How the C-Suite can set the organisation up for metaverse success
In order to reap the benefits that the metaverse offers, the most important
thing leaders need to do currently is to build capability and thinking within
their organisation. We are currently in the exploratory phase of the metaverse,
so their needs to be an encouragement for employees to develop a greater
awareness and adopt a more inquisitive mindset. Hiring new talent is going to be
imperative to acquire new skills and expand that knowledge across teams to
enable an incubator mentality. The metaverse will allow employees to solve old
problems in new ways, but leaders will need to give creatives the space and
independence to trial different ideas in order to find the best one that suits
the business strategy and generate value. To strike this balance, I would
recommend creating a separate team outside the IT department, yet within the
matrix of the business. This team doesn’t have to be in-house – it could be
outsourced. But it must be plugged into your marketing, sales and product
development teams so that they have an understanding of the evolving business
strategy.
All You Need to Know About User Session Security
Session security is an important consideration in the design of any system that
requires communication between a server and a client. Improper security can lead
to user accounts being vulnerable to unauthorized access. OWASP (Open Web
Application Security Project — leading authority for security) considers the
improper implementation of authorization/authentication as the second biggest
risk to application security. Several notable hacks illustrate this point: The
Docker hub database hack earlier this year resulted in stolen Github access
tokens; Gitlab had a vulnerability where all its user’s auth tokens were
exposed in the URLs, had no expiry time, and were susceptible to brute force
attacks due to their short length; A software bug made it possible to steal
access tokens — affecting 90 million Facebook accounts. It is tricky,
time-consuming, and expensive to correctly implement user session management.
According to an a16z operating partner (top tier VC) and former Box CSO,
"authentication and authorization is the number one spending cost for
organizations when it comes to their security budget."
Edgeless Systems Brings Confidential Computing to Kubernetes
Edgeless argues that by using Constellation to leverage confidential computing
you can isolate and runtime-encrypt entire Kubernetes deployments. This means,
the company states, Constellation enables you to use the public cloud like
your private cloud. “Confidential Computing will usher in a new era of
securing data in the cloud. With our unique expertise, we are making this new
technology accessible to enterprises at scale,” said Felix Schuster, a
confidential computing pioneer and Edgeless Systems co-founder and CEO.
“Processing data that is always encrypted — not only at rest and in transit
but also while in use — is a difficult task.” But Constellation makes it
happen. This addresses the old, familiar worry of “Is your data actually safe
on a third-party public cloud.” Edgeless claims that it is now since your data
is securely encrypted within the cloud’s RAM. Now, as you’d guess, securing
and using encrypted data isn’t easy. Constellation addresses this by taking
care of such complexities as the verification or attestation of confidential
virtual machines (VMs) and workloads, secure connections, key management, and
data encryption.
Digital transformation: 3 IT culture traps that can hold you back
To accelerate your organization’s digital transformation, first ensure that
your business and IT teams have open conversations about business issues and
how IT can solve them. If an IT team feels that it’s being dumped on rather
than treated as a strategic partner, an “us vs. them” culture can easily
develop. The inverse is also true: IT teams cannot simply drop new
technology solutions on unsuspecting business teams, believing they’re
solving issues that the latter may not even realize exist. Teams should also
have clearly defined roles, and they need to align on a common language. For
instance, terms such as “production” and “test” mean different things for
each team. When both teams try to understand each other, they can find
synergy – which is the first step toward success (and creating robust lines
of communication should be priority one). Achieving synergy shows that
digital transformation is not merely a process of bringing in new technology
to create change; it’s about redefining how the organization operates and
communicates.
Decarbonising datacentres: Turning the hot air about heat reuse into real-life use cases
As with any new technology, there are a number of challenges that need to be
overcome first to take full advantage of the opportunity and promise of heat
reuse. One of them is the proximity to the heat demand. For example, the
closer a datacentre is to homes or businesses in need of heat, the better.
This could be achieved with government support and policy-making in the UK,
as many European Union member countries have already done. Where datacentres
cannot be situated near existing heat demand, applications such as
greenhouses or sustainable farms could be purposely located there to make
use of this low-carbon, low-cost energy, which is a path Norwegian
colocation firm Green Mountain is pursuing. The captured heat also has to
have a price in order to secure the return on investment, and to let the
competition drive the change. There are a number of facilities around
the world already demonstrating the feasibility of installation,
environmental benefits and enormous savings resulting from recovering waste
heat.
