How to vet your vendors: Ensuring data privacy and security compliance
Equally as important is ensuring that the vendors actually adhere to regulatory
requirements and checking what data privacy infrastructure and security measures
they have in place. Do they employ permission and user access controls, employee
security awareness, patch management, system configuration management and
periodic penetration testing? How do they handle data subject concerns? Do they
notify new data subjects? Is there an opt-in/opt-out feature? Are databases
accurate, and are they updated regularly based on customer feedback and privacy
requests? ... Finally, ask about the organization’s overall mindset and handling
of data security and privacy. Have they made it a priority across their
organization? Do ALL employees receive data and privacy-related training, even
if the entire team doesn’t work on those issues directly? A third-party partner
that goes above and beyond in this capacity will make for a more reliable and
proactive partner across the board.
Z Energy’s CDO: ‘First trust, then transform’
My view on transformation—digital transformation, in particular—is we’re
moving toward an endpoint. Lots of people will say it’s ever-changing, and I
agree that, from a technology point, it is. But to me, the endpoint is an
agile organization, and I don’t mean agile as in the way we think about doing
work, but a nimble organization. If you can transform your organization to the
point where it’s able to rapidly respond to whatever happens, then that’s the
transformation. So, is there an endpoint to that? There are always tweaks
along the way, but you can see organizations move from being static to being
able to deal with whatever comes at them. That’s relevant to us at Z, because
you could say, “In 40 years’ time, there’s no future in hydrocarbons.” That
might happen in 10 years or 100 years. I have no idea which of those is true,
and I have to be ready for all of them. We also don’t know what the
replacements are going to be. Are we looking at electricity, hydrogen? What’s
the role of biofuels here? All of those things are rapidly changing. The Prime
Minister actually just announced that the biofuels mandate is now going to be
cancelled, so how do we respond to that?
Can this new prototype put an end to cyberattacks?
The new prototype, called the Arm Morello Evaluation Board, aims to put an end
to this. It is based on the CHERI (capability hardware enhanced RISC
instructions) instruction set architecture, which was developed by Cambridge
University and SRI International. It is compartmentalized to ensure that any
breaches remain confined to a particular aspect, rather than spreading
throughout the whole system. This is just one of the scenarios where CHERI's
memory-safe features come in handy. Access to the technology was facilitated
by the Digital Security by Design (DSbD), a government-backed initiative that
aims to improve the safety of the UK's digital landscape. Although it is still
in the research phase, the prototype is claimed to have the potential to help
protect industries and firms. already, the programme has racked up over a
thousand days in development work wot other 13 million lines of code being
experimented with. There will also be a new round of experiments starting from
May 25, which will explore porting the Morello platform, as well as how the
CHERI architecture can secure applications against memory flaws and whether
code can be improved by highlighting errors and vulnerabilities.
Don’t Let Time Series Data Break Your Relational Database
Time series is all about understanding the current picture of the world and
offering immediate insight and action. Relational databases can perform basic
data manipulation, but they can’t execute advanced calculations and analytics
on multiple observations. Because time series data workloads are so large,
they need a database that can work with large datasets easily. Apache Arrow is
specifically designed to move large amounts of columnar data. Building a
database on Arrow gives developers more options to effectively operate on
their data by way of advanced data analysis and the implementation of machine
learning and artificial intelligence tools such as Pandas. Some may be tempted
to simply use Arrow as an external tool for a current solution. However, this
approach isn’t workable because if the database doesn’t return data in Arrow
format right from the source, the production application will struggle to
ensure there’s enough memory to work with large datasets. The code source will
also lack the compression Arrow provides.
When cloud pros fumble office politics
The adoption of cloud services can create tension between early adopters and
those who are resistant to change. Early adopters may feel frustrated by the
resistance of others, while those who are resistant may feel excluded from
decision-making processes and overwhelmed by the pace of change. The fix here
is education and empathy. I’m often in the middle between factions that both
feel threatened by the pace of cloud adoption. One group believes that it’s
too fast; the other believes it’s too slow. Both sides need to hear each other
out and adapt a pace that seems reasonable—and more importantly, that returns
the most value back to the business. ... Cloud services can raise concerns
about security and privacy, particularly in industries that store sensitive
data. Employees may be worried about the security of their personal data,
while IT departments may be stressed about the security of company data stored
in the cloud. Of course, cloud-based security has been better than traditional
security for some time now. But that’s not the perception, and you’re dealing
with perceptions, not realities.
