Daily Tech Digest - February 07, 2023

The On-Premises Empire Strikes Back At AWS

Anybody who can read a financial report knows they are paying too much for compute, storage, networking, and software at Amazon Web Services. It is as obvious as the sun at noon. And it is also obvious – and increasingly so – that the retailing and media businesses at Amazon are as addicted to the AWS profits and the free compute capacity it gives to the corporate Amazon parent as IBM has ever been addicted to the high price of its vaunted mainframe platforms.And so Amazon and therefore AWS is stuck between a rock – increasing competition from Microsoft Azure and Google Cloud, and to a lesser extent Alibaba, Tencent, IBM Cloud, and a bunch of niche cloud builders – and a hard place – the desire to move back to on-premises IT operations, usually in a co-location facility to try to save money compared to buying cloud capacity and software. ... The bad news for Amazon is that this pinch is coming as the parent company is spending vast sums building its media empire and further automating and expanding its electronic retailing and grocery operations. 

Deduplication and Data Stewardship Process in MDM

Match merge is a process that can help identify duplicate data in master data. It takes data from different systems and looks for duplicates or exact matches (and merges them if necessary) to make a "golden copy" of the record. ... The matching process includes match columns and match rules that help recognize similar records in the database, determine customer records for automatic compliance, and determine documents that a data steward should review before consolidation. The matching process consists of two basic techniques (fuzzy match and exact match) that help identify duplicates. In fuzzy matching, base object matches are found through the slowest method. In it, records are matched based on misspellings, transpositions, word combinations, splits, omissions, and phonetic variances. Exact matches make it quicker to compare records whose match columns are identical. Consolidation is the next step after the matching phase. It is rich with queued match records and sent for the merging process. The merged data after compliance is known as the "golden record."

Machine Learning Is as Easy as an API, Says Hugging Face

AI right now seems like the domain of elite experts, but startup Hugging Face plans to “democratize good machine learning” by making it as easy as deploying a REST API. This isn’t theoretical — it’s possible now, with use cases in frontend and web applications, explained Jeff Boudier, head of product and growth at the startup. Hugging Face offers opens source machine learning (ML) models for free on its community site, while charging a fee for infrastructure and service support. ... Boudier estimated customers have deployed about 20,000 projects using AI technologies on their platform. “Frontend, backend, mobile — it all works because we abstract away all of the machine learning and the infrastructure around the machine learning, so at the end of the day, it’s a REST API that you can send requests to — whether it’s from your frontend JavaScript or it’s your backend, or from a mobile client,” Boudier said. “We have a ton of developers and AI startups that are using our models and the inference endpoints … to power user-facing experiences.”

How Quantum Computing Could Affect the Automotive Landscape

Although QC affects all modern digital systems, vehicles are more susceptible to the dangers of QC for several reasons:Vehicles have a relatively long life cycle. New vehicles entering the market today will stay on the road for approximately 15 years, with the current average age of a passenger car in the US being around 12 years and rising. Electric cars are expected to have even longer life spans. ECUs are typically harder to update than personal computers and mobile devices. This is especially true for their cryptographic capabilities, which are often implemented in a dedicated hardware component, called a Hardware Security Module (HSM) or Secure Hardware Extension (SHE), making it impossible to change the cryptographic schemes without a change of hardware. Some ECUs can be updated seamlessly over the air, but many can only be updated in registered service stations using dedicated tools. Vehicles are composed of dozens of ECUs (sometimes more than 100), with the number of ECUs constantly rising in recent years. 

Embracing The Human Element Of Security Automation

Security incident response is historically people-focused: The security team identifies risk and then addresses it. Automation is a compelling solution to the overwhelming amount of security tasks. Still, many organizations are trying to take what is currently a fully manual process and transcribe it almost one-for-one into an automated process. In many cases, this doesn’t work because it fails to account for the institutional knowledge of the security team. Hesitant business leaders should feel confident in investing in automation knowing that the human element is vital to successful implementation. Think of automation as an extension of the security team, not a replacement. Security teams are still your biggest asset, especially in crisis moments when their deep institutional knowledge can give important context and insight that may not be a part of a standard checklist. Many organizations are increasingly seeing the benefit of security automation and the fact that it allows strapped security teams to focus on higher-priority tasks by removing the mundane, repetitive tasks from their plates, rather than taking jobs away.

