacceptable
failure. Gross misconduct at work can also be an example of an unacceptable
mistake. In that case we can respond with a warning or clear sanctions.
Improvable mistakes: Putting a product or a service in front of our
customers to find out its shortcomings and get customer feedback is an
example of an improvable mistake. The idea is to learn areas of improvement
of that product or service in an effort to make it better. Complex mistakes:
These are caused by unfamiliar factors in a familiar context, such as a
severe flooding of a metro station due to a superstorm.
Ransomware is being rewritten in Go for joint attacks on Windows, Linux users
Despite having the ability to target users on a cross-platform basis,
Crowdstrike said the vast majority (91%) of malware written in Golang
targets Windows users - due to it market share, 8% is targeting users on
macOS and just 1% of malware seeks to infect Linux machines. Pivoting to
Golang is also an attractive proposition given that it performs around 40
times faster than optimised Python code. Golang can run more functions than
C++, for example, which makes for a more effective product that can be more
difficult to analyse. "Portability in malware means the expansion of the
addressable market, in other words who might become a source of money," said
Andy Norton, European cyber risk officer at Armis, speaking to IT Pro. "This
isn’t the first time we've seen a shift towards more portable Malware; a few
years ago we saw a change towards Java-based remote access trojans away from
.exe Windows-centric payloads.
Developers and users need to focus on the strengths of different blockchains to maximize benefits
As more blockchains and decentralised finance (DeFi) protocols appear, it is
important that governance systems are understood, ensuring that rules are
agreed and followed, thereby encouraging transparency. Within the framework
of traditional companies, those with leadership roles collectively govern.
This differs from public blockchains that either use direct governance,
representative governance, or a combination of both. Whilst Bitcoin is run
by an external foundation, other developers – such as Ripple – are governed
by a company. Algorand, meanwhile, is an example of a blockchain with a
seemingly more democratic approach to governance, allowing all members to
discuss and make suggestions. Ethereum has a voting system in place, whereby
users must spend 0.06 to 0.08 of an Ether to cast a vote. Some governance
methods have received criticism. For example, the “veto mechanism” within
the Bitcoin core team has raised concerns that miners are given more power
to make decisions than everyday users.
Quote for the day:
"If you're relying on luck, you have
already given up." -- Gordon Tredgold
No comments:
Post a Comment