Daily Tech Digest - March 04, 2022

How the C-Suite can set the organisation up for metaverse success

In order to reap the benefits that the metaverse offers, the most important thing leaders need to do currently is to build capability and thinking within their organisation. We are currently in the exploratory phase of the metaverse, so their needs to be an encouragement for employees to develop a greater awareness and adopt a more inquisitive mindset. Hiring new talent is going to be imperative to acquire new skills and expand that knowledge across teams to enable an incubator mentality. The metaverse will allow employees to solve old problems in new ways, but leaders will need to give creatives the space and independence to trial different ideas in order to find the best one that suits the business strategy and generate value. To strike this balance, I would recommend creating a separate team outside the IT department, yet within the matrix of the business. This team doesn’t have to be in-house – it could be outsourced. But it must be plugged into your marketing, sales and product development teams so that they have an understanding of the evolving business strategy.

All You Need to Know About User Session Security

Session security is an important consideration in the design of any system that requires communication between a server and a client. Improper security can lead to user accounts being vulnerable to unauthorized access. OWASP (Open Web Application Security Project  —  leading authority for security) considers the improper implementation of authorization/authentication as the second biggest risk to application security. Several notable hacks illustrate this point: The Docker hub database hack earlier this year resulted in stolen Github access tokens; Gitlab had a vulnerability where all its user’s auth tokens were exposed in the URLs, had no expiry time, and were susceptible to brute force attacks due to their short length; A software bug made it possible to steal access tokens  —  affecting 90 million Facebook accounts. It is tricky, time-consuming, and expensive to correctly implement user session management. According to an a16z operating partner (top tier VC) and former Box CSO, "authentication and authorization is the number one spending cost for organizations when it comes to their security budget."

Edgeless Systems Brings Confidential Computing to Kubernetes

Edgeless argues that by using Constellation to leverage confidential computing you can isolate and runtime-encrypt entire Kubernetes deployments. This means, the company states, Constellation enables you to use the public cloud like your private cloud. “Confidential Computing will usher in a new era of securing data in the cloud. With our unique expertise, we are making this new technology accessible to enterprises at scale,” said Felix Schuster, a confidential computing pioneer and Edgeless Systems co-founder and CEO. “Processing data that is always encrypted — not only at rest and in transit but also while in use — is a difficult task.” But Constellation makes it happen. This addresses the old, familiar worry of “Is your data actually safe on a third-party public cloud.” Edgeless claims that it is now since your data is securely encrypted within the cloud’s RAM. Now, as you’d guess, securing and using encrypted data isn’t easy. Constellation addresses this by taking care of such complexities as the verification or attestation of confidential virtual machines (VMs) and workloads, secure connections, key management, and data encryption.


Digital transformation: 3 IT culture traps that can hold you back

To accelerate your organization’s digital transformation, first ensure that your business and IT teams have open conversations about business issues and how IT can solve them. If an IT team feels that it’s being dumped on rather than treated as a strategic partner, an “us vs. them” culture can easily develop. The inverse is also true: IT teams cannot simply drop new technology solutions on unsuspecting business teams, believing they’re solving issues that the latter may not even realize exist. Teams should also have clearly defined roles, and they need to align on a common language. For instance, terms such as “production” and “test” mean different things for each team. When both teams try to understand each other, they can find synergy – which is the first step toward success (and creating robust lines of communication should be priority one). Achieving synergy shows that digital transformation is not merely a process of bringing in new technology to create change; it’s about redefining how the organization operates and communicates.

Decarbonising datacentres: Turning the hot air about heat reuse into real-life use cases

As with any new technology, there are a number of challenges that need to be overcome first to take full advantage of the opportunity and promise of heat reuse. One of them is the proximity to the heat demand. For example, the closer a datacentre is to homes or businesses in need of heat, the better. This could be achieved with government support and policy-making in the UK, as many European Union member countries have already done. Where datacentres cannot be situated near existing heat demand, applications such as greenhouses or sustainable farms could be purposely located there to make use of this low-carbon, low-cost energy, which is a path Norwegian colocation firm Green Mountain is pursuing. The captured heat also has to have a price in order to secure the return on investment, and to let the competition drive the change. There are a number of facilities around the world already demonstrating the feasibility of installation, environmental benefits and enormous savings resulting from recovering waste heat.

