Daily Tech Digest - August 23, 2022

Unstructured data storage – on-prem vs cloud vs hybrid

Enterprises have responded to growing storage demands by moving to larger, scale-out NAS systems. The on-premise market here is well served, with suppliers Dell EMC, NetApp, Hitachi, HPE and IBM all offering large-capacity NAS technology with different combinations of cost and performance. Generally, applications that require low latency – media streaming or, more recently, training AI systems – are well served by flash-based NAS hardware from the traditional suppliers. But for very large datasets, and the need to ease movement between on-premise and cloud systems, suppliers are now offering local versions of object storage. The large cloud “superscalers” even offer on-premise, object-based technology so that firms can take advantage of object’s global namespace and data protection features, with the security and performance benefits of local storage. However, as SNIA warns, these systems typically lack interoperability between suppliers. The main benefits of on-premise storage for unstructured data are performance, security, plus compliance and control – firms know their storage architecture, and can manage it in a granular way.

What is CXL, and why should you care?

Eventually CXL it is expected to be an all-encompassing cache-coherent interface for connecting any number of CPUs, memory, process accelerators (notably FPGAs and GPUs), and other peripherals. The CXL 3.0 spec, announced last week at the Flash Memory Summit (FMS), takes that disaggregation even further by allowing other parts of the architecture—processors, storage, networking, and other accelerators—to be pooled and addressed dynamically by multiple hosts and accelerators just like the memory in 2.0. The 3.0 spec also provides for direct peer-to-peer communications over a switch or even across switch fabric, so two GPUs could theoretically talk to one another without using the network or getting the host CPU and memory involved. Kurt Lender, co-chair of the CXL marketing work group and a senior ecosystem manager at Intel, said, “It’s going to be basically everywhere. It’s not just IT guys who are embracing it. Everyone’s embracing it. So this is going to become a standard feature in every new server in the next few years.” So how will the application run in enterprise data centers benefit? 

Technology alone won’t solve your organizational challenges

Whatever your organization’s preference for team building, it should be carefully selected from a range of options, and it should be clear to everyone why the firm chose one particular structure over another and what’s expected of everyone participating. Start with desired outcomes and cultural norms, then articulate principles to empower action, and, finally, provide the skills and tools needed for success. ... Even in the most forward-thinking organizations, people want to know what a meeting is supposed to achieve, what their role is in that meeting, and if gathering people around a table or their screens is the most effective and efficient way to get to the desired outcome. Is there a decision to be made? Or is the purpose information sharing? Have people been given the chance to opt out if the above points are not clear? Asking these questions can serve as a rapid diagnostic for what you are getting right—and wrong—in your meetings. Poorly run meetings sap energy and breed mediocrity.

For developers, too many meetings, too little 'focus' time

That’s not to say that meetings aren’t important, but it makes sense for managers to find the right balance for their teams, said Dan Kador, vice president of engineering at Clockwise. “It's something that companies have to pay attention to and try to understand their meeting culture — what's working and what's not working for them." “It is important that teams get together to discuss things and make sure they are all on the same page, but often meetings are scheduled at regular intervals even if they aren’t necessary,” said Jack Gold Principal analyst & founder at J. Gold Associates. “We are all subjected to weekly meetings, or other intervals, where, even if there is nothing to discuss, the meeting takes place anyway. And some meeting organizers feel obligated to use up the entire scheduled time.” Of course, meeting overload is not just an issue for those writing code. “Too much time spent in meetings is not just a problem for developers,” said Gold. “It is a problem across the board for employees in many companies.”

How To Remain Compliant In The New Era Of Payment Security

To counter the threat of e-commerce skimming, the card companies are using the two tools they have in their arsenal again: by making stolen data worthless and by creating new technical security standards. To make stolen payment card data worthless, there’s a chip-equivalent technology for e-commerce called 3-D-Secure v2, which has already been rolled out in the EU. This technology requires something more than just the knowledge of the numbers printed on a payment card to make an online transaction. After entering their payment card data, the consumer may have to further confirm a purchase using a bank’s smartphone app or by entering a code received by SMS. Alongside this re-engineering of the payment system, the latest version of the Payment Card Industry Data Security Standard (PCI DSS) includes new technical requirements to prevent and detect e-commerce skimming attacks. PCI DSS applies to all entities involved in the payment ecosystem, including retailers, payment processors and financial institutions. Firstly, website operators will need to maintain an inventory of all the scripts included in their website and determine why the script is necessary.

