Daily Tech Digest - December 29, 2022

10 IT certifications paying the highest premiums today

The Certified in the Governance of Enterprise IT (CGEIT) certification is offered by the ISACA to validate your ability to handle “the governance of an entire organization” and can also help prepare you for moving to a C-suite role if you aren’t already in an executive leadership position. The exam covers general knowledge of governance of enterprise IT, IT resources, benefits realization, and risk optimization. To qualify for the exam, you’ll need at least five years of experience in an advisory or oversight role supporting the governance of IT in the enterprise. ... The AWS Certified Security certification is a specialty certification from Amazon that validates your expertise and ability with securing data and workloads in the AWS cloud. The exam is intended for those working in security roles with at least two years of hands-on experience securing AWS workloads. It’s recommended that candidates for the exam have at least five years of IT security experience designing and implementing security solutions. ... To earn the certification, you will need to pass the AWS Certified Security Specialty exam, which consists of multiple choice and multiple response questions.

When will cloud computing stop growing?

So, no matter where the market goes, and even if the hyperscalers begin to seem more like legacy technology, the dependencies will remain and growth will continue. The hyperscaler market could become more complex and fragmented, but public clouds are the engines that drive growth and innovation. Will it stop growing at some point? I think there are two concepts to consider: First, cloud computing as a concept. Second, the utility of the technology itself. Cloud computing is becoming so ubiquitous, it will likely just become computing. If we use mostly cloud-based consumption models, the term loses meaning and is just baked in. I actually called for this in a book I wrote back in 2009. Others have called for this as well, but it’s yet to happen. When it does, my guess is that the cloud computing concept will stop growing, but the technology will continue to provide value. The death of a buzzword. The utility, which is the most important part, carries on. Cloud computing, at the end of the day, is a much better way to consume technology services. The idea of always owning our own hardware and software, running our own data centers, was never a good one.

Modernise and Bolster Your Data Management Practice with Data Fabric

Data has emerged as an invaluable asset that can not only be used to power businesses but can also be put to the wrong use for individual benefit. With stringent regulatory norms around data handling and management in place, data security, governance and compliance need dedicated attention. Data fabric can significantly improve security by integrating together data and applications from across physical and IT systems. It enables a unified and centralized route to create policies and rules. The ability to automatically link policies and rules basis metadata such as data classifications, business terms, user groups, roles, and more, including policies on data access controls, data privacy, data protection, and data quality ensures optimized data governance, security, and compliance. Changing business dynamics require businesses to be ahead of the curve by virtue of aptly and actively using data. Data fabric is a data operational layer that weaves through huge volumes of data from multiple sources and processes it using machine learning enabling businesses to discover patterns and insights in real-time. 

It’s a Toolchain!

Even ‘one’ toolchain is really not the same chain of tools; it is the same CI/CD tool managing a pool of others. This has really interesting connotations for the idea of the “weakest link in the chain,” whether we’re talking security, compliance or testing, because the weakest link might depend on which tools are spawned this run. To take an easy example that doesn’t overlap with the biggest reason above—targeting containers for test and virtual machines (VMs) for deployment. Some organizations do this type of thing regularly due to licensing or space issues. Two different deployment steps in ‘one’ toolchain. There are more instances like this than you would think. “This project uses make, that one uses cmake” is an example of the type of scenarios we’re talking about. These minor variations are handled by what gets called from CI. Finally, most of the real-life organizations I stay in touch with are both project-based and are constantly evolving. That makes both of the above scenarios the norms, not the exceptions. While they would love to have one stack and one toolchain for all projects, no one realistically sees that happening anytime soon. 

How DevOps is evolving into platform engineering

Platform engineering is the next big thing in the DevOps world. It has been around for a few years. Now the industry is shifting toward it, with more companies hiring platform engineers or cloud platform engineers. Platform engineering opens the door for self-service capabilities through more automated infrastructure operations. With DevOps, developers are supposed to follow the "you build it, you run it" approach. However, this rarely happens, partly because of the vast number of complex automation tools. Since more and more software development tools are available, platform engineering is emerging to streamline developers' lives by providing and standardizing reusable tools and capabilities as an abstraction to the complex infrastructure. Platform engineers focus on internal products for developers. Software developers are their customers, and platform engineers build and run a platform for developers. Platform engineering also treats internal platforms as a product with a heavy focus on user feedback. Platform teams and the internal development platform scale out the benefits of DevOps practices. 

