Daily Tech Digest - April 26, 2023

How to vet your vendors: Ensuring data privacy and security compliance

Equally as important is ensuring that the vendors actually adhere to regulatory requirements and checking what data privacy infrastructure and security measures they have in place. Do they employ permission and user access controls, employee security awareness, patch management, system configuration management and periodic penetration testing? How do they handle data subject concerns? Do they notify new data subjects? Is there an opt-in/opt-out feature? Are databases accurate, and are they updated regularly based on customer feedback and privacy requests? ... Finally, ask about the organization’s overall mindset and handling of data security and privacy. Have they made it a priority across their organization? Do ALL employees receive data and privacy-related training, even if the entire team doesn’t work on those issues directly? A third-party partner that goes above and beyond in this capacity will make for a more reliable and proactive partner across the board.

Z Energy’s CDO: ‘First trust, then transform’

My view on transformation—digital transformation, in particular—is we’re moving toward an endpoint. Lots of people will say it’s ever-changing, and I agree that, from a technology point, it is. But to me, the endpoint is an agile organization, and I don’t mean agile as in the way we think about doing work, but a nimble organization. If you can transform your organization to the point where it’s able to rapidly respond to whatever happens, then that’s the transformation. So, is there an endpoint to that? There are always tweaks along the way, but you can see organizations move from being static to being able to deal with whatever comes at them. That’s relevant to us at Z, because you could say, “In 40 years’ time, there’s no future in hydrocarbons.” That might happen in 10 years or 100 years. I have no idea which of those is true, and I have to be ready for all of them. We also don’t know what the replacements are going to be. Are we looking at electricity, hydrogen? What’s the role of biofuels here? All of those things are rapidly changing. The Prime Minister actually just announced that the biofuels mandate is now going to be cancelled, so how do we respond to that?

Can this new prototype put an end to cyberattacks?

The new prototype, called the Arm Morello Evaluation Board, aims to put an end to this. It is based on the CHERI (capability hardware enhanced RISC instructions) instruction set architecture, which was developed by Cambridge University and SRI International. It is compartmentalized to ensure that any breaches remain confined to a particular aspect, rather than spreading throughout the whole system. This is just one of the scenarios where CHERI's memory-safe features come in handy. Access to the technology was facilitated by the Digital Security by Design (DSbD), a government-backed initiative that aims to improve the safety of the UK's digital landscape. Although it is still in the research phase, the prototype is claimed to have the potential to help protect industries and firms. already, the programme has racked up over a thousand days in development work wot other 13 million lines of code being experimented with. There will also be a new round of experiments starting from May 25, which will explore porting the Morello platform, as well as how the CHERI architecture can secure applications against memory flaws and whether code can be improved by highlighting errors and vulnerabilities.

Don’t Let Time Series Data Break Your Relational Database

Time series is all about understanding the current picture of the world and offering immediate insight and action. Relational databases can perform basic data manipulation, but they can’t execute advanced calculations and analytics on multiple observations. Because time series data workloads are so large, they need a database that can work with large datasets easily. Apache Arrow is specifically designed to move large amounts of columnar data. Building a database on Arrow gives developers more options to effectively operate on their data by way of advanced data analysis and the implementation of machine learning and artificial intelligence tools such as Pandas. Some may be tempted to simply use Arrow as an external tool for a current solution. However, this approach isn’t workable because if the database doesn’t return data in Arrow format right from the source, the production application will struggle to ensure there’s enough memory to work with large datasets. The code source will also lack the compression Arrow provides. 

When cloud pros fumble office politics

The adoption of cloud services can create tension between early adopters and those who are resistant to change. Early adopters may feel frustrated by the resistance of others, while those who are resistant may feel excluded from decision-making processes and overwhelmed by the pace of change. The fix here is education and empathy. I’m often in the middle between factions that both feel threatened by the pace of cloud adoption. One group believes that it’s too fast; the other believes it’s too slow. Both sides need to hear each other out and adapt a pace that seems reasonable—and more importantly, that returns the most value back to the business. ... Cloud services can raise concerns about security and privacy, particularly in industries that store sensitive data. Employees may be worried about the security of their personal data, while IT departments may be stressed about the security of company data stored in the cloud. Of course, cloud-based security has been better than traditional security for some time now. But that’s not the perception, and you’re dealing with perceptions, not realities.

