Daily Tech Digest - June 02, 2022

A decentralized verification system could be the key to boosting digital security

Instead of placing trust in a single central entity, decentralization places trust in the network as a whole, and this network can exist outside of the IAM system using it. The mathematical structure of the algorithms underpinning the decentralized authority ensures that no single node can act alone. Moreover, each node on the network can be operated by an independently operating organization, such as a bank, telecommunication company, or government departments. So, stealing a single secret would require hacking several independent nodes. Even in the event of an IAM system breach, the attacker would only gain access to some user data – not the entire system. And to award themselves authority over the entire organization, they would need to breach a combination of 14 independently operating nodes. This isn’t impossible, but it’s a lot harder. But beautiful mathematics and verified algorithms still aren’t enough to make a usable system. There’s more work to be done before we can take decentralized authority from a concept to a functioning network that will keep our accounts safe.


Emerging digital twins standards promote interoperability

Digital twins today are mostly application-driven. “But what we really need is the interoperable digital twin so we can realize the interoperability between these different digital twins,” said Christian Mosch, general manager at IDTA. The IDTA Asset Administration Shell standard provides a framework for sharing data across the different lifecycle phases such as planning, development, construction, commissioning, operation and recycling at the end of life. It provides a way of thinking about assets such as a robot arm and the administration of the different data and documents that describe it across various lifecycle phases. The shell provides a container for consistently storing different types of information and documentation. For example, the robot arm might include engineering data such as 3D geometry drawings, design properties and simulation results. It may also include documentation such as declarations of conformity and proof certifications. The Asset Administration Shell also brings data from operations technology used to manage equipment on the shop floor into the IT realm to represent data across the lifecycle. 


4 Database Access Control Methods to Automate

The beauty of using security automation as a data broker is that it has the ability to validate data-retrieval requests. This includes verifying that the requestor actually has permission to see the data being requested. If the proper permissions aren’t in place, the user can submit a request to be added to a specific role through the normal request channels, which is typically the way to go. With automated data access control, this request could be generated and sent within the solution to streamline the process. This also allows additional context-specific information to be included in the data-access request automatically. For example, if someone requests data that they do not have access to within their role, the solution can be configured to look up the database owner, populate an access request and send it to the owner of the data, who can then approve one-time access or grant access for a certain period of time. A common scenario where this is useful is when an employee goes on vacation and someone new is helping with their clients’ needs while they are out.


AI still needs humans to stay intelligent—here’s why

Remember, AI models are usually programmes or algorithms built to use data to recognise patterns, and either reach a conclusion or make a prediction. Once designed, paid for, and implemented, it’s easy to assume that these models will stay smart forever. Instead, they nearly always require regular human intervention. Why? Let’s look at a few examples: It’s likely that the technology your organisation uses in day-to-day operations is regularly changed and upgraded; Your company might have uncovered new intelligence about your customers, such as levels of interaction with a recently launched product; Your business’ strategies may change – for example, you might switch focus from reducing production costs to investing in a quality customer experience.  ... Where possible, avoid ‘technical debt’ by focusing on gradual AI improvements, rather than waiting for an issue to flare up and then facing a gruelling system overhaul. And finally, strive to create an AI-aware culture in your workplace. Educate your employees on how your AI systems work, why they’re reliable, why they’re to be trusted rather than feared – and that they’re not a replacement for their jobs.


Massive shadow code risk for world’s largest businesses

“While retail and credit card breaches grab the most headlines, this is a pervasive and relatively unchecked risk to both security and privacy across all verticals,” said Dan Dinnar, CEO of Source Defense. “It’s also a fast-growing and extremely volatile issue with regard to sensitive data. Organizations and their digital supply chain partners are constantly updating sites and code, and the data of greatest value to malicious actors is collected on the pages where the business has the greatest need for analytics, tag management, and other tracking and management capabilities.” Extensive libraries of third-party scripts are available free, or at low cost, from a range of communities, organizations, and even individuals, and are extremely popular as they allow development teams to quickly add advanced functionality to applications without the burden of creating and maintaining them. These packages also often contain code from additional parties further removed from – and farther out of the purview of – the deploying organization.


