Daily Tech Digest - June 25, 2023

Traffic Routing in Ambient Mesh

The ambient mesh deployment model is much leaner than the sidecar data plane deployment model, allowing for incremental adoption of service mesh features and making it less risky. As ambient mesh includes fewer components, this leads to reduced infrastructure costs and performance improvements, as captured in this blog post. Ambient mesh does all this while retaining all the service mesh critical features, including zero trust security. ... The new Rust-based ztunnel proxy is responsible for mTLS, authentication, L4 authorization and telemetry in the ambient mesh. Its job is to proxy the traffic between ambient mesh pods. Optionally, the ztunnel proxies to L7 waypoint proxies, ingress and, in the future, egress proxies. Ztunnels on different nodes establish a tunnel using HBONE (HTTP-Based Overlay Network Environment). Similarly, the tunnel gets established between the ztunnel and the waypoint proxy, if one exists. The tunnel that’s established between the ztunnels allows the source ztunnel to connect to the destination workload on behalf of the source workload.

Unleashing Business Growth: The Power of Adopting Enterprise Architecture

Enterprise architecture plays a vital role in the success and growth of modern businesses. By aligning business and IT strategies, enhancing agility, optimizing resources, mitigating risks, and fostering innovation, EA provides a solid foundation for sustained growth and competitive advantage. As businesses continue to navigate an increasingly complex landscape, leveraging the business-critical values of Enterprise Architecture becomes imperative to welcome new opportunities and drive long-term success. So, whether you are a business leader, IT professional, or decision-maker, embracing EA as a strategic imperative will position your organization for growth, resilience, and innovation in the ever-changing business landscape. Remember, an ingenious Enterprise Architecture Development is not a one-time effort but an ongoing journey of adaptation and improvement. It requires collaboration, commitment, and continuous refinement to realize its full potential in driving business growth.

IT firms expect to increase hiring next quarter, ManpowerGroup says

Among the skills most in demand in IT are project managers, business analysts, and software developers. "I wish we could clone full stack developers. We can't find enough of them," Doyle said. In past years, ManpowerGroup’s survey has been conducted by telephone. This year, it was done online. Regionally, the strongest hiring intentions for next quarter are in the west, with 43% of employers planning to add to workers, according to ManpowerGroup. In the northeast, 40% of employers plan to increase staff; the midwest is expected to see a 32% increase; and companies in the south are expected to boost hiring by 29%. Large organizations with more than 250 employees are more than three times as optimistic as small firms (with fewer than 10 employees) to hire in the next quarter, with employment outlooks of +47% and +14%, respectively. Earlier this month, the US Bureau of Labor Statistics (BLS) released its hiring data for the month of May; it showed a 0.3% increase in overall unemployment — from 3.4% to 3.7%.

Building Effective Defenses Against Social Engineering

In addition to awareness training and education, quite a number of technologies are available to augment and fortify efforts to limit the impact of social engineering attacks. Cloud-based email security gateways are just one example. Depending on budget, staffing, age of existing infrastructure, the value of the assets to be protected and other aspects, a layered defense strategy may range from relatively low-cost and simple to more elaborate (and expensive) endeavors. Enforcement of strong passwords is an example of a relatively cheap, easy and fast tactic that can be highly effective in averting data breaches and other cyberattacks. Other strategies and techniques can be rolled out in parallel with existing technologies to minimize disruption while preparing for a new, stronger security infrastructure. A zero-trust network architecture (ZTNA) is one such example; it can be deployed alongside a secure sockets layer (SSL) virtual private network (VPN), working as an overlay at first to boost security and eventually replacing it.

Data Breach Lawsuit Alleges Mismanagement of 3rd-Party Risk

The latest GoAnywhere-related lawsuit alleges that ITx could have prevented the theft of sensitive data "had it limited the patient information it shared with its business associates and employed reasonable supervisory measures to ensure that adequate data security practices, procedures and protocols were being implemented and maintained by business associates." ITx's "collective inadequate safeguarding and supervision of class members' private information that they collected and maintained, and its failure to adequately supervise its business associates, vendors and/or suppliers" has put the plaintiffs and class members at risk for ID fraud and theft crimes, the complaint also alleges. The lawsuit says victims will be at higher risk for phishing, data intrusion and other illegal schemes through the misuse of their private information. It also points out that their data is still held by ITx and could be exposed to future breaches without the court's corrective action. The lawsuit seeks monetary damages, lifetime credit and identity monitoring for the plaintiff and class members, as well as a court order for ITx to take measures to prevent any future similar data security incidents.

Who owns the code? If ChatGPT's AI helps write your app, does it still belong to you?

