Daily Tech Digest - April 30, 2022

Deep Dive into CQRS — A Great Microservices Pattern

If you want to implement the CQRS pattern into an API, it is not enough to separate the routes via POST and GET. You also have to think about how you can ensure that command doesn’t return anything or at least nothing but metadata. The situation is similar to the Query API. Here, the URL path describes the desired query, but in this case, the parameters are transmitted using the query string since it is a GET request. Since the queries access the read-optimized denormalized database, the queries can be executed quickly and efficiently. However, the problem is that without regularly pulling the query routes, a client does not find out whether a command has already been processed and what the result was. Therefore, it is recommended to use a third API, the Events API, which informs about events via push notifications via web sockets, HTTP streaming, or a similar mechanism. Anyone who knows GraphQL and is reminded of the concepts of mutation, query, and subscription when describing the commands, the query, and the events API is on the right track: GraphQL is ideal for implementing CQRS-based APIs.

Why hybrid intelligence is the future of artificial intelligence at McKinsey

“One thing that hasn’t changed: our original principle of combining the brilliance of the human mind and domain expertise with innovative technology to solve the most difficult problems,” explains Alex Sukharevsky. “We call it hybrid intelligence, and it starts from day one on every project.” AI initiatives are known to be challenging; only one in ten pilots moves into production with significant results. “Adoption and scaling aren’t things you add at the tail end of a project; they’re where you need to start,” points out Alex Singla. “We bring our technical leaders together with industry and subject-matter experts so they are part of one process, co-creating solutions and iterating models. They come to the table with the day-to-day insights of running the business that you’ll never just pick up from the data alone.” Our end-to-end and transformative approach is what sets McKinsey apart. Clients are taking notice: two years ago, most of our AI work was single use cases, and now roughly half is transformational. Another differentiating factor is the assets created by QuantumBlack Labs. 

Top 10 FWaaS providers of 2022

As cloud solutions continued to evolve, cloud-based security services had to follow their lead and this is how firewall as a service (FWaaS) came into existence. In short, FWaaS took the last stage of firewall evolution - the next-generation firewall (NGFW) - and moved it from a physical device to the cloud. There are plenty of benefits of employing FWaaS in your systems in place of an old-fashioned firewall and some of them are simplicity, superior scalability, improved visibility and control, protection of remote workers, and cost-effectiveness. ... Unlike old-fashioned firewalls, Perimeter 81’s solution can safeguard multiple networks and control access to all data and resources of an organization. Some of its core features include identity-based access, global gateways, precise network segmentation, object-based configuration management, multi-site management, protected DNS system, safe remote work, a wide variety of integrations, flexible features, and scalable pricing. ... Secucloud’s FWaaS is a zero-trust, next-gen, AI-based solution that utilizes threat intelligence feed, secures traffic through its own VPN tunnel, and operates as a proxy providing an additional layer of security to your infrastructure.

Automated Security Alert Remediation: A Closer Look

To properly implement automatic security alert remediation, you must choose the remediation workflow that works best for your organization. Alert management works with workflows that are scripted to match a certain rule to identify possible vulnerabilities and execute resolution tasks. With automation, workflows are automatically triggered by following asset rules and constantly inspecting the remediation activity logs to execute remediation. To improve mean time to response and remediation, organizations create automated remediation workflows. For example, remediation alert playbooks aid in investigating events, blocking IP addresses or adding an IOC on a cloud firewall. There are also interactive playbooks that can help remediate issues like a DLP incident on a SaaS platform while also educating the user via dynamic interactions using the company’s communication tools. The typical alert remediation workflow consists of multiple steps. It begins with the creation of a new asset policy followed by the selection of a remediation action rule and concludes with the continued observation of the automatically quarantined rules.

Experts outline keys for strong data governance framework

It's needed to manage risk, which could be anything from the use of low-quality data that leads to a bad decision to potentially running afoul of regulatory restrictions. And it's also needed to foster informed decisions that lead to growth. But setting limits on which employees can use what data, while further limiting how certain employees can use data depending on their roles, and simultaneously encouraging those same employees to explore and innovate with data are seemingly opposing principles. So a good data governance framework finds an equilibrium between risk management and enablement, according to Sean Hewitt, president and CEO of Succeed Data Governance Services, who spoke during a virtual event on April 26 hosted by Eckerson Group on data governance. A good data governance framework instills confidence in employees that whatever data exploration and decision-making they do in their roles, they're doing so with proper governance guardrails in place so they're exploring and making decisions safely and securely and won't hurt their organization.

