Daily Tech Digest - February 15, 2022

Cloud storage data residency: How to achieve compliance

Data residency and data sovereignty are increasingly governed by local laws. There is an increasing push towards data sovereignty, in part because of supply chain and security concerns. As Mathieu Gorge, CEO at compliance experts Vigitrust, points out, firms and governments alike are increasingly concerned about geopolitical risk. Firms also need to be aware of data adequacy requirements if they intend to move data across borders. This could come into play if they move between hyperscaler regions and AZs, or change SaaS providers. “There is adequacy between the UK and EU, but you are still relying on clauses in the contract to demonstrate that adequacy,” he cautions. Meanwhile, the challenge of data residency is becoming more complicated as more countries roll out data sovereignty regulations. The EU’s GDPR does not actually include stipulations on data residency, relying instead on data adequacy. The UK’s post-Brexit approach follows that of GDPR. But the growth local of data privacy laws is increasingly linked to more localised, or even nationalistic, views of IT resources, and specific regulations and laws can also set out data residency requirements.


Log4j hearing: 'Open source is not the problem'

“Open source is not the problem,” stated Dr. Trey Herr, director of the Cyber Statecraft Initiative with Atlantic Council think tank during a US Senate Committee on Homeland Security & Government Affairs hearing this week. “Software supply-chain security issues have bedeviled the cyber-policy community for years.” Experts have been predicting a long-term struggle to remedy the Log4j flaw and its impact. Security researchers at Cisco Talos for example stated that Log4j will be widely exploited moving forward, and users should patch affected products and implement mitigation solutions as soon as possible. The popular, Java-logging software is widely used in enterprise and consumer services, websites, and applications as an easy-to-use common utility to support client/server application development. If exploited, the Log4j weakness could let an unauthenticated remote actor take control of an affected server system and gain access to company information or unleash a denial of service attack. The Senate panel called on experts in order to find out about industry responses and ways to prevent future software exposures.


How to create data management policies for unstructured data

Automate as much as you can. A declarative approach is the goal. While there are many options available now using independent data management software to manage policies across storage, many organizations still employ IT managers and spreadsheets to create and track policies. The worst part of this bespoke manual effort is searching for files containing certain attributes and then moving or deleting them. These efforts are inefficient, incomplete, and impede the goals of having policies; it’s painful to maintain them, and IT professionals have too many competing priorities. Plus, this approach limits the potential of using policies to continuously curate and move data to data lakes for strategic AI and ML projects. Instead, look for a solution with an intuitive interface to build and execute on a schedule and that runs in the background without human intervention. Measure outcomes and refine. Any data management policy should be mapped to specific goals, such as cost savings on storage and backups. It should measure those outcomes and let you know their status so that if those goals are not being met, you can change the plans accordingly.


7 Ways to Fail at Microservices

Microservices envy is a problem, because microservices aren’t the sort of thing we should be envying. One of our consultants has a heuristic that if a client keeps talking about Netflix and asking for microservices, he knows the engagement is in trouble. Almost certainly, they’re not moving to microservices for the right reason. If the conversation is a bit deeper, and covers things like coupling and cohesion, then he knows they’re in the right space. The starting ambition for a microservices transformation should never be the microservices themselves. Microservices are the means to achieve a higher-level goal of business agility or resiliency or equivalent. Actually, microservices are not even the only means; they're a means. ... It’s important to ask "do you have microservices, or do you have a monolith spread over hundreds of Git repos?" That, unfortunately, is what we often see. This is a distributed monolith, and it’s a terrible thing. It's hard to reason about. It's more prone to errors than its monolithic equivalent. With a conventional monolith where it's all contained in a single development environment, you get benefits such as compile-time checking and IDE refactoring support.


Demystifying the UK’s National Cyber Strategy 2022

Cyber resilience and digital security overlap different “pillars” of the strategy but share the same goal of enhancing the security posture of the UK, which requires a whole of society outlook. The government’s efforts in taking an active role in the development and adoption of technologies critical to cyber space is applaudable. To remain in sync with the pace of change, there needs to be collaborative and active engagement with experts that have a deep understanding of the threats in cyber space and how to secure the technologies required. The National Cyber Strategy outlines the government’s vision to build on its influence and take on a leading role in promoting technologies and security best practices critical to cyber space globally. It must not wait until the telecommunications industry encounters problems with 5G deployments and organisations are left trying to retrospectively fix their security weaknesses. Organisations must build their networks securely from the start, and effective guidance will be key to supporting this development. 