Best Practices for Promoting Information Security Awareness

The preferred approach to delivering education on information security concepts are not simply a switch to smaller, bite-sized courses, but training that is targeted to meet the role of the learner. While everyone can benefit from knowledge about the basics of information security and how to protect their online footprint, certain positions and academic disciplines require less exposure to the technical components. Rather than disseminate a broad view of topics, it is recommended that content be segmented and factor in ample time for discussion and absorption of the material. Advanced concepts like penetration testing and audits should be reserved for those in technical positions or seeking a similar academic discipline. Keeping curricula generic makes the content you deliver suitable for a broader target audience. Imposing restrictions, such as 45-minute lectures with a maximum of 20 slides, offer the best pacing and depth of material. Including real-world examples, such as a scenario in which an individual receives a phishing email and must decide how to respond, helps put the information into context for the learner.

The profound danger of conversational AI

Whatever we call them, these systems have terrifying vectors for misuse and abuse. I’m not talking about the obvious danger that unsuspecting consumers may trust the output of chatbots that were trained on data riddled with errors and biases. No, I’m talking about something far more nefarious — the deliberate manipulation of individuals through the targeted deployment of agenda-driven conversational AI systems that persuade users through convincing interactive dialog. Instead of firing buckshot into broad populations, these new AI methods will function more like “heat-seeking missiles” that mark users as individual targets and adapt their conversational tactics in real time, adjusting to each individual personally as they work to maximize their persuasive impact. At the core of these tactics is the relatively new technology of LLMs, which can produce interactive human dialog in real time while also keeping track of the conversational flow and context.

Bolstering cybersecurity readiness in the cloud

Firstly, the introduction of Business Risk Observability comes in response with a growing trend of security and observability gradually converging, with organisations now able to leverage a business risk scoring solution via Cisco Secure Application, in Cisco AppDynamics. This first-of-its kind solution is planned to enhance Cisco’s Full-Stack Observability application security solution, combining Kenna Risk Meter score distribution and Business Transactions from Cisco AppDynamics, as well as integrating with Panoptica for API security and Talos for threat intelligence. ... While authentication often proves effective when it comes to preventing unauthorised access, there is always a danger of user fatigue developing as a result of too many constant requests. To help mitigate this, Cisco has launched Duo Risk-Based Authentication, which utilises remembered devices and a Wi-Fi fingerprint to determine legitimate users based on commonly used Wi-Fi networks, while preserving privacy by not storing location data.

Artificial Intelligence and ChatGPT in The Aspirational India

There is a serious threat looming over another AI: Aspirational India, as well as an opportunity. These are the final 12-14 months before general elections in some key states in 2024. We have already seen that India stands out as a bright spot in an otherwise bleak global economic outlook. Aspirational India, which has risen since the 1991 liberalisation under PV Narasimha Rao and has seen growth in the mid-2000s, faced a global recession from 2009 to 2011, recovered from the double whammy of Covid and the much-needed GST regime consolidation. As we begin to recover, we may see politics eclipsing the economic gains made. In the near future, we may also see security issues that call India’s story into question. The neighbours have their own internal issues, but they are not afraid of conflict. As we have seen in recent attacks on the incumbent party by a biassed piece of journalism that challenges Indian institutions and some targeted financial houses to again tarnish financial systems suggesting crony capitalism, India’s story may be challenged and tarnished in the international arena.

Top 6 SaaS Security Threats for 2023

SaaS-to-SaaS app integrations are designed for easy self-service installations, boosting efficiency and functionality. However, these features pose a security nightmare. The challenge is centered on the increasing volume of apps connected to the company’s SaaS environment. On average, thousands of apps are connected without the approval or knowledge of the security team. Employees connect these apps, often to boost productivity, enable remote work, and better build and scale a company’s work processes. However, when connecting apps to their workspaces, employees are prompted to grant permissions for the app to access. These permissions include the ability to read, create, update and delete corporate or personal data, not to mention that the app itself could be malicious. By clicking “accept,” the permissions they grant can enable threat actors to gain access to valuable company data. Users are often unaware of the significance of the permissions they’ve granted to these third-party apps.

Quote for the day:

"It is, after all, the responsibility of the expert to operate the familiar and that of the leader to transcend it." -- Henry A. Kissinger

No comments:

Post a Comment