The On-Premises Empire Strikes Back At AWS
Anybody who can read a financial report knows they are paying too much for
compute, storage, networking, and software at Amazon Web Services. It is as
obvious as the sun at noon. And it is also obvious – and increasingly so –
that the retailing and media businesses at Amazon are as addicted to the AWS
profits and the free compute capacity it gives to the corporate Amazon parent
as IBM has ever been addicted to the high price of its vaunted mainframe
platforms.And so Amazon and therefore AWS is stuck between a rock – increasing
competition from Microsoft Azure and Google Cloud, and to a lesser extent
Alibaba, Tencent, IBM Cloud, and a bunch of niche cloud builders – and a hard
place – the desire to move back to on-premises IT operations, usually in a
co-location facility to try to save money compared to buying cloud capacity
and software. ... The bad news for Amazon is that this pinch is coming as the
parent company is spending vast sums building its media empire and further
automating and expanding its electronic retailing and grocery
operations.
Deduplication and Data Stewardship Process in MDM
Match merge is a process that can help identify duplicate data in master data.
It takes data from different systems and looks for duplicates or exact matches
(and merges them if necessary) to make a "golden copy" of the record. ... The
matching process includes match columns and match rules that help recognize
similar records in the database, determine customer records for automatic
compliance, and determine documents that a data steward should review before
consolidation. The matching process consists of two basic techniques (fuzzy
match and exact match) that help identify duplicates. In fuzzy matching, base
object matches are found through the slowest method. In it, records are
matched based on misspellings, transpositions, word combinations, splits,
omissions, and phonetic variances. Exact matches make it quicker to compare
records whose match columns are identical. Consolidation is the next step
after the matching phase. It is rich with queued match records and sent for
the merging process. The merged data after compliance is known as the "golden
record."
Machine Learning Is as Easy as an API, Says Hugging Face
AI right now seems like the domain of elite experts, but startup Hugging Face
plans to “democratize good machine learning” by making it as easy as deploying
a REST API. This isn’t theoretical — it’s possible now, with use cases in
frontend and web applications, explained Jeff Boudier, head of product and
growth at the startup. Hugging Face offers opens source machine learning (ML)
models for free on its community site, while charging a fee for infrastructure
and service support. ... Boudier estimated customers have deployed about
20,000 projects using AI technologies on their platform. “Frontend, backend,
mobile — it all works because we abstract away all of the machine learning and
the infrastructure around the machine learning, so at the end of the day, it’s
a REST API that you can send requests to — whether it’s from your frontend
JavaScript or it’s your backend, or from a mobile client,” Boudier said. “We
have a ton of developers and AI startups that are using our models and the
inference endpoints … to power user-facing experiences.”
How Quantum Computing Could Affect the Automotive Landscape
Although QC affects all modern digital systems, vehicles are more susceptible
to the dangers of QC for several reasons:Vehicles have a relatively long life
cycle. New vehicles entering the market today will stay on the road for
approximately 15 years, with the current average age of a passenger car in the
US being around 12 years and rising. Electric cars are expected to have even
longer life spans. ECUs are typically harder to update than personal computers
and mobile devices. This is especially true for their cryptographic
capabilities, which are often implemented in a dedicated hardware component,
called a Hardware Security Module (HSM) or Secure Hardware Extension (SHE),
making it impossible to change the cryptographic schemes without a change of
hardware. Some ECUs can be updated seamlessly over the air, but many can only
be updated in registered service stations using dedicated tools. Vehicles are
composed of dozens of ECUs (sometimes more than 100), with the number of ECUs
constantly rising in recent years.
Embracing The Human Element Of Security Automation
Security incident response is historically people-focused: The security
team identifies risk and then addresses it. Automation is a compelling
solution to the overwhelming amount of security tasks. Still, many
organizations are trying to take what is currently a fully manual process
and transcribe it almost one-for-one into an automated process. In many
cases, this doesn’t work because it fails to account for the institutional
knowledge of the security team. Hesitant business leaders should feel
confident in investing in automation knowing that the human element is
vital to successful implementation. Think of automation as an extension of
the security team, not a replacement. Security teams are still your
biggest asset, especially in crisis moments when their deep institutional
knowledge can give important context and insight that may not be a part of
a standard checklist. Many organizations are increasingly seeing the
benefit of security automation and the fact that it allows strapped
security teams to focus on higher-priority tasks by removing the mundane,
repetitive tasks from their plates, rather than taking jobs away.
