Daily Tech Digest - March 12, 2023

What is DevSecOps and How Does it Work?

DevSecOps is a methodology that emphasizes integrating security practices into the software development process. The idea is to promote collaboration and communication among development, security, and operations teams to incorporate security throughout the entire software development lifecycle. DevSecOps is a combination of three words: Development + Security + Operations. The approach acknowledges that security is an integral part of the software development cycle, and we should integrate it right from the beginning instead of treating it as an afterthought. ... Incorporate security practices as early as possible in the software development lifecycle. It is because the entire DevSecOps team is collectively responsible for ensuring the security of your system. By implementing security from the beginning, your team can discover and fix security threats early, providing smooth delivery cycles. ... DevSecOps can significantly increase your chances of success by ensuring the software you develop is free of any issues. However, getting it right is a real challenge.

The AI Act: What Does It Mean for Patenting Products

The Act lists three categories of AI systems. The first one relates to systems associated with an ‘unacceptable risk’. It includes systems which seek to manipulate vulnerable persons, social scoring and the use of real-time biometric data, such as face recognition (with limited exceptions for law enforcement). These systems are simply prohibited in the EU. The second category is ‘high risk’. There are two main parts to this: systems which are key to safety and systems which could potentially be socially damaging, such as those systems where bias could be particularly harmful. For instance, AI systems associated with access to opportunities in life, such as education, employment, credit scores, and public services, fall into this category. The Act is intended to ensure that everyone is treated fairly and not subjected to prejudice or discrimination baked into an AI system. The AI act introduces additional burdens in bringing such systems to market if they have an AI element.

Don’t Get Caught Off Guard: A Roadmap to Cyber Resilience

The term cybersecurity and cyber resilience have been used interchangeably by many. While both share the same objective, implementation is where they differ. While cybersecurity emphasizes on deploying strategies that prevent cyber-attacks from penetrating the systems, cyber resilience is a holistic approach that encompasses resisting, navigating, and surviving the entire lifecycle of an attack. In short, cyber resilience is a broader scope of cybersecurity. According to the World Economic Forum’s 2022 Global Cybersecurity Outlook, the average cost of a corporate breach is $3.6 million per incident, and it takes roughly 280 days to identify and address a penetration. This survey in itself calls for the need for a game plan. Building defenses along the perimeters, and following a siloed approach are methods of the past years. Considering the massive attack landscape that currently exists, business leaders must steer towards a holistic cybersecurity strategy that involves identifying and securing all vulnerable endpoints. 

It’s a weird, weird quantum world

Shor’s work was the first to show that a quantum computer could solve a real, practical problem. His talk set the seminar abuzz, and the news spread, then became conflated. Four days after his initial talk, physicists across the country were assuming Shor had solved a related, though much thornier problem: prime factorization — the challenge of finding a very large number’s two prime factors. ... “It was like the children’s game of ‘telephone,’ where the rumor spread that I had figured out factoring,” Shor says. “And in the four days since [the talk], I had!” By tweaking his original problem, Shor happened to find a similar quantum solution for prime factorization. His solution, known today as Shor’s algorithm, showed how a quantum computer could factorize very large numbers. Quantum computing, once thought of as a thought experiment, suddenly had in Shor’s algorithm an instruction manual for a very real, and potentially disruptive application. His work simultaneously ignited multiple new lines of research in quantum computing, information science, and cryptography.

Why You Should Give a Damn About Software Design

The Factory Design Pattern is a programming concept that allows you to create objects in a more flexible and controlled way. Imagine you need to create many products for your store, but each object is created differently based on some conditions. For example, if you were building cars, you know that they will all require at least 4 wheels, a gas tank, an engine, and so forth, but every car will have a unique color, shape, year, and model. Instead of creating each car entirely from scratch, you can build a blueprint to determine exactly how each car should be engineered. No need to keep returning to the drawing board. The factory has a method that takes in some parameters and based on those parameters, it creates the appropriate object and returns it to you. This way, you can create many objects easily and you can change how the objects are created by changing the factory’s method, instead of changing the entire program.

