Small businesses need more help with tech. Here are five ways to get it
While some small firms might to look to hire an IT director on a temporary
basis, McCabe says most will want to avoid bringing in a costly consultant.
"There's a sliver of venture capital-backed tech companies with a CIO or someone
with an equivalent title, but not the vast majority of small firms," she says.
For SMB owners and managers who want technology expertise without high fees,
McCabe suggests a different route. "I'm a big fan of industry associations and
regional technology councils. They can be really great because people in these
organisations are in businesses like yours," she says. ... "The challenge for
smaller organisations is developing brand and trust," says Bev White, CEO of
Nash Squared. "Where there are so many players, how can you stand out from the
crowd when few people might know who you are?" Her firm's research suggests
twice as many SMBs (23%) as larger corporates (10%) are extremely or very
effective at scaling good ideas and stopping poor ideas quickly. SMBs should be
on the lookout for novel ways to source technological solutions to business
challenges, so go to conferences, attend meetups and take part in specialist
events.
Platform Engineering: What Is It and Who Does It?
One issue when adopting platform engineering is the tendency to build another
silo. A good example would be a ticketing system where users can request
features or report bugs, the requests go into the platform engineering realm,
and are eventually resolved. You can combat this by focusing on enabling users
to self-serve their own needs with your portal by providing accurate and
relevant documentation, training sessions and pairing with users to solve their
problems. Another issue is prioritizing the right things. There are a lot of
users from many different parts of your organization, so having a single feature
request pipeline for those things users cannot self-serve with a committee
deciding on priority is essential to servicing the needs of your organization
effectively. Keep your platform team adaptable and not stuck in the past ways of
doing things. With the rapid pace of change in IT, it’s hard to keep up.
Enablement is one way you can ease the burden on your team, but also allowing
your team a consistent amount of time to train on new technologies is
another.
Making SBOMs Actionable
There is no doubt that SBOMs should be requested from your software vendors and
that you should consider creating SBOMs along with your own developed software.
It’s all about the proper storage of the SBOMs so you can be sure they’re
recent, searchable and trustworthy and tamper-proof. The benefits and use cases
for SBOMs are numerous; they vary across stakeholders who produce, choose and
operate software and are amplified when combined. Use cases for SBOMs include
better software development, supply chain management, vulnerability management,
asset management and high assurance processes. The benefits include reducing
cost, mitigating security risk, license risk and compliance risk. But the key is
making the SBOM actionable. No developer, no software maintainer or DevOps
engineer wants to manually collect the dependencies and produce SBOM documents.
It needs to be fully automated within the software build and deployment pipeline
and there needs to be a proactive check of where it’s currently running.
How We Built Testability with Psychological Safety
Simply throwing people together and expecting them to figure out how to work
together like this will most likely result in failure, but that's the point. You
want them to fail, not to stop and go back to how things were, but to figure out
why they failed. You want them to talk about what is and isn't working and what
they can do differently. The problem leadership needs to help these people
overcome is the assumption that high-performing people and teams don't fail. So
we will do our best to avoid failure at the first signs of it. Leadership must
show that failure is a natural by-product of experimentation and that high
performers produce and share their failures; not avoid, deny, ignore or distort
them, but learn from them. But for people to embrace failure like this, they
need high levels of psychological safety, meaning team members can take
interpersonal risks and be vulnerable by sharing what they don't know, what they
don't understand or mistakes they have made without fear of judgement or that it
will affect their prospects negatively.
Announcing open innovations for a new era of systems design
The root of trust is an essential part of future systems. Google has a
tradition of making contributions for transparent and best in-class security,
including our OpenTitan discrete security solutions on consumer devices. We
are looking ahead to future innovations in confidential computing and varied
use-cases that require chip-level attestation at the level of a package or
System on a Chip (SoC). Together with other industry leaders, AMD, Microsoft,
and NVIDIA, we are contributing Caliptra, a re-usable IP block for root of
trust measurement, to OCP. In the coming months we will roll out initial code
for the community to collectively harden together. ... To address the
challenges of reliability at scale, we’ve formed a new server-component
resilience workstream at OCP, along with AMD, ARM, Intel, Meta, Microsoft, and
NVIDIA. Through this workstream, we’ll develop consistent metrics about silent
data errors and corruptions for the broader industry to track. We’ll also
contribute test execution frameworks and suites, and provide access to test
environments with faulty devices.
