Daily Tech Digest - August 22, 2022

Law Firm Cyber Risk: The 5 Ways Cybercriminals Most Likely Will Attack Your Computers — And 7 Things You Can Do

It’s always better to deal with security risks early on while they’re still small rather than later when they turn huge and cause massive woe. Indeed, a Voke Media survey found that 80% of companies hit by a data breach said they could have prevented it had they only hardened their systems by installing updates and security patches in a timely way. That’s something you too need to be doing, but if you don’t have IT staff trained to monitor, maintain and patch your computers, you will find it advantageous to entrust those tasks to a reputable outside service. This will save you time and greatly reduce the potential for installation errors (those that cause data losses, file corruption or even system crashes). ... Backing up safeguards your critical data against human error, illegitimate deletion, programmatic errors, malicious insiders, malware and hackers. Cloud-to-cloud SaaS backup is ideal — especially if it’s fully automated, HIPAA compliant, running nonstop in the background and employing multiple layers of operational and physical security.

The rise of the data lakehouse: A new era of data value

Gartner’s Ronthal sees the evolution of the data lake to the data lakehouse as an inexorable trend. “We are moving in the direction where the data lakehouse becomes a best practice, but everyone is moving at a different speed,” Ronthal says. “In most cases, the lake was not capable of delivering production needs.” Despite the eagerness of data lakehouse vendors to subsume the data warehouse into their offerings, Gartner predicts the warehouse will endure. “Analytics query accelerators are unlikely to replace the data warehouse, but they can make the data lake significantly more valuable by enabling performance that meets requirements for both business and technical staff,” concludes its report on the query accelerator market. ... “We do see the future of warehouses and lakes coming into a lakehouse, where one system is good enough,” Yuhanna says. For organizations with distributed warehouses and lakes, the mesh architecture such as that of Starburst will fill a need, according to Yuhanna, because it enables organizations to implement federated governance across various data locations.

Devs don’t want to do ops

“The intention is not to put the burden on the developer, it is to empower developers with the right information at the right time,” Harness’s Durkin said. “They don’t want to configure everything, but they do want the information from those systems at the right time to allow operations and security and infrastructure teams to work appropriately. Devs shouldn’t care unless something breaks.” Nigel Simpson, ex-director of enterprise technology strategy at the Walt Disney Company, wants to see companies “recognize this problem and to work to get developers out of the business of worrying about how the machinery works—and back to building software, which is what they’re best at.” ... “Developer control over infrastructure isn’t an all-or-nothing proposition,” Gartner analyst Lydia Leong wrote. “Responsibility can be divided across the application lifecycle, so that you can get benefits from ‘you build it, you run it’ without necessarily parachuting your developers into an untamed and unknown wilderness and wishing them luck in surviving because it’s ‘not an infrastructure and operations team problem’ anymore.”

Defense-in-depth: a proven strategy to protect industrial assets

The first step to any effective OT-security program is building alignment between executives, business leaders, IT and operations. Start by bringing key stakeholders together to establish a clear understanding of business line requirements and critical-system interdependencies. You’ll need frequent and clear communication between OT, IT and engineering. ... Implement an IT/OT segmentation strategy. An IT/OT segmentation strategy separates ICS networks from enterprise networks to prevent bad actors from entering enterprise networks to access ICS devices. This segmentation model can integrate with an IT/OT integration demarcation zone (DMZ) for management tools, security tools and jump hosts, and can establish security zones to ensure devices are logically isolated to allow only required communications. ... Use multi-factor authentication. While most ICS devices can’t support the implementation of multi-factor authentication (MFA), this can still be a viable tool. A jump host that requires MFA can help prevent unauthorized access and direct connections from a lower-security network into a higher one.

How IoT and Metaverse Will Complement Each Other?

IoT devices often have a simple interface and interact with real-world devices. But standard IoT devices with screens may employ Metaverse to offer a 3D digital user experience. As a result, using IoT devices will give users a more immersive experience. The ability to stay present in real and virtual worlds will be available. As a result, companies can hire an IoT app developer to greatly customize the user interface and experience. As said above, the Metaverse will feel more akin to the physical world when IoT is used. More interaction between people and IoT devices and the intricate environment and processes of the Metaverse will be possible. We will be able to make better decisions with less learning and training, thanks to the immersive nature of the Metaverse and the real-world use cases. Effective for Long-Term Planning The amount of digital content derived from real-world objects, such as structures, people, cars, clothing, etc., constantly expands in the Metaverse. As a result, businesses aim to replicate our physical world exactly in cyberspace. 

