Daily Tech Digest - June 21, 2023

India’s digital transformation could be a game-changer for economic development

India currently has a data-fiduciary-centric model. Individuals or small businesses must go to the original keeper of data to access their data. This inhibits the use of data for the financial empowerment of individuals. The current method of storing financial data across institutions and companies is also inefficient, resulting in the use of notarized hard copies, PDFs, screen scraping, password sharing, etc., all of which pose a threat to individual privacy. Accessing and sharing information can be difficult because of the varied formats. This forces individuals and institutions to rely on patchwork solutions. ... AAs can be thought of as traffic police between Financial Information Users (FIUs) and Financial Information Providers (FIPs), with users having complete control over the flow of information. The introduction of AA architecture could revolutionize how financial data is shared, similar to the impact UPI has had on money transfers. The AA ecosystem is cross-sectoral, with customers at the center. AAs provide a secure interface that allows users to consent to share private and sensitive data. This democratizes data use and sharing, enabling FIUs to request users' financial information.

8 ways to detect (and reject) terrible IT consulting advice

Recommendations are great, but they don’t automatically turn into solutions. “Most of the consultant’s dialogue should be repeating back to you the problem they’re solving,” advises Bill Carslay, senior vice president and general manager of professional services at IT support services firm Rimini Street. “The resulting solution should be directly related to the problem as it’s defined in your terms, and should follow the steps and phases your organization is willing to take.” When a consultant grabs onto a common IT challenge and quickly describes how they will solve it, it’s likely the solution won’t fully address the very specific problem an organization may be facing. “Keep in mind that one size doesn’t fit all, and be on the lookout for recommendations that fit or augment the parameters you’ve set,” Carslay suggests. ... When advice lacks logical reasoning, contradicts data, or fails to consider long-term consequences, it’s likely terrible. “A critical mind and rigorous evaluation will help you distinguish the good from the bad,” says Edward Kring, vice president of engineering at software development company Invozone.com.

Three Data Removal Myths That Provide a False Sense of Security

There are many ways to attempt to remove a file -- such as data deletion, wiping, factory reset, reformatting, and file shredding -- but without proper context, these solutions independently can be incomplete. For example, deleting a file and emptying the recycle bin can remove pointers to files containing data but not the data itself. The data is easily recoverable until the data is overwritten. A factory reset removes all used data as it restores a device to factory settings, but not all methodologies used in resets lead to complete erasure, and there’s no way to validate that all data is gone. Data wiping is the process of overwriting data without verification. File shredding destroys data on individual files by overwriting the space with a random pattern of 1s and 0s. Because neither method provides verification that the process was completed successfully across all sectors of the device, they are considered incomplete. Finally, reformatting, which is performed on a working disk drive to eradicate its contents, is another method where most of the data can be recovered with forensics tools available online.

Measuring engineering velocity misses all the value

Story point velocity has become the dominant driver of agile software development lifecycles (SDLCs) with the rise of scrum. How many story points did the team complete this week? How can we get them to deliver more points while still meeting the acceptance criteria? Speed is treated as synonymous with success, and acceleration is hailed as the primary focus of any successful engineering enterprise. Deliver more story points and you’re clearly “doing the thing.” The impulse is not without some logic. From the C-suite perspective, a perfect product that misses its moment on the market isn’t worth much. Sure, it may be full of engineering genius, but if it generates little to no business value, it quickly becomes more “museum relic” than “industry game-changer.” It pays to be first. In fact, one study found that accelerating time to market by just 5% could increase ROI by almost 13%. However, I believe that a simplistic obsession with speed misses several factors critical to optimizing the actual impact of any software solution.

Developers’ Role in Protecting Privacy

Although sharing data has become commonplace in exchange for benefits and value, consumers are becoming more aware of privacy issues. Take the EU’s General Data Protection Regulations (GDPR) as an example. Over the past five years, awareness has more than doubled in notable European markets such as the UK, Spain, Germany, the Netherlands and France. Meanwhile, there is also commercial pressure, as employers rely on developers to innovate to remain profitable. At the same time, customers expect brands to be responsible with their data, and failure to do so at the expense of trying to commercialize a new application could be detrimental. Indeed, while the pandemic may have ushered in significant changes and altered consumers’ attitudes toward data privacy, end users remain unwavering about the importance of security. Maintaining this balancing act is becoming increasingly complex to achieve. However, the question of data privacy is becoming a key business priority, and that means developers have a big opportunity to show their commercial value to their organizations. 

