Daily Tech Digest - May 07, 2023

How Modern Data Platforms Support Data Governance

To enable the effective use of data analytics, many organizations are employing modern data platforms, which provide capabilities such as nearly unlimited flexibility for data collection, clear visibility into data sets and data democratization to make analytics available to users across an organization. But perhaps the most valuable capability a modern data platform can provide is data governance: the establishment of clear rules about the access and use of data, as well as the enforcement of those rules. “Governance is a cornerstone of the modern data platform,” says Rex Washburn, head of modern data platforms for CDW’s data practice. “If you don’t have data governance, you don’t have a modern data platform.” The governance that modern data platforms offer separates them from legacy data architectures. A modern platform can simplify and unify an organization’s data environment, enabling streamlined governance and security.

It’s Time to ‘Expunge’ Data Governance

A change is required in moving away from embedding it as a regulatory, watchdog, or policy compliance function, but rather as an essential value stream closely tied to a business strategy. This move, however, calls for data governance practitioners to acquaint themselves with their organizational goals and objectives. And having fully comprehended their business direction and related pain points, they will then be empowered to determine which data elements are most critical and in turn prepare and maintain these sustainably. A change in perspective towards ‘value-driven use cases’ ‘Data improvement and ethical handling’ sounds much better. It’s clearer, less intimidating, and crystal clear in its purpose, but it is a simplified form of data governance. And adopting similar approaches would enable data governance to be more easily understood, thereby increasing its adoption rate and building a strong stakeholder base. As this develops, data governance can serve as a strategic business enabler, with executive support and enhanced stakeholder involvement.

Good bot, bad bot: Using AI and ML to solve data quality problems

With the rise of human-like AI, bots can slip through the cracks through quality scores alone. This is why it’s imperative to layer these signals with data around the output itself. Real people take time to read, re-read and analyze before responding; bad actors often don’t, which is why it’s important to look at the response level to understand trends of bad actors. Factors like time to response, repetition and insightfulness can go beyond the surface level to deeply analyze the nature of the responses. If responses are too fast, or nearly identical responses are documented across one survey (or multiple), that can be a tell-tale sign of low-quality data. Finally, going beyond nonsensical responses to identify the factors that make an insightful response — by looking critically at the length of the response and the string or count of adjectives — can weed out the lowest-quality responses. By looking beyond the obvious data, we can establish trends and build a consistent model of high-quality data.

ChatGPT Comes to Business Continuity

ChatGPT has pulled back the curtain on the business continuity world. Business continuity, with all its regulations and oversight bodies still remains a somewhat subjective profession. Although regulations abound, each company has a unique way of creating its programs. Typically, a new business continuity professional going into a company assesses the previously program for gaps and completeness in a substantive way. Many times, once an assessment is completed, you can almost gauge the background and experience of the previous person holding that position. Modifications are made, gaps are filled, based on the limited understanding of business continuity as a whole. ChatGPT has uncovered the core of the foundational components of business continuity and all the ancillary components, a documented blueprint that could establish an excellent starting point. When looking for a baseline approach to the building of a complete program, there are many avenues one can go down with tentacles reaching far and wide.

Hardware-Based Cybersecurity For Software-Defined Vehicles

The Secure-CAV Consortium, collaborative project that aims to improve the safety and security of tomorrow’s connected and autonomous vehicles (CAVs), offers concrete examples of hacks. One is a mobile network attack in which an attacker tries to infect the Telematic Control Unit with tampered firmware. This uses a “man in the middle” type of attack to make an over-the-air firmware update. If successful, hackers could intercept telematics traffic using GSM and can spoof the SMS commands, sending direct commands to the device. The consequences range from the hackers gaining access to the infotainment unit, to denial-of-service attacks against emergency services, to controlling the engine, transmission, or brakes. ... The Secure-CAV Consortium has developed a flexible and functional architecture for real environment trials to train, test, validate, and demonstrate automotive cybersecurity solutions. The goal is to faithfully and accurately reproduce the behavior of a real vehicle while also being reconfigurable, portable, safe, and inexpensive to construct.

