Daily Tech Digest - July 11, 2022

What Do Authentication & Authorization Mean In Zero Trust?

Authorization depends on authentication. It makes no sense to authorize a user if you do not have any mechanism in place to make sure the person or service is exactly what, or who, they say they are. Most organizations have some mechanism in place to handle authentication, and many have role-based access controls (RBAC) that group users by role, and grant or deny access based on those roles. In a zero trust system, however, both authentication and authorization are much more granular. To return to the castle analogy we explored previously, before zero trust the network would be considered a castle, and inside the castle there would be many different types of assets. In most organizations, human users would be authenticated individually — have to prove not only that they belong to a particular role, but that they are exactly the person they say they are. Service users can often also be granularly authenticated. In a RBAC system, however, each user is granted or denied access on a group basis — all the human users in the “admin” category would get blanket access, for example.

As hiring freezes and layoffs hit, is the bubble about to burst for tech workers?

Until now, the tech industry has largely sailed through the economic turbulence that has impacted other industries. Remote working and an urgency to put everything on the cloud or in an app – significantly accelerated by the pandemic – has created fierce demand for those who can create, migrate, and secure software. However, tech leaders are bracing for tough times ahead. According to recent data by CW Jobs, 85% of IT decision makers expect their organization to be impacted by the cost of doing business – including hiring freezes (21%) and pay freezes (20%). We're already seeing this play out, with Tesla, Uber and Netflix amongst the big names to have announced hiring freezes or layoffs in recent weeks. Meanwhile, Microsoft, Coinbase and Meta have all put dampeners on recruiting. If tech workers are concerned about this ongoing tightening of belts, they aren't showing it: the same CW Jobs report found that tech professionals remain confident enough in the industry that 57% expect a pay rise in the next year. Hiring freezes and layoffs don't seem to have had much impact on worker mobility, either: just 24% of professionals surveyed by CW Jobs say they plan to stay in their current role for the next 12 months. 

ERP Modernization: How Devs Can Help Companies Innovate

Many of these ERP-based companies are facing pressure to update to more modern, cloud-based versions of their ERP platforms. But they must run a gauntlet to modernize their legacy applications. In a sense, companies that maintain these complex ERP-based systems find the environments are like “golden handcuffs.” They have become so complicated over time that they restrain IT departments’ innovation efforts, hindering their ability to create supply chain resiliency when it is most needed. To make matters more difficult, the current market is facing a global shortage of human resources required to get the job of digital transformation and application modernization done, including skilled ERP developers—especially those skilled in more antiquated languages like ABAP. Incoming developer talent is often trained in more contemporary languages like Java, Steampunk and Python. These graduates have their pick of opportunities and gravitate to companies that already work in these newer programming environments. ERP migrations can be hampered by complex, customized systems developed by high-priced, silo-skilled programmers. 

Believe it or not, metaverse land can be scarce after all

As we see, technological constraints and business logic dictate the fundamentals of digital realms and the activities these realms can host. The digital world may be endless, but the processing capabilities and memory on its backend servers are not. There is only so much digital space you can host and process without your server stack catching fire, and there is only so much creative leeway you can have within these ramifications while still keeping the business afloat. These frameworks create a system of coordinates informing the way its users and investors interpret value — and in the process, they create scarcity, too. While a lot of the valuation and scarcity mechanisms come from the intrinsic features of a specific metaverse as defined by its code, the real-world considerations have just as much, if not more, weight in that. And the metaverse proliferation will hardly change them or water the scarcity down. ... So, even if they are not too impressive, they will likely be hard to beat for most newer metaverse projects, which, again, takes a toll on the value of their land. By the same account, if you have one AAA metaverse and 10 projects with zero users, investors would go for the AAA one and its lands, as scarce as they may be.

Building Neural Networks With TensorFlow.NET

TensorFlow.NET is a library that provides a .NET Standard binding for TensorFlow. It allows .NET developers to design, train and implement machine learning algorithms, including neural networks. Tensorflow.NET also allows us to leverage various machine learning models and access the programming resources offered by TensorFlow. TensorFlow is an open-source framework developed by Google scientists and engineers for numerical computing. It is composed by a set of tools for designing, training and fine-tuning neural networks.TensorFlow's flexible architecture makes it possible to deploy calculations on one or more processors (CPUs) or graphics cards (GPUs) on a personal computer, server, without re-writing code. Keras is another open-source library for creating neural networks. It uses TensorFlow or Theano as a backend where operations are performed. Keras aims to simplify the use of these two frameworks, where algorithms are executed and results are returned to us. We will also use Keras in our example below.