Risk Transfer Is The Key To Successful AI

The most significant challenge, as it pertains to AI, that businesses face is inventing new workflows to leverage AI in existing or new business models, allowing them to significantly grow their market share within existing or new areas. New AI tools and technologies become disastrous distractions from business value. Instead, the business should focus on meaningful transfers of risk. The business will be able to add more customers and demand more for their services when they help customers reduce their own risk. The business’s AI solution then needs a clear transfer of risk itself. Without the AI solution, an expert within the business would be manually providing the service, but with the AI, the expert is more able to deliver the service at greater quality and/or greater scale. Another former colleague of mine at General Electric Global Research, Jim Bray, told me a long time ago that a large part of his value to the company was helping reduce risk around complex engineering and science. A significant contribution that AI scientists make for industrial businesses is in assessing risk and the likelihood of project success.

AI Song Contest: The Eurovision spin-off where music is written by machines

A good AI-generated song is the result of the hard work of entire teams of scientists and musicians who often struggle for months before reaching the desired tunes, making up algorithms and feeding ideas to the machine. The Galician team PAMP! - who came second at this year’s contest to Thailand’s song Enter Demons & Gods - took four months to create its track AI-Lalelo, a song which pays tribute to Galician women keeping the language, traditions and culture of the Spanish region alive. They started by getting the AI programme - an autoregressive language model called GPT-3 which uses deep learning to produce human-like text - to learn to speak Galician, a minority language estimated to be spoken by some 2.4 million people in northwestern Spain. “AI tools work in state languages, not in minority languages,” Joel Cava, Coordinator of the PAMP! Team and Creative Manager of CECUBO Group, told Euronews Next. “For the lyrics, we had to develop a corpus in Galician so that the machine (GPT-3) would learn to speak in our mother tongue”.

How Good Is Your Code Review Process?

An effective code review process starts with alignment on its objective. As a team, it’s important to determine which outcomes your review process is optimizing for. Is it catching bugs and defects, improving the maintainability of the codebase or increasing stylistic consistency? Maybe it’s less about the code and more about increasing knowledge sharing throughout the team? Determining priorities helps your team focus on what kind of feedback to leave or look for. Reviews that are intended to familiarize the reviewer with a particular portion of the codebase will look different from reviews that are guiding a new team member toward better overall coding practices. Once you know what an effective code review means for your team, you can start adjusting your code review activities to achieve those goals. The metrics indicating a healthy code review process differ right from the goals, but with that caveat, there are a few trends every team lead should monitor. Regularly reporting Time to First Review, Review Coverage, Review Influence and Review Cycles metrics will allow you to quickly diagnose and address problems with your code review process.

Security is hard and won’t get much easier

One major reason security is hard is it’s hard to secure a system without understanding the system in its entirety. As open source luminary Simon Willison posits, “Writing secure software requires deep knowledge of how everything works.” Without that fundamental understanding, he continues, developers may follow so-called “best practices” without understanding why they are such, which “is a recipe for accidentally making mistakes that introduce new security holes.” One common rejoinder is that we can automate human error out of development. Simply enforce secure defaults and security issues go away, right? Nope. “I don’t think the tools can save us,” Willison argues. Why? Because “no matter how good the default tooling is, if engineers don’t understand how it keeps them secure they’ll subvert it—without even meaning to or understanding why what they are doing is bad.” Additionally, no matter how good the tool, if it doesn’t fit seamlessly into security-minded processes, it will never be enough.

CIO Kristie Grinnell on creating a culture of transformation

One thing that we do is have people think about it as if this were your own business. Is this the decision that you would make? If you have one dollar, would you spend it on this technology? We need to recognize that we have that role, that power in IT. We should all be thinking that this is our ability to grow the business. Where am I going to put that dollar to get the most bang for my buck? I’m not just over here in IT and have to deliver to my budget. If I can give some of that back to go invest in something else, and it’s going make us grow, look what value IT just added. Or I might need to invest it in IT because that’s going to give us a new capability that helps us grow in a different way. So really thinking about, how do I run IT as a business and how do I think about that return on investment of every single dollar we spend is important.

Quote for the day:

"In simplest terms, a leader is one who knows where he wants to go, and gets up, and goes." -- John Erksine

No comments:

Post a Comment