Daily Tech Digest - April 23, 2022

Return on CI/CD Is Larger than the Business Outcome

In very simple terms, when you adopt CI/CT/CD, every dev work — new feature, bug fix, improvement — is continuously tested and integrated into your “ready to ship” branch and is, well, ready to be released to your customers based on your criteria for delivery. Since new dev work is continuously tested for quality and regressions, you have high confidence to release more frequently. I used to work at a company where, when a critical patch was needed, we just triggered our pipeline, which performed extensive validations involving just a handful of people and, after a short time, we were ready to cut a release. However, for a software organization looking into adopting effective CI/CD, the return on investment (ROI) should not be purely focused on measuring its business outcomes. The DORA metrics can give you a measure of the positive business outcomes from adopting an effective CI/CD process — that is, more frequent releases, faster delivery of changes to customers, fewer bugs and incidents, faster recovery from incidents. On the other hand, and equally important, adopting effective CI/CD has positive outcomes to the development teams as well — that is, it leads to higher innovation, higher throughput, quality and automation mindset, and higher team morale.

Customer experience and data privacy need to go hand-in-hand

Not only are new data privacy laws impacting the future of marketing and advertising to consumers, but new approaches as a means to adhere to data privacy laws from Google and Apple are having an impact as well. However, while these steps are thinly veiled attempts to make it look like data privacy is the concern, it’s yet another attempt by big tech to distract from the issue at hand where the consumer no longer has the say. Tracking customers’ page views, serving up ideas of what they might like in the future and just forgetting to ask what they prefer has become the norm. Brands have a real opportunity to adapt their current infrastructures to build privacy-safe data stores that adhere to compliance and regulations as part of the platform or ecosystem. This allows them to keep using their (first-party) data-driven approach, while allowing consumers to feel assured their data is being protected and they have a voice. It’s the same problem all over again — brands getting excited to capitalize on the latest trends and, in their frenzy, pushing consumer data privacy concerns aside to get there first. 

Why So Many Security Experts Are Concerned About Low-Code/No-Code Apps

Since low-code/no-code platforms often find their way into the enterprise through business units rather than top-down through IT, they can easily slip through the cracks and be missed by security and IT teams. While security teams are in most cases part of the procurement process, it's easy to treat a low-code/no-code platform as just another SaaS application used by the business, not realizing that the result of adopting this platform would be empowering a whole array of new citizen-developers in the business. In one large organization, citizen-developers in the finance team built an expense management application to replace a manual process filled with back-and-forth emails. Employees quickly adopted the application since it made it easier for them to get reimbursed. The finance team was happy because it automated part of its repetitive work. But IT and security were not in the loop. It took some time for them to notice the application, understand that it was built outside of IT, and reach out to the finance team to bring the app under the IT umbrella. Security and IT teams are always in a state where the backlog of concerns is much larger than their ability to invest. 

‘Decentralized’ web3 startups find out the hard way there’s no safety net

The problem, he explains, is that the policies “very specifically do not include digital assets, meaning if the hackers had gotten in and stolen cash [from Axie], it would have been squarely covered by a crime policy.” Since they didn’t, it wasn’t. The challenge for insurers largely ties to the lack of protections that digital assets currently receive from banking regulators. As Wallace explains it, “Some [insurance] markets are open to making some modifications, but I wouldn’t say it’s mainstream at this point” largely because there is no kind of equivalent to the FDIC or the Securities Investor Protection Corporation (SIPC), which partly protect financial institutions in the event that money deposited in a bank or with a broker-dealer is stolen. “That concept does not yet exist in digital,” Wallace says, adding that it’s “probably the most common point of interest of web3 companies.” Insurers hoping for protections to emerge could be waiting a while, given the way things are trending. Consider that earlier this month, the FDIC issued a “financial institution letter” (or FIL) that suggests the agency is still evaluating — and concerned by — the risk posed by crypto assets and that it wants more information about how the institutions it covers can conduct crypto-related activities in a safe and sound manner.

How To Automate Training Programs To Develop Employees' Leadership Skills

When investing in corporate learning, companies expect to make a real impact on business outcomes. Nevertheless, only 1 in 4 senior managers reports that leadership training tangibly influences a company's outcomes (paywall). Corporations spend plenty of resources on traditional employee training based on out-of-date methods. Many courses are considered to be successfully finished without any feedback or post-training assessment. They provide zero or little real knowledge and skills, turning the investment into hemorrhaging time and money. But combining elaborate assessment with any development program boosts bench strength by an average of 30%. The issue is quite hard to address due to the lack of human resources within an organization for nurturing a leadership mindset and supervising. For instance, consider using video courses with personal feedback for each student from a coach. This approach is hard to scale because the trainer's time is limited. This problem can be solved by automating the personal leadership program so that a script carries out the role of trainers and their assistants.

