Daily Tech Digest - February 10, 2023

Getting Started with Design Thinking for Developers and Managers

More visual, intuitive types of designers do still sometimes struggle working with developers; they expect developers to just accept their intuitive conclusions. But developers in general don't go for touchy-feely intuitive design. They want more logical reasons for design choices. Besides, true design thinking goes beyond intuition, leveraging measurement and analysis too. It's therefore generally a bad idea for a more intuitive, visually oriented designer to lead a design team containing developers. While those designers are valuable members of a design thinking team, their disconnect with developers and their bias towards intuition over analysis means they should not be running the show. ... Visual designers have a vested interest in fostering that impression. Some developers are happy to go along with it because it gives them an excuse to delegate any responsibilities concerning design.It's also a simple and tangible concept for managers to get their heads around. The visual nature is something they can see immediately. More sophisticated forms of design take more effort to understand.

How Cybercriminals Are Operationalizing Money Laundering and What to Do About It

Financial institutions, cryptocurrency companies, and other organizations face increasing fines — sometimes ranging in the millions and billions of dollars — for failure to root out money laundering as government agencies and regulators worldwide seek to crack down on this scourge. ... A preferred tactic by cybercriminal organizations looking to grow their ranks is to use what are known as money mules. These are individuals who are brought in to help launder money — sometimes, unknowingly. They're often lured in under false pretenses and promises of legitimate jobs, only to discover that "job" is to help launder the profits from cybercrime. Back in the day, this money shuffling was typically done through anonymous wire transfer services. While they often got away with it, such transfers are far easier for law enforcement and regulators to track. These days, most criminals have moved to using cryptocurrency. Its relative lack of regulatory oversight, coupled with often-anonymous transactions, make it almost the ideal vehicle for money laundering. 

Solving Problems With The IoT

Despite security concerns, the IoT is so useful that it continues to by leaps and bounds — so much so that when ChatGPT, a new AI search engine, was asked to list the top 100 applications for the IoT, the search engine simply added the word “smart” in front of many common places and items. For example, it responded with “smart aquariums, smart theme parks, smart libraries,” etc. Put simply, the IoT is everywhere. What makes it so popular is its ability to solve problems. For instance, safety is critical in manufacturing, industrial, chemical processing, mining, and many other applications. IoT sensors can be used to monitor environments for the presence of hazardous chemicals. If there is a gas leak, a real-time alert can be sent to the control centers to prevent potential accidents from occurring. In addition, aging infrastructure such as bridges, buildings, highways, and power grids pose risks. To help mitigate these risks, sensors in an IoT network can track cement movement and the changing size of cement cracks. IoT monitoring of the moisture in some building structures can provide advance warning of potential disasters such as collapsing buildings and bridges.

MoD issues revised cloud strategy as it prepares to move top-secret data off-premise by 2025

The Department will be pursuing a multi-cloud approach to sourcing these off-premise capabilities, because no one supplier will be able to address the “complexity of Defence’s requirements” nor its “evolving ambition” or scalability demands, according to the document. “By 2025, the services required by game-changing military capabilities will be available across Defence, accelerating our level of cloud consumption,” the document continued. “We will take advantage of evergreen solutions to prevent future obsolescence, and to ensure immediate access to the latest technologies, driving the pace of modernisation. “By 2025, we will use cloud platforms as the foundation on which to build capabilities in big data, advanced analytics, automation and synthetics. We will spend the majority of our compute expenditure investing in strategic modern platforms, rather than maintaining obsolete legacy platforms.” Elsewhere in the document, the organisation said its aim is to be “cloud-native” as much as possible, with members of the Defence community encouraged to take an MODCloud-first approach to procuring services.

Google’s AI chatbot is out to rival ChatGPT

While Bard is still in its early stages of development, Google is confident that the system will be able to compete with ChatGPT and other AI systems in the market. Apart from assisting with search engine capabilities, Bard will bring other features that will assist developers in developing their applications using Google’s language model. “Beyond our own products, we think it’s important to make it easy, safe and scalable for others to benefit from these advances by building on top of our best models,” Pichai wrote. “Next month, we’ll start onboarding individual developers, creators and enterprises so they can try our Generative Language API, initially powered by LaMDA with a range of models to follow. Over time, we intend to create a suite of tools and APIs that will make it easy for others to build more innovative applications with AI.” For other end users, there has been a mixed reaction regarding how AI chatbots will affect the order of things. While some people argue that the advent of these chatbots and their potential integration into search engines will aid the creative and marketing industries, others think otherwise.

