Daily Tech Digest - February 01, 2023

Top 6 roadblocks derailing data-driven projects

Making the challenge of getting sufficient funding for data projects even more daunting is the fact that they can be expensive endeavors. Data-driven projects require a substantial investment of resources and budget from inception, Clifton says. “They are generally long-term projects that can’t be applied as a quick fix to address urgent priorities,” Clifton says. “Many decision makers don’t fully understand how they work or deliver for the business. The complex nature of gathering data to use it efficiently to deliver clear [return on investment] is often intimidating to businesses because one mistake can exponentially drive costs.” When done correctly, however, these projects can streamline and save the organization time and money over the long haul, Clifton says. “That’s why it is essential to have a clear strategy for maximizing data and then ensuring that key stakeholders understand the plan and execution,” he says. In addition to investing in the tools needed to support data-driven projects, organizations need to recruit and retain professionals such as data scientists. 

IoT, connected devices biggest contributors to expanding application attack surface

Along with IoT and connected device growth, rapid cloud adoption, accelerated digital transformation, and new hybrid working models have also significantly expanded the attack surface, the report noted.  ... Inefficient visibility and contextualization of application security risks leave organizations in “security limbo” because they don’t know what to focus on and prioritize, 58% of respondents said. “IT teams are being bombarded with security alerts from across the application stack, but they simply can’t cut through the data noise,” the report read. “It’s almost impossible to understand the risk level of security issues in order to prioritize remediation based on business impact. As a result, technologists are feeling overwhelmed by new security vulnerabilities and threats.” Lack of collaboration and understanding between IT operations teams and security teams is having several negative effects too, the report found, including increased vulnerability to security threats and blind spots, difficulties balancing speed, performance and security priorities, and slow reaction times when addressing security incidents.

Firmware Flaws Could Spell 'Lights Out' for Servers

Five vulnerabilities in the baseboard management controller (BMC) firmware used in servers of 15 major vendors could give attackers the ability to remotely compromise the systems widely used in data centers and for cloud services. The vulnerabilities, two of which were disclosed this week by hardware security firm Eclypsium, occur in system-on-chip (SoC) computing platforms that use AMI's MegaRAC Baseboard Management Controller (BMC) software for remote management. The flaws could impact servers produced by at least 15 vendors, including AMD, Asus, ARM, Dell, EMC, Hewlett-Packard Enterprise, Huawei, Lenovo, and Nvidia. Eclypsium disclosed three of the vulnerabilities in December, but withheld information on two additional flaws until this week in order to allow AMI more time to mitigate the issues. Since the vulnerabilities can only be exploited if the servers are connected directly to the Internet, the extent of the vulnerabilities is hard to measure, says Nate Warfield, director of threat research and intelligence at Eclypsium. 

As the anti-money laundering perimeter expands, who needs to be compliant, and how?

Remember: It’s not just existing criminals you’re looking for, but also people that could become part of a money laundering scheme. One very specific category is politically exposed persons (PEP), which refers to government workers or high-ranking officials at risk of bribery or corruption. Another category is people in sanctioned lists, like Specially Designated Nationals (SDN) composed by the Office of Foreign Assets Control (OFAC). They contain individuals and groups with links to high-risk countries. Extra vigilance is also necessary when dealing with money service businesses (MSB), as they’re more likely to become targets for money launderers. The point of all this is that a good AML program must include a thorough screening system that can detect high-risk customers before bringing them onboard. It’s great if you can stop criminals from accessing your system at all, but sometimes they slip through or influence existing customers. That’s why checking users’ backgrounds for red flags isn’t enough. You need to keep an eye on their current activity, too.

Digital transformation: 4 essential leadership skills

Decisiveness by itself is not enough. A strong technology leader needs to operate with flexibility. The pace of change is no longer linear, and leaders have less time to assess and understand every aspect of a decision. Consequently, decisions are made faster and are not always the best ones. Realizing which decisions are not spot-on and being able to adapt quickly is an example of the type of flexibility a leader needs. Another area leaders should understand is when, how, and from whom to take input when making adjustments. For example, leaders shouldn’t rely solely on customer input to make all product decisions. A flexible leader needs to understand the impact on the development teams and support teams as well. In our experience, teams with decisive and flexible leaders are more accepting of change. This is especially true during transformation. Leaders need to know when and how to be decisive to lead their team to success. In tandem, future-ready leaders can adapt to new information and inputs in today’s fast-paced technology environment.

