How Modern Data Platforms Support Data Governance
To enable the effective use of data analytics, many organizations are employing
modern data platforms, which provide capabilities such as nearly unlimited
flexibility for data collection, clear visibility into data sets and data
democratization to make analytics available to users across an organization. But
perhaps the most valuable capability a modern data platform can provide is data
governance: the establishment of clear rules about the access and use of data,
as well as the enforcement of those rules. “Governance is a cornerstone of the
modern data platform,” says Rex Washburn, head of modern data platforms for
CDW’s data practice. “If you don’t have data governance, you don’t have a modern
data platform.” The governance that modern data platforms offer separates them
from legacy data architectures. A modern platform can simplify and unify an
organization’s data environment, enabling streamlined governance and security.
It’s Time to ‘Expunge’ Data Governance
A change is required in moving away from embedding it as a regulatory, watchdog,
or policy compliance function, but rather as an essential value stream closely
tied to a business strategy. This move, however, calls for data governance
practitioners to acquaint themselves with their organizational goals and
objectives. And having fully comprehended their business direction and related
pain points, they will then be empowered to determine which data elements are
most critical and in turn prepare and maintain these sustainably. A change in
perspective towards ‘value-driven use cases’ ‘Data improvement and ethical
handling’ sounds much better. It’s clearer, less intimidating, and crystal clear
in its purpose, but it is a simplified form of data governance. And adopting
similar approaches would enable data governance to be more easily understood,
thereby increasing its adoption rate and building a strong stakeholder base. As
this develops, data governance can serve as a strategic business enabler, with
executive support and enhanced stakeholder involvement.
Good bot, bad bot: Using AI and ML to solve data quality problems
With the rise of human-like AI, bots can slip through the cracks through
quality scores alone. This is why it’s imperative to layer these signals with
data around the output itself. Real people take time to read, re-read and
analyze before responding; bad actors often don’t, which is why it’s important
to look at the response level to understand trends of bad actors. Factors like
time to response, repetition and insightfulness can go beyond the surface
level to deeply analyze the nature of the responses. If responses are too
fast, or nearly identical responses are documented across one survey (or
multiple), that can be a tell-tale sign of low-quality data. Finally, going
beyond nonsensical responses to identify the factors that make an insightful
response — by looking critically at the length of the response and the string
or count of adjectives — can weed out the lowest-quality responses. By looking
beyond the obvious data, we can establish trends and build a consistent model
of high-quality data.
ChatGPT Comes to Business Continuity
ChatGPT has pulled back the curtain on the business continuity world. Business
continuity, with all its regulations and oversight bodies still remains a
somewhat subjective profession. Although regulations abound, each company has
a unique way of creating its programs. Typically, a new business continuity
professional going into a company assesses the previously program for gaps and
completeness in a substantive way. Many times, once an assessment is
completed, you can almost gauge the background and experience of the previous
person holding that position. Modifications are made, gaps are filled, based
on the limited understanding of business continuity as a whole. ChatGPT has
uncovered the core of the foundational components of business continuity and
all the ancillary components, a documented blueprint that could establish an
excellent starting point. When looking for a baseline approach to the building
of a complete program, there are many avenues one can go down with tentacles
reaching far and wide.
Hardware-Based Cybersecurity For Software-Defined Vehicles
The Secure-CAV Consortium, collaborative project that aims to improve the
safety and security of tomorrow’s connected and autonomous vehicles (CAVs),
offers concrete examples of hacks. One is a mobile network attack in which an
attacker tries to infect the Telematic Control Unit with tampered firmware.
This uses a “man in the middle” type of attack to make an over-the-air
firmware update. If successful, hackers could intercept telematics traffic
using GSM and can spoof the SMS commands, sending direct commands to the
device. The consequences range from the hackers gaining access to the
infotainment unit, to denial-of-service attacks against emergency services, to
controlling the engine, transmission, or brakes. ... The Secure-CAV Consortium
has developed a flexible and functional architecture for real environment
trials to train, test, validate, and demonstrate automotive cybersecurity
solutions. The goal is to faithfully and accurately reproduce the behavior of
a real vehicle while also being reconfigurable, portable, safe, and
inexpensive to construct.
When you get to the top, send the elevator back down
There are so many demands in business—you can’t be everywhere all the time.