Good Things Happen When DevSecOps and Cloud Collide

Cloud-based data is accounting for 39% of successful cyberattacks. Containerized applications, which have been a boon to both migration and management can also lead to vulnerabilities – which is fitting for security to be cited as a top concern for more than half of the organizations surveyed. ... The idea is simple: You must find a way, a process, a method, and the right partners to help secure all workloads across any cloud environment, regardless of the platform or the amount of data and application real estate needed. By establishing this model, organizations are able to create a fundamental layer of protection against the ever-evolving threat of cybercriminals. Take one of our large banking customers, for example, who runs critical applications on AWS with stringent security and compliance requirements. We implemented a secured framework to protect their applications running on modern, cloud-native services like containers and Lambda functions using DevSecOps principles and cloud-native SIEM solutions. 

Every third employee in IT will soon be a gig worker- are you one of them?

For enterprises, engagement with the gig workforce ensures cost savings, flexibility of an ad-hoc, project-based working model that can be scaled or descaled quickly, enable quick onboarding, and access to highly skilled, niche talent. However, engaging with gig workers comes with its own set of challenges, including concerns around data security, IP theft, access management, cultural orientation, etc. These challenges span across planning, onboarding, execution, and payment phases in the lifecycle of gig workers. The study reveals that more than 70 per cent of CXOs feel that onboarding and execution are the two difficult yet crucial phases, addressing which can enable widespread adoption of the gig economy model. Technologies such as cloud, artificial intelligence (AI), and cybersecurity are being leveraged to address such challenges in a transparent and productive way. Cloud technology, which enabled the seamless transition to remote work, will be critical in addressing the challenges of the gig economy. 

Cyber Resilience More Than A Software Problem

From our unique position in the BIOS of millions of active devices, we can see security applications from the world’s leading security companies, running in some of the most sophisticated security environments by some of the strongest cyber teams and still be operating at 60 to 70 per cent resiliency — meaning they are only installed, running and healthy across 60 to 70 per cent of the devices where they are required for compliance. Another way to think about that is $0.30 to $0.40 of every dollar spent could be wasted if those controls are not healthy and working to protect the user. That complexity is what we need to tackle for certain. And understanding that the end result will never be zero risk — resiliency in spite of complexity is what Absolute Resilience does that no one else can do. We leverage our unique Persistence technology, already in the device itself, to self-heal these applications automatically — to restore, repair, or even reinstall an application and help to close that seemingly insurmountable gap.

Enterprise Architecture Vs Solution Architecture – Let the Comparison Begin

Enterprise architecture (EA) in an organization is often defined as the organizing logic for business processes and infrastructure. The primary purpose of creating enterprise architecture is to ensure that business strategy and IT are aligned. Enterprise architecture should make it possible for an organization to achieve traceability from the business strategy down to the technology used to implement that strategy. Enterprise Architecture is a journey which acts as a collaboration force among:Business planning (strategic) such as goals, visions, strategies, capabilities and governance principles. ... Solution architecture is a process of architecting, designing, and managing the technical and operational architecture of a solution to meet specific business needs of a business unit of an organization. ... The characteristics of Solution Architecture are:Modular Design – Architecture should always follow a modular component-based designs rather than monolithic blocks of system for easier management and change

How banks can use seven levers to modernize their core systems

To simplify the CBS, banks can explore three options focused on the removal and carve-out of unused or unneeded modules. Rationalize customizations or modules: Banks should analyze unused modules within the CBS code base, screen components, and evaluate other business logic and remove if necessary. This analysis includes the identification of unwanted customizations of an off-the-shelf platform. McKinsey analysis shows that only 10 percent of existing core-banking-system customizations are regulatory driven or business critical. Carve out master-data components: In most cases, customer data is stored within the core banking system. However, requests directed to core banking for basic products, customer data, and pricing data create significant workloads and costs. To simplify, banks can carve out such functionalities and data, allocating them to dedicated master databases and thus reducing the overall load of the CBS.

Quote for the day:

"Good leadership consists of showing average people how to do the work of superior people." -- John D. Rockefeller

No comments:

Post a Comment