Daily Tech Digest - December 10, 2022

Risk and resilience priorities, as told by chief risk officers

CROs acknowledge that they need to spend more time considering “over the horizon risks.” This gap in thinking was brought into sharp focus by the heavy impact the COVID-19 pandemic and geopolitical tensions had on their institutions’ risk profiles—including second- and third-order effects—such as supply chain risk, inflation, and rising interest rates—which were not anticipated by most banking executives. Institutions were little prepared to address these highly consequential risks. The failure goes well beyond risk functions, however. Many organizations used forecasting to develop market strategies, but this approach failed to pick up major reality shifts in the recent past—from the financial crisis of the 2000s to the pandemic to geopolitical realignments. Leading institutions are moving to scenario-based foresight to increase institutional resilience against over-the-horizon risks. The risk function can play an important role here in ensuring that the scenarios capture existing and expected risks, while aligning function priorities against scenarios.

Should central banks use DLT for CBDC?

When it comes to the topic of whether “to DLT or not to DLT” in the world of CBDC, Mikhalev took a slightly different position. He stated central banks have taken a top-down approach for hundreds of years, and while this works in many jurisdictions, it doesn’t work as well in emerging markets. “To have blockchain or not for CBDCs is increasingly being answered in the negative across established economies. ... This could reduce volatility in these emerging markets. These aspects which are specifically inherent to decentralisation and the distribution of power, should have positive effects in emerging economies.” However, Mikhalev continued, in each conversation carried out with central bankers in developed countries, he has found that they perceive blockchain as having little effect in situations where the supervisory institutions are not ready or unwilling to alter their business models around a new technology. “Blockchain doesn't really make much difference if nothing changes in terms of the existing established top-down structure of CBDCs. However, in emerging economies, this seems to differ,” Mikhalev noted.

A compliance fight in Germany could hurt Microsoft customers

German compliance authorities “can live with the situation where Microsoft pretends to do everything right and the authorities pretend to have done everything in their power to force Microsoft to become compliant,” Hence said in an interview with Computerworld. Microsoft “does not fulfill the most basic requirements of GDPR. They lack basic transparency. We can’t assess what they are doing because they are not telling us.” This is where politics comes into play, wheret practical forces can influence government compliance actions. German regulators “are afraid of retribution. (With regulators thinking) we won't get more budget if we say that you can’t use Office any more. Or even Google Analytics, any more,” Hence said. “These are poltical issues. Nobody wants to be the bad guy.” Thus, Microsoft is likely to skate on the issue — at least for now. But what about enterprise IT execs? Are companies using Microsoft products immune from compliance punishments? Not necessarily. It might not seem fair to let Microsoft get away with this but to fine and otherwise punish its customers, but Hence argues that's quite likely. And not just in Germany.

Policy Developments around Blockchain

On September 15, 2022, Singapore’s Monetary Authority (MAS) launched the Financial Services Industry Transformation Map 2025 that provides a framework of strategies to develop the country as a leading global financial center through enhanced payment connectivity to build a responsible digital asset ecosystem. It also laid out clear strategies to explore DLT in use cases such as cross-border payments, trade finance, and capital markets, besides supporting tokenization of financial assets. The policy supports a central bank digital currency (CBDC) and public-private collaboration to develop the infrastructure required to deliver such a currency. However, the first off the blocks in 2022 was the Securities and Futures Commission of Hong Kong which issued a joint circular with the HK Monetary Authority on intermediaries that can undertake virtual asset-related activities. Per the statement, intermediaries distributing virtual assets need to comply with the SFC’s requirements for sale of the products.

Share of Emerging Technologies in IT Budgets

National Association of Software and Services Companies (NASSCOM) and Boston Consultancy Group (BCG) today released a report titled "Sandboxing into the Future: Decoding Technology's Biggest Bets" on the sidelines of NASTech 2022 in Bengaluru. The report aims to uncover and develop perspectives on big-bet technologies that can potentially disrupt markets in the next 3-5 years. Enterprise Tech spending is estimated to reach $4.2 Tn by 2026 globally, amongst which Tech Services companies represent the largest segment and are expected to become $1.7 Tn by 2026 with a CAGR of 8.1%. As part of the study, 28 emerging technology themes from 11 tech families were identified – across markets and verticals - with the potential to disrupt markets, basis current tech spending, growth potential, innovation maturity, and funding momentum. Amongst these 12 emerging technologies, with high funding momentum and R&D focus, have emerged as the “Biggest Bets,” including, Autonomous analytics, AR & VR, Autonomous Driving, Computer Vision, Deep learning, Distributed Ledger, Edge Computing, Sensor Tech, Smart Robots, Space Tech, Sustainability Tech, and 5G/6G.