Over the course of my career, I have learned it’s okay to say “no” and to
prioritize what matters most to move the business forward. If you stay
laser-focused on your priorities and not the distractions of the day, you will
be more productive. It is important to say no to the things that distract you
from your goals. ... The only limitations in life are those you put on
yourself. I believe the glass ceiling—or any ceiling—is fragile and delicate.
So, punch through it! Shift your mindset to focus on what’s possible and push
through those boundaries. The world is your oyster. Know that career growth is
a mindset versus physical limitations within the walls of corporate life. Many
people look for a silver bullet to career growth. In my experience, people
willing to do the work—the hard work—are often the ones who stand out and grow
their careers faster. The attention to detail and doing the not-so-glamorous
stuff make the difference between good and great.
Why DevSecOps Is Essential for Every IT Industry
In a traditional organization, the InfoSec team is responsible for keeping
the company’s data safe from external threats. They do this by implementing
security controls and monitoring for compliance. The problem is that these
security controls can often slow down the software development process. ...
The key to making DevSecOps work is a collaboration between the development,
operations, and security teams. In a traditional organization, these teams
often operate in silos, leading to conflict and delays. DevSecOps fosters a
culture of collaboration and communication between these teams, which is
essential for delivering secure software quickly. ... For example, they
might use continuous integration/continuous delivery (CI/CD) pipelines to
automate the software delivery process. They might also use security
scanning tools to automatically find and fix security vulnerabilities in
code and configuration management tools to ensure that all servers are
properly configured and compliant with security policies.
Data Leakage Becoming Bigger Issue For Chipmakers
“If you have a chiplet-based approach, or a multi-chip package, then all of
these chips have to work together to yield the security you need,” said
Peter Laackmann, distinguished engineer for the Connected Secure Systems
Division at Infineon. “For example, there have been attacks where there was
a security chip inside, which was certified and quite good, but it was also
in the same package as a standard microcontroller. The problem was that the
standard microcontroller was fully controlling the security chip. After a
few attacks on the microcontroller, then you get the keys. This means the
security controller cannot protect the complete system. And the same applies
for all sorts of chiplets and multi-chip packages.” Laackmann said that for
security chips/chiplets, this is unlikely to be a problem because those
chips typically are not stressed the way a processing element would be. But
for other components, aging can cause circuits to behave differently, and
that differential can be used to collect important data. “Some chips have
pins that are used to supply the internal core voltage.
European Commission Proposes Network of Cross-Border SOCs
The commission late last month introduced a proposal for a European "Cyber
Shield" underpinned by a network of national SOCs and cross-border SOCs that
are a consortium of at least three national centers. The bill, the Cyber
Solidarity Act, would also create a Cybersecurity Emergency Mechanism
allowing governments to tap into private sector incident responses during
emergencies. Even before Russia's February 2022 attempt to conquer Ukraine,
European officials lamented poor information sharing between national
capitals on cybersecurity incidents, noting in a 2020 cybersecurity strategy
that "no operational mechanism" exists to coordinate among member countries
and European Union institutions in the event of "a large-scale, cross-border
cyber incidents or crisis." That omission has since grown more glaring for
European Commission officials monitoring reports of suspicious critical
infrastructure security incidents occurring since the Russian invasion.
Why generative AI is more dangerous than you think
Of course, the big threat to society is not the optimized ability to sell
you a pair of pants. The real danger is that the same techniques will be
used to drive propaganda and misinformation, talking you into false beliefs
or extreme ideologies that you might otherwise reject. ... And because AI
agents will have access to an internet full of information, they could
cherry-pick evidence in ways that would overwhelm even the most
knowledgeable human. This creates an asymmetric power balance often called
the AI manipulation problem in which we humans are at an extreme
disadvantage, conversing with artificial agents that are highly skilled at
appealing to us, while we have no ability to “read” the true intentions of
the entities we’re talking to. Unless regulated, targeted generative ads and
targeted conversational influence will be powerful forms of persuasion in
which users are outmatched by an opaque digital chameleon that gives off no
insights into its thinking process but is armed with extensive data about
our personal likes, wants and tendencies, and has access to unlimited
information to fuel its arguments.
Quote for the day:
"We are too much in awe of those who
succeed and far too dismissive of those who fail." --
Malcolm Gladwell
No comments:
Post a Comment