Can we and should we have fully open APIs?
To consider the limitations of open APIs, it is essential to also take into
account the issues with API itself. According to Salt Edge’s survey of over
2,000 API initiations with banks from 31 European countries, 38% of bank
APIs don’t meet EU or UK regulatory standards. It was also revealed that 43%
of banks did not support automated registrations to access the relevant
APIs, 22% had faulty documentation, and 28% had downtimes during the
integration. A closed API is not accessible openly and typically resides in
highly secure settings. But with Open APIs, a recent report from
Transparency Market Research showed that, in terms of security, uncertainty
and vulnerability of the third-party apps is one of the major restraining
factors that affect the market. According to experts, a good open API
requires basic considerations like the choice of selecting data format
(JSON, XML, Text, VML, etc.), the protocol (HTTP, HTTPS), and the version of
API. It is also important to consider security, be it API authentication or
HTTPS.
How to Navigate the Complexity of SaaS Management
SaaS offers tremendous value to organizations, but businesses need an easier
path to rein in SaaS complexity. What’s the way forward? Adopting a
comprehensive approach to SaaS management that solves IT, security, risk and
finance teams’ challenges by giving them a single source of truth into every
SaaS application is the answer. A modern approach to SaaS management enables
stakeholders to: Discover both known and unknown SaaS applications,
providing complete and actionable visibility into all data types and
interconnectivity flows; Uncover and mitigate various security risks
that put sensitive customer and business data at risk; Deliver the
insights on user access and app utilization needed for better IT management
and cost optimization across all SaaS apps; Streamline SaaS compliance
reporting A comprehensive SaaS management solution that addresses risk
management and business value for SaaS in one place for all stakeholders is
imperative for business success.
Using Emergence and Scaffolding to Address Complexity in Product Development
Some would argue that known knowns should be simple to deal with and easily
elaborate but even here caution is needed. I can recall working on the
development of a new card settlement system where we needed to be able to
deal with blacklisted cards. The assumption was that a card would be either
black listed or not but we were advised that the current system could return
‘yes’, ‘no’, or a ‘maybe’ and no one could explain the latter. We had made
the mistake of assuming this was clear and obvious but it really was a
complicated issue and resolution was both time-consuming and costly. We have
a large number of experiences addressing the second type of need: known
unknowns and you could argue that agile practises accommodate articulation
of these needs and related practises such as innovation games help here.
This is broadly the case and iterative development is helpful as it allows
us to articulate these elements and to incorporate them.
Are Blockchains Databases?
We’re going to see database and blockchain technologies continue to grow
towards one another. On the blockchain side, the reasons are obvious:
database feature sets and the operational and cost expectations of
businesses for these use cases have emerged over many decades for good
reason, and those reasons aren’t going away. Commercial blockchain solutions
will have to meet those business expectations or die trying. The pressure on
databases to adopt blockchain capabilities are a little more subtle. A bit
of this is healthy competition — what customer doesn’t want to be able to
time travel through older versions of data, sleep better knowing their data
is tamperproof, or eliminate the overhead of application logs by integrating
lineage directly into the data model itself? But beyond that, database users
are also operating in increasingly regulated environments: GDPR and
CCPA/Prop 24 have made it necessary to control PII not just within a
company, but across companies. Financial and other regulations require
tracking anything that involves money or credit more carefully than ever
before, including being able to audit what was changed, when, and by
whom.
Regulator Announces Border Gateway Protocol Security Review
So it's welcome news that after security experts for years have been warning
that BGP remains poorly secured and poses a risk, the U.S. government is
finally taking a closer look. The Federal Communications Commission on
Monday announced that it has begun a security review of BGP and will soon
open a 30-day period for comment. The timing of the FCC's call for comments
is auspicious, not least from a national security perspective, given that
Russia reportedly used BGP hijacking against Ukraine last week. "There's
nothing like a war to get them listening," Woodward says. Ukraine's computer
emergency response team, CERT-UA, reported seeing BGP hijacking attacks less
than 24 hours before Russian troops invaded on Feb. 24, at the same time
Ukrainian government and banking systems were being hit by distributed
denial-of-service attacks. "Around the same time of the DDoS attacks …
CERT-UA asserted that there was a BGP hijacking attack against a Ukrainian
bank," Cisco Talos says.
Quote for the day:
"Effective team leaders realize they
neither know all the answers, nor can they succeed without the other
members of the team." -- Katzenbach & Smith
No comments:
Post a Comment