With Identity Management, Start Early for Less Tech Debt
Starting with a robust identity and access management (IAM) solution will give
new projects a head start on the competition. Users will have access to more
features earlier. Additionally, no growing pains also mean no tech debt. Any new
project has challenges right from the start. Finishing the MVP is a high
priority. Planning meetings to outline necessary features and requirements can
suffer from scope creep. Every shortcut taken to deliver on time borrows against
the future. Tech debt is a known cost, and many startups take on a significant
amount. As any app needs users, it eventually will come down to planning the
features and structures needed. Everyone is a user themselves, so it’s easy to
come up with a variety of useful features. Single sign-on, social logins and
multifactor authentication are all conventional IAM features included in the
project scope and planned out for customers. Features and domain knowledge are
designed around what the team thinks a user will need. A user’s footprint within
your app gets built out in forms and user profile pages. Business data and user
data are stored together.Enterprise Architects Can Be Indispensable in the Boardroom
Data is enterprise currency, and executive management discussions in the boardroom are data-driven. A knowledgeable enterprise architect can show the board how data for business requirements are translated into technological specifications. EA can provide timely reports on the status of the current application landscape and IT inventory to provide data that addresses crucial boardroom evaluations and decision-making. Use reports to tie EA into business processes during regular meetings. Data can be used to illustrate real issues with simple diagrams and use cases, demonstrating options and concrete results. EA overlays on top of the business model can help boardroom members visualize cost, revenue, risk, and performance metrics to support decisions and track alignment with initiatives. The enterprise architect is the data guru of the boardroom. ... If you want to have a game in the boardroom, you must get to know the players. You need the sponsorship of executives who wield real influence and can promote engagement of EA initiatives.Europe’s AI Act contains powers to order AI models destroyed or retrained, says legal expert
The European Commission put out its proposal for an AI Act just over a year ago
— presenting a framework that prohibits a tiny list of AI use cases, considered
too dangerous to people’s safety or EU citizens’ fundamental rights to be
allowed, while regulating other uses based on perceived risk — with a subset of
“high risk” use cases subject to a regime of both ex ante (before) and ex post
(after) market surveillance. In the draft Act, high-risk systems are explicitly
defined as: Biometric identification and categorisation of natural persons;
Management and operation of critical infrastructure; Education and vocational
training; Employment, workers management and access to self-employment; Access
to and enjoyment of essential private services and public services and benefits;
Law enforcement; Migration, asylum and border control management; Administration
of justice and democratic processes. Under the original proposal, almost nothing
is banned outright — and most use cases for AI won’t face serious regulation
under the Act as they would be judged to pose “low risk” so largely left to self
regulate — with a voluntary code of standards and a certification scheme to
recognize compliance AI systems.
Why a ruling on digital ID by Kenya's Supreme Court has global implications for online privacy
Kenya’s digital ID programme, called the National Integrated Identity
Management System (NIIMS), was ruled illegal by the highest court because
there was no clear documentation of the data privacy risks, nor was there a
clear strategy for measuring, mitigating and dealing with those risks. Related
concerns about data privacy and security have arisen in other digital ID
platforms as well. For example, India’s Aadhaar is the world’s largest
biometric digital ID system. Registration is linked to biometrics and
demographics, and can connect to services including SIM cards, bank accounts,
and government aid programmes, making financial systems more inclusive.
Despite these advantages, Aadhaar has seen pushback regarding feasibility and
privacy. ... A major risk surrounding biometrics in particular is that if, and
when, an attacker obtains these credentials for a victim, they may be able to
impersonate the victim indefinitely, since a user’s biometrics do not change.
These risks can be mitigated using emerging technologies like computation over
encrypted data with rotating keys. Why did AI pioneer Marvin Minsky oppose neural networks?
The Dartmouth Summer Research Project on Artificial Intelligence in 1956 is
widely considered as the founding moment of artificial intelligence as a
field: John Mccarthy, Marvin Minsky, Claude Shannon, Ray Solomonoff etc
attended the eight-week long workshop held in New Hampshire. On the fiftieth
anniversary of the conference, the founding fathers of AI returned to
Dartmouth. When Minsky took the stage, Salk Institute professor Terry
Sejnowski told him some AI researchers view him as the devil for stalling the
progress of neural networks. “Are you the devil?” Sejnowski asked. Minsky
brushed him off and went on to explain the limitations of neural networks,
pointing out neural networks haven’t delivered the goods yet. But Sejnowski
was persistent. He asked again: “Are you the devil?”. A miffed Minsky
retorted: “Yes, I am.” Turing award winner Marvin Minsky has made major
contributions in cognitive psychology, symbolic mathematics, artificial
intelligence, robot manipulation, and computer vision. As an undergraduate
student at Harvard, Minsky built SNARC, considered the ‘first neural network’
by many, using over 3000 vacuum tubes and a few components from the B-52
bomber.
