Data-center requirements should drive network architecture
Fabric architectures for the data center are essential because of the issue of
latency. Componentization of applications, the separation of databases from
applications, and the increased interactivity of applications overall have
combined to make applications sensitive to network delays. That sensitivity is
addressed in the data center by fabric or a low switching architectures, but it
also impacts the rest of the network. Few CIOs have included latency
requirements in their SLAs in the past, but more are doing so now. In 2023, CIMI
Corporation survey data shows that over half of the new network contracts
written will include latency requirements, up 15% from 2022 and double the level
of 2021. Mesh/fabric architectures connect everything to everything else with
minimal delay, but universal connectivity isn’t always a good thing. To control
connectivity, data-center networks can employ either explicit connection
control—software-defined networks (SDN)—or a virtual network.
UK Companies Fear Reporting Cyber Incidents, Parliament Told
The possibility of regulatory consequences to disclosing incidents drives a
wedge between businesses and law enforcement, said Jayan Perera, head of cyber
response at London-based Control Risks while testifying Monday before
Parliament's Joint Committee on National Security Strategy. "The fear may not be
that law enforcement will come and slap the handcuffs on them," Perera told the
committee. Rather, they fear that calling police during a cyber incident "will
then lead to, you know, some other broader fallout in terms of the regulatory
environment." Reporting that allowed businesses to anonymously disclose
incidents would result in more data, he suggested. ... Perera wasn't the only
one during the hearing to suggest that companies are punished for disclosure.
"The comment is also made … that the Americans tend to support their businesses,
whereas the other comment also made is that the U.K. tends to find fault when
someone gets into trouble," said Lilian Pauline Neville-Jones, a Conservative
member of the House of Lords.
Know thy enemy: thinking like a hacker can boost cybersecurity strategy
“There is a misconception security teams have about how hackers target our
networks,” says Alex Spivakovsky, who as vice-president of research at security
software maker Pentera has studied this topic. “Today, many security teams
hyperfocus on vulnerability management and rush to patch [common vulnerabilities
and exposures] as quickly as possible because, ultimately, they believe that the
hackers are specifically looking to exploit CVEs. In reality, it doesn’t
actually reduce their risk significantly, because it doesn’t align with how
hackers actually behave.” Spivakovsky, an experienced penetration tester who
served with the Israel Defense Forces units responsible for protecting critical
state infrastructure, says hackers operate like a business, seeking to minimize
resources and maximize returns. In other words, they generally want to put in as
little effort as possible to achieve maximum benefit. He says hackers typically
follow a certain path of action: once they breach an IT environment and have an
active connection, they collect such data as usernames, IP addresses, and email
addresses.
Cybersecurity incidents cost organizations $1,197 per employee, per year
Perception Point’s report notes that one of the key challenges for defenders, is
that threat actors have changed their attack toolkits beyond email and the web
browser, with attacks on cloud-based apps and services, such as collaboration
apps and storage, occurring at 60% of the frequency with which they occur on
email-based services. Given that Gartner estimates that nearly 80% of workers
are using collaboration tools for work, enterprises not only need to be able to
prevent cyberattacks across on-premise and cloud environments that are
cost-efficient, but they also need a robust incident response process to resolve
security incidents in the shortest time possible. “In terms of the potential
risk and damages — prevention of attacks has a greater financial impact on the
organization,” said Michael Calev, Perception Point’s VP of corporate
development and strategy. “One successful breach for an organization can cause
damage amounting to millions of dollars — for bigger companies this could mean a
significant loss in revenue, production capabilities, and a hit to their
reputation, while for smaller companies it could spell disaster and even the end
of their ability to operate,” Calev said.
Who Is Watching Your Data?
As data volumes grow, it will become increasingly important to master data
observability. A recent study of senior professionals from IDC that was
sponsored by my company found that a majority of organizations with the highest
data intelligence maturity are on the path toward data quality and data
observability. The future is really about what we will observe, and I believe it
will move beyond data quality to the volume, frequency and behavior of data. We
will start observing the infrastructure side, including how much storage is
necessary, how much compute is necessary and how much it is costing. For
instance, you might do an integration every night, but suddenly someone has made
a small change, and it becomes 100 times more expensive. No one wants that
surprise. I expect the scope of what we are observing to expand dramatically
into other areas, too, particularly into security and privacy checks to ensure
sensitive data is used only in the way it should be. In this cloud world, there
are so many possibilities.
