Return on CI/CD Is Larger than the Business Outcome
In very simple terms, when you adopt CI/CT/CD, every dev work — new feature, bug
fix, improvement — is continuously tested and integrated into your “ready to
ship” branch and is, well, ready to be released to your customers based on your
criteria for delivery. Since new dev work is continuously tested for quality and
regressions, you have high confidence to release more frequently. I used to work
at a company where, when a critical patch was needed, we just triggered our
pipeline, which performed extensive validations involving just a handful of
people and, after a short time, we were ready to cut a release. However, for a
software organization looking into adopting effective CI/CD, the return on
investment (ROI) should not be purely focused on measuring its business
outcomes. The DORA metrics can give you a measure of the positive business
outcomes from adopting an effective CI/CD process — that is, more frequent
releases, faster delivery of changes to customers, fewer bugs and incidents,
faster recovery from incidents. On the other hand, and equally important,
adopting effective CI/CD has positive outcomes to the development teams as well
— that is, it leads to higher innovation, higher throughput, quality and
automation mindset, and higher team morale.
Customer experience and data privacy need to go hand-in-hand
Not only are new data privacy laws impacting the future of marketing and
advertising to consumers, but new approaches as a means to adhere to data
privacy laws from Google and Apple are having an impact as well. However, while
these steps are thinly veiled attempts to make it look like data privacy is the
concern, it’s yet another attempt by big tech to distract from the issue at hand
where the consumer no longer has the say. Tracking customers’ page views,
serving up ideas of what they might like in the future and just forgetting to
ask what they prefer has become the norm. Brands have a real opportunity to
adapt their current infrastructures to build privacy-safe data stores that
adhere to compliance and regulations as part of the platform or ecosystem. This
allows them to keep using their (first-party) data-driven approach, while
allowing consumers to feel assured their data is being protected and they have a
voice. It’s the same problem all over again — brands getting excited to
capitalize on the latest trends and, in their frenzy, pushing consumer data
privacy concerns aside to get there first.
Why So Many Security Experts Are Concerned About Low-Code/No-Code Apps
Since low-code/no-code platforms often find their way into the enterprise
through business units rather than top-down through IT, they can easily slip
through the cracks and be missed by security and IT teams. While security
teams are in most cases part of the procurement process, it's easy to treat a
low-code/no-code platform as just another SaaS application used by the
business, not realizing that the result of adopting this platform would be
empowering a whole array of new citizen-developers in the business. In one
large organization, citizen-developers in the finance team built an expense
management application to replace a manual process filled with back-and-forth
emails. Employees quickly adopted the application since it made it easier for
them to get reimbursed. The finance team was happy because it automated part
of its repetitive work. But IT and security were not in the loop. It took some
time for them to notice the application, understand that it was built outside
of IT, and reach out to the finance team to bring the app under the IT
umbrella. Security and IT teams are always in a state where the backlog of
concerns is much larger than their ability to invest. ‘Decentralized’ web3 startups find out the hard way there’s no safety net
The problem, he explains, is that the policies “very specifically do not include
digital assets, meaning if the hackers had gotten in and stolen cash [from
Axie], it would have been squarely covered by a crime policy.” Since they
didn’t, it wasn’t. The challenge for insurers largely ties to the lack of
protections that digital assets currently receive from banking regulators. As
Wallace explains it, “Some [insurance] markets are open to making some
modifications, but I wouldn’t say it’s mainstream at this point” largely because
there is no kind of equivalent to the FDIC or the Securities Investor Protection
Corporation (SIPC), which partly protect financial institutions in the event
that money deposited in a bank or with a broker-dealer is stolen. “That concept
does not yet exist in digital,” Wallace says, adding that it’s “probably the
most common point of interest of web3 companies.” Insurers hoping for
protections to emerge could be waiting a while, given the way things are
trending. Consider that earlier this month, the FDIC issued a “financial
institution letter” (or FIL) that suggests the agency is still evaluating — and
concerned by — the risk posed by crypto assets and that it wants more
information about how the institutions it covers can conduct crypto-related
activities in a safe and sound manner.How To Automate Training Programs To Develop Employees' Leadership Skills
When investing in corporate learning, companies expect to make a real impact on
business outcomes. Nevertheless, only 1 in 4 senior managers reports that
leadership training tangibly influences a company's outcomes (paywall).