Can we and should we have fully open APIs?

To consider the limitations of open APIs, it is essential to also take into account the issues with API itself. According to Salt Edge’s survey of over 2,000 API initiations with banks from 31 European countries, 38% of bank APIs don’t meet EU or UK regulatory standards. It was also revealed that 43% of banks did not support automated registrations to access the relevant APIs, 22% had faulty documentation, and 28% had downtimes during the integration. A closed API is not accessible openly and typically resides in highly secure settings. But with Open APIs, a recent report from Transparency Market Research showed that, in terms of security, uncertainty and vulnerability of the third-party apps is one of the major restraining factors that affect the market. According to experts, a good open API requires basic considerations like the choice of selecting data format (JSON, XML, Text, VML, etc.), the protocol (HTTP, HTTPS), and the version of API. It is also important to consider security, be it API authentication or HTTPS. 

How to Navigate the Complexity of SaaS Management

SaaS offers tremendous value to organizations, but businesses need an easier path to rein in SaaS complexity. What’s the way forward? Adopting a comprehensive approach to SaaS management that solves IT, security, risk and finance teams’ challenges by giving them a single source of truth into every SaaS application is the answer. A modern approach to SaaS management enables stakeholders to: Discover both known and unknown SaaS applications, providing complete and actionable visibility into all data types and interconnectivity flows; Uncover and mitigate various security risks that put sensitive customer and business data at risk; Deliver the insights on user access and app utilization needed for better IT management and cost optimization across all SaaS apps; Streamline SaaS compliance reporting A comprehensive SaaS management solution that addresses risk management and business value for SaaS in one place for all stakeholders is imperative for business success.

Using Emergence and Scaffolding to Address Complexity in Product Development

Some would argue that known knowns should be simple to deal with and easily elaborate but even here caution is needed. I can recall working on the development of a new card settlement system where we needed to be able to deal with blacklisted cards. The assumption was that a card would be either black listed or not but we were advised that the current system could return ‘yes’, ‘no’, or a ‘maybe’ and no one could explain the latter. We had made the mistake of assuming this was clear and obvious but it really was a complicated issue and resolution was both time-consuming and costly. We have a large number of experiences addressing the second type of need: known unknowns and you could argue that agile practises accommodate articulation of these needs and related practises such as innovation games help here. This is broadly the case and iterative development is helpful as it allows us to articulate these elements and to incorporate them.

Are Blockchains Databases?

We’re going to see database and blockchain technologies continue to grow towards one another. On the blockchain side, the reasons are obvious: database feature sets and the operational and cost expectations of businesses for these use cases have emerged over many decades for good reason, and those reasons aren’t going away. Commercial blockchain solutions will have to meet those business expectations or die trying. The pressure on databases to adopt blockchain capabilities are a little more subtle. A bit of this is healthy competition — what customer doesn’t want to be able to time travel through older versions of data, sleep better knowing their data is tamperproof, or eliminate the overhead of application logs by integrating lineage directly into the data model itself? But beyond that, database users are also operating in increasingly regulated environments: GDPR and CCPA/Prop 24 have made it necessary to control PII not just within a company, but across companies. Financial and other regulations require tracking anything that involves money or credit more carefully than ever before, including being able to audit what was changed, when, and by whom. 

Regulator Announces Border Gateway Protocol Security Review

So it's welcome news that after security experts for years have been warning that BGP remains poorly secured and poses a risk, the U.S. government is finally taking a closer look. The Federal Communications Commission on Monday announced that it has begun a security review of BGP and will soon open a 30-day period for comment. The timing of the FCC's call for comments is auspicious, not least from a national security perspective, given that Russia reportedly used BGP hijacking against Ukraine last week. "There's nothing like a war to get them listening," Woodward says. Ukraine's computer emergency response team, CERT-UA, reported seeing BGP hijacking attacks less than 24 hours before Russian troops invaded on Feb. 24, at the same time Ukrainian government and banking systems were being hit by distributed denial-of-service attacks. "Around the same time of the DDoS attacks … CERT-UA asserted that there was a BGP hijacking attack against a Ukrainian bank," Cisco Talos says. 

Quote for the day:

"Effective team leaders realize they neither know all the answers, nor can they succeed without the other members of the team." -- Katzenbach & Smith

No comments:

Post a Comment