Daily Tech Digest - January 13, 2023

Poor cloud architecture and operations are killing cloud ROI

If the cloud did not ever have the potential to return ROI back to the business, nobody would use it. However, there are businesses that are very successful with cloud, even changing the business around the use of cloud computing. These companies are leveraging cloud as a true force multiplier to build innovative solutions, as well as to provide agility and scalability. However, many cannot find business value with cloud computing. Most disturbing, they are not finding value while spending about the same amount of money as those who are finding value. We must therefore conclude that bad decisions are being made. Cloud computing technology has been relevant for about 15 years. We understand it’s what you do and your company culture that makes you truly successful with cloud computing, not what you spend. Why are we still seeing winners and losers? ... First, bad architectures need to be fixed before they can operate properly. You can have a disciplined and highly automated operations team and technology stack, but if the solution is poorly designed, the result is going to be less than stellar, no matter what.

Innovation: Your solution for weathering uncertainty

Innovation has always been essential to long-term value creation and resilience because it creates countercyclical and noncyclical revenue streams. Paradoxically, making big innovation bets may now be safer than investing in incremental changes. Our long-standing research shows that innovation success rests on the mastery of eight essential practices. Five of these practices are particularly important today: resetting the aspiration based on the viability of current businesses, choosing the right portfolio of initiatives, discovering ways to differentiate value propositions and move into adjacencies, evolving business models, and extending efforts to include external partners. ... In times of disruption or deep uncertainty, companies have to carefully balance short-term innovations aimed at cost reductions and potential breakthrough bets. As customers’ demands change, overindexing on small product tweaks (that address needs which may be temporary) is unlikely to boost long-term performance. However, “renovations” to designs and processes can produce savings that help fund longer-term investments in innovations that may create routes to profitable growth.

The Truth About Cybersecurity Challenges Facing the Healthcare Industry

In general, healthcare IT has accrued technical debt for more than 25 years. Everywhere you look, whether it’s at the doctor’s office, hospital, or an urgent care facility, you see disparate and often dated IT systems. It’s not as rare as you’d think to see WindowsXP–based computers at the check-in desk and throughout the facility. Many of the most common pieces of equipment and attached computer systems run outdated operating systems, unpatched and archaic software, and have little security on them. I promise you it’s not for lack of trying by the IT and cyber-security team. So much outdated software exists largely because the vendors that support these systems focus on the healthcare aspect, rather than upkeep and security. In other instances, some devices were never intended to be connected to a network — thus rendering them vulnerable to remote attacks because they aren’t configured to be protected from network-based attackers. Finally, there is certainly some “if it ain’t broke, don’t fix it” mentality. Walking around you’ll find computer systems under people’s desks that have served a single purpose for a very long time. 

Time to Look at the Role of the CISO Differently

It is time to stop searching for non-existent profiles, expecting the CISO to be credible one day in front of the Board, the next in front of hackers, the third in front of developers, and all the way across the depth and breadth of the enterprise and its supply chain. Those profiles don’t exist anymore, given the transversal complexity cyber security has developed over the past two decades. The role of the CISO has to be one of a leader, structuring, organising, delegating and orchestrating work across their team and across the firm — and across the multiple third-parties involved in delivering or supporting the business. In essence, knowing what to do is reasonably well established and cyber security good practice — at large — still protects from most threats, and still ensures a degree of compliance with most regulations. But by focusing excessively on purely technical approaches to cyber security challenges, large organizations have failed to protect themselves effectively and efficiently, in spite of massive investments in that space over the last two decades.

MACH as an Enterprise Architecture strategy

MACH is an acronym for Microservices, API-first, Cloud-native, and Headless. It’s a modern approach for building and deploying software applications that can help organizations to be more agile, scalable, and flexible. In a MACH architecture, software applications are built as a collection of independent, self-contained microservices that communicate with each other through APIs (Application Programming Interfaces). The front-ends and back-ends components are separated and the entire solution is designed to be deployed in the cloud. ... There are several benefits of using a MACH architecture for building and deploying software applications:Agile development: MACH architectures allow different parts of an application to be developed and deployed independently, which can make it easier to make changes and updates without disrupting the entire system. This can help organizations be more agile and responsive to changing business needs. Scalability: MACH architectures are designed to be deployed in a cloud computing environment, which can provide the scalability and flexibility needed to support rapid growth or spikes in demand.