Where did Microservices go

One of the most significant hurdles is conducting transactions across multiple services. Although there are several methods for handling distributed transactions, such as the two-phase commit protocol, compensating transactions, event-driven architectures, and conflict-free replicated data types, none of them can provide the same simplicity that developers enjoy in a monolithic architecture with a database that offers transaction functionality. When things go wrong in a distributed system, data inconsistency can arise, which is perhaps the worst problem a developer wants to deal with. ... Serverless computing is actually an evolution of Microservices architecture instead of a replacement. Both approaches share the same goal of breaking down monolithic applications into smaller, more manageable components. However, while microservices typically involve deploying each service to a separate container or instance, serverless computing allows developers to focus solely on the code for individual functions, without worrying about the underlying infrastructure.

How AI Can Transform The Software Engineering Process

Architecture definition - As far as app architecture goes, AI cannot evaluate the trade-offs between different architectural decisions. So it will still rely on the intuition and experience of a senior developer for the most part. Nevertheless, AI can drill down the architecture by suggesting relevant services from public cloud providers or calculating the TCO of the target architecture. Coding - Writing code is one of the areas that will definitely benefit from AI. For example, when using Bing AI, the role of senior engineers will be to verify and polish the code since the tool still makes mistakes. A new method for developing code will be applied widely: prompt engineering. It will be used for generating code snippets based on given prompts, facilitating prototyping and iterating on different ideas. Unit tests. Since unit tests are typically automated, they are one of the areas where AI will be most useful. For example, CodeWhisperer does an excellent job at automating unit tests.

Welcome to the postmodern enterprise architecture era

Postmodern enterprise architecture is geared toward the computer science world as we understand it today. The talent pool has greatly expanded, and while there are still talent shortages, the ability to build and retain a high-performing team is within any company's grasp. The software and hardware building blocks have greatly matured; computing environments can be set up or resized in minutes, and complex user experiences can be built out of commodity parts. The wall between the business and engineers is crumbling, with cross-functional agile teams working together to incrementally improve with each (anytime you need to) release. Instead of systems, we are thinking more and more about platforms that both architects and our business partners can adapt for use in the latest customer experience. In this postmodern world, we need an enterprise architecture function that is built for today. Good news: We don't have to start from scratch. We have developed many great practices and utilities on the journey to modern enterprise architecture, and now we must consider how to use those tools cost-effectively.

Clocking out: Millennials and the workforce

In perhaps the finest section of Saving Time, Odell comes across an “embarrassingly spot-on characterization” of her own life in an academic paper. The sociologist Hartmut Rosa sketches out the life and habits of a fictitious professor named Linda. Linda has a job and some means, but she feels she is chronically busy, “always falling short and running behind” her various commitments. It is possible to be genuinely ensnared by a lack of time—there are those who have to work multiple jobs to pay the rent while also raising children—but Rosa argues that Linda’s predicament is self-generated. According to Odell’s analysis, Linda sees herself as “controlled and surveilled” by society’s expectation that she be busy and productive at all times, by what Rosa neatly calls the “logic of expansion.” This concept has been so thoroughly ingrained that it has been adopted even by those with plenty of agency. This analysis is squeezed into the barnstorming first half of Saving Time. 

9 Questions for IT Leaders to Ask About Cloud Cybersecurity

Visibility and context are two of the top challenges in cloud cybersecurity, according to Rick McElroy, principal cybersecurity strategist at cloud computing company VMware. “Who is logging in to what and when? Who is uploading private documents to public file shares? How can I follow an identity around a multi-cloud environment to determine if it is doing something malicious? Is this PowerShell script something my system administrators are using or is it part of a ransomware attack?” he asks. “These are all hard questions to answer for teams today.” Amit Shaked, co-founder and CEO of multi-cloud data security platform Laminar, warns about the increase in unknown or “shadow data.” “Data scientists and developers can now proliferate data in just a few clicks with agile cloud services,” he explains. “As a result, it's become easier than ever before for IT and security teams to lose sight of this data.” Bringing together teams that have historically worked in siloes can help to increase cloud visibility and teams’ ability act on security needs.

Quote for the day:

"You either have to be first, best, or different." -- Loretta Lynn

No comments:

Post a Comment