Daily Tech Digest - June 17, 2023

Borderless Data vs. Data Sovereignty: Can They Co-Exist?

Businesses have long understood that data sharing has limits (or borders). Legal separations keep data from various subsidiaries distinct or limit sharing between partners to specific data types. Multi-tenant software applications often require logical partitions to keep customer data private. What is rapidly changing are new data sovereignty laws, often cloaked as "data privacy" regulations, that enforce geographic boundaries on where data is processed and stored. Businesses must comply with the laws of each country where they operate, and data sovereignty presents a clear compliance challenge as companies hurry to rethink how and where they safely acquire personal data to share and protect. Countries enacting regulations keeping personal data inside their borders may deem their citizens' data of strategic national importance. More commonly, it's an enforcement mechanism that acknowledges personal data as an asset owned by individuals that businesses must use and share according to that country's laws. Recent data sovereignty requirements cannot be easily bypassed or pushed to the consumer's consent.

All change: The new era of perpetual organizational upheaval

With upsets coming from all directions—whether they be supply chain disruptions, surging inflation, or spikes in interest rates and energy prices—companies need to focus on being prepared and ready to act at all times. The key is not just to bounce out of crises, but to bounce forward—landing on their feet relatively unscathed and racing ahead with new energy. ... But it’s raising huge questions: How can companies provide structure and support to all employees regardless of where they are? How do they address the potential risks to company culture and the sense of belonging, as well as to collaboration and innovation? The pandemic exacerbated other trends, including the continuing skills mismatch in the labor market, which the onward march of technology is intensifying. It threw a harsh light on the challenge of workplace motivation—sometimes referred to as the “great attrition,” with workers leaving their jobs, or quiet quitting, essentially downscaling their efforts on the job.

A guide to becoming a Chief Information Security Officer: Steps and strategies

The technical skills are a must-have. Know all about network security, cloud security, identity access management, adopting and adapting infrastructure, along with tools and technologies that allow for the preservation of organizational data privacy, integrity and computing availability. Security engineers who are interested in becoming CISOs often focus on problem hunting. CISOs need to not only be able to find problems, but to identify problems and vulnerabilities that aren’t apparent to those around them. Learning to ask the right kinds of questions and thinking about issues in unconventional ways take time and practice. CISOs need to continuously update their mental models when it comes to thinking about cyber security. The mental model required for on-premise cyber security implementation is different from that required for the cloud. As an increasing number of automation and AI-based tools emerge, mental models will again need to be retrofitted. Many aspiring CISOs sell their technical credentials to prospective employers. This is important. 

TinyML computer vision is turning into reality with microNPUs (µNPUs)

Digital image processing—as it used to be called—is used for applications ranging from semiconductor manufacturing and inspection to advanced driver assistance systems (ADAS) features such as lane-departure warning and blind-spot detection, to image beautification and manipulation on mobile devices. And looking ahead, CV technology at the edge is enabling the next level of human machine interfaces (HMIs). HMIs have evolved significantly in the last decade. On top of traditional interfaces like the keyboard and mouse, we have now touch displays, fingerprint readers, facial recognition systems, and voice command capabilities. While clearly improving the user experience, these methods have one other attribute in common—they all react to user actions. The next level of HMI will be devices that understand users and their environment via contextual awareness. Context-aware devices sense not only their users, but also the environment in which they are operating, all in order to make better decisions toward more useful automated interactions. 

Intel Announces Release of ‘Tunnel Falls,’ 12-Qubit Silicon Chip

“Tunnel Falls is Intel’s most advanced silicon spin qubit chip to date and draws upon the company’s decades of transistor design and manufacturing expertise. The release of the new chip is the next step in Intel’s long-term strategy to build a full-stack commercial quantum computing system. While there are still fundamental questions and challenges that must be solved along the path to a fault-tolerant quantum computer, the academic community can now explore this technology and accelerate research development.” — Jim Clarke, director of Quantum Hardware, Intel Why It Matters: Currently, academic institutions don’t have high-volume manufacturing fabrication equipment like Intel. With Tunnel Falls, researchers can immediately begin working on experiments and research instead of trying to fabricate their own devices. As a result, a wider range of experiments become possible, including learning more about the fundamentals of qubits and quantum dots and developing new techniques for working with devices with multiple qubits.

