Daily Tech Digest - June 30, 2023

3 things that make a CIO-CFO dream team

A study conducted by Gartner, detailed in the report “CIOs: Improve How You collaborate With Your CFO,” found that when CFOs are asked how well their most senior IT executive understands the impact of technology on finance, more than half indicate that their IT counterparts are lacking in this area. But surprisingly few companies choose CIOs for their financial skills. “Financial knowledge is not something clients typically ask for when recruiting a CIO,” says Thistle. “However, the CIO will be expected to understand and manage IT costs and budgets, both Capex and Opex.” ... “Even when there is a CFO of IT, the person at the top, the CIO, still needs to understand finance,” he says. “Most CIOs don’t have the benefit of a background in finance. I’ve never met a CIO who went into IT to manage money, yet that’s what they have to do. They have to run IT like a business within a business.” The biggest challenge is not getting a handle on cost, but on value. CIOs can easily show cost on a general ledger. But estimating the future value of technology is more art than science. Investment decisions need to be driven by business outcomes that can be measured and, ideally, monetized. 

‘Shadow’ AI use becoming a driver of insider cyber risk

“People don’t need to have malicious intent to cause a data breach,” said Ray. “Most of the time, they are just trying to be more efficient in doing their jobs. But if companies are blind to LLMs accessing their back-end code or sensitive data stores, it’s just a matter of time before it blows up in their faces.” Insider threats are thought to be the underlying reason for almost 60% of data breaches, according to Imperva’s own data, but many are still not properly prioritised by organisations since a not insignificant number of them are simply cases of human error – a recent study by the firm found that 33% of organisations don’t perceive insiders as a significant threat. Ray said trying to restrict AI usage inside the organisation now was very much a case of shutting the stable door after the horse had bolted. “Forbidding employees from using generative AI is futile,” said Ray. “We’ve seen this with so many other technologies – people are inevitably able to find their way around such restrictions and so prohibitions just create an endless game of whack-a-mole for security teams, without keeping the enterprise meaningfully safer.”

Generative AI may help make 'low-code' more 'no-code' - but with important caveats

AI will ultimately serve "as a way to enable low-code and no-code environments," says Leon Kallikkadan, vice president of technology at Atrium. "I also think that as other partnerships can come onboard it will make low-code and no-code more of a possibility. I believe it will be a phased approach whereby as you, the human developer builds it, an AI component will start creating a vision or future step. The long-term possibilities depend on how deep the integration is, but yes, it can go that far to become a low-code, no-code environment." No and low-code solutions may be a good fit for non-technical users. "Low code is more geared towards non-coders," says Jesse Reiss, CTO of Hummingbird. "It provides organizations with the ability to reimagine business processes without obtaining steep IT expertise. This is crucial for small- to medium-sized businesses, especially during the ongoing labor challenge where they can be short-staffed or do not have the resources to support business operations." Generative AI is more suitable for development work requiring high-level expertise, experts state.

Top Issues Architecture Leaders Need to Address in 2023

Over the next five years, leaders need to be aware that the architect resource shortage will not improve. Resources may be unavailable in the marketplace as you look to refill your bench. Today, there are 10 to 20 open positions for every available architect looking for a job, and the future job market looks bleak. This resource shortage means architecture leaders will either need to develop the skills and experiences internally or they will need to look at how they utilize technology to do more with fewer people, and most probably a combination of both. If you’re looking to do more with less or training new architects, determine now how to maintain the tribal knowledge of your senior architects. ... Most of today’s architects analyze in Excel or the standalone modeling tools they work in. When architects are only looking at a minimal set of information, they are missing the broad operational data available across the organization, which are found in systems like CMDB, CRMs, ERPs, HR solutions, and facility management systems to gather critical operational data about what’s going on in terms of manufacturing processes, business processes, org structures, costs, and more.

SEC notice to SolarWinds CISO and CFO roils cybersecurity industry

The move by the SEC will make CSOs more individually accountable for cybersecurity, said Agnidipta Sarkar, a former CISO of pharmaceuticals company Biocon. "Though it doesn’t mean that the CISO has been charged, it is a new milestone. From today onwards, CISOs will increasingly be made accountable for the decisions they take or did not take," Sarkar said. However, attributing blame solely to the CISO or CFO might not always be fair or accurate, said Ruby Mishra, CISO at KPMG India. "In order to manage cybersecurity effectively, the organization adopts a multilayered approach involving various stakeholders and departments. Holding the CISO or CFO solely responsible for a cyberattack may overlook the collective responsibility," Mishra said. ... "Before issuing the notice, the SEC may have considered a variety of factors, including specific circumstances, and legal frameworks, or may have demonstrated negligence if CISO failed to implement adequate security measures, neglected SEC policies, guidelines, and practices, or ignored known vulnerabilities," Mishra said.