Corporations spend plenty of resources on traditional employee training based on
out-of-date methods. Many courses are considered to be successfully finished
without any feedback or post-training assessment. They provide zero or little
real knowledge and skills, turning the investment into hemorrhaging time and
money. But combining elaborate assessment with any development program boosts
bench strength by an average of 30%. The issue is quite hard to address due to
the lack of human resources within an organization for nurturing a leadership
mindset and supervising. For instance, consider using video courses with
personal feedback for each student from a coach. This approach is hard to scale
because the trainer's time is limited. This problem can be solved by automating
the personal leadership program so that a script carries out the role of
trainers and their assistants.The Role of DevOps in Cloud Security Management
Security on the cloud vs. security of the cloud always needs to be top of mind. Don’t forget that you are responsible for securing your own applications, data, OS, user access, and virtual network traffic. Beyond these, hone up on your configuration basics. More than 5 percent of AWS S3 buckets are misconfigured to be publicly readable. Recently, a simple misconfiguration in Kafdrop revealed the Apache Kafka stacks of some of the world’s largest businesses. While the big three clouds have invested millions to secure their stacks, the PaaS companies don’t have those budgets – so, check, check, and double check. There’s a reason it’s called “zero trust.” With SaaS and web security, again credential protection is key. Each architecture type requires its own type of security – be diligent. For example, a hybrid cloud infrastructure needs a “triple whammy” of security - the on-prem needs to be highly secure with all the ports closed, surface area tracked, and a highly active Security Operations Center (SOC). The public cloud aspect needs to be secured using the latest and greatest security tech available with that public cloud stack.Hidden Interfaces for Ambient Computing
While many of today’s consumer devices employ active-matrix organic
light-emitting diode (AMOLED) displays, their cost and manufacturing complexity
is prohibitive for ambient computing. Yet other display technologies, such as
E-ink and LCD, do not have sufficient brightness to penetrate materials. To
address this gap, we explore the potential of passive-matrix OLEDs (PMOLEDs),
which are based on a simple design that significantly reduces cost and
complexity. However, PMOLEDs typically use scanline rendering, where active
display driver circuitry sequentially activates one row at a time, a process
that limits display brightness and introduces flicker. Instead, we propose a
system that uses parallel rendering, where as many rows as possible are
activated simultaneously in each operation by grouping rectilinear shapes of
horizontal and vertical lines. For example, a square can be shown with just two
operations, in contrast to traditional scanline rendering that needs as many
operations as there are rows. With fewer operations, parallel rendering can
output significantly more light in each instant to boost brightness and
eliminate flicker.Flooded by Event Data? Here’s How to Keep Working
Today’s digital-first organizations need to create superb experiences for their
customers — or risk irrelevance. Ideally, this requires resolving any
operational issues before the end user has realized there’s something wrong.
However, for most organizations, it’s not that easy. Digital operations teams
are drowning in a tsunami of events. Existing tooling is unable to cope; manual
processes and multiple point solutions translate into interruptions and
escalations for overburdened responders. Solving the issues above is where event
orchestration can help. Event orchestration enables users to route events toward
the most appropriate set of actions. PagerDuty’s event orchestration
functionality, for example, analyzes, enriches, determines logic for and
automatically acts on events as they occur in real time, within microseconds.
This enables our customers to take all the events coming in from 650+
integrations and apply logic and automation to figure out what should be done
with each one — what the next best action is — at machine speed. Because we’re
able to nest automation together, users can have one automated action, start a
diagnostic process, learn more about the event and then use this information to
figure out what to do next.EdgeDB wants to modernize databases for cutting-edge apps
Unsurprisingly, companies are increasingly embracing alternatives to relational
databases, like NoSQL. Driven by a lack of scalability with legacy solutions,
they’re looking for modern systems — including cloud-based systems — that
support scaling while reducing costs and accelerating development. Gartner
predicts that 75% of all databases will be migrated to a cloud service by 2022 —
highlighting the shift. “The database industry is facing a major shift to a new
business model,” Yury Selivanov, the CEO of EdgeDB, a startup creating a
next-gen database architecture, told TechCrunch via email. “It’s clear that
there is a long tail of small- and medium-sized businesses that need to build
software fast and then host their data in the cloud, preferably in a convenient
and economical way.” Selivanov touts EdgeDB, which he co-founded in 2019 with
Elvis Pranskevichus, as one of the solutions to the legacy database problem.
EdgeDB’s open source architecture is relational, but Selivanov says that it’s
engineered to solve some fundamental design flaws that make working with
databases — both relational and NoSQL — unnecessarily onerous for
enterprises.Overcoming the biggest cyber security staff challenges
Too many people perceive cybersecurity as a complex, technical world dominated
by geeks in hoodies. They cannot see the vast opportunity for them to add value
with their own skill sets. We need to broaden the vision so that every employee
can become a partner in the security family and enrich it with their own
talents. Marketers, lawyers, crisis leaders, authors, and game designers can all
be part of a holistic security strategy, adding value and reducing risk, without
stepping away from their primary passion. ... Too many senior staff are leaving
the industry due to stress and overwork. The security leadership role has become
incredibly broad, having accountability to protect against risks and threats
across the entire business, and yet the team remains a pyramid with a narrow
base. By clearly pushing accountability back to the business units to adhere to
standards and holding them (rather than the security team) accountable when they
fall short, we can free the leadership from much of the stress, minimising staff
turnover. Quote for the day:
"A tough hide with a tender heart is a goal that all leaders must have." -- Wayde Goodall
No comments:
Post a Comment