What bank leaders should know about AI in financial services

While this technology has many exciting potential use cases, so much is still unknown. Many of Finastra’s customers, whose job it is to be risk-conscious, have questions about the risks AI presents. And indeed, many in the financial services industry are already moving to restrict use of ChatGPT among employees. Based on our experience as a provider to banks, Finastra is focused on a number of key risks bank leaders should know about. Data integrity is table stakes in financial services. Customers trust their banks to keep their personal data safe. However, at this stage, it’s not clear what ChatGPT does with the data it receives. This begs the even more concerning question: Could ChatGPT generate a response that shares sensitive customer data? With the old-style chatbots, questions and answers are predefined, governing what’s being returned. But what is asked and returned with new LLMs may prove difficult to control. This is a top consideration bank leaders must weigh and keep a close pulse on. Ensuring fairness and lack of bias is another critical consideration. 

Are public or proprietary generative AI solutions right for your business?

Internal large language models are interesting. Training on the whole internet has benefits and risks — not everyone can afford to do that or even wants to do it. I’ve been struck by how far you can get on a big pre-trained model with fine tuning or prompt engineering. For smaller players, there will be a lot of uses of the stuff [AI] that’s out there and reusable. I think larger players who can afford to make their own [AI] will be tempted to. If you look at, for example, AWS and Google Cloud Platform, some of this stuff feels like core infrastructure — I don’t mean what they do with AI, just what they do with hosting and server farms. It’s easy to think ‘we’re a huge company, we should make our own server farm.’ Well, our core business is agriculture or manufacturing. Maybe we should let the A-teams at Amazon and Google make it, and we pay them a few cents per terabyte of storage or compute. My guess is only the biggest tech companies over time will actually find it beneficial to maintain their own versions of these [AI]; most people will end up using a third-party service. 

Governance in the Age of Technological Innovation

To keep abreast of technological change and innovation, the board needs to ensure that its innovation and risk agendas are up-to-date, and that innovation is incorporated into the organisation’s strategy review. This may involve reviewing key performance indicators, performance measures and incentives. Within the board, the appropriate composition, culture and interactions can promote innovation. Not all board directors will have the relevant technical expertise, but more diverse boards can build collective literacy and enhance human capital in the boardroom, said De Meyer. Where necessary, committees such as scientific or innovation committees can be created to drive greater attention to these topics. In these cases, naming matters, said Janet Ang, non-executive Chair of the Institute of Systems Science in the panel discussion. For instance, referring to a committee as “Technology and Risk” instead of narrowly naming it as “IT” gives it more weight and scope. Fundamentally, boards should not only strive for conformance but also performance, urged Su-Yen Wong, Chair of the Singapore Institute of Directors. 

Can You Renegotiate Your Cloud Bill by Refusing to Pay It?

Hyperscalers in cloud continue to face questions about the cost and reliability of their services, especially in light of the brief AWS outage on June 13 that affected Southwest Airlines, McDonald’s, and The Boston Globe along with others. Further, some organizations face regulatory requirements that preclude the use of the cloud for certain datasets and transactions, Katz says. “There’s really no one-size-fits-all answer because every manufacturer, every organization, every company has different requirements.” There can be times when a cloud-first approach does not make sense for organizations. Katz says his company worked with a client whose dataset is very transactional with lots of changes and database read-writes. “We ran an assessment for them and going off to the public cloud was going to be eight times more expensive a month than keeping it on prem.” ... Much of the market is pushing toward a cloud-first world, but the economics could become challenging in the future. “At some point in time, the cost of doing business in the cloud is going to be exponentially higher, usually, than if you were to buy a depreciating asset and then kick it to the curb,” Katz says.

Red teaming can be the ground truth for CISOs and execs

What red teams can give CISOs is the cold, hard truth of how their network stacks up against threats that could be ruinous to the business. Red teams leave no stone unturned and pull on every thread until it unravels. This shines light on the vulnerabilities that will harm the finances or reputation of the business. With a red team, objective-based continuous penetration testing (led by experts that know attackers’ best tricks) can relentlessly scrutinize the attack surface to explore every avenue that could lead to a breakthrough. This proactive, “offensive security” approach will give a business the most comprehensive picture of their attack surface that money can buy, mapping out every possibility available to an attacker and how it can be remediated. It is also not limited to testing the technology stack; for businesses concerned that their employees are susceptible to social engineering attacks, red teams can emulate social engineering scenarios as part of their testing. A stringent social engineering assessment program should not be overlooked in favor of only scrutinizing weaknesses in IT infrastructure. 

Quote for the day:

"Leadership is just another word for training." -- Lance Secretan

No comments:

Post a Comment