AWS CEO urges enterprises to do more in the cloud in the face of economic uncertainty
“If you’re looking to tighten your belt, the cloud is the place to do it,” said
Selipsky – because of the flexibility it offers enterprises when it comes to
scaling up or down their operations in the face of fluctuating demand. He went
on to share the story of app-based holiday rental company Airbnb which, because
of its earlier foray into the public cloud, was better equipped to weather the
downturn in demand for its services during the Covid-19 pandemic. “Airbnb was
already a significant cloud user,” said Selipsky. “And with all their expertise
in the cloud, and the efficiencies that they’ve already captured, they were far
more prepared than many others when the bottom fell out of the hospitality
industry in 2020. “Airbnb was able to take down their cloud spending by 27% –
quickly. And then, when the world began to emerge from the worst of the
pandemic, Airbnb was able to quickly turn on the cloud infrastructure that they
needed, and continue to drive innovation.”
Could Software Issues Delay Widespread Electric Vehicle Adoption?
Key obstacles EV software developers face include software development
complexity and the rapid pace of technology evolution, says Mathew Desmond,
automotive industry solutions architect at business advisory firm Capgemini
Americas. Other challenges include the pressure to continually provide new
features to meet customer expectations and the need for enhanced vehicle safety
requirements despite an accelerated development pace. Alex Oyler, a director
with SBD Automotive, a global research and consulting firm, believes that EV
software developers face two primary challenges: dual-track development and
immature tools. “Many software developers are trying to develop software for
both combustion engine and EV platforms at the same time, essentially doubling
the complexity of their software stack,” he explains. Meanwhile, the
sophisticated high-performance computers powering many modern EVs require
multiple advanced development tools and skillsets. “Most of these tools are
immature, with many companies developing tools and skills as they develop their
cars.” Oyler says.
API Security: From Defense-in-Depth (DiD) To Zero Trust
Being able to observe security risks is critical in combating targeted attacks.
After a hacker has breached the outermost layer of defenses, we need
observability mechanisms to identify which traffic is likely the malicious
attack traffic. Common means of implementing security observability are
honeypots, IDS (Intrusion Detection System), NTA (Network Traffic Analysis), NDR
(Network Detection and Response), APT (Advanced Persistent Threat), and threat
intelligence. Among them, honeypots are one of the oldest methods. By imitating
some high-value targets to set traps for malicious attackers, they can analyze
attack behaviors and even help locate attackers. On the other hand, APT
detection and some machine learning methods are not intuitive to evaluate.
Fortunately, for most enterprise users, simple log collection and analysis,
behavior tracking, and digital evidence are enough for the timely detection of
abnormal behaviors. Machine learning is an advanced but imperfect technology
with some problems like false or missed reports.
Why security should be on every IT department's end-of-year agenda
For many IT teams, hiring is fraught with inconsistency. This makes the
end-of-year agenda extremely important for IT teams and their hiring
counterparts. Deciding which employees will be promoted, what new positions
can be created, and backfilling employees who have moved on to new roles is a
puzzle for both IT department leads and hiring managers. For many
organizations, the end of the year means focusing on organizing this turnover
ahead of the new year. From reclaiming devices of past employees to
redistributing unused licenses to save funds, there are multiple
staffing-related tasks to complete before year-end. With this in mind, IT
teams must discuss their hiring needs for the new year and what roles they
ideally would like to fill by the end of the current year. Many people leave
their jobs toward the end of the year, so there will soon be more open
positions than usual for cybersecurity employees. Make sure your team is clear
and organized on your hiring strategy: If you’re hiring, align on priorities
and more emergent vacancies.
Ending the DevOps vs. Software Engineer Cold War
What’s at the heart of this war? To understand that, let’s unpack two major
issues that emerge from this not-so-smooth but all-too-familiar scenario.
First, without a common language and clear communication channels, no two
parties can work together even on simple tasks, let alone complex ones.
Second, even with a common language, all the excess work, context switching,
delays, and the inevitable friction, lead to cold-war-level frustration
brewing within your organization. Adding to these issues are the blurred lines
of responsibility that the DevOps model has created for both software
engineering and DevOps (aka operations) teams. But the reality is that:
Software engineers want to code, implement features and run them on
infrastructure (so the customers can use them), without a lot of hassle and
without getting bogged down in the operational details; DevOps want to focus
on streamlining and keeping production stable, optimizing infrastructure,
improving monitoring and general innovation, without getting sucked into the
rabbit hole of end-user (e.g., software engineers’) service and access
requests.
Quote for the day:
"The final test of a leader is that he
leaves behind him in other men, the conviction and the will to carry on." --
Walter Lippmann
No comments:
Post a Comment