Q&A: How Data Science Fits into the Cloud Spend Equation

The great thing about cloud is you use it when you need it. Obviously, you pay for using it when you need it but often times data science applications, especially ones you’re running over large datasets, aren’t running continuously or don’t need to be structured in a way that they run continuously. Therefore, you’re talking about a very concentrated amount of spend for a very short amount of time. Buying hardware to do that means your hardware sits idle unless you are very active about making sure you’re being very efficient in the utilization of that resource over time. One of the biggest advantages of cloud is that it runs and scales as you need it to. So even a tiny can run a massive computation and run it when they need to and not consistently. That adds challenges, of course. “I fired this thing off on Friday, I come back in on Monday and it’s still running, and I accidentally spent $6,000 this weekend. Oops.” That happens all the time and so much of that is figuring out how to establish guardrails. Sometimes data science gets treated like, “You know, they’re going to do whatever they need to.”

Advantages of open source software compared to paid equivalents

The strength of open source technology is the fact that these products are developed with an iterative approach by a large group of experts. Open source communities are made up of diverse sets of people from across the world. This kind of diversity is beneficial because ideas and issues get vetted in multiple ways. From an enterprise perspective, open source software is a safe investment because you know there is a dedicated community with product experience. Many developers aren’t working for money, and are easy to approach and ask for help. You can raise questions or concerns directly with developers, or opt to obtain a paid support plan through the community for highly technical inquiries. ... Of course, since open source products are designed for a large audience, sometimes they won’t be able to perfectly fit a company’s needs. Fortunately, the open source approach encourages customisation and integration, meaning your own internally teams can start with an open source baseline and tweak it. Improvements can also be fed back into the open source development cycle.

3 steps for CIOs to build a sustainable business

Data is key. To establish a baseline, the CIO must measure the impact of the enterprise’s full technology stack, including outside partners and providers. This requires asking for, extracting, and reconciling data across external parties – and remembering to aggregate more than just decarbonization data. Cloud and sourcing choices and the disposition of assets after a cloud migration contribute to the carbon footprint. The CIO must also guide employees to make good sustainability choices. One example: according to Cisco, there are 27.1 billion devices connected to the internet – that’s more than three devices for every person on the planet. Many enterprise employees carry two mobile phones but don’t need to – existing technology enables them to segment two different environments on one device. Also, organizations with service contacts can reject hardware refreshes from a contract, empowering employees to decide if they need a new device or just a new battery.

Architecture and Governance in a Hybrid Work Environment

Architects can’t architect if they don’t speak to other people. Likewise governance isn’t effective if you are talking best practice to yourself alone in a dark room someplace. Getting this right in normal times isn’t always easy. People have meetings, they are working hard and don’t want to be disturbed, they need their coffee from the corporate cafeteria or the Starbucks down the street, they’re at lunch or they’re leaving at 430 to get to their kid’s baseball game. In short, it isn’t always possible in normal times to round people up and have a day-long whiteboard session on architecture. With hybrid working models, it is even more difficult because we can’t simply walk over to the cube next to us and have a conversation. In fact, most of the time we have no idea where people actually are or what they’re doing. We rely on text, chat, Teams, Outlook and other tools to give us a sense of whether someone has 5 minutes to chat. If you want a 3 hour whiteboard session, that involves a high degree of coordination with people’s calendars in Outlook. Even then people always seem to have ‘hard stops’ at times that are really incompatible with thinking and design sessions.

Karma Calling: LockBit Disrupted After Leaking Entrust Files

Given the damage and disruption being caused by LockBit and other ransomware groups, one obvious question is why these gangs aren't being disrupted with greater frequency, says Allan Liska, principal intelligence analyst at Recorded Future. "We all know these sites are MacGyvered together with bailing wire and toothpicks and are rickety as hell. We should do stuff like this to impose cost on them," Liska says. Some members of the information security community prefer stronger measures, of the "Aliens" protagonist Ripley variety. "I always say: go kinetic and solve the problem permanently," says Ian Thornton-Trump, CISO of Cyjax. "Attribution is for the lawyers. I recommend a strike from orbit, it's the only way to be sure," he says. Another explanation for the attack would be one or more governments opting to "impose costs" on the ransomware gang, say Brett Callow, a threat analyst at Emsisoft. As he notes, the imposing-costs phrase is a direct quote from Gen. Paul M. Nakasone, the head of Cyber Command, who last year told The New York Times that the military has been tasked with not just helping law enforcement track ransomware groups, but also to disrupt them.

Quote for the day:

"The manager has a short-range view; the leader has a long-range perspective." -- Warren G. Bennis

No comments:

Post a Comment