Top 5 Cybersecurity Trends to Keep an Eye on in 2023

Cyber security must evolve to meet these new demands as the world continues shifting towards remote and hybrid working models. With increased reliance on technology and access to sensitive data, organizations need to ensure that their systems are secure and their employees are equipped to protect against cyber threats. Organizations should consider implementing security protocols such as Multi-Factor Authentication (MFA), which requires additional authentication steps to prove the user’s identity before granting access to systems or data. MFA can provide an additional layer of protection against malicious actors who may try to access accounts with stolen credentials. Businesses should also consider developing policies and procedures for securing employee devices. This could include providing employees with secure antivirus software and encrypted virtual private networks (VPNs) for remote connections. Additionally, employees should be trained on the importance of strong passwords, unique passwords for each account, and the dangers of using public networks.

Understanding Data Management, Protection, and Security Trends to Design Your 2023 Strategy

Today more than ever there is a need for a modernized approach towards data security considering that the threats are increasingly getting sophisticated. Authentication-as-a-Service with built-in SSO capabilities, tightly integrated with Cloud apps will secure online access. Data encryption solutions with comprehensive key management solutions will help customers protect their digital assets whether on-premise or cloud. EDRM solutions with the widest file and app support will aide customers to protect and have control over their data even outside their networks. DLP solutions with integrated user behavior analysis (UBA) modules provide customers leverage their investment in their DLP. Data discovery and classification help organizations get complete visibility into sensitive data with efficient data discovery, classification, and risk analysis across heterogeneous data stores. These are some approaches organizations can benefit from OEMs designing data security solutions and products.

US-China chip war puts global enterprises in the crosshairs

“In addition to the chipmakers and semiconductor manufacturers in China, every company on the supply chain of advanced chipsets, such as the electronic vehicle manufacturers and HPC [high performance computing] makers in China, will be hit," said Charlie Dai, research director at market research firm Forrester. "There will also be collateral damage to the global technology ecosystem in every area, such as the chip design, tooling, and raw materials.” Enterprises might not feel the burn right away, since interdependencies between China and the US will be hard to unwind immediately. For example, succumbing to pressure from US businesses, in early December the US Department of Defense said it would allow its contractors to use chips from the banned Chinese chipmakers until 2028. In addition, the restrictions are not likely to have a direct effect on the ability of the global chip makers to manufacture semiconductors, since they have not been investing in China to manufacture chips there, said Pareekh Jain, CEO at Pareekh Consulting.

Financial Services Was Among Most-Breached Sectors in 2022

The practice of attackers sneaking so-called digital skimmers - typically, JavaScript code - onto legitimate e-commerce or payment platforms also continues. These tactics, known as Magecart-style attacks, most often aim to steal payment card data when a customer goes to pay. Attackers either use that data themselves or batch it up into "fullz," referring to complete sets of credit card information that are sold via a number of different cybercrime forums. Innovation continues among groups that practice Magecart tactics. In recent weeks, reports application security vendor Jscrambler, three different attack groups have begun wielding new, similar tactics designed to inject malicious JavaScript into legitimate sites. One of the groups has been injecting a "Google Analytics look-alike script" into victims' pages, while another has been injecting a "malicious JavaScript initiator that is disguised as Google Tag Manager." The third group is also injecting code, but does so by having registered the domain name for Cockpit, a free web marketing and analytics service that ceased operations eight years ago. 

Microservices Integration Done Right Using Contract-Driven Development

Testing an application is not just about testing the logic within each function, class, or component. Features and capabilities are a result of these individual snippets of logic interacting with their counterparts. If a service boundary/API between two pieces of software is not properly implemented, it leads to what is popularly known as an integration issue. Example: If functionA calls functionB with only one parameter while functionB expects two mandatory parameters, there is an integration/compatibility issue between the two functions. Such quick feedback helps us course correct early and fix the problem immediately. However, when we look at such compatibility issues at the level of microservices where the service boundaries are at the http, messaging, or event level, any deviation or violation of the service boundary is not immediately identified during unit and component/api testing. The microservices must be tested with all their real counterparts to verify if there are broken interactions. This is what is broadly (and in a way wrongly) classified as integration testing.

Quote for the day:

"To command is to serve : nothing more and nothing less." -- Andre Marlaux

No comments:

Post a Comment