Augmented data management: Data fabric versus data mesh

The data fabric architectural approach can simplify data access in an organization and facilitate self-service data consumption at scale. This approach breaks down data silos, allowing for new opportunities to shape data governance, data integration, single customer views and trustworthy AI implementations among other common industry use cases. Since its uniquely metadata-driven, the abstraction layer of a data fabric makes it easier to model, integrate and query any data sources, build data pipelines, and integrate data in real-time. A data fabric also streamlines deriving insights from data through better data observability and data quality by automating manual tasks across data platforms using machine learning. ... The data mesh architecture is an approach that aligns data sources by business domains, or functions, with data owners. With data ownership decentralization, data owners can create data products for their respective domains, meaning data consumers, both data scientist and business users, can use a combination of these data products for data analytics and data science.

Embracing the Platinum Rule for Data

It’s much easier to innovate around one platform and one set of data. Making this a business and not an IT imperative, you can connect data into the applications that matter. For example, creating a streamlined procure-to-pay and order-to-cash process is possible only because we’ve broken down data silos. We are now capable of distributing new customer orders to the optimum distribution facility based on the final destination and available inventory in minutes vs. multiple phone calls and data entry in multiple systems that previously would have taken hours and resources. The speed and effectiveness of these processes has led to multiple customer awards. Our teams need to store data in ways that is harmonized before our users start to digest and analyze the information. Today many organizations have data in multiple data lakes and data warehouses, which increases the time to insights and increases the chance for error because of multiple data formats. ... As data flows through Prism, we’re able to visualize that same data across multiple platforms while being confident in one source of the truth.

The Purpose of Enterprise Architecture

The primary purpose of the models is to facilitate the architect to understand the system being examined. Understand how it works today, understand how it can be most effectively changed to reach the aspirations of the stakeholders, and understand the implications and impacts of the change. A secondary purpose is re-use. It is simply inefficient to re-describe the Enterprise. The efficiency of consistency is balanced against the extra energy to describe more than is needed, and to train those who describe and read the descriptions on formal modeling. The size, geographic distribution, and purpose of the EA team will dramatically impact the level of consistency and formality required. Formal models are substantially more re-usable than informal models. Formal models are substantially easier to extend across work teams. The penalty is that formal models require semantic precision. For example, regardless of the structure of an application in the real world, it must be represented in a model conforming to the formal definition. This representation is possible with a good model definition.

Staying Agile: Five Trends for Enterprise Architecture

Continuous improvement is a cornerstone of agile digital business design. Organizations want to deliver more change, with higher quality results, simultaneously. Progressive, mature EAs are now designing the system that builds the system, redesigning and refactoring the enterprise’s way-of-working. This goal is a fundamental driver for many of these trends. In the pursuit of this trend, it’s important to remember that the perfect business design isn’t easily achievable. Trying one approach, learning through continuous feedback and making adjustments is a rinse and repeat process. For example, a business might use the Team Topologies technique to analyze the types of work that teams are performing and then reorganize those teams to in order to minimize cognitive loads – for instance by assigning one set of teams to focus on a particular value stream while others focus solely on enabling technical capabilities. These adjustments might need to happen multiple times until the right balance is found to ensure optimal delivery of customer value and team autonomy.

Blockchain and GDPR

Given that the ruling grants EU persons the right to contest automated decisions, and smart contracts running on a blockchain are effectively making automated decisions, the GDPR needs to be taken in to account when developing and deploying smart contracts that use personal data in the decision making process, and produce a legal effect or other similarly significant effect.Smart contract over-rides. The simplest means of ensuring smart contract compliance is to include code within the contract that allows a contract owner to reverse any transaction conducted. There are however a number of problems that could arise from this. ... As the appeal time can be long, many such actions may have been taken after the original contract decision, and it may not even be possible to roll back all the actions. Consent and contractual law. A second approach is to ensure that the users activating the smart contract are aware that they are entering into such a contract, and that they provide explicit consent. The GDPR provides the possibility of waiving the contesting of automated decisions under such terms, but the smart contract would require putting on hold any subsequent actions to be taken until consent is obtained.

Quote for the day:

"Making good decisions is a crucial skill at every level." -- Peter Drucker

No comments:

Post a Comment