Daily Tech Digest - February 25, 2023

Beyond Chess and the Art of Enterprise Architecture

In EA orthodoxy, the common future state goal is also seen as contributing to the coherence of design choices. As this is clearly not enough, architecture principles have been espoused as a way to make future design choices ‘good’. Architecture principles, are like simple tactical ‘gameplay rules’ in chess. My favourite chess gameplay rule example is that one can give each piece in chess a weight (queen is 9, castle is 5, bishop and knight is 3 and pawn is 1) and that if you exchange material then you should take the exchange when you win more points than you lose. That is the chess equivalence of an architecture principle: it defines ‘the choice you should make’. Following sych a rule blindly is a sure way to lose a game of chess, though. Simply focusing on getting more material, will not make you win, you might not even end up with more material. But what is true is that winners do in general end up with more pieces than losers. This tactical gameplay rule of chess are thus descriptive and not prescriptive. 

Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps?

It's in the interest of the vendors to get users hooked quickly on any cool, new functionality by removing all friction to adoption, including bypassing IT and security team reviews in the process. The hope is that even if security teams grow wise to the use of an application, it will prove too popular with business users and too critical to business operations to remove it. However, making adoption overly easy can also lead to a proliferation of unused, abandoned, and exposed apps. Once an app is rejected during a proof of concept (PoC), is abandoned due to waning interest, or the app owner leaves the organization, it can often remain active, providing an expanded and unguarded attack surface that places the organization and data at elevated risk. While it's important to educate your business users on SaaS security best practices, it's even more important to fight indiscriminate SaaS sprawl by teaching them to evaluate more critically the siren song of SaaS vendors about easy deployment and financial incentives.

Meta’s New Feature will Make You Rethink Your Online Presence

Digital identity is touted to be the most essential component in how we will operate in the social media world, or the metaverse, in years to come. “Subscription identity verification could be even more important in the metaverse where it is critical to know that the person you are interacting with is precisely who they claim to be,” Louis Rosenberg told AIM. During the 2023 World Economic Forum (WEF), the argument in favour of the proposition was overwhelmingly affirmative, and it went as follows: “To achieve this frictionless state, good system-wide interoperability of the metaverse should consider interests such as privacy, security and safety. Given the borderless nature of the metaverse, multistakeholder and multilateral collaboration will be required to reach consensus on design choices, best practices, standards and management activities.” The multiple stakeholders mentioned above include not only creators and users, but also governments, businesses and civil society.

As Microsoft embraces AI, it says sayonara to the metaverse

First, if you’ve got big metaverse plans involving Microsoft-related technologies, it’s time to re-examine what you’re doing. Microsoft will support its metaverse only around the edges, meaning to a certain extent, you’re on your own. Take that into account in deciding your next steps. It also means you should be careful about buying too much or too quickly into Microsoft’s AI promises. Yes, the company appears to be going all in on the technology, with billions of dollars in investments and high-profile pronouncements about its use in Bing. It claims AI will essentially be built into everything it does from now on. There’s no doubt AI will affect much of what the company does in the years ahead. But remember, it was just two years ago that Nadella could not “overstate how much of a breakthrough” the metaverse was. And now Microsoft has all but abandoned it. Be cautious when it comes to AI. You need to invest in it, but don’t go all in until it’s clear Microsoft will itself be all in for many years to come.

Don’t let buzzwords drive your cloud architecture

Why am I bringing it up now if it’s a known and long-time problem? I see BOA drive most cloud architectures these days, with enterprises paying the price for expensive mistakes. As I covered here, these architectures “work,” but because they function at a much lower level of cost efficiency, enterprises typically spend two to three times more than a better-optimized solution. Just look at the misapplications of containers to see many examples of this expensive problem. ... Cloud computing didn’t fail the business; those who created the cloud solutions failed the business. Instead of finding the most cost-effective and optimized cloud architecture, they took a BOA approach that started with answers before there was a clear understanding of the questions. I’ve created many IT architecture concepts and many buzzwords in my career. The danger comes when those concepts and buzzwords are misapplied and we mistakenly blame the concept, not the person who misapplied it.