Yes, CISOs should be concerned about the types of data spy balloons can intercept

Nation-states will collect intelligence to further their knowledge of rivals and a large part of that intelligence will come from private corporations. The fact that China chose this particular time to do so is indicative of its desire to place the United States in a weakened position ahead of a planned visit to China by US Secretary of State Antony Blinken, if it could. The United States didn’t take the bait and postponed the visit indefinitely and sent a demarche to the government of China. The “sources tell us” snippets from the mainstream media note that the United States purposefully allowed the balloon and its collection platform to continue its mission and to receive navigational commands but jammed the transmission of non-navigational signals. Thus, it is probable that the Chinese tried to issue a destruct command (not unlike those any CISO can do for a lost iPhone) but were unable to do so due to US countermeasures. Regardless of the outcome of that technological duel in the sky, the containers will provide valuable intelligence. 

10 Tips for Developing a Data Governance Strategy

There is no “one” right data governance leader. In some companies, the data governance leader is the chief data officer. In others, it may be the CFO, chief risk officer, or CIO. Historically, the role has resided within the realm of IT. Today, that’s changing. A Forrester study found that 45% of companies make data governance mostly business-focused, while 53% are IT-focused. Forrester advises that data governance is more a business problem and should be anchored in a business context. No matter which office heads up the data governance strategy, the team should be spread throughout the company, incorporating subject-matter or line-of-business experts, data analysts, data scientists, the IT department, and legal counsel. “What we’ve done wrong in the past is taken a role and turned it into a position, versus thinking about how we use data, build insights, and make decisions from our data,” Goetz said. “If you can see how you operate as a culture, you can figure out who should own it in the company.”

Cyber Insurance Costs Lead to Scrutiny of Business Partners

“Many suppliers to large companies often are small businesses that lag behind in their deployment of cybersecurity controls. They can be an easy path for cyber criminals to launch attacks on larger organizations,” she says. “This additional risk needs to be considered when pricing cyber coverage and has an impact on cyber insurance premiums.” She explains that having adequate cybersecurity deployed when interacting with third-party vendors drastically improves the risk profile of any organization. “It also makes it more insurable for cyber, which in return lowers premiums or opens more coverage options,” Dumont adds. This approach by larger businesses ranges, for example, from compliance to security best practices when deploying cloud providers and requiring multi-factor authentication (MFA) for maintenance services when they access the company’s connected equipment. From her perspective, third-party scrutiny on cybersecurity yields positive outcomes for all, starting with the most important benefit, which is to lower the likelihood of facing a cyber incident.

Seven deadly sins of devising a cloud strategy

Relying on a single vendor to implement a cloud strategy is an inflexible approach that leaves enterprises isolated when it comes to maintaining control over the performance of their digital platform. It can mean having little or no say in which services and providers can be adopted while being locked-in to lengthy service agreements, even when prices rise, or when service levels fall off. This is particularly pertinent given the dramatic reduction in the cost of cloud services in recent years. ... Losing track of costs is easily done when implementing a cloud strategy, especially in cases when the scale of the transformation is significant. It’s imperative to identify areas where resources are being mismanaged and then eliminate waste. For example, in a sector such as financial services, which has traditionally been slow to adopt cloud computing, taking a “rightsizing” approach will help identify areas that have not been provisioned correctly. They can then be reconfigured to optimal levels. In practice, this means only purchasing cloud services that a business actually needs and that it will use.

Secure Delivery: Better Workflows for Secure Systems and Pain-Free Delivery

When reviewing architecture at a high level, any security concerns are usually big-ticket items that require considerable effort to retrofit, and sometimes even the redesign of a critical feature of a system like authentication. Lower-level threats and vulnerabilities are often found by outsourcing deeper technical security knowledge from an external penetration testing company, who are engaged to attack the system and highlight any serious issues. After these activities are complete, we usually see a fractious negotiation around risk and resources, with the engineering team pushing back on making expensive, time-consuming changes to their system architecture and operational processes just before their release deadlines, and the system owner pushing for risk acceptance for all but the most serious risks. Overall, security can be seen as something that’s owned by the security team and not an attribute of a system’s quality that’s owned by engineers, like performance or reliability.

Quote for the day:

"Leadership - leadership is about taking responsibility, not making excuses." -- Mitt Romney

No comments:

Post a Comment