Daily Tech Digest - April 27, 2023

How can we build engagement in our organization’s data governance efforts?

The first thing to recognize is that establishing a data governance initiative is a change program—not a one-off project. Successful data governance programs change behaviors around how data is used, and changing behaviors takes time. Top-down impositions of data governance based on theory and text-heavy policies often fail to build engagement because they are detached from organizational context. The most successful transformations we have seen are the result of an organic development of data governance from organization and culture. This requires intentional communication, iteration, and open feedback based on listening to stakeholders and users. Communicate the benefits of data governance by emphasizing the positive impact the program can have on your organization’s ability to achieve its strategic objectives, such as improving decision-making, enhancing data quality, and ensuring regulatory compliance. Organizations must be willing to accept that there will be challenges and pushback to the program. 

The State of Organizations 2023: Ten shifts transforming organizations

‘True hybrid’: The new balance of in-person and remote work. Since the COVID-19 pandemic, about 90 percent of organizations have embraced a range of hybrid work models that allow employees to work from off-site locations for some or much of the time. It’s important that organizations provide structure and support around the activities best done in person or remotely. ... Closing the capability chasm. Companies often announce technological or digital elements in their strategies without having the right capabilities to integrate them. To achieve a competitive advantage, organizations need to build institutional capabilities—an integrated set of people, processes, and technology that enables them to do something consistently better than competitors do. ... Walking the talent tightrope. Business leaders have long walked a talent tightrope—carefully balancing budgets while retaining key people. In today’s uncertain economic climate, they need to focus more on matching top talent to the highest-value roles. McKinsey research shows that, in many organizations, between 20 and 30 percent of critical roles aren’t filled by the most appropriate people.

How prompt injection can hijack autonomous AI agents like Auto-GPT

A new security vulnerability could allow malicious actors to hijack large language models (LLMs) and autonomous AI agents. In a disturbing demonstration last week, Simon Willison, creator of the open-source tool datasette, detailed in a blog post how attackers could link GPT-4 and other LLMs to agents like Auto-GPT to conduct automated prompt injection attacks. Willison’s analysis comes just weeks after the launch and quick rise of open-source autonomous AI agents including Auto-GPT, BabyAGI and AgentGPT, and as the security community is beginning to come to terms with the risks presented by these rapidly emerging solutions. In his blog post, not only did Willison demonstrate a prompt injection “guaranteed to work 100% of the time,” but more significantly, he highlighted how autonomous agents that integrate with these models, such as Auto-GPT, could be manipulated to trigger additional malicious actions via API requests, searches and generated code executions. Prompt injection attacks exploit the fact that many AI applications rely on hard-coded prompts to instruct LLMs such as GPT-4 to perform certain tasks. 

Agility and Architecture

When making architectural decisions, teams balance two different constraints:If the work they do is based on assumptions that later turn out to be wrong, they will have more work to do: the work needed to undo the prior work, and the new work related to the new decision. They need to build things and deliver them to customers in order to test their assumptions, not just about the architecture, but also about the problems that customers experience and the suitability of different solutions to solve those problems. No matter what, teams will have to do some rework. Minimizing rework while maximizing feedback is the central concern of the agile team. The challenge they face in each release is that they need to run experiments and validate both their understanding of what customers need but also the viability of their evolving answer to those needs. If they spend too much time focused just on the customer needs, they may find their solution is not sustainable, but if they spend too much time assessing the sustainability of the solution they may lose customers who lose patience waiting for their needs to be met.

Beginning of the End of OpenAI

Maybe OpenAI was not anticipating its success with ChatGPT technology back then. Now, the explanation for the trademark application can be just so that no one clones the company makes the most sense currently. Or maybe not. Maybe the Sam Altman led company has bigger plans. The company had already registered with AI.com to redirect it to ChatGPT — a pretty strong statement. Well, now that the AI arms race is in full glory, there might be something that Google can do as well to catch up. Up until now, Google made strides by improving its technology, but it might have another trick up its sleeve. If OpenAI files for a trademark on ‘GPT’, which is more than just a product name, but a name of technology, and the USPTO accepts it or even considers it, the application will be moved for an ‘opposition period’. ... OpenAI may be getting a bit too possessive about their products. GPT stands for Generative Pre-trained Transformers and interestingly, ‘Transformer’ was introduced by Google in 2017 as a neural network architecture, for which the company has also filed a patent.