Where did Microservices go
One of the most significant hurdles is conducting transactions across multiple
services. Although there are several methods for handling distributed
transactions, such as the two-phase commit protocol, compensating
transactions, event-driven architectures, and conflict-free replicated data
types, none of them can provide the same simplicity that developers enjoy in a
monolithic architecture with a database that offers transaction functionality.
When things go wrong in a distributed system, data inconsistency can arise,
which is perhaps the worst problem a developer wants to deal with. ...
Serverless computing is actually an evolution of Microservices architecture
instead of a replacement. Both approaches share the same goal of breaking down
monolithic applications into smaller, more manageable components. However,
while microservices typically involve deploying each service to a separate
container or instance, serverless computing allows developers to focus solely
on the code for individual functions, without worrying about the underlying
infrastructure.
How AI Can Transform The Software Engineering Process
Architecture definition - As far as app architecture goes, AI cannot evaluate
the trade-offs between different architectural decisions. So it will still
rely on the intuition and experience of a senior developer for the most part.
Nevertheless, AI can drill down the architecture by suggesting relevant
services from public cloud providers or calculating the TCO of the target
architecture. Coding - Writing code is one of the areas that will definitely
benefit from AI. For example, when using Bing AI, the role of senior engineers
will be to verify and polish the code since the tool still makes mistakes. A
new method for developing code will be applied widely: prompt engineering. It
will be used for generating code snippets based on given prompts, facilitating
prototyping and iterating on different ideas. Unit tests. Since unit tests are
typically automated, they are one of the areas where AI will be most useful.
For example, CodeWhisperer does an excellent job at automating unit tests.
Welcome to the postmodern enterprise architecture era
Postmodern enterprise architecture is geared toward the computer science world
as we understand it today. The talent pool has greatly expanded, and while
there are still talent shortages, the ability to build and retain a
high-performing team is within any company's grasp. The software and hardware
building blocks have greatly matured; computing environments can be set up or
resized in minutes, and complex user experiences can be built out of commodity
parts. The wall between the business and engineers is crumbling, with
cross-functional agile teams working together to incrementally improve with
each (anytime you need to) release. Instead of systems, we are thinking more
and more about platforms that both architects and our business partners can
adapt for use in the latest customer experience. In this postmodern world, we
need an enterprise architecture function that is built for today. Good news:
We don't have to start from scratch. We have developed many great practices
and utilities on the journey to modern enterprise architecture, and now we
must consider how to use those tools cost-effectively.
Clocking out: Millennials and the workforce
In perhaps the finest section of Saving Time, Odell comes across an
“embarrassingly spot-on characterization” of her own life in an academic paper.
The sociologist Hartmut Rosa sketches out the life and habits of a fictitious
professor named Linda. Linda has a job and some means, but she feels she is
chronically busy, “always falling short and running behind” her various
commitments. It is possible to be genuinely ensnared by a lack of time—there are
those who have to work multiple jobs to pay the rent while also raising
children—but Rosa argues that Linda’s predicament is self-generated. According
to Odell’s analysis, Linda sees herself as “controlled and surveilled” by
society’s expectation that she be busy and productive at all times, by what Rosa
neatly calls the “logic of expansion.” This concept has been so thoroughly
ingrained that it has been adopted even by those with plenty of agency. This
analysis is squeezed into the barnstorming first half of Saving Time.
9 Questions for IT Leaders to Ask About Cloud Cybersecurity
Visibility and context are two of the top challenges in cloud cybersecurity,
according to Rick McElroy, principal cybersecurity strategist at cloud computing
company VMware. “Who is logging in to what and when? Who is uploading private
documents to public file shares? How can I follow an identity around a
multi-cloud environment to determine if it is doing something malicious? Is this
PowerShell script something my system administrators are using or is it part of
a ransomware attack?” he asks. “These are all hard questions to answer for teams
today.” Amit Shaked, co-founder and CEO of multi-cloud data security platform
Laminar, warns about the increase in unknown or “shadow data.” “Data scientists
and developers can now proliferate data in just a few clicks with agile cloud
services,” he explains. “As a result, it's become easier than ever before for IT
and security teams to lose sight of this data.” Bringing together teams that
have historically worked in siloes can help to increase cloud visibility and
teams’ ability act on security needs.
Quote for the day:
"You either have to be first, best, or
different." -- Loretta Lynn
No comments:
Post a Comment