When you get to the top, send the elevator back down

There are so many demands in business—you can’t be everywhere all the time. Over the course of my career, I have learned it’s okay to say “no” and to prioritize what matters most to move the business forward. If you stay laser-focused on your priorities and not the distractions of the day, you will be more productive. It is important to say no to the things that distract you from your goals. ... The only limitations in life are those you put on yourself. I believe the glass ceiling—or any ceiling—is fragile and delicate. So, punch through it! Shift your mindset to focus on what’s possible and push through those boundaries. The world is your oyster. Know that career growth is a mindset versus physical limitations within the walls of corporate life. Many people look for a silver bullet to career growth. In my experience, people willing to do the work—the hard work—are often the ones who stand out and grow their careers faster. The attention to detail and doing the not-so-glamorous stuff make the difference between good and great.

Why DevSecOps Is Essential for Every IT Industry

In a traditional organization, the InfoSec team is responsible for keeping the company’s data safe from external threats. They do this by implementing security controls and monitoring for compliance. The problem is that these security controls can often slow down the software development process. ... The key to making DevSecOps work is a collaboration between the development, operations, and security teams. In a traditional organization, these teams often operate in silos, leading to conflict and delays. DevSecOps fosters a culture of collaboration and communication between these teams, which is essential for delivering secure software quickly. ... For example, they might use continuous integration/continuous delivery (CI/CD) pipelines to automate the software delivery process. They might also use security scanning tools to automatically find and fix security vulnerabilities in code and configuration management tools to ensure that all servers are properly configured and compliant with security policies.

Data Leakage Becoming Bigger Issue For Chipmakers

“If you have a chiplet-based approach, or a multi-chip package, then all of these chips have to work together to yield the security you need,” said Peter Laackmann, distinguished engineer for the Connected Secure Systems Division at Infineon. “For example, there have been attacks where there was a security chip inside, which was certified and quite good, but it was also in the same package as a standard microcontroller. The problem was that the standard microcontroller was fully controlling the security chip. After a few attacks on the microcontroller, then you get the keys. This means the security controller cannot protect the complete system. And the same applies for all sorts of chiplets and multi-chip packages.” Laackmann said that for security chips/chiplets, this is unlikely to be a problem because those chips typically are not stressed the way a processing element would be. But for other components, aging can cause circuits to behave differently, and that differential can be used to collect important data. “Some chips have pins that are used to supply the internal core voltage.

European Commission Proposes Network of Cross-Border SOCs

The commission late last month introduced a proposal for a European "Cyber Shield" underpinned by a network of national SOCs and cross-border SOCs that are a consortium of at least three national centers. The bill, the Cyber Solidarity Act, would also create a Cybersecurity Emergency Mechanism allowing governments to tap into private sector incident responses during emergencies. Even before Russia's February 2022 attempt to conquer Ukraine, European officials lamented poor information sharing between national capitals on cybersecurity incidents, noting in a 2020 cybersecurity strategy that "no operational mechanism" exists to coordinate among member countries and European Union institutions in the event of "a large-scale, cross-border cyber incidents or crisis." That omission has since grown more glaring for European Commission officials monitoring reports of suspicious critical infrastructure security incidents occurring since the Russian invasion.

Why generative AI is more dangerous than you think

Of course, the big threat to society is not the optimized ability to sell you a pair of pants. The real danger is that the same techniques will be used to drive propaganda and misinformation, talking you into false beliefs or extreme ideologies that you might otherwise reject. ... And because AI agents will have access to an internet full of information, they could cherry-pick evidence in ways that would overwhelm even the most knowledgeable human. This creates an asymmetric power balance often called the AI manipulation problem in which we humans are at an extreme disadvantage, conversing with artificial agents that are highly skilled at appealing to us, while we have no ability to “read” the true intentions of the entities we’re talking to. Unless regulated, targeted generative ads and targeted conversational influence will be powerful forms of persuasion in which users are outmatched by an opaque digital chameleon that gives off no insights into its thinking process but is armed with extensive data about our personal likes, wants and tendencies, and has access to unlimited information to fuel its arguments.

Quote for the day:

"We are too much in awe of those who succeed and far too dismissive of those who fail." -- Malcolm Gladwell

No comments:

Post a Comment