Top 6 roadblocks derailing data-driven projects
Making the challenge of getting sufficient funding for data projects even more
daunting is the fact that they can be expensive endeavors. Data-driven projects
require a substantial investment of resources and budget from inception, Clifton
says. “They are generally long-term projects that can’t be applied as a
quick fix to address urgent priorities,” Clifton says. “Many decision makers
don’t fully understand how they work or deliver for the business. The complex
nature of gathering data to use it efficiently to deliver clear [return on
investment] is often intimidating to businesses because one mistake can
exponentially drive costs.” When done correctly, however, these projects
can streamline and save the organization time and money over the long
haul, Clifton says. “That’s why it is essential to have a clear strategy for
maximizing data and then ensuring that key stakeholders understand the plan and
execution,” he says. In addition to investing in the tools needed to
support data-driven projects, organizations need to recruit and retain
professionals such as data scientists.
IoT, connected devices biggest contributors to expanding application attack surface
Along with IoT and connected device growth, rapid cloud adoption, accelerated
digital transformation, and new hybrid working models have also significantly
expanded the attack surface, the report noted. ... Inefficient visibility
and contextualization of application security risks leave organizations in
“security limbo” because they don’t know what to focus on and prioritize, 58% of
respondents said. “IT teams are being bombarded with security alerts from across
the application stack, but they simply can’t cut through the data noise,” the
report read. “It’s almost impossible to understand the risk level of security
issues in order to prioritize remediation based on business impact. As a result,
technologists are feeling overwhelmed by new security vulnerabilities and
threats.” Lack of collaboration and understanding between IT operations teams
and security teams is having several negative effects too, the report found,
including increased vulnerability to security threats and blind spots,
difficulties balancing speed, performance and security priorities, and slow
reaction times when addressing security incidents.
Firmware Flaws Could Spell 'Lights Out' for Servers
Five vulnerabilities in the baseboard management controller (BMC) firmware used
in servers of 15 major vendors could give attackers the ability to remotely
compromise the systems widely used in data centers and for cloud services. The
vulnerabilities, two of which were disclosed this week by hardware security firm
Eclypsium, occur in system-on-chip (SoC) computing platforms that use AMI's
MegaRAC Baseboard Management Controller (BMC) software for remote management.
The flaws could impact servers produced by at least 15 vendors, including AMD,
Asus, ARM, Dell, EMC, Hewlett-Packard Enterprise, Huawei, Lenovo, and Nvidia.
Eclypsium disclosed three of the vulnerabilities in December, but withheld
information on two additional flaws until this week in order to allow AMI more
time to mitigate the issues. Since the vulnerabilities can only be exploited if
the servers are connected directly to the Internet, the extent of the
vulnerabilities is hard to measure, says Nate Warfield, director of threat
research and intelligence at Eclypsium.
As the anti-money laundering perimeter expands, who needs to be compliant, and how?
Remember: It’s not just existing criminals you’re looking for, but also people
that could become part of a money laundering scheme. One very specific category
is politically exposed persons (PEP), which refers to government workers or
high-ranking officials at risk of bribery or corruption. Another category is
people in sanctioned lists, like Specially Designated Nationals (SDN) composed
by the Office of Foreign Assets Control (OFAC). They contain individuals and
groups with links to high-risk countries. Extra vigilance is also necessary when
dealing with money service businesses (MSB), as they’re more likely to become
targets for money launderers. The point of all this is that a good AML program
must include a thorough screening system that can detect high-risk customers
before bringing them onboard. It’s great if you can stop criminals from
accessing your system at all, but sometimes they slip through or influence
existing customers. That’s why checking users’ backgrounds for red flags isn’t
enough. You need to keep an eye on their current activity, too.
Digital transformation: 4 essential leadership skills
Decisiveness by itself is not enough. A strong technology leader needs to
operate with flexibility. The pace of change is no longer linear, and leaders
have less time to assess and understand every aspect of a decision.
Consequently, decisions are made faster and are not always the best ones.
Realizing which decisions are not spot-on and being able to adapt quickly is
an example of the type of flexibility a leader needs. Another area leaders
should understand is when, how, and from whom to take input when making
adjustments. For example, leaders shouldn’t rely solely on customer input to
make all product decisions. A flexible leader needs to understand the impact
on the development teams and support teams as well. In our experience, teams
with decisive and flexible leaders are more accepting of change. This is
especially true during transformation. Leaders need to know when and how to be
decisive to lead their team to success. In tandem, future-ready leaders can
adapt to new information and inputs in today’s fast-paced technology
environment.
