AI for security is here. Now we need security for AI
As the mass adoption and application of AI are still fairly new, the security of
AI is not yet well understood. In March 2023, the European Union Agency for
Cybersecurity (ENISA) published a document titled Cybersecurity of AI and
Standardisation with the intent to “provide an overview of standards (existing,
being drafted, under consideration and planned) related to the cybersecurity of
AI, assess their coverage and identify gaps” in standardization. Because the EU
likes compliance, the focus of this document is on standards and regulations,
not on practical recommendations for security leaders and practitioners. There
is a lot about the problem of AI security online, although it looks
significantly less compared to the topic of using AI for cyber defense and
offense. Many might argue that AI security can be tackled by getting people and
tools from several disciplines including data, software and cloud security to
work together, but there is a strong case to be made for a distinct
specialization. When it comes to the vendor landscape, I would categorize AI/ML
security as an emerging field. The summary that follows provides a brief
overview of vendors in this space.Enterprises Die for Domain Expertise Over New Technologies
Domain expertise is important to build a complete ecosystem that can scale.
This can help businesses leverage relevant knowledge and datasets to develop
custom solutions. This is why enterprises look for enablers that can bring in
the domain expertise for particular use cases. ... One of the challenges that
companies encounter today is how to utilise data effectively as per their
business needs. According to a global survey conducted by Oracle and Seth
Stephens-Davidowitz, 91% of respondents in India reported a ten-fold increase
in the number of decisions they make every day over the past three years. As
individuals attempt to navigate this increased decision-making, 90% reported
being inundated with more data from various sources than ever before. “Some
interesting findings we came across was that respondents who wanted
technological assistance also said that the technology should know its
workflow and what it is trying to accomplish,” Joey Fitts, vice president,
Analytics Product Strategy, Oracle told ET.Amazon’s quiet open source revolution
Let’s remember that the open source spadework is not done. For example, AWS
makes a lot of money from its Kubernetes service but still barely scrapes into
the top 10 contributors for the past year. The same is true for other banner
open source projects that AWS has managed services for, such as OpenTelemetry,
or projects its customers depend on, such as Knative (AWS comes in at #12).
What about Apache Hadoop, the foundation for AWS Elastic MapReduce? AWS has
just one committer. For Apache Airflow, the numbers are better. This is
glass-half-empty thinking, anyway. The fact that AWS has any committers to
these projects is an important indicator that the company is changing. A few
years back, there would have been zero committers to these projects. Now there
are one or many. All of this signals a different destination for AWS. The
company has always been great at running open source projects as services for
its customers. As I found while working there, most customers just want
something that works. But getting it to “just work” in the way customers want
requires that AWS get its hands dirty in the development of the project.Response and resilience in operational-risk events
The findings have several urgent implications for leaders as they think about the overall resilience of their institutions, how to minimize the risk of such events occurring, and how to respond when crises do hit. The findings strongly suggest that broad market forces and industry dynamics can magnify adverse effects. Effective crisis and mitigation planning has to take account of these factors. Experience supports this view. In the not-so-distant past, especially before the financial crisis of 2008–09, many companies approached operational-risk measures from a regulatory perspective, with an economy of effort, if not formalistically. Incurring costs and paying fines for unforeseen breaches and events were accordingly counted as the cost of doing business. Amid crises, furthermore, communications were sometimes aimed at minimizing true losses—an approach that risked a damaging cycle of upward revisions. The present environment, however, is unforgiving of such approaches. An accelerated pace of change, especially in digitization and social media, magnifies the negative effects of missteps in the aftermath of crisis events.Developers Need a Community of Practice — and Wikis Still Work
This subject has flattened out a bit since the pandemic, after which fewer
developers worked next to each other and keeping remote members connected is
more the norm. A good Community of Practice should just look like a private
Stack Overflow, with discussions on topics of concern to devs across the
organization. This applies to most organizations that have siloed teams. If
you are part of a one-team company, then a CoP should not be something you
need right now — just be ready to be proactive when you are part of a bigger
setup. The first seeds are usually sown when “best practice” is discussed, and
managers realize that there is no point in having just one team getting things
right. This is the time to establish a developer CoP, before something awkward
gets imposed from above. The topics are often the complications that an
organization stubbornly brings to existing tech; like understanding arcane
branching policies, or working with an old version of software because it is
the only sanctioned version, etc. Five Leadership Mindsets For Navigating Organizational Complexity: Rethinking Chaos And Opportunity
The world is unlikely to suddenly settle down. With that in mind, the context
around chaotic moments changes. It’s no longer about just dealing with what’s
in front of you; it’s about writing the script for the team to respond to
future disruptions. So don’t just deal with it as a leader. Start viewing
disruptions as valuable learning experiences that build resilience and
adaptability within your organization. And once you have navigated through,
take a moment to create a playbook for the future. Use retrospection with your
team to find out the specific things that worked and the things that didn’t.
