Cloud storage data residency: How to achieve compliance
Data residency and data sovereignty are increasingly governed by local laws.
There is an increasing push towards data sovereignty, in part because of supply
chain and security concerns. As Mathieu Gorge, CEO at compliance experts
Vigitrust, points out, firms and governments alike are increasingly concerned
about geopolitical risk. Firms also need to be aware of data adequacy
requirements if they intend to move data across borders. This could come into
play if they move between hyperscaler regions and AZs, or change SaaS providers.
“There is adequacy between the UK and EU, but you are still relying on clauses
in the contract to demonstrate that adequacy,” he cautions. Meanwhile, the
challenge of data residency is becoming more complicated as more countries roll
out data sovereignty regulations. The EU’s GDPR does not actually include
stipulations on data residency, relying instead on data adequacy. The UK’s
post-Brexit approach follows that of GDPR. But the growth local of data privacy
laws is increasingly linked to more localised, or even nationalistic, views of
IT resources, and specific regulations and laws can also set out data residency
requirements.
Log4j hearing: 'Open source is not the problem'
“Open source is not the problem,” stated Dr. Trey Herr, director of the Cyber
Statecraft Initiative with Atlantic Council think tank during a US Senate
Committee on Homeland Security & Government Affairs hearing this week.
“Software supply-chain security issues have bedeviled the cyber-policy community
for years.” Experts have been predicting a long-term struggle to remedy the
Log4j flaw and its impact. Security researchers at Cisco Talos for example
stated that Log4j will be widely exploited moving forward, and users should
patch affected products and implement mitigation solutions as soon as possible.
The popular, Java-logging software is widely used in enterprise and consumer
services, websites, and applications as an easy-to-use common utility to support
client/server application development. If exploited, the Log4j weakness could
let an unauthenticated remote actor take control of an affected server system
and gain access to company information or unleash a denial of service attack.
The Senate panel called on experts in order to find out about industry responses
and ways to prevent future software exposures.
How to create data management policies for unstructured data
Automate as much as you can. A declarative approach is the goal. While there are
many options available now using independent data management software to manage
policies across storage, many organizations still employ IT managers and
spreadsheets to create and track policies. The worst part of this bespoke manual
effort is searching for files containing certain attributes and then moving or
deleting them. These efforts are inefficient, incomplete, and impede the goals
of having policies; it’s painful to maintain them, and IT professionals have too
many competing priorities. Plus, this approach limits the potential of using
policies to continuously curate and move data to data lakes for strategic AI and
ML projects. Instead, look for a solution with an intuitive interface to build
and execute on a schedule and that runs in the background without human
intervention. Measure outcomes and refine. Any data management policy should be
mapped to specific goals, such as cost savings on storage and backups. It should
measure those outcomes and let you know their status so that if those goals are
not being met, you can change the plans accordingly.
7 Ways to Fail at Microservices
Microservices envy is a problem, because microservices aren’t the sort of thing
we should be envying. One of our consultants has a heuristic that if a client
keeps talking about Netflix and asking for microservices, he knows the
engagement is in trouble. Almost certainly, they’re not moving to microservices
for the right reason. If the conversation is a bit deeper, and covers things
like coupling and cohesion, then he knows they’re in the right space. The
starting ambition for a microservices transformation should never be the
microservices themselves. Microservices are the means to achieve a higher-level
goal of business agility or resiliency or equivalent. Actually, microservices
are not even the only means; they're a means. ... It’s important to ask "do you
have microservices, or do you have a monolith spread over hundreds of Git
repos?" That, unfortunately, is what we often see. This is a distributed
monolith, and it’s a terrible thing. It's hard to reason about. It's more prone
to errors than its monolithic equivalent. With a conventional monolith where
it's all contained in a single development environment, you get benefits such as
compile-time checking and IDE refactoring support.
Demystifying the UK’s National Cyber Strategy 2022
Cyber resilience and digital security overlap different “pillars” of the
strategy but share the same goal of enhancing the security posture of the UK,
which requires a whole of society outlook. The government’s efforts in taking an
active role in the development and adoption of technologies critical to cyber
space is applaudable. To remain in sync with the pace of change, there needs to
be collaborative and active engagement with experts that have a deep
understanding of the threats in cyber space and how to secure the technologies
required. The National Cyber Strategy outlines the government’s vision to build
on its influence and take on a leading role in promoting technologies and
security best practices critical to cyber space globally. It must not wait until
the telecommunications industry encounters problems with 5G deployments and
organisations are left trying to retrospectively fix their security weaknesses.
Organisations must build their networks securely from the start, and effective
guidance will be key to supporting this development.