Pathways to a More Sustainable Data Center
“When building a data center to suit today's needs and the needs 20 years in
the future, the location of the facility is a key aspect,” he says. “Does it
have space to expand with customer growth? Areas to remediate and replace
systems and components? Is it in an area that has an extreme weather event
seasonally? Are there ways to bring more power to the facility with this
growth?” He says these are just a few of the questions that need to be thought
of when deploying and maintaining a data center long term. "Technology may be
able to stretch the limits of what’s possible, but sustainability starts with
people,” Malloy adds. “Employees that implement and follow data center best
practices keep a facility running in peak performance.” He says implementing
simple things such as efficient lighting, following management-oriented
processes and support-oriented processes for a proper maintenance and part
replacement schedule increase the longevity of the facility equipment and
increase customer satisfaction.
Enterprise architecture modernizes for the digital era
Although leading enterprise architects see the need for a tool that better
reflects the way they work, they also have concerns. “Provenance and credibility
are key, so you risk making the wrong decisions as an enterprise architect if
there’s no accuracy in the data,” Gregory says of how EAM tools are reliant on
data quality. Winfield agrees, adding: “The difficult bit is getting accurate
data into the EAM.” Gartner, in its Magic Quadrant for EA Tools, reports that
the EAM sector could face some consolidation, too: “Due to the importance and
growth in use of models in modern business, we expect to see some major vendors
in adjacent market territories make strategic moves by either buying or
launching their own EA tools.” Still, some CIOs question the value of adding EAM
tools to their technology portfolio alongside IT service management (ITSM)
tools, for example. The Very Group’s Subburaj foresees this being a challenge.
“Some business leaders will struggle to see the direct business impact,” he
says.
Career path to CTO – we map out steps to take
Successful CTOs will need a range of skills, including technical but also
business attributes. “The ability to advise and steer the technology strategy
that is right for the business in the current and changing market conditions is
crucial,” says Ryan Sheldrake, field CTO, EMEA, at cloud security firm Lacework.
“Spending and investing wisely and in a timely manner is one of the more
finessed parts of being a successful CTO.” ... “To achieve a promotion to this
level, you need both,” she says. “For most of the CTO assignments we deliver, a
solid knowledge base in software engineering, technical, product and enterprise
architecture is required, as well as knowledge of cloud technologies and
information security. From a leadership perspective, candidates need excellent
influencing skills, strategic thinking, commercial management skills, and the
gravitas to convey a vision and motivate a team.” There are ways in which
individuals can help themselves stand out. “One of the critical things I did
that really helped me develop into a CTO was to have an external mentor who was
already a CTO,” says Mark Benson, CTO at Logicalis UKI.
How Good Data Management Enables Effective Business Strategies
Data governance should also not be overlooked as an important component of data
management and data quality. Sometimes used interchangeably, there are important
differences. If data quality, as we’ve seen, is about making sure that all data
owned by an organization is complete, accurate, and ready for business use, data
governance, by contrast, is about creating the framework and rules by which an
organization will use the data. The main purpose of data governance is to ensure
the necessary data informs crucial business functions. It is a continuous
process of assessing, often through a data steward, whether data that has been
cleansed, matched, merged, and made ready for business use is truly fit for its
intended purpose. Data governance rests on a steady supply of high-quality data,
with frameworks for security, privacy, permissions, access, and other
operational concerns. A data management strategy that encompasses the elements
described above with respect to data quality will empower a business environment
that can successfully achieve and even surpass business goals – from improving
customer and employee experiences to increasing revenue and everything in
between.
What Is Policy-as-Code? An Introduction to Open Policy Agent
As business, teams, and maturity progress, we'll want to shift from manual
policy definition to something more manageable and repeatable at the enterprise
scale. How do we do that? First, we can learn from successful experiments in
managing systems at scale:Infrastructure-as-Code (IaC): treat the content that
defines your environments and infrastructure as source code. DevOps: the
combination of people, process, and automation to achieve "continuous
everything," continuously delivering value to end users. Policy as code uses
code to define and manage policies, which are rules and conditions. Policies are
defined, updated, shared, and enforced using code and leveraging Source Code
Management (SCM) tools. By keeping policy definitions in source code control,
whenever a change is made, it can be tested, validated, and then executed. The
goal of PaC is not to detect policy violations but to prevent them. This
leverages the DevOps automation capabilities instead of relying on manual
processes, allowing teams to move more quickly and reducing the potential for
mistakes due to human error.
Quote for the day:
"Those who are not true leaders will
just affirm people at their own immature level." --
Richard Rohr
No comments:
Post a Comment