Does the Future of Work include Network as a Service (NaaS)?
NaaS enables companies to implement a network infrastructure that will evolve
with time, providing the flexibility to adapt to business needs as time evolves.
With NaaS, companies can focus on business outcomes and service level objectives
for their network and the accessibility required for their community of workers,
partners, and customers. NaaS eliminates organizations having to worry about
keeping up with the pace of technology change by relying on the strength and
expertise of their implementation partner. NaaS eliminates large upfront capital
expenditure investments that often go into new network infrastructure design,
planning, and implementation with a monthly subscription-based or flexible
consumption model, alleviating the financial impact on rebuilding a new
workplace environment. NaaS enables more flexibility by not tying the
organization down to specific hardware or capital investments that may
eventually become obsolete.
How Technical Debt Hampers Modernization Efforts for Organizations
“When you develop an application, you take certain shortcuts for which you're
going to have to pay the price back later on,” explains Olivier Gaudin,
cofounder and CEO of SonarSource, which develops open-source software for
continuous code quality and security. “You accept that your code is not perfect.
You know that it will have a certain cost when you come back to it later. It
will be a bit more difficult to read, to maintain or to change.” ... Experts
note the patience and long-term strategy required to overcome technical debt.
“It’s a matter of focusing on longer-term strategy over short-term financial
goals,” Orlandini says. “Unfortunately for Southwest, the issues were
well-known. However, the business as a whole did not have the will or motivation
to invest in fixing it until it was too late. They are an extreme example but
serve as a very valid case in point of what can happen if you do not understand
the issues and the ultimate repercussions of not investing to avoid a meltdown,
in whatever form that would take for each organization.”
Just how big is this new generative AI? Think internet-level disruption
While resources and information availability increased by an unprecedented
degree, so too did misinformation, scams, and criminal activity. One of the
biggest problems with ChatGPT is that it presents completely wrong information
as eloquently and confidently as it presents accurate information. Unless
requested, it doesn't provide sources or cite where that information came
from. Because it aggregates a tremendous amount of free-form information, it's
often impossible to trace how it comes by its knowledge and assertions. This
makes it ripe for corruption and gaming. At some point, AI designers will need
to open their systems to the broader internet. When they do, oh boy, it's
going to be rough. Today, there are entire industries dedicated to
manipulating Google search results. I'm often required by clients to put my
articles through software applications that weigh each word and phrase against
how much Google oomph it produces, and then I'm asked to change what I write
to appeal more to the Google algorithms.
Is blockchain really secure? Here are four pressing cyber threats you must consider
Blockchains use consensus protocols to reach agreement among participants when
adding a new block. Since there is no central authority, consensus protocol
vulnerabilities threaten to control a blockchain network and dictate its
consensus decisions from various attack vectors, such as the majority (51%)
and selfish mining attacks. ... The second threat is related to the exposure
of sensitive and private data. Blockchains are transparent by design, and
participants may share data that attackers can use to infer confidential or
sensitive information. As a result, organizations must carefully evaluate
their blockchain usage to ensure that only permitted data is shared without
exposing any private or sensitive information. ... Attackers may compromise
private keys to control participants’ accounts and associated assets by using
classical information technology methods, such as phishing and dictionary
attacks, or by exploiting vulnerabilities in blockchain clients’ software.
Behaviors To Avoid When Practicing Pair Programming
Despite its popularity, pair programming seems to be a methodology that is not
wildly adopted by the industry. When it is, it might vary on what "pair" and
"programming" means given a specific context. Sometimes pair programming is
used in specific moments throughout the day of practitioners, as reported by
Lauren Peate on the podcast Software Engineering Unlocked hosted by Michaela
Greiler to fulfill specific tasks. But, in the XP, pair programming is the
default approach to developing all the aspects of the software. Due to the
variation and interpretation of what pair programming is, companies that adopt
it might face some miss conceptions of how to practice it. Often, this is the
root cause of having a poor experience while pairing.Lack of soft (social)
skills ... The driver and navigator is the style that requires the pair to
focus on a single problem at once. Therefore, the navigator is the one that
should give support and question the driver's decisions to keep both in sync.
When it does not happen, the collaboration session might suffer from a lack of
interaction between the pair.
