A decentralized verification system could be the key to boosting digital security
Instead of placing trust in a single central entity, decentralization places
trust in the network as a whole, and this network can exist outside of the IAM
system using it. The mathematical structure of the algorithms underpinning the
decentralized authority ensures that no single node can act alone. Moreover,
each node on the network can be operated by an independently operating
organization, such as a bank, telecommunication company, or government
departments. So, stealing a single secret would require hacking several
independent nodes. Even in the event of an IAM system breach, the attacker would
only gain access to some user data – not the entire system. And to award
themselves authority over the entire organization, they would need to breach a
combination of 14 independently operating nodes. This isn’t impossible, but it’s
a lot harder. But beautiful mathematics and verified algorithms still aren’t
enough to make a usable system. There’s more work to be done before we can take
decentralized authority from a concept to a functioning network that will keep
our accounts safe.
Emerging digital twins standards promote interoperability
Digital twins today are mostly application-driven. “But what we really need is
the interoperable digital twin so we can realize the interoperability between
these different digital twins,” said Christian Mosch, general manager at IDTA.
The IDTA Asset Administration Shell standard provides a framework for sharing
data across the different lifecycle phases such as planning, development,
construction, commissioning, operation and recycling at the end of life. It
provides a way of thinking about assets such as a robot arm and the
administration of the different data and documents that describe it across
various lifecycle phases. The shell provides a container for consistently
storing different types of information and documentation. For example, the robot
arm might include engineering data such as 3D geometry drawings, design
properties and simulation results. It may also include documentation such as
declarations of conformity and proof certifications. The Asset Administration
Shell also brings data from operations technology used to manage equipment on
the shop floor into the IT realm to represent data across the
lifecycle.
4 Database Access Control Methods to Automate
The beauty of using security automation as a data broker is that it has the
ability to validate data-retrieval requests. This includes verifying that the
requestor actually has permission to see the data being requested. If the proper
permissions aren’t in place, the user can submit a request to be added to a
specific role through the normal request channels, which is typically the way to
go. With automated data access control, this request could be generated and sent
within the solution to streamline the process. This also allows additional
context-specific information to be included in the data-access request
automatically. For example, if someone requests data that they do not have
access to within their role, the solution can be configured to look up the
database owner, populate an access request and send it to the owner of the data,
who can then approve one-time access or grant access for a certain period of
time. A common scenario where this is useful is when an employee goes on
vacation and someone new is helping with their clients’ needs while they are
out.
AI still needs humans to stay intelligent—here’s why
Remember, AI models are usually programmes or algorithms built to use data to
recognise patterns, and either reach a conclusion or make a prediction. Once
designed, paid for, and implemented, it’s easy to assume that these models will
stay smart forever. Instead, they nearly always require regular human
intervention. Why? Let’s look at a few examples: It’s likely that the technology
your organisation uses in day-to-day operations is regularly changed and
upgraded; Your company might have uncovered new intelligence about your
customers, such as levels of interaction with a recently launched
product; Your business’ strategies may change – for example, you might
switch focus from reducing production costs to investing in a quality customer
experience. ... Where possible, avoid ‘technical debt’ by focusing on
gradual AI improvements, rather than waiting for an issue to flare up and then
facing a gruelling system overhaul. And finally, strive to create an AI-aware
culture in your workplace. Educate your employees on how your AI systems work,
why they’re reliable, why they’re to be trusted rather than feared – and that
they’re not a replacement for their jobs.
Massive shadow code risk for world’s largest businesses
“While retail and credit card breaches grab the most headlines, this is a
pervasive and relatively unchecked risk to both security and privacy across all
verticals,” said Dan Dinnar, CEO of Source Defense. “It’s also a fast-growing
and extremely volatile issue with regard to sensitive data. Organizations and
their digital supply chain partners are constantly updating sites and code, and
the data of greatest value to malicious actors is collected on the pages where
the business has the greatest need for analytics, tag management, and other
tracking and management capabilities.” Extensive libraries of third-party
scripts are available free, or at low cost, from a range of communities,
organizations, and even individuals, and are extremely popular as they allow
development teams to quickly add advanced functionality to applications without
the burden of creating and maintaining them. These packages also often contain
code from additional parties further removed from – and farther out of the
purview of – the deploying organization.