4 examples of successful IT leadership

IT leaders are responsible for implementing technology and data infrastructure across an organization. This can include CIOs, CTOs, and increasingly, CDOs (Chief Data Officers). To do this effectively, IT teams need employee buy-in, illustrating clearly how new technology tools and project management can benefit the company’s mission and goals. To achieve the full support of the employee base, IT teams must explain the implementation process and expected timeline. While data platforms and cloud infrastructure are important, the table stakes are tools that allow for internal communication and collaboration. Many IT teams are leveraging business process management platforms (BPMs), which help enable better collaboration between remote and in-office teams, offering a shared view of projects. These platforms allow for greater visibility and communication across organizations while reducing meeting time and improving workflow efficiencies. Technology has the potential to increase productivity, provide greater visibility of projects for employees and managers, and automate tasks that are repetitive and time-consuming.

Why 5G is the heart of Industry 4.0

The Internet of Things (IoT) is an integral part of the connected economy. Many manufacturers are already using IoT solutions to track assets in their factories, consolidating their control rooms and increasing their analytics functionality through the installation of predictive maintenance systems. Of course, without the ability to connect these devices, Industry 4.0 will, naturally, languish. While low power wide area networks (LPWAN) are sufficient for some connected devices such as smart meters that only transmit very small quantities of data, in manufacturing the opposite is true of IoT deployment, where numerous data-intensive machines are often used within close proximity. This is why 5G connectivity is key to Industry 4.0. In a market reliant on data-intensive machine applications, such as manufacturing, the higher speeds and low latency of 5G is required for effective use of automatic robots, wearables and VR headsets, shaping the future of smart factories. And while some connected devices utilised 4G networks using unlicensed spectrum, 5G allow this to take place on an unprecedented scale. 

How to Handle Authorization in a Service Mesh

A service mesh addresses the challenges of service communication in a large-scale application. It adds an infrastructure layer that handles service discovery, load balancing and secure communication for the microservices. Commonly, a service mesh complements each microservice with an extra component — a proxy often referred to as a sidecar or data plane. The proxy intercepts all traffic from and to its accompanied service. It typically uses MutualTLS, an encrypted connection with client authentication, to communicate with other proxies in the service mesh. This way, all traffic between the services is encrypted and authenticated without updating the application. Only services that are part of the service mesh can participate in the communication, which is a security improvement. In addition, the service mesh management features allow you to configure the proxy and enforce policies such as allowing or denying particular connections, further improving security. To implement a Zero Trust architecture, you must consider several layers of security. The application should not blindly trust a request even when receiving it over the encrypted wire.

DevOps nirvana is still a distant goal for many, survey suggests

"Development teams, in general, have hardly any insight into how customers benefit from their work, and few are able to discuss these benefits with the business," the authors report. "Having such insights ready at hand would improve collaboration between IT and the business. The more customer value metrics a development team tracks, the more positive that team views their working relationship with the business. Without knowing whether the intended value for the customer is being achieved or not, development teams are effectively flying blind." The LeanIX authors calculate that 53% work on a team with a 'low level' of DevOps based on maturity factors. Still, nearly 60% said that they are flexible in adapting to changing customer needs and have CI/CD pipelines set up. At the same time, less than half of engineers build, ship, or own their code or work on teams based on team topologies, indicating a lack of DevOps maturity. Fewer than 20% of respondents said that their development team was able to choose its own tech stack; 44% said they are partly able to, and 38% they are not able to at all.

Survey Shows Increased Reliance on DORA Metrics

Overall, the survey revealed just under half of the respondents (47%) said their organization had a high level of DevOps maturity, defined as having adopted three or more DevOps working methods. Those working methods are: Being flexible to changes in customer needs; having implemented a CI/CD platform; all engineers build, ship and own their own code; teams are organized around topologies and each team is free to choose its own technology stack. Of course, each individual organization will determine for itself what level of DevOps depth is required. For example, not every organization would see the need for teams to be organized around topologies or be free to choose its own technology stack. In fact, Rose said the survey made it clear that larger enterprise IT organizations tended to have a lower overall level of DevOps maturity. One reason for that is many larger organizations are still employing legacy processes to build and deploy software, noted Rose. Most developers are also further along in terms of embracing continuous integration (CI) than IT operations teams are in adopting continuous delivery (CD), added Rose.

Quote for the day:

"It is not joy that makes us grateful. It is gratitude that makes us joyful." -- David Rast

No comments:

Post a Comment