Maximizing data value while keeping it secure

Many organizations stumble and fail because they lack complete visibility into all data assets in clouds and beyond. To take visibility to a higher level, it’s vital to have a catalog of all managed and shadow assets, along with their owners, locations, security and governance measures enabled for the data. Without a central repository and a single view, there’s no way to know what data exists, how it’s stored, where it’s used and how it’s shared. Essentially, an organization winds up flying blind. Yet the advantages of robust discovery and visibility don’t stop there. With this information it’s possible to adapt and expand security profiles as needs and conditions change. ... Sharing data in the cloud involves complexity and risk. That’s a given. To maximize the opportunity—including harnessing the full functionality of cloud-native tools—an organization must know who is accessing data and how they are using it. Therefore, a robust identity management framework is crucial. Administrators and others must be able to analyze roles and permission settings in data assets that reside in clouds and across multi-cloud frameworks. 

Top automation pitfalls and how to avoid them

Automating a bad process can make things worse as it can magnify or exacerbate underlying issues, especially if humans are taken out of the loop. In some cases, a process is automated because the technology is there, even if automation isn’t required. For example, if a process occurs very rarely, or there’s a great deal of variation in the process, then the cost of setting up the automation, teaching it to handle every use case, and training employees how to use it may be more expensive and time-consuming than the old manual approach. And putting the entire decision into the hands of data scientists, who may be far removed from the actual work, can easily send a company down a dead end, or to end users who might not know how automation works, says James Matcher, intelligent automation leader at Ernst & Young. That recently happened at a company he worked with, a retail store chain with locations around the US. The retailer approached people on the front lines, and employees and managers working on the shop floors, for suggestions about manual processes that should be automated.

What’s the role of the CTO in digital transformation?

A CTO needs to take on the role of the ‘bridge builder’ between the strictly technical components of a transformation strategy and how they can apply to people and process in the specific context of an organisation. Digital transformation is a team activity. Each role needs to bring to the process their full insights and experience for the CTO to manage. The CTO has specific technological insight and therefore needs to be directly involved in helping the entire organisation identify where technical systems are simply obsolete and not fit for purpose so as well as being a bridge builder, CTOs naturally lead the charge when dealing with a technology-led approach. They must be able to explain where the value is in the application of technological change in context – too often we see visions that are de-contextualised from the reality on the ground. This kind of technological planning does not allow for realistic strategic planning. With visions of the ambitious but feasible in sight it is then the whole leadership team’s task to decide what course they are going to map out and to work together on the digital transformation journey.

How Organizations Should Respond to the CircleCI Security Incident

CircleCI has taken proactive steps to mitigate risk for its customers, but simply revoking secrets from the platform is not enough, according to Jaime Blasco, co-founder and CTO of cybersecurity company Nudge Security. “It’s still important to assume that every connected application and secret has been compromised. Organizations should verify the steps that these vendors have taken and also take steps to rotate secrets within any other connected application,” he explains. Customers can leverage commercially available or open-source tools, aside from the one offered by CircleCI, to discover their secrets. “One option is to use Trufflehog, an open-source tool that scans for secrets across multiple platforms, including CircleCI, Github, Gitlab, and AWS S3,” says Blasco. CircleCI is assuming responsibility and taking steps to protect its customers, Assaf Morag, lead data analyst at cloud native security company Aqua Security, notes. But is important for customers to respond proactively to the security incident as well. 

Artificial intelligence in strategy

Every business probably has some opportunity to use AI more than it does today. The first thing to look at is the availability of data. Do you have performance data that can be organized in a systematic way? Companies that have deep data on their portfolios down to business line, SKU, inventory, and raw ingredients have the biggest opportunities to use machines to gain granular insights that humans could not. Companies whose strategies rely on a few big decisions with limited data would get less from AI. Likewise, those facing a lot of volatility and vulnerability to external events would benefit less than companies with controlled and systematic portfolios, although they could deploy AI to better predict those external events and identify what they can and cannot control. Third, the velocity of decisions matters. Most companies develop strategies every three to five years, which then become annual budgets. If you think about strategy in that way, the role of AI is relatively limited other than potentially accelerating analyses that are inputs into the strategy. 

Quote for the day:

"Effective questioning brings insight, which fuels curiosity, which cultivates wisdom." -- Chip Bell

No comments:

Post a Comment