The Role of DevOps in Cloud Security Management

Security on the cloud vs. security of the cloud always needs to be top of mind. Don’t forget that you are responsible for securing your own applications, data, OS, user access, and virtual network traffic. Beyond these, hone up on your configuration basics. More than 5 percent of AWS S3 buckets are misconfigured to be publicly readable. Recently, a simple misconfiguration in Kafdrop revealed the Apache Kafka stacks of some of the world’s largest businesses. While the big three clouds have invested millions to secure their stacks, the PaaS companies don’t have those budgets – so, check, check, and double check. There’s a reason it’s called “zero trust.” With SaaS and web security, again credential protection is key. Each architecture type requires its own type of security – be diligent. For example, a hybrid cloud infrastructure needs a “triple whammy” of security - the on-prem needs to be highly secure with all the ports closed, surface area tracked, and a highly active Security Operations Center (SOC). The public cloud aspect needs to be secured using the latest and greatest security tech available with that public cloud stack. 

Hidden Interfaces for Ambient Computing

While many of today’s consumer devices employ active-matrix organic light-emitting diode (AMOLED) displays, their cost and manufacturing complexity is prohibitive for ambient computing. Yet other display technologies, such as E-ink and LCD, do not have sufficient brightness to penetrate materials. To address this gap, we explore the potential of passive-matrix OLEDs (PMOLEDs), which are based on a simple design that significantly reduces cost and complexity. However, PMOLEDs typically use scanline rendering, where active display driver circuitry sequentially activates one row at a time, a process that limits display brightness and introduces flicker. Instead, we propose a system that uses parallel rendering, where as many rows as possible are activated simultaneously in each operation by grouping rectilinear shapes of horizontal and vertical lines. For example, a square can be shown with just two operations, in contrast to traditional scanline rendering that needs as many operations as there are rows. With fewer operations, parallel rendering can output significantly more light in each instant to boost brightness and eliminate flicker.

Flooded by Event Data? Here’s How to Keep Working

Today’s digital-first organizations need to create superb experiences for their customers — or risk irrelevance. Ideally, this requires resolving any operational issues before the end user has realized there’s something wrong. However, for most organizations, it’s not that easy. Digital operations teams are drowning in a tsunami of events. Existing tooling is unable to cope; manual processes and multiple point solutions translate into interruptions and escalations for overburdened responders. Solving the issues above is where event orchestration can help. Event orchestration enables users to route events toward the most appropriate set of actions. PagerDuty’s event orchestration functionality, for example, analyzes, enriches, determines logic for and automatically acts on events as they occur in real time, within microseconds. This enables our customers to take all the events coming in from 650+ integrations and apply logic and automation to figure out what should be done with each one — what the next best action is — at machine speed. Because we’re able to nest automation together, users can have one automated action, start a diagnostic process, learn more about the event and then use this information to figure out what to do next.

EdgeDB wants to modernize databases for cutting-edge apps

Unsurprisingly, companies are increasingly embracing alternatives to relational databases, like NoSQL. Driven by a lack of scalability with legacy solutions, they’re looking for modern systems — including cloud-based systems — that support scaling while reducing costs and accelerating development. Gartner predicts that 75% of all databases will be migrated to a cloud service by 2022 — highlighting the shift. “The database industry is facing a major shift to a new business model,” Yury Selivanov, the CEO of EdgeDB, a startup creating a next-gen database architecture, told TechCrunch via email. “It’s clear that there is a long tail of small- and medium-sized businesses that need to build software fast and then host their data in the cloud, preferably in a convenient and economical way.” Selivanov touts EdgeDB, which he co-founded in 2019 with Elvis Pranskevichus, as one of the solutions to the legacy database problem. EdgeDB’s open source architecture is relational, but Selivanov says that it’s engineered to solve some fundamental design flaws that make working with databases — both relational and NoSQL — unnecessarily onerous for enterprises.

Overcoming the biggest cyber security staff challenges

Too many people perceive cybersecurity as a complex, technical world dominated by geeks in hoodies. They cannot see the vast opportunity for them to add value with their own skill sets. We need to broaden the vision so that every employee can become a partner in the security family and enrich it with their own talents. Marketers, lawyers, crisis leaders, authors, and game designers can all be part of a holistic security strategy, adding value and reducing risk, without stepping away from their primary passion. ... Too many senior staff are leaving the industry due to stress and overwork. The security leadership role has become incredibly broad, having accountability to protect against risks and threats across the entire business, and yet the team remains a pyramid with a narrow base. By clearly pushing accountability back to the business units to adhere to standards and holding them (rather than the security team) accountable when they fall short, we can free the leadership from much of the stress, minimising staff turnover. 

Quote for the day:

"A tough hide with a tender heart is a goal that all leaders must have." -- Wayde Goodall

No comments:

Post a Comment