Best Practices for Promoting Information Security Awareness
The preferred approach to delivering education on information security
concepts are not simply a switch to smaller, bite-sized courses, but
training that is targeted to meet the role of the learner. While everyone
can benefit from knowledge about the basics of information security and
how to protect their online footprint, certain positions and academic
disciplines require less exposure to the technical components. Rather than
disseminate a broad view of topics, it is recommended that content be
segmented and factor in ample time for discussion and absorption of the
material. Advanced concepts like penetration testing and audits should be
reserved for those in technical positions or seeking a similar academic
discipline. Keeping curricula generic makes the content you deliver
suitable for a broader target audience. Imposing restrictions, such as
45-minute lectures with a maximum of 20 slides, offer the best pacing and
depth of material. Including real-world examples, such as a scenario in
which an individual receives a phishing email and must decide how to
respond, helps put the information into context for the learner.
The profound danger of conversational AI
Whatever we call them, these systems have terrifying vectors for misuse
and abuse. I’m not talking about the obvious danger that unsuspecting
consumers may trust the output of chatbots that were trained on data
riddled with errors and biases. No, I’m talking about something far more
nefarious — the deliberate manipulation of individuals through the
targeted deployment of agenda-driven conversational AI systems that
persuade users through convincing interactive dialog. Instead of firing
buckshot into broad populations, these new AI methods will function more
like “heat-seeking missiles” that mark users as individual targets and
adapt their conversational tactics in real time, adjusting to each
individual personally as they work to maximize their persuasive impact. At
the core of these tactics is the relatively new technology of LLMs, which
can produce interactive human dialog in real time while also keeping track
of the conversational flow and context.
Bolstering cybersecurity readiness in the cloud
Firstly, the introduction of Business Risk Observability comes in response
with a growing trend of security and observability gradually converging,
with organisations now able to leverage a business risk scoring solution
via Cisco Secure Application, in Cisco AppDynamics. This first-of-its kind
solution is planned to enhance Cisco’s Full-Stack Observability
application security solution, combining Kenna Risk Meter score
distribution and Business Transactions from Cisco AppDynamics, as well as
integrating with Panoptica for API security and Talos for threat
intelligence. ... While authentication often proves effective when it
comes to preventing unauthorised access, there is always a danger of user
fatigue developing as a result of too many constant requests. To help
mitigate this, Cisco has launched Duo Risk-Based Authentication, which
utilises remembered devices and a Wi-Fi fingerprint to determine
legitimate users based on commonly used Wi-Fi networks, while preserving
privacy by not storing location data.
Artificial Intelligence and ChatGPT in The Aspirational India
There is a serious threat looming over another AI: Aspirational India, as
well as an opportunity. These are the final 12-14 months before general
elections in some key states in 2024. We have already seen that India stands
out as a bright spot in an otherwise bleak global economic outlook.
Aspirational India, which has risen since the 1991 liberalisation under PV
Narasimha Rao and has seen growth in the mid-2000s, faced a global recession
from 2009 to 2011, recovered from the double whammy of Covid and the
much-needed GST regime consolidation. As we begin to recover, we may see
politics eclipsing the economic gains made. In the near future, we may also
see security issues that call India’s story into question. The neighbours
have their own internal issues, but they are not afraid of conflict. As we
have seen in recent attacks on the incumbent party by a biassed piece of
journalism that challenges Indian institutions and some targeted financial
houses to again tarnish financial systems suggesting crony capitalism,
India’s story may be challenged and tarnished in the international arena.
Top 6 SaaS Security Threats for 2023
SaaS-to-SaaS app integrations are designed for easy self-service
installations, boosting efficiency and functionality. However, these
features pose a security nightmare. The challenge is centered on the
increasing volume of apps connected to the company’s SaaS environment. On
average, thousands of apps are connected without the approval or knowledge
of the security team. Employees connect these apps, often to boost
productivity, enable remote work, and better build and scale a company’s
work processes. However, when connecting apps to their workspaces, employees
are prompted to grant permissions for the app to access. These permissions
include the ability to read, create, update and delete corporate or personal
data, not to mention that the app itself could be malicious. By clicking
“accept,” the permissions they grant can enable threat actors to gain access
to valuable company data. Users are often unaware of the significance of the
permissions they’ve granted to these third-party apps.
Quote for the day:
"It is, after all, the responsibility of the expert to operate the
familiar and that of the leader to transcend it." --
Henry A. Kissinger
No comments:
Post a Comment