Attorney Richard Santalesa, a founding member of the SmartEdgeLaw Group based in Westport, Conn., focuses on technology transactions, data security, and intellectual property matters. He points out that there are issues of contract law as well as copyright law -- and they're treated differently. From a contractual point of view, Santalesa contends that most companies producing AI-generated code will, "as with all of their other IP, deem their provided materials -- including AI-generated code -- as their property." OpenAI (the company behind ChatGPT) does not claim ownership of generated content. According to their terms of service, "OpenAI hereby assigns to you all its right, title and interest in and to Output." Clearly, though, if you're creating an application that uses code written by an AI, you'll need to carefully investigate who owns (or who claims to own) what. For a view of code ownership outside the US, ZDNET turned to Robert Piasentin, a Vancouver-based partner in the Technology Group at McMillan LLP, a Canadian business law firm.

Shadow SaaS, changing contracts and ChatGPT adoption: SaaS trends to watch

As more companies move to remote work, many find that shorter (one-year) contracts are preferable because they allow for more flexibility. Reducing contract lifetime is also a way for organizations to reduce overhead costs. One-year contracts accounted for 79% of all contracts in 2020 and 85% of all contracts in 2022. Three-year and longer contracts declined the most year-over-year. In 2023, SaaS spend per employee averaged $9,643. Large businesses spent an average of $7,492 per employee in 2022, while medium-sized businesses spent $10,045 and small and medium-sized businesses spent $11,196. The large businesses spent less because they received volume discounts and enterprise-wide licensing agreements, as well as better efficiency of scale with consumption-based apps, Productiv said. “To avoid shadow IT, organizations need to develop appropriate SaaS governance policies that help teams take their free and purchased apps out of the shadows and ensure the right level of corporate policies for procurement, security and compliance,” Chandarana said.

How AI is reshaping demand for IT skills and talent

AI opens new doors for security threats and compliance issues as well that organizations must be prepared to address. “On the technical side, I see security as hugely important,” says Hendrickson. “A lot of companies say, ‘We’re not letting people touch ChatGPT yet, we’re just not allowing it—it’s blocked.’” But end-users’ propensity for finding ways to improve their work processes will no doubt lead to greater levels of shadow IT around such emerging technologies, and thus, security implications will eventually need to be tackled beyond simply trying to hold back the tide. Moreover, Hendrickson points to the fact that just a few years ago, discussions around machine learning centered around its ability to break encryption, and with quantum machine learning on the horizon, that concern has only increased. As companies navigate AI in the workplace, they’re going to need skilled professionals who can identify potential risks and pinpoint possible solutions. There are also increased complexities around “managing the infrastructure and platforms that provide resources to power applications, and to store and access data,” says Kim.

Decision Rights Rule the World – Architecture Design Part 3

Think of the number of decisions made related to technology daily in your organization. Try to imagine, every library, product, SaaS tool, vendor agreement, pattern, style, and reference model that is being chosen by one or more people. From huge (ERP, standardizing a single cloud vendor, information management structures) to small (library dependency, pattern application to code, GitHub structure). The real question is, how many of those are architecturally relevant (Note: it is NOT all of them)? And how many of them come with a decision record of any kind? I have asked this question of countless audiences and teams over time. The answer is… almost none. And that is scary. We end up with WHAT we decided, not WHY we decided. Traceability, understanding, decision excellence are all thrown out the window because we think it might take too, long. Just FYI, whenever I have implemented decision management in teams, important decisions (structural, value-based, etc) go FASTER not slower. The decision record allows us to focus on apples to apples instead of long-winded, emotionally charged, opinion-heavy, biased arguments.

Structured for Success: 4 Architectural Pillars of Cyber Resilience

Having centralized visibility is fundamental to not only taking control of cloud environments but also bridging silos. In a recent survey conducted by Forrester, 83% of IT decision-makers said a single consolidated view for managing their organizations’ cloud and IT services would help achieve their business outcomes — including improving their cybersecurity posture. ... Immutable data storage enables the storing of data after it is written, such that it's impossible to change, erase or otherwise interfere with it. This functionality guards against malware, ransomware, and both unintentional and malicious human behavior. Since it effectively protects data against any change or erasure, as would be typical in a ransomware attack that tries to encrypt data, immutability is commonly regarded as a prerequisite in the battle against ransomware. ... Beyond this 3-2-1 rule, organizations need a scalable backup and recovery infrastructure — one that makes management fast and simple – to sustain business continuity and operations in the current cybersecurity landscape.

Quote for the day:

"Leadership without mutual trust is a contradiction in terms." -- Warren Bennis

No comments:

Post a Comment