When it comes to network innovation, we must protect the data ‘pipes’
We must conclude that any encrypted information collected by foreign
intelligence services will eventually be cracked through sufficient compute
power and time. This is one reason why super computers are part of the race
for information dominance. At the level of supercomputers, the amount of
compute is truly calculated in cost to build and cost to operate. If you do
not have access to cutting edge chips, just increase the number of compute
chips, central processing unit or graphics processing unit, or some other
compute unit like an AI accelerator. It will cost more to make and cost more
electricity to operate, but the amount of compute will be available to the
government or corporation that invested in the system. Without a true “zero
trust” scheme, any compromise of any node on any network becomes a pivot point
for further attacks. The problem with “zero trust” is that to be effective,
you need a mature network model that can be secured, not a “growing, organic
network” that is adapting rapidly to meet the needs of the user.
Unstructured data and the storage it needs
As we’ve seen, unstructured data is more or less defined by the fact it is not
created by use of a database. It may be the case that more structure is
applied to unstructured data later in its life, but then it becomes something
else. ... It’s quite possible to build adequately performing file and object
storage on-site using spinning disk. At the capacities needed, HDD is often
the most economic option.But advances in flash manufacturing have led to
high-capacity solid state storage becoming available, and storage array makers
have started to use it in file and object storage-capable hardware. This is
QLC – quad-level cell – flash. This packs in four levels of binary switches to
flash cells to provide higher storage density and so lower cost per GB than
any other flash commercially usable currently. The trade-offs that come with
QLC, however, are that flash lifetime can be compromised, so it’s better
suited to large-capacity, less frequently accessed data. But the speed of
flash is particularly well-suited to unstructured use cases, such as in
analytics where rapid processing and therefore I/O is needed
The Cybersecurity Hype Cycle of ChatGPT and Synthetic Media
Historically, spearphishing messages have been partially or entirely crafted
by people. However, synthetic chat makes it possible to automate this process
– and highly advanced synthetic chat, like ChatGPT, makes these messages seem
just as, or more convincing, than a human-written message. It also opens the
door for automated, interactive malicious communications. With this in mind,
threat actors can quickly and cheaply massify high-cost and highly effective
approaches like spearphishing. These capabilities could be used to support
cybercrime, nation-state operations and more. Advances like ChatGPT may also
have a meaningful impact on information operations, which have come to the
forefront due to foreign influence in recent US presidential elections.
Technologies such as ChatGPT can generate lengthy, realistic content
supporting divisive narratives, which could help scale up information
operations.
How to de-risk your digital ecosystem
In short, in any de-risking framework, one must assume that the largest source
of cyberthreats comes not from someone breaking in, but rather from a door
left open for an uninvited guest. Organizations must adapt their mindset,
their processes, and their resources accordingly. ... In many organizations,
the responsibility for closing risk gaps falls to several leaders, but not to
a single point of authority. The failure is understandable as digital
ecosystems touch multiple dimensions of an enterprise. But then responsibility
for the total risk environment and de-risking is shared — though not
necessarily met. A lack of accountability results in a lack of power to act
and set de-risking as a priority within the organization. ... Without
understanding the context of the business, understanding and remediating risk
is difficult to do effectively. For example, an outside vendor can be a
potential source of risk but also plays a critical and central role in the
business. Resolving and mitigating the issue may require special handling and
attention.
Closing the Cybersecurity Talent Gap
Cybersecurity is often viewed as just another technical talent field, yet
candidates are expected to possess a wide range of rapidly evolving knowledge
and skills. When filling staffing gaps, leaders should examine the skill sets
that are missing from their current team, such as creative problem solving,
stakeholder communications, buy-in development, and change enablement. “Look
for candidates who will help balance out existing team skills as opposed to
individuals who match a specific technical qualification,” Glair says. Before
hiring can begin, it's necessary to attract suitable candidates. Initial
search steps should include website updates and social media posts, Glair
says. He also suggests creating an internal “cybersecurity academy” that will
build talent from within the organization. “This should include the technical,
process, communications, and leadership skills needed to address today’s
cybersecurity challenges,” Glair notes. Burnet recommends sponsoring a
“sourcing jam.” “That means getting recruiters and/or hiring managers in a
room together ... to trawl through their networks and get them to personally
reach out.”
Quote for the day:
"Leaders are the ones who keep faith
with the past, keep step with the present, and keep the promise to
posterity." -- Harold J. Seymour