Pathways to a More Sustainable Data Center

“When building a data center to suit today's needs and the needs 20 years in the future, the location of the facility is a key aspect,” he says. “Does it have space to expand with customer growth? Areas to remediate and replace systems and components? Is it in an area that has an extreme weather event seasonally? Are there ways to bring more power to the facility with this growth?” He says these are just a few of the questions that need to be thought of when deploying and maintaining a data center long term. "Technology may be able to stretch the limits of what’s possible, but sustainability starts with people,” Malloy adds. “Employees that implement and follow data center best practices keep a facility running in peak performance.” He says implementing simple things such as efficient lighting, following management-oriented processes and support-oriented processes for a proper maintenance and part replacement schedule increase the longevity of the facility equipment and increase customer satisfaction. 

Enterprise architecture modernizes for the digital era

Although leading enterprise architects see the need for a tool that better reflects the way they work, they also have concerns. “Provenance and credibility are key, so you risk making the wrong decisions as an enterprise architect if there’s no accuracy in the data,” Gregory says of how EAM tools are reliant on data quality. Winfield agrees, adding: “The difficult bit is getting accurate data into the EAM.” Gartner, in its Magic Quadrant for EA Tools, reports that the EAM sector could face some consolidation, too: “Due to the importance and growth in use of models in modern business, we expect to see some major vendors in adjacent market territories make strategic moves by either buying or launching their own EA tools.” Still, some CIOs question the value of adding EAM tools to their technology portfolio alongside IT service management (ITSM) tools, for example. The Very Group’s Subburaj foresees this being a challenge. “Some business leaders will struggle to see the direct business impact,” he says. 

Career path to CTO – we map out steps to take

Successful CTOs will need a range of skills, including technical but also business attributes. “The ability to advise and steer the technology strategy that is right for the business in the current and changing market conditions is crucial,” says Ryan Sheldrake, field CTO, EMEA, at cloud security firm Lacework. “Spending and investing wisely and in a timely manner is one of the more finessed parts of being a successful CTO.” ... “To achieve a promotion to this level, you need both,” she says. “For most of the CTO assignments we deliver, a solid knowledge base in software engineering, technical, product and enterprise architecture is required, as well as knowledge of cloud technologies and information security. From a leadership perspective, candidates need excellent influencing skills, strategic thinking, commercial management skills, and the gravitas to convey a vision and motivate a team.” There are ways in which individuals can help themselves stand out. “One of the critical things I did that really helped me develop into a CTO was to have an external mentor who was already a CTO,” says Mark Benson, CTO at Logicalis UKI. 

How Good Data Management Enables Effective Business Strategies

Data governance should also not be overlooked as an important component of data management and data quality. Sometimes used interchangeably, there are important differences. If data quality, as we’ve seen, is about making sure that all data owned by an organization is complete, accurate, and ready for business use, data governance, by contrast, is about creating the framework and rules by which an organization will use the data. The main purpose of data governance is to ensure the necessary data informs crucial business functions. It is a continuous process of assessing, often through a data steward, whether data that has been cleansed, matched, merged, and made ready for business use is truly fit for its intended purpose. Data governance rests on a steady supply of high-quality data, with frameworks for security, privacy, permissions, access, and other operational concerns. A data management strategy that encompasses the elements described above with respect to data quality will empower a business environment that can successfully achieve and even surpass business goals – from improving customer and employee experiences to increasing revenue and everything in between.

What Is Policy-as-Code? An Introduction to Open Policy Agent

As business, teams, and maturity progress, we'll want to shift from manual policy definition to something more manageable and repeatable at the enterprise scale. How do we do that? First, we can learn from successful experiments in managing systems at scale:Infrastructure-as-Code (IaC): treat the content that defines your environments and infrastructure as source code. DevOps: the combination of people, process, and automation to achieve "continuous everything," continuously delivering value to end users. Policy as code uses code to define and manage policies, which are rules and conditions. Policies are defined, updated, shared, and enforced using code and leveraging Source Code Management (SCM) tools. By keeping policy definitions in source code control, whenever a change is made, it can be tested, validated, and then executed. The goal of PaC is not to detect policy violations but to prevent them. This leverages the DevOps automation capabilities instead of relying on manual processes, allowing teams to move more quickly and reducing the potential for mistakes due to human error.

Quote for the day:

"Those who are not true leaders will just affirm people at their own immature level." -- Richard Rohr

No comments:

Post a Comment