Why CISOs should be concerned about space-based attacks

Making matters worse is the tendency for many satellites to be ‘dual use’ carriers, in that they provide services that are used by both commercial and military clients. As such, “US commercial satellites may be seen as legitimate targets in case they are used in the conflict in Ukraine,” reported the Russian state-owned news agency TASS on October 27, 2022. Speaking before the UN General Assembly’s First Committee, Russian Foreign Ministry official Konstantin Vorontsov threatened that, “Quasi-civil infrastructure may be a legitimate target for a retaliation strike.” This has certainly been true for SpaceX’s Starlink satellite broadband service in Ukraine. "Some Starlink terminals near conflict areas were being jammed for several hours at a time,” SpaceX CEO Elon Musk said in a Twitter message posted on March 5, 2022. “Our latest software update bypasses the jamming. Am curious to see what’s next!” Such threats and actions come as no surprise to Laurent Franck, a satellite consultant and ground systems expert with the Euroconsult Group. Whenever a commercial satellite “can be used on a battlefield and used in a war context, it becomes a target,” he says. 

Who Is Responsible for Identity Threat Detection and Response?

For organizations just starting to develop an ITDR program, Jones recommends they start by conducting a thorough risk assessment to identify critical assets and potential threats. “Assign a dedicated ITDR owner or team responsible for coordinating prevention, detection, and response efforts, and develop a comprehensive ITDR plan that outlines roles, responsibilities, and processes for each stage of the ITDR lifecycle,” he says. He adds it’s important to regularly test and update the ITDR plan, incorporating lessons learned from past incidents and staying informed about the latest threats and technologies. Craig Debban, CISO for QuSecure, explains for a lot of organizations, there is a dependence on a disparate set of systems that are on-prem, in the cloud, or both -- and they are not always well integrated. "User identities are then decentralized since they are replicated in multiple places,” he says. “This diversity leads to gaps in functionality for the end user, negatively impacts operational efficiency, and is often overcome by oversubscribing permissions which impacts overall security and risk across the business.”

You can’t be an averagely talented programmer

In some ways, the level of engineering capability which people need is only going to become higher in terms of writing these AI systems and being able to engineer them. That said, this only applies to the very best programmers. You can’t be an averagely talented programmer anymore. With some of our large operations it’s clear by the way they are adopting automation that we won’t need a large number of developers. We will start having fewer people of that kind. People who actually understand engineering are going to become more in demand, and the people who just operate the technology will be less valuable. ... Right now, the technology industry needs a lot of people. But I see a lot of people who don’t really understand the technology or worse, they are afraid of technology. A lot of people who do not come from a computer science background can be working for tech companies but really are afraid of the technology. That’s not sustainable. Having a genuine interest in technology is, I would say, an important condition to reaching or exceeding your potential in a tech firm. Understand what’s happening in technology and do not be afraid of it.

How to Choose the Right Identity Resolution System

A best-in-class approach to identity resolution enables you to match many identifiers to the same person and then set the priority of matching to control how profiles are stitched together. ... While deterministic identity resolution might seem overly rigorous, it’s actually highly beneficial for personalization. Personalization use cases (sending an email, delivering a recommendation, and so on) require 100% confidence that a user is who you think they are. The only way to guarantee that confidence is through a deterministic identity algorithm. The alternative is simply guesswork and increases the likelihood that your personalization (or lack thereof) will have a detrimental impact on your customer relationships. A deterministic identity resolution solution enables 100% reliable profile unification, honoring the exact first-party data a customer provides to a brand. More importantly, embracing a deterministic approach as the core of your identity strategy will allow you to build high-quality customer profiles that power the personalized experiences customers have come to expect.

How to Become a Business Intelligence Analyst

As much as business intelligence can be about interpersonal action, much of an analyst’s duties are solitary ones, chief among these authoring procedures for data processing and collection. From there on, expect reporting and more reporting, including analytical reports that can be personalized for the needs of stakeholders, highlighting the most departmentally relevant findings. A business intelligence analyst also needs to maintain an active role in the various life cycles of data as it moves throughout the organization. After all, data reports are built upon regularly monitoring the way data is collected, looking at field reports, product summaries from third parties, and even through public record. As a function of this, a BIA may want to continually track burgeoning trends in tech or emerging markets that could potentially offer efficiency or value within the industry and their specific enterprise. Working in concert with specialists in data governance and stewardship, a BIA must oversee the integrity, security, and location of data storage. 

Quote for the day:

"A coach is someone who can give correction without causing resentment." -- John Wooden

No comments:

Post a Comment