... “I don’t deal well with change” is a bad personal strategy, and I
recommend that you drop any ideas that adaptability is an innate trait
possessed only by a select few. With that said, I've found that learning
requires experience. Social and business safety nets are key, so employees can
learn with less fear. Encourage your employees to challenge their comfort
zones, experiment with new approaches and learn from setbacks to develop the
skills and strategies necessary for navigating change effectively.Why Don’t We Have 128-Bit Computers Yet?
It’s practically impossible to predict the future of computing, but there are
a few reasons why 128-bit computers may never be needed:Diminishing returns:
As a processor’s bit size increases, the performance and capabilities
improvements tend to become less significant. In other words, the improvement
from 64- to 128- bits isn’t anywhere as dramatic as going from 8-bit to 16-bit
CPUs, for example. Alternative solutions: There may be alternative ways to
address the need for increased processing power and memory addressability,
such as using multiple processors or specialized hardware rather than a
single, large processor with a high bit size. Physical limitations: It may
turn out to be impossible to create a complex modern 128-bit processor due to
technological or material constraints. Cost and resources: Developing and
manufacturing 128-bit processors could be cost-prohibitive and
resource-intensive, making mass production unprofitable. While it’s true that
the benefits of moving from 64-bit to 128-bit might not be worth it today, new
applications or technologies might emerge in the future that could push the
development of 128-bit processors.Secret CSO: Rani Kehat, Radiflow
The success of your cybersecurity is difficult to measure. For example, many
believe that if you haven’t been hacked, your cybersecurity efforts must be
working. This isn’t the case – it may well be that you just haven’t been
hacked yet. Thankfully, there are methods to measure how well security
practices are working; effectiveness of controls, corporate awareness and
reporting of suspicious events, and mitigation RPO are among the most helpful
here. ... API security is the best. APIs have become integral to programming
web-based interactions, which means hackers have zeroed in on them as a key
target. Zero Trust, on the other hand, has become a buzzword that in theory
should reduce vulnerabilities but in reality is not practical to implement,
slows down application performance, and hampers productivity. ... To get
formal professional certifications. Not only have these helped advance my
career at every stage, but they have also ensured that my security knowledge
remains up to date against constantly developing hacker tactics and
techniques.
“Blockchain itself can be used within a private ‘walled garden’ as well,” Ian
Foley, chief business officer at data storage blockchain firm Arweave, told
VentureBeat. “It is a technology structure that brings immutability and
maintains data provenance. Centralized cloud vendors are also developing
blockchain solutions, but they lack the benefits of decentralization.
Decentralized cloud infrastructures are always independent of centralized
environments, enabling enterprises and individuals to access everything
they’ve stored without going through a specific application.” Decentralized
storage platforms use the power of blockchain technology to offer transparency
and verifiable proof for data storage, consumption and reliability through
cryptography. This eliminates the need for a centralized provider and gives
users greater control over their data. With decentralized storage, data is
stored in a wide peer-to-peer (P2P) network, offering transfer speeds that are
generally faster than traditional centralized storage systems.
Quote for the day:
"Effective team leaders adjust their style to provide what the group can't provide for itself." -- Kenneth Blanchard
How blockchain technology is paving the way for a new era of cloud computing
“Blockchain itself can be used within a private ‘walled garden’ as well,” Ian
Foley, chief business officer at data storage blockchain firm Arweave, told
VentureBeat. “It is a technology structure that brings immutability and
maintains data provenance. Centralized cloud vendors are also developing
blockchain solutions, but they lack the benefits of decentralization.
Decentralized cloud infrastructures are always independent of centralized
environments, enabling enterprises and individuals to access everything
they’ve stored without going through a specific application.” Decentralized
storage platforms use the power of blockchain technology to offer transparency
and verifiable proof for data storage, consumption and reliability through
cryptography. This eliminates the need for a centralized provider and gives
users greater control over their data. With decentralized storage, data is
stored in a wide peer-to-peer (P2P) network, offering transfer speeds that are
generally faster than traditional centralized storage systems.A True Leader Doesn't Just Talk the Talk — They Walk the Walk. Here's How to Lead from the Front.
So, what does "walking the walk" look like? Depending on their position within the company, it looks different for everyone. Let's say you're the CEO of a company. To provide valuable insights and opinions, you need to be proficient in the product you're selling and stay current on industry trends and news. If you were managing a customer service team, what would you do? Participating in difficult conversations can help your team understand what's expected of them. As a leader, it is imperative that you set an excellent example for your team members and achieve results. Leaders must lead by example and practice what they preach. Talking about honesty, integrity and accountability is easy, but it's much harder to embody them daily. Regarding work-life balance, taking time off and setting boundaries are essential. You must cultivate a culture of listening to your team to foster a culture of open communication.Quote for the day:
"Effective team leaders adjust their style to provide what the group can't provide for itself." -- Kenneth Blanchard