Why Ransomware Groups Such as BlackCat Are Turning to Rust

BlackCat's migration to Rust, which can run on embedded devices and integrate with other languages, comes as no surprise to Carolyn Crandall, chief security advocate at network security specialist Attivo Networks. She tells ISMG that attackers are always going to innovate with new code that is designed to circumvent endpoint defense systems. Crandall says BlackCat ransomware is "extremely sophisticated" because it is human-operated and command line-driven. ... Anandeshwar Unnikrishnan, senior threat researcher at cybersecurity firm CloudSEK, tells ISMG that threat actors, especially malware developers, will eventually move away from traditional programing languages they formerly used to write malware, such as C or C++, and adopt newer languages, such as Rust, Go and Nim. Unnikrishnan says there are plenty of reasons for malware developers to migrate to languages such as Rust, Go and Nim. But the main reasons are because these newer languages are fast and can evade static analysis of most malware detection systems.


How healthy boundaries build trust in the workplace

Boundaries are the mental, emotional, and physical limits people maintain with respect to others and their environment, and psychologists consider them healthy if they ensure an individual’s continued well-being and stability. They serve many valuable functions. They help protect us, clarify our own responsibilities and those of others, and preserve our physical and emotional energy. They help us stay focused on ourselves, honor our values and standards, and identify our personal limits. Physical workplace boundaries may include delineating an individual’s personal space in a shared office or limiting body contact to handshakes rather than hugs. Mental boundaries reflect individuals’ important beliefs, values, and opinions. At work, that may mean not participating in activities that conflict with a person’s religious convictions, like betting pools, or personal choices, such as not drinking alcohol at office events. Emotional boundaries relate to people’s feelings being acknowledged and respected and may manifest as individuals not discussing their personal lives with coworkers.


Edge computing: 3 ways you can use it now

Edge infrastructure is what enables a “smart” factory floor, for example, armed with sensors and other connected devices that generate endless streams of data. “The manufacturing and warehousing sectors have been early adopters, with use cases like preventive maintenance and augmented reality/virtual reality (AR/VR) remote assistance applications powered by on-prem edge compute,” Mishra says. “Warehouse automation through robotics, location-based solutions, and supply chain optimization are also viewed as key use cases for edge.” A specific technology to watch for here is computer vision: the artificial intelligence (AI) discipline focused on computer-based recognition of images and/or video. “Manufacturing is doing really interesting work in the smart factory floor with quality control using computer vision to identify a slip in production quality before it becomes detectable to humans,” says Paul Legato, VP of platform engineering at Wallaroo. Experts expect that computer vision applications, powered by edge infrastructure, will be a hotbed of new use cases going forward.


Five lessons for building your B2B e-commerce audience

You need to grow and tend to relationships with your target audience, but those relationships will only be as good as the technology you deploy. Your technology is your connection. I’ve seen too many organisations succumb to the fear that digital platforms will take all the flavor out of their brand. But if you choose the right solution, you’re going to have more interaction, more connection, and more opportunities to convey your brand. E-commerce soars when it’s part of a high-quality omnichannel solution designed with B2B complexities in mind. Still not sure if tech is the answer? Private equity firms — key players in the B2B ecosystem —tend to keep their finger on the pulse of future-friendly concepts. You can sense which way the wind is blowing by the new talent they bring in. ... It might seem counterintuitive, but digital drives more human connection. One of today’s most compelling paradoxes is that while markets are more complex, and the buyer’s journey has a thousand detours — I’ll get to that point in a moment — there’s a clear imperative in that complexity and journey. 


Evolving a data integration strategy

In addition to a lack of sufficient data governance, poorly integrated data leads to poor customer service. “In the digital economy, the customer expects you to know and have ready insight into every transaction and interaction they have had with the organisation,” says Tibco CIO Rani Johnson. “If a portion of a customer’s experience is locked in a silo, then the customer suffers a poor experience and is likely to churn to another provider.” Breaking down such silos of data requires business change. “Building end-to-end data management requires organisational changes,” says Nicolas Forgues, former chief technology officer (CTO) at Carrefour, who is now CTO at consulting firm Veltys. “You need to train both internal and external staff to fulfil the data mission for the company.” Businesses risk missing the bigger picture, in terms of spotting trends or identifying indicators of changes, if they lack a business-wide approach to data management and a strategy for integrating silos. In Johnson’s experience, one of the reasons for poor visibility of data is that business functions and enterprise applications are often decentralised. 



Quote for the day:

"Problem-solving leaders have one thing in common: a faith that there's always a better way." -- Gerald M. Weinberg

No comments:

Post a Comment