Is the Future of Digital Identity Safe?
Although multifactor authentication is crucial for preventing a great
percentage of attacks, however, is not enough – not in today’s rapidly
changing threat landscape. Enterprises need to evolve their identity and
access management policy towards a modernized authentication solution. As Uri
and I agreed, we need to leverage multiple data layers that would allow us to
map a legitimate behavior versus a malicious one. Not only do we need to
examine contextual data like location and device, but we also need to consider
behavioral insights, look at micro behaviors such as hesitation, distraction,
and rest. Having all these data layers, we can then leverage machine learning
to aggregate them into a coherent analysis that indicates abnormal behaviors.
Besides enabling artificial intelligence and machine learning to enhance our
security posture, it is equally important to consider customer experience. For
example, the best authentication tools today rely on mobile applications. What
happens if a ratio of your employees cannot use their mobile phone, or they
are reluctant about their employee installing an app in their personal
mobile? Metaverses and DAO: Are Crypto Enthusiasts Ready to Usher Them In?
There are already many who see the metaverse as a tremendous and thrilling
possibility. According to many observers, the venture will be a new chance for
economies, working settings, and further interaction. However, the metaverse,
like any technology, requires rigorous research and use to be sustainable.
Cryptos were on fire last year over environmental degradation issues, and
metaverse has to counteract this to emerge on top. There are some principles
underlying the metaverse: data sovereignty, privacy and governance, and honesty.
It also focuses on both diversity and utmost respect for users. To stay loyal to
the metaverse's values, those who work on its future need to follow specific
rules. In addition, the move allows long-term benefits. They can be
environmental sensitivity, social responsibility, or fiscal prudence. The future
of the metaverse looks like many different things for different people. The
ability to create virtual worlds and draw people is a lucrative new career for
some. Furthermore, there can be the incorporation of NFTs to give value to the
virtual space on the metaverse and allow users to earn income.
Application-Layer Encryption Basics for Developers
You may be working across multiple infrastructures, and for instance, HTTPS only covers a small part of the data flow inside your infrastructure, if you need an extra layer of protection, because the data is sensitive, or it may go outside of a specific infrastructure. Most importantly, if you need to enforce access control with encryption. For example, if you think of something like end-to-end encryption in a chat app, for instance, the access control is the sender and receiver, are really the only people who can access that data. That's not enforced just with a bit on a server saying who's allowed to do what, it's enforced through control of cryptographic key material. It's very clear how to use that in chat. It's actually a generalizable capability that you can use across lots of different types of use cases. Like in that use case, application layer encryption improves privacy. In some cases, it improves privacy substantially. It's actually significantly harder for developers than just implementing something like HTTPS.What the media is missing about decentralized autonomous organizations
While we’ve only scratched the surface of the potential DAOs have to create a
radically more transparent and equitable financial system, we’ve already seen
projects emerge that are delivering real value to real people in the real
world today. One example is the war in Ukraine, where UkraineDAO, set up by
Russian art collective Pussy Riot and Trippy Labs, raised over $6.75 million
worth of Ether (ETH) donated directly to Ukrainian defense efforts against
Russia. While this amount may not shift the balance of the war, the rapid
creation and scaling-up of UkraineDAO demonstrate the power of decentralized
financial technologies to coordinate a disparate global group of individuals
around a single cause to deliver tangible results. But, the value of DAOs goes
beyond just raising funds for noble causes under duress. In fact, many DAOs
are already providing sustainable value to participants across the world and
even harnessing blockchain technology to take on some of the most pressing
challenges of our time such as climate change.
The Evolution to Service-Based Networking
As application delivery evolved, orchestrators such as Kubernetes, Mesos and
Docker Swarm integrated discovery functionality to reduce the need for those
manual scripts. And while that’s great, what does it mean for the evolution of
networking? A lot, actually. Networking still needs to be based on service
identity because that’s how orchestrators track things, but the shift away
from static, IP-based networking toward a service-based networking solution
that these service discovery features provided was perhaps the most impactful
change to networking, making application identity the basis for networking
policies. Networking’s transition to a service-identity-based networking
requirement also has cascading effects on other workflows. The first, and
arguably the most important, is on security. While service discovery may solve
for tracking changes more dynamically, it doesn’t help you apply consistent
security policies to those applications. As I mentioned earlier, enforcing
security and access to sensitive data is a core networking requirement.
Quote for the day:
"To make a decision, all you need is authority. To make a good decision, you also need knowledge, experience, and insight." -- Denise Moreland
No comments:
Post a Comment