High-tech legislation through self-regulation

In industries where no direct legislation exists, judges have to rely on a multitude of secondary factors, putting additional strain on them. In some cases, they might be left only with the general principles of law. In web scraping, data protection laws, e.g. GDPR, became the go-to area for related cases. Many of them have been decided on the basis of these regulations and rightfully so. But scraping is much more than just data protection. Case law, mostly from the US, has in turn been used as one of the fundamental parts that have directed the way for our current understanding of the legal intricacies of web scraping. Although, regretfully, that direction isn’t set in stone. Yet, using such indirect laws and practices to regulate an industry, even with the best intentions, can lead to unsatisfying outcomes. A majority of the publicly accessible data is being held by specific companies, particularly social media websites. Social media companies and other data giants will do everything in their power to protect the data they hold. Unfortunately, they might sometimes go too far when protecting personal data.


Why AI Ethics Is Even More Important Now

AI ethics stems from a company's values. Those values should be reflected in the company's culture as well as how the company utilizes AI. One cannot assume that technologists can just build or implement something on their own that will necessarily result in the desired outcome(s). "You cannot create a technological solution that will prevent unethical use and only enable the ethical use," said Forrester's Carlsson. "What you need actually is leadership. You need people to be making those calls about what the organization will and won't be doing and be willing to stand behind those, and adjust those as information comes in." Translating values into AI implementations that align with those values requires an understanding of AI, the use cases, who or what could potentially benefit and who or what could be potentially harmed. "Most of the unethical use that I encounter is done unintentionally," said Forrester's Carlsson. " Of the use cases where it wasn't done unintentionally, usually they knew they were doing something ethically dubious and they chose to overlook it." Part of the problem is that risk management professionals and technology professionals are not yet working together enough.


Digital transformation: 5 ways to create a realistic strategy

Understand that digital transformation doesn’t just happen in the IT department; it happens in the C-suite, in cubicles, and in home offices. That means all stakeholders need to be aligned and in agreement with your company’s digital transformation goal. The directive must come from management, but the work will happen throughout the company, often precipitating a major cultural shift toward new technologies and processes. In such cases, training and change management might be necessary to make users feel more comfortable with the new tools and processes. Leaders need to ensure that their teams are on board with the direction the company is moving in, and they should be willing to listen to feedback as the organization continues along its journey. What that plan looks like is up to you. Digital transformation is different for everyone, and every company has its own objectives. Meeting those objectives can be daunting. But by setting a goal, performing an assessment, breaking your plan into manageable pieces, budgeting realistically, and getting everyone to buy in, you will succeed.


Three ways to prevent hybrid work from breaking your company culture

Companies need to take a hard look at the current environment and gauge how effectively it supports different types of work. Many aspects of office design are based on convention rather than deliberate thought. One analysis found that building thermostats typically have been calibrated for the comfort of men who are 40 years old and weigh approximately 154 pounds, which is cooler than is comfortable for most women. That norm was established decades ago and never updated. Just about every physical feature of the office can be made more conducive to hybrid work. Technology such as an online whiteboard for meetings, smart cameras that automatically pan to people as they talk, and virtual receptionists help to bridge the gap between virtual and in-office workforces. ... Last, leaders must set employees up for success. These support mechanisms can be quite diverse. The insurance company mentioned above, for instance, created training programs to give its employees the right skills to succeed in a hybrid workplace. These included tactical help on new technology, along with training for managers on effective virtual coaching conversations.


Why the Dual Operating Model Impedes Enterprise Agility

In the traditional organization, waiting for things (or queueing) is the norm: waiting for people to respond to emails, waiting days or weeks for a meeting because that’s the first open time on everyone’s calendar, or waiting for someone else to finish their part of a project so you can start yours. But waiting is death for agile teams; it wastes valuable time and diverts their focus. And when I say "death", I am not exaggerating for effect. Waiting makes agile teams ineffective, and over time it will kill the agile team’s ability to get things done. If an agile team has to wait every time it needs something from the rest of the organization, pretty soon it will act just like any other team. This is one reason why agile teams only seem to work on new initiatives that are completely disconnected from the existing organization: so long as they don’t have to interact with the rest of the organization, so long as they are completely self-contained, they don’t waste time waiting and they can work in an agile way. But once they need expertise or authority they don’t have, it all starts to fall apart.



Quote for the day:

"Being defeated is often a temporary condition. Giving up is what makes it permanent." -- Marilyn Vos Savant

No comments:

Post a Comment