Macro trends in the tech industry

Managing tech debt and maintaining system health are essential for the long-term success of any product or system. Tech debt has beenin the news cycle over the last six months, but it’s certainly not a new concept. We’re happy that it’s being discussed, but ultimately managing tech debt is not rocket science: good product managers and tech leads should already be considering cross-functional requirements, including tech debt management. Fitness functions can identify and measure important quality characteristics, and we can describe tech debt in terms of how it may improve those characteristics. ... As low-code and no-code platforms continue to evolve and mature — and especially because these tools are likely to be augmented with AI enabling them to produce applications faster or for less expert users — we decided to reiterate our advice around bounded low-code platforms. We remain skeptical because the vendor claims around these tools are, basically, dangerously optimistic. There are no silver bullets and a low-code platform should always be evaluated in context as a potential solution, not used as a default option.

7 venial sins of IT management

First of all, comparing the two, being a business person is easier. Second of all, unless you think the company’s CFO should be a business person, not a finance person, and that the chief marketing officer should be a business person and not a marketeer, the whole thing just isn’t worth your time and attention. But since I have your attention anyway, here’s the bad news about the good news: CIOs who try to be business people instead of technology people are like the high school outcasts who are desperately trying to join the Cool Kids Club. They’ll still be excluded, only now they’ve added being pathetic to their coolness deficit. ... Product management is the business discipline of managing the evolution of one of a company’s products or product lines to maintain and enhance its marketplace appeal. IT product management comes out of the agile world, and has at best a loose connection to business product management. Because while there is some limited point in enhancing the appeal of some chunk of a business’s technology or applications portfolio, that isn’t what IT product management is about.

UK government introduces Digital Markets Bill to Parliament

CMA chief executive Sarah Cardell welcomed the Bill and the powers it granted to the competition regulator. “This has the potential to be a watershed moment in the way we protect consumers in the UK and the way we ensure digital markets work for the UK economy, supporting economic growth, investment and innovation,” she said. “Digital markets offer huge benefits, but only if competition enables businesses of all shapes and sizes the opportunity to succeed,” said Cardell. “This Bill is a legal framework fit for the digital age. It will establish a tailored, evidenced-based and proportionate approach to regulating the largest and most powerful digital firms to ensure effective competition that benefits everyone.” She added that the CMA will support the Bill through the legislative process, and that it stands ready to use these powers once it has been approved by Parliament. Baroness Stowell, chair of the House of Lords Communications and Digital Committee, which called for the creation of a new digital regulator like the DMU in March 2019, said the Bill is about ensuring a level playing field in digital markets.

Spring Cleaning the Tech Stack

As a company matures, part of the natural process is accumulating a plethora of applications along the way, which then requires IT to routinely evaluate to eliminate waste. Richard Capatosto, IT manager at Backblaze, explains IT spends a lot of time and energy tracking down, identifying, and operationalizing these “rogue” applications. “They are typically very inefficient to support for several reasons,” he says. “First, they are sometimes one-off apps which were purchased outside of our enterprise applications stack and may not have enterprise-level security.” Usually in those instances, they’ve been purchased outside of normal processes (e.g., on credit cards), which creates further downline work. “Second, these applications often do not support enterprise SSO and provisioning, which is key to maintaining efficient and secure IT operations,” he says. Eliminating or upgrading these applications reduces unnecessary spend, conforms to security best practices, and lets the IT team provide guidance about better tech-based workflows based on existing and potential applications.

Generative AI and security: Balancing performance and risk

From a security perspective, it’s both appealing and daunting to imagine an ultra-smart, cloud-hosted, security-specific AI beyond anything available today. In particular, the sheer speed offered by an AI-powered response to security events is appealing. And the potential for catastrophic mistakes and their business consequences is daunting. As an industry observer, I often see this stark dichotomy reflected in marketing, like that of the recently-launched Microsoft Security Copilot. One notices Microsoft’s velocity-driven pitch – “triage signals at machine speed” and “respond to incidents in minutes, instead of hours or days.” But one also notices the cautious conservatism of the product name: it’s not a pilot, it’s merely a copilot. Microsoft doesn’t want people getting the idea that this tech can, all by itself, handle the complex job of creating and executing a company’s cybersecurity strategy. That, it seems to me, is the approach we should all be taking to these tools, while carefully considering what type of data can and should be fed to these algorithms. 

Quote for the day:

"Time is neutral and does not change things. With courage and initiative, leaders change things." -- Jesse Jackson

No comments:

Post a Comment