Is Reinforcement Learning Still Relevant?
Autonomous machine intelligence is the common goal in both these approaches,
but with reinforcement training there is always a human agent driving the
working of the machine, while unsupervised learning proposes to learn from
observation. Self-supervised learning advocates talk about the inefficiency of
trial-and-error methods but uncertainty still remains a major barrier for
self-supervised learning. Sergey Levine from Berkeley AI Research recently
proposed a solution of combining self-supervised learning with
offline-reinforcement learning, that explores the possibility of enabling
models to understand the world without supervision and allow reinforcement
learning to explore causal understanding of the world, thus expanding the
dataset close to infinite. Yann LeCun proposed the World Model in paper in
June 2022, which uses a “cost module” in its architecture that measures the
energy-cost of an action by the machine. When reinforcement learning is scaled
on larger datasets, the reward maximisation also needs further scaling.
Services You Should Expect From Your Cyber Insurance Provider
Plenty of insurers expect their clients to form their own partnerships. Even
if that is not the case, it is advisable to form relationships with security
and incident response firms and establish a solid perimeter from the outset.
This is particularly true for smaller companies who do not have the resources
to support dedicated internal staff. Doing so may even reduce insurance
premiums. “It should start at the company level,” suggests Pankaj Goyal,
senior vice president of data science and cyber insurance for cyber security
firm Safe Security. “How do you think about cyber risks? What are the gaps?
What is the financial risk? How much can you mitigate by investing in cyber
budgets or cybersecurity products? And then how much risk do you need to
transfer?” “The onus is on the client to make sure that they bring in the
right expertise. That expertise can be around assessing the risk itself,
understanding the gaps, understanding the risks, and figuring out what
improvements can be made,” Goyal maintains.
How Web3 security will differ from Web2 security for businesses
Web2 has fundamentally altered both the web and the sectors that sustain it.
With just one click, users may now collect, create, and distribute enormous
volumes of data and the Web as we know it today was made possible with the
addition of user-generated content and dynamic, interactive websites through
Web2. Web3’s expansive acceptability and usage are correlated with those of
blockchain, cryptocurrency and cyber security. Blockchains for
cryptocurrencies are open ledgers that keep track of and validate all
transactions inside a network. Everyone has access to transactions, the
involved pseudonymous addresses, and the amounts of money transmitted. Users
of blockchain-based systems like Web3 are recognised by their public key and
blockchain address, making them pseudonymous. Compared to independent websites
hosted on a single server, Web3 uses the immutable ledger of the blockchain to
store data. This means that Web3’s use of the blockchain offers more
resilience, protection against censorship, and other benefits.
Digital transformation: Why observability is critical
Observability tooling has become critical on the road to digital
transformation. As DevOps and cloud, the key enablers of digital
transformation, guide us towards ever more federated and distributed processes
and systems, incidents become more unpredictable, and observability is our
best chance for assuring availability. IT professionals have always dealt with
change, but never at the speed of our current digital transformation. ...
“Think of the origins of the word ‘observability.’ According to the Oxford
dictionary, ‘observe: notice or perceive (something) and register it as being
significant.’ The ability to ‘observe’ an application and its related elements
provides a proactive opportunity to optimize the data, logs, metrics, traces,
etc. in order to predict its performance in real time and contribute to root
cause analysis when necessary. Observability not only allows for
post-production insight into performance; it requires an intention to build
observability into the design and development of applications and
infrastructure.
CALMS Is DevOps for Cloud Engineering
In comes cloud engineering, which, Stratton contends, applies standard
software engineering practices and tools across application development,
infrastructure and compliance — usually just the first — pursuant to
leveraging the cloud effectively. His talk offered how to combine the basics
of DevOps’ CALMS — culture, automation, lean, measurement, and sharing — with
the foundation of cloud engineering — build, deploy, manage — all with a cloud
native mindset. Let’s dive into his breakdown now. ... The manage side of
cloud engineering comes down to creating this level of visibility across a
development and deployment cycle, with a common vocabulary that connects to
business objectives. At this stage, Stratton explains that security is
everyone’s job, not just shifting that responsibility on new shoulders. Cloud
engineering aims to put controls and process in place to enable, enhance and
automate as much as possible, especially around security and compliance,
taking the blame away from the individual.
Quote for the day:
"A leader takes people where they
would never go on their own." -- Hans Finzel
No comments:
Post a Comment