Why Ransomware Groups Such as BlackCat Are Turning to Rust
BlackCat's migration to Rust, which can run on embedded devices and integrate
with other languages, comes as no surprise to Carolyn Crandall, chief security
advocate at network security specialist Attivo Networks. She tells ISMG that
attackers are always going to innovate with new code that is designed to
circumvent endpoint defense systems. Crandall says BlackCat ransomware is
"extremely sophisticated" because it is human-operated and command line-driven.
... Anandeshwar Unnikrishnan, senior threat researcher at cybersecurity firm
CloudSEK, tells ISMG that threat actors, especially malware developers, will
eventually move away from traditional programing languages they formerly used to
write malware, such as C or C++, and adopt newer languages, such as Rust, Go and
Nim. Unnikrishnan says there are plenty of reasons for malware developers to
migrate to languages such as Rust, Go and Nim. But the main reasons are because
these newer languages are fast and can evade static analysis of most malware
detection systems.
How healthy boundaries build trust in the workplace
Boundaries are the mental, emotional, and physical limits people maintain with
respect to others and their environment, and psychologists consider them
healthy if they ensure an individual’s continued well-being and stability.
They serve many valuable functions. They help protect us, clarify our own
responsibilities and those of others, and preserve our physical and emotional
energy. They help us stay focused on ourselves, honor our values and
standards, and identify our personal limits. Physical workplace boundaries may
include delineating an individual’s personal space in a shared office or
limiting body contact to handshakes rather than hugs. Mental boundaries
reflect individuals’ important beliefs, values, and opinions. At work, that
may mean not participating in activities that conflict with a person’s
religious convictions, like betting pools, or personal choices, such as not
drinking alcohol at office events. Emotional boundaries relate to people’s
feelings being acknowledged and respected and may manifest as individuals not
discussing their personal lives with coworkers.
Edge computing: 3 ways you can use it now
Edge infrastructure is what enables a “smart” factory floor, for example,
armed with sensors and other connected devices that generate endless streams
of data. “The manufacturing and warehousing sectors have been early adopters,
with use cases like preventive maintenance and augmented reality/virtual
reality (AR/VR) remote assistance applications powered by on-prem edge
compute,” Mishra says. “Warehouse automation through robotics, location-based
solutions, and supply chain optimization are also viewed as key use cases for
edge.” A specific technology to watch for here is computer vision: the
artificial intelligence (AI) discipline focused on computer-based recognition
of images and/or video. “Manufacturing is doing really interesting work in the
smart factory floor with quality control using computer vision to identify a
slip in production quality before it becomes detectable to humans,” says Paul
Legato, VP of platform engineering at Wallaroo. Experts expect that computer
vision applications, powered by edge infrastructure, will be a hotbed of new
use cases going forward.
Five lessons for building your B2B e-commerce audience
You need to grow and tend to relationships with your target audience, but
those relationships will only be as good as the technology you deploy. Your
technology is your connection. I’ve seen too many organisations succumb to the
fear that digital platforms will take all the flavor out of their brand. But
if you choose the right solution, you’re going to have more interaction, more
connection, and more opportunities to convey your brand. E-commerce soars when
it’s part of a high-quality omnichannel solution designed with B2B
complexities in mind. Still not sure if tech is the answer? Private equity
firms — key players in the B2B ecosystem —tend to keep their finger on the
pulse of future-friendly concepts. You can sense which way the wind is blowing
by the new talent they bring in. ... It might seem counterintuitive, but
digital drives more human connection. One of today’s most compelling paradoxes
is that while markets are more complex, and the buyer’s journey has a thousand
detours — I’ll get to that point in a moment — there’s a clear imperative in
that complexity and journey.
Evolving a data integration strategy
In addition to a lack of sufficient data governance, poorly integrated data
leads to poor customer service. “In the digital economy, the customer expects
you to know and have ready insight into every transaction and interaction they
have had with the organisation,” says Tibco CIO Rani Johnson. “If a portion of
a customer’s experience is locked in a silo, then the customer suffers a poor
experience and is likely to churn to another provider.” Breaking down such
silos of data requires business change. “Building end-to-end data management
requires organisational changes,” says Nicolas Forgues, former chief
technology officer (CTO) at Carrefour, who is now CTO at consulting firm
Veltys. “You need to train both internal and external staff to fulfil the data
mission for the company.” Businesses risk missing the bigger picture, in terms
of spotting trends or identifying indicators of changes, if they lack a
business-wide approach to data management and a strategy for integrating
silos. In Johnson’s experience, one of the reasons for poor visibility of data
is that business functions and enterprise applications are often
decentralised.
Quote for the day:
"Problem-solving leaders have one
thing in common: a faith that there's always a better way." --
Gerald M. Weinberg
No comments:
Post a Comment