How Can Quantum Entanglement Be Used For Secure Communication?

There is little doubt that quantum technology will have a huge impact on cybersecurity and cryptography. Already, we can see government agencies across the globe preparing enterprises for “Q-Day”, a time when quantum computers will be able to use Shor’s algorithm to break all public key systems that use integer factorization-based cryptography. As a procedure, quantum communication entails encoding information in quantum states, called qubits, rather than in the classical binary tradition of “zeros and ones”, taking advantage of the special properties of these quantum states to guarantee security. Most commonly, photons are used for this. Quantum Key Distribution (QKD) is a proven theoretical security that is future-proof yet requires trusted nodes for long distances. Presently, a single QKD link is limited to a few 100 km with a sweet spot in the 20–50 km range. Work on quantum repeaters and satellite-QKD is ongoing to extend the range. 

Data governance holds the key to integrity and security

Data governance provides the principles, policies, processes, framework, tools, and metrics required to manage data at all levels, from creation to consumption, effectively. When implemented, data governance establishes a pathway for integrity by having effective quality management and in meeting compliance standards in all applicable privacy and security measures. Through such features, data is made trustworthy, which is key in any IT transformation. ... In an age of increasing complexity in all aspects of data technology and architecture, federal agencies and military IT departments need to simplify their approach to data governance to succeed. The ideas discussed here can simplify and significantly improve any data governance initiative. By leveraging data virtualization technology, agencies can take advantage of these ideas and transform their approaches to data management and data governance to achieve more efficient operations and secure data access.

For Effective Governance, Start with Why

It’s critical to take a collaborative approach when creating program standards, so enlisting the support from colleagues in departments like legal, HR, cybersecurity, risk management, and safety will aid in buy-in and deconfliction, and you might be able to even borrow similar style, terminology, and processes from them. After all, few of us can claim our standards, procedures and governance products are truly proprietary. They are usually blends of other products from various organizations which can apply best for our industry, organization, location, and culture. Consult codified standards from organizations like ISO, ANSI, NIST, and ASIS. Benchmark drafts with peer organizations. ... Further, you will likely be sharing risk with various departments, so it’s critical to understand existing jurisdictions. Finally, to have any status, this document should be reviewed and approved by senior leadership. There will be challenges to your authority and you will need support to defend against this.

These Experts Are Racing To Protect AI From Hackers

Concerns about attacks on AI are far from new but there is now a growing understanding of how deep-learning algorithms can be tricked by making slight -- but imperceptible -- changes, leading to a misclassification of what the algorithm is examining. "Think of the AI system as a box that makes an input and then outputs some decision or some information," says Desmond Higham, professor of numerical analysis at University of Edinburgh's School of Mathematics. "The aim of the attack is to make a small change to the input, which causes a big change to the output." ... This recognition process isn't an error; it happened because humans specifically tampered with the image to fool the algorithm -- a tactic that is known as an adversarial attack. "This isn't just a random perturbation; this imperceptible change wasn't chosen at random. It's been chosen incredibly carefully, in a way that causes the worst possible outcome," warns Higham.

Security with ChatGPT: What Happens When AI Meets Your API?

Right now, the brightest minds in cybersecurity are envisioning how to employ better AI and machine learning (ML) security. Such as CyberArk researchers, who recently discovered how to easily trick ChatGPT into creating polymorphic, malicious malware. At the heart of AI’s cybersecurity concerns is the proliferation of APIs (application programming interfaces). While developers are working to simplify and accelerate architecting, configuring and building serverless applications with the help of new AI systems like DeepMind’s AlphaCode, problems arise as ML becomes responsible for generating and executing code. ... So far, with OpenAI’s ChatGPT, the results look good and may even work well. That said, many results aren’t perfect and could incorporate flaws that aren’t evident upon initial review. Whether the coder is an AI system or a human, organizations still need a strong approach to application security that will catch vulnerabilities in code and provide suggestions on how to remediate them.

Quote for the day:

"Give away what you most wish to receive." -- Robin Sharma

No comments:

Post a Comment