Amazon Wants to Kill the Barcode

The system, called multi-modal identification, isn't going to fully replace barcodes soon. It's currently in use in facilities in Barcelona, Spain, and Hamburg, Germany, according to Amazon. Still, the company says it's already speeding up the time it takes to process packages there. The technology will be shared across Amazon's businesses, so it's possible you could one day see a version of it at a Whole Foods or another Amazon-owned chain with in-person stores. The problem that the system eliminates -- incorrect items coming down the line to be sent to customers -- doesn't happen too often, Amazon says. But even infrequent mistakes add up to significant slowdowns when considering just how many items a single warehouse processes in one day. Amazon's AI experts had to start by building up a library of images of products, something the company hadn't had a reason to create prior to this project. The images themselves as well as data about the products' dimensions fed the earliest versions of the algorithm, and the cameras continually capture new images of items to train the model with. The algorithm's accuracy rate was between 75% and 80% when first used, which Amazon considered a promising start. 

Cyber crime threatens manufacturing production

Targeted attacks are the most common, with smaller companies often the most vulnerable, yet many offering no cyber security training to staff. Sixty-two percent of manufacturers now have a formal cyber security procedure in place in the event of an incident, up 11% on last year’s figures with the same number giving a senior manager responsibility for cyber security. More than half (58%) have escalated this responsibility to board level. Stephen Phipson, CEO of Make UK, the manufacturers’ organisation said: “Digitisation is revolutionising modern manufacturing and becoming increasingly important to drive competitiveness and innovation. “While cost remains the main barrier to companies installing cyber protection, the need to increase the use of the latest technology makes mounting a defence against cyber threats essential. No business can afford to ignore this issue and while the increased awareness across the sector is encouraging, there is still much to be done. “Every business is vulnerable, and every business needs to take the necessary steps to protect themselves properly.”

How Do Agility and Software Architecture Fit Together?

But the question is, I mean, when we, when we create software, we make decisions all the time. So the question is, what what is architecture? Like? How is architecture is different from all of these normal decisions that we take. And when I think about that, I always use a very loose definition. And this is, architecture is about the important things. I think Martin Fowler said something like that, and I really liked that, because it's about those things that have a high risk or a high cost of change, if we need to re evaluate them if we need to redo them. And, and I think that that these types of decisions qualifies architectural decisions. And then the question is, I mean, when do we when do we decide on these important things, whatever important means, and in my opinion, there is something that is quite underappreciated in most Scrum teams and from from my experience, it is that the product owner has a very, very important part when it comes to software architecture, because it always starts with what is the vision of the product? 

What’s a distributed compliance ledger and how is one integrated into Matter?

Matter’s DCL is a network of independent servers operated by the CSA and its partners. Each DCL server includes a complete copy of the database. The original data is managed and controlled by the CSA. The DCL is implemented by connecting all the servers using a cryptographically secured protocol. The DCL makes it difficult to manipulate the data in the database and increases the security of Mater devices and networks. ... The manufacturer writes the data to the database to add a new product to the DCL. It’s not ‘active’ until approved by the CSA. Once the device has passed certification and the CSA has received the confirmation from the PPA, the CSA adds “certified” to the status list letting all members of the Matter ecosystem know that this is an approved device and ready to be added to Matter networks. Database access is restricted. Device makers can only add data for their own products that are linked to their vendor identification (VendorID) number. Software updates must also be linked to the VendorID, or they will be rejected. Official CSA PPA bodies or the CSA can confirm or revoke device compliance data.

4 tips for implementing consistent configuration and automation standards

The team regularly reviews standards with squads and SMEs to keep the operating system and middleware standards current and compliant with security and other requirements. We created a naming structure for standards to maintain version control for compliance and audit purposes. The standards form a baseline for maintaining playbooks for consistent automation across the environment. The organization also promotes InnerSource (the use of open source practices to improve internal software) and advocates reusing playbooks. We base the playbooks on common configuration and automation standards. This establishes governance for operating systems and middleware support. ... Automation is a continuous journey. Achieving touchless deployments requires standard configurations, processes, procedures, security guidelines, and other dependencies that you must review and validate periodically. These standards form the baseline that the automation team will adopt and implement. 

Quote for the day:

"We are drowning in information, but starved for knowledge." -- John Naisbitt

No comments:

Post a Comment