3 Initiatives CISOs Can Take for Their Security and Resilience Journey

Businesses can help reduce the risk of a data breach by creating the right cyber defense and recovery plans. This comprehensive strategy should include the following: A risk assessment of the IT environment’s threat landscape; An incident response plan that defines in detail the procedures to follow after a breach; A business continuity plan that outlines how to recover from a breach as quickly and gracefully as possible. According to the U.S. Department of Defense, “zero trust” means that organizations should “never trust, always verify” (DOD CIO, 2022). Rather than granting indiscriminate access to applications, devices, and other IT assets, businesses should give users only the resources they need when they need them. In a zero-trust approach, all users, devices, and applications are treated as potentially compromised, with the organization’s defenses locked down accordingly. Techniques may include strict access controls, multifactor authentication (MFA), and monitoring user activities. Certified CISOs should act to define a zero-trust strategy that aligns with the organization’s IT governance and compliance requirements.

Proxmox 8: New Features and Home Lab Upgrade Instructions

Proxmox VE (Proxmox Virtual Environment) is an open-source server virtualization management solution allowing users to manage virtual machines, such as Windows or Linux machines and Linux containers. It’s based on the Debian Linux distribution and combines two virtualization technologies, KVM (Kernel-based Virtual Machine) and LXC (Linux Containers), managed through a web-based interface. The Proxmox platform is used in virtual environments to improve efficiency and ease management tasks. It allows users to deploy, manage, and monitor virtual machines (VMs) and containers, network settings, storage systems, and more, all from a single, integrated platform. Proxmox also provides high-level features like live migrations of VMs without downtime, high availability, or automated backups, making it a robust choice for managing virtual environments, whether for small businesses or larger enterprises. Its open-source nature allows for active community involvement and provides a cost-effective solution for virtualization needs.

Secret CSO: Dan Garcia, EnterpriseDB

It’s important to surround yourself with people who are there to support you and push you to be the best that you can. Having a strong support system is vital. Along the way I had many mentors, some who played an important role for where I was at the time. Mandy Andress who is the CISO at Elastic, provided me with my opportunity within Security Operations at MassMutual and I’ll always be grateful for that chance. ... Balance. Information security is one of the few areas within the business that cuts through multiple departments, functions, skill sets, and problems that need attention. Finding the balance of where to spend your time and resources can be challenging, but it’s an important thing to get right in order to most effectively solve organisational problems. ... Hiring within information security will always be challenging. We’re not just looking for technical skills, but also an individual’s experience, their past organisations’ security posture, and how those companies approached processes and program structure.

Inside the race to build an ‘operating system’ for generative AI

The operating-system analogy helps to illustrate the magnitude of the change that generative AI is bringing to enterprises. It is not just about adding a new layer of software tools and frameworks on top of existing systems. It is also about giving the system the authority and agency to run its own process, for example deciding which LLM to use in real time to answer a user’s question, and when to hand off the conversation to a human expert. In other words, an AI managing an AI, according to Intuit’s Srivastava. Finally, it’s about allowing developers to leverage LLMs to rapidly build generative AI applications. This is similar to the way operating systems revolutionized computing by abstracting away the low-level details and enabling users to perform complex tasks with ease. Enterprises need to do the same for generative AI app development. Microsoft CEO Satya Nadella recently compared this transition to the shift from steam engines to electric power. “You couldn’t just put the electric motor where the steam engine was and leave everything else the same, you had to rewire the entire factory,” he told Wired.

A Perfect Wave: Event Driven Business Architecture

In general, in traditional IT data used to be hidden behind fortified castle walls. Access was difficult and the main purpose was to store the data securely. This is changing. Nowadays, modern IT has started to act as a nervous system ensuring that data is made available asap where it is needed, and that it can be used immediately to gain an advantage based on fully up to date information. Let’s have a quick look three customer citations that describe very well why customers move to Event Driven Business Architecture: “We need to move at the speed of business“, Scott, IT, Fortune 500 customer, translating to: everything has become so much faster and we need to be able to support our business; “We want our ERP to be a team player“, Derrick, Fortune 500 customer, translating to: player skills don’t just add up in a team sport, they multiply. This is why your ERP talking to your SuccessFactors talking to your Ariba in real time is so important. It adds lots of value; “It’s a sin“, Alex, Automotive Supplier, translating to: it is a sin not to use your business data. Don’t just hide it and lock it away so that nobody can use it like it is often still done

Quote for the day:

"There is no substitute for knowledge." -- W. Edwards Deming

No comments:

Post a Comment