High-tech legislation through self-regulation
In industries where no direct legislation exists, judges have to rely on a
multitude of secondary factors, putting additional strain on them. In some
cases, they might be left only with the general principles of law. In web
scraping, data protection laws, e.g. GDPR, became the go-to area for related
cases. Many of them have been decided on the basis of these regulations and
rightfully so. But scraping is much more than just data protection. Case law,
mostly from the US, has in turn been used as one of the fundamental parts that
have directed the way for our current understanding of the legal intricacies of
web scraping. Although, regretfully, that direction isn’t set in stone. Yet,
using such indirect laws and practices to regulate an industry, even with the
best intentions, can lead to unsatisfying outcomes. A majority of the publicly
accessible data is being held by specific companies, particularly social media
websites. Social media companies and other data giants will do everything in
their power to protect the data they hold. Unfortunately, they might sometimes
go too far when protecting personal data.
Why AI Ethics Is Even More Important Now
AI ethics stems from a company's values. Those values should be reflected in the
company's culture as well as how the company utilizes AI. One cannot assume that
technologists can just build or implement something on their own that will
necessarily result in the desired outcome(s). "You cannot create a technological
solution that will prevent unethical use and only enable the ethical use," said
Forrester's Carlsson. "What you need actually is leadership. You need people to
be making those calls about what the organization will and won't be doing and be
willing to stand behind those, and adjust those as information comes in."
Translating values into AI implementations that align with those values requires
an understanding of AI, the use cases, who or what could potentially benefit and
who or what could be potentially harmed. "Most of the unethical use that I
encounter is done unintentionally," said Forrester's Carlsson. " Of the use
cases where it wasn't done unintentionally, usually they knew they were doing
something ethically dubious and they chose to overlook it." Part of the problem
is that risk management professionals and technology professionals are not yet
working together enough.
Digital transformation: 5 ways to create a realistic strategy
Understand that digital transformation doesn’t just happen in the IT department;
it happens in the C-suite, in cubicles, and in home offices. That means all
stakeholders need to be aligned and in agreement with your company’s digital
transformation goal. The directive must come from management, but the work will
happen throughout the company, often precipitating a major cultural shift toward
new technologies and processes. In such cases, training and change management
might be necessary to make users feel more comfortable with the new tools and
processes. Leaders need to ensure that their teams are on board with the
direction the company is moving in, and they should be willing to listen to
feedback as the organization continues along its journey. What that plan looks
like is up to you. Digital transformation is different for everyone, and every
company has its own objectives. Meeting those objectives can be daunting. But by
setting a goal, performing an assessment, breaking your plan into manageable
pieces, budgeting realistically, and getting everyone to buy in, you will
succeed.
Three ways to prevent hybrid work from breaking your company culture
Companies need to take a hard look at the current environment and gauge how
effectively it supports different types of work. Many aspects of office design
are based on convention rather than deliberate thought. One analysis found that
building thermostats typically have been calibrated for the comfort of men who
are 40 years old and weigh approximately 154 pounds, which is cooler than is
comfortable for most women. That norm was established decades ago and never
updated. Just about every physical feature of the office can be made more
conducive to hybrid work. Technology such as an online whiteboard for meetings,
smart cameras that automatically pan to people as they talk, and virtual
receptionists help to bridge the gap between virtual and in-office workforces.
... Last, leaders must set employees up for success. These support mechanisms
can be quite diverse. The insurance company mentioned above, for instance,
created training programs to give its employees the right skills to succeed in a
hybrid workplace. These included tactical help on new technology, along with
training for managers on effective virtual coaching conversations.
Why the Dual Operating Model Impedes Enterprise Agility
In the traditional organization, waiting for things (or queueing) is the norm:
waiting for people to respond to emails, waiting days or weeks for a meeting
because that’s the first open time on everyone’s calendar, or waiting for
someone else to finish their part of a project so you can start yours. But
waiting is death for agile teams; it wastes valuable time and diverts their
focus. And when I say "death", I am not exaggerating for effect. Waiting makes
agile teams ineffective, and over time it will kill the agile team’s ability to
get things done. If an agile team has to wait every time it needs something from
the rest of the organization, pretty soon it will act just like any other team.
This is one reason why agile teams only seem to work on new initiatives that are
completely disconnected from the existing organization: so long as they don’t
have to interact with the rest of the organization, so long as they are
completely self-contained, they don’t waste time waiting and they can work in an
agile way. But once they need expertise or authority they don’t have, it all
starts to fall apart.
Quote for the day:
"Being defeated is often a temporary
condition. Giving up is what makes it permanent." --
Marilyn Vos Savant
No comments:
Post a Comment