Daily Tech Digest - September 04, 2023

What happens when finops finds bad cloud architecture?

Cloud finops teams can evaluate the performance and scalability of cloud infrastructure. Monitoring key performance indicators such as response times, latency, and throughput can identify bottlenecks or areas where the current architecture limits scalability and performance. Since finops normally tracks this through money spent, it’s easy to determine exactly how much architecture blunders are costing the company. It’s not unusual to find that a cloud-deployed system costs 10 times more money per month than it should. Those numbers are jarring for most businesses. Remember, all that money could have been spent in other places, such as on innovations. ... However, there are more strategic blunders, such as only using a single cloud provider (see example above). Maybe it seemed like a good idea at the time. Perhaps a vendor had a relationship with several board members, or there were political reasons for the limited choices. Unfortunately, the company still ends up with a great deal of technical debt which could have been avoided.

The quantum threat: Implications for the Internet of Things

Quantum computing, though it might be a decade or two away, presents a threat to IoT devices that have been secured against the current threat and which may remain in place for many years. To address this threat, governments are already spending billions, while organisations like NIST and ETSI are several years into programmes to identify and select post-quantum algorithms (PQAs) and industry and academia are innovating. And we are approaching some agreement on a suite of algorithms that are probably quantum safe; both the UK’s NCSC and the US’ NSA endorse the approach of enhanced Public Key cryptography using PQA along with much larger keys. The NCSC recommends that the majority of users follow normal cyber security best practice and wait for the development of NIST standards-compliant quantum-safe cryptography (QSC) products. That potentially leaves the IoT with a problem. Most of these enhanced QSC standards appear to require considerable computing power to deal with complex algorithms and long keys – and many IoT sensors may not be capable of running them.

What is industry cloud?

Industry cloud platforms allow businesses operating in the same sector to share or sell data, technologies, and processes to each other. The potential benefits can be significant, as an industry cloud enables interrelated members of a supply chain to access insights derived from potentially expanded data sets. An industry cloud can offer companies an exciting opportunity to exploit existing data they are not leveraging in a constructive way. ... Joining an industry cloud can offer significant benefits for companies, but many may reflexively balk at the idea of sharing or selling data. Consequently, it’s important that a company has a supportive constituency when considering an industry cloud. Each type of vendor has its own challenges in developing an industry cloud platform. For industry clouds driven by supply chain leaders, the most important requirement will be reexamining tools and methodologies to meet the needs of less sophisticated supply chain participants. Avoiding the temptation to abandon the industry cloud and retreat to a standard cloud for internal use is also a challenge.

Why Instagram Threads is a hotbed of risks for businesses

Threads is very easy to both download and sign up for, as it integrates seamlessly with a user's Instagram account when first signing up for the platform. However, this seamless integration could pose security risks, according to a blog from AgileBlue. Instagram, Facebook, and now Threads are all owned by Meta and for many users, each of their Meta accounts share the same login credentials between each of the platforms. "This makes it much easier for malicious actors to access information as gaining access to just one account ultimately gives them access to all Meta accounts," the blog said. In fact, as of writing, only users with an Instagram account can create a Threads account, so if an individual wants to sign up for Threads, they will first have to create an Instagram account. "If an employee's Threads account is compromised, malicious actors can impersonate the employee to gather information or spread misinformation within their close circle," Guenther says.

With BYOD comes responsibility — and many firms aren't delivering

Management must learn and share the benefits of these systems, make it crystal clear how data will be handled, and put protection in place to ensure personal data remains personal. Communication is critical here. It's also critical in securing the inevitable weak point of any form of security protection — the users themselves. With that in mind, companies should invest in training staff in security awareness and encourage them to update devices as and when those updates appear. Companies should also set standards — and devices that don’t meet those standards, in terms of security protection, should not gain access to corporate systems. This is all common sense stuff, really. We know the security environment is extremely challenging — even police forces are regularly hacked. In that context, it makes total sense to think about how to manage the devices connected to your systems and to put in place the software, security, and user education it takes to protect your business environments. The cost of device management is relatively negligible compared to the consequences of a successful ransomware attack, after all.

Why Enterprise Architecture Must Drive Sustainable Transformation

To some, it may seem odd to present these as parallel, equivalent pressures on businesses. Surely, the continued viability of civilization as we know it should far outweigh any governmental or regulatory proposal in our thinking about the future? The importance of the changing regulatory environment, however, lies not just in its ability to trigger business action: it is a real opportunity for businesses to transform themselves to a more meaningful, consequential sustainability approach. A report co-authored by the WEF and Boston Consulting Group, ‘Net-Zero Challenge: The supply chain opportunity’, found that the supply chains of just eight sectors, including food, construction, and fashion, account for more than 50% of global emissions. It also found that 40% of the emissions could be abated with already-available measures like circular manufacturing and renewable energy. Even achieving net zero emissions in those supply chains, according to the report’s investigations, would only raise costs for end-consumers by 1%-4% on average.

Lean for the modern company

A strong esprit de corps among team members has also long been critical to support healthy growth and the creation of synergistic value, and the book emphasizes the importance of building a healthy culture able to support lean processes and outcomes. This section includes clever material on nurturing a culture of experimentation and discovery, and validating trust by constantly raising the bar on deliverables and expectations. May and Dominguez ground their principles in the core lean ideal of starting with value and working backward—focusing obsessively on improving operations to seamlessly deliver for the customer what they call the “Job to be Done.” The authors’ material on accelerating value creation recapitulates this goal and reminds readers to be vigilant about combating the inevitable waste generated by successful companies. As a writer about lean for nearly two decades, I’ve often been frustrated by misrepresentations of this dynamic system by management gurus who tout only thin-sliced elements of it.

4 Key Observability Best Practices

For cost reasons, becoming comfortable with tracking the current telemetry footprint and reviewing options for tuning — like dropping data, aggregating or filtering — can help your organization better monitor costs and platform adoption proactively. The ability to track telemetry volume by type (metrics, logs, traces or events) and by team can help define and delegate cost-efficiency initiatives. Once you’ve gotten a handle on how much telemetry you’re emitting and what it’s costing you, consider tracking the daily and monthly active users. This can help you pinpoint which engineers need training on the platform. ... Teams need better investigations. One way to ensure a smoother remediation process is through an organized process like following breadcrumbs rather than having 10 different bookmark links and a mental map of what data lives where. One way to do this is by understanding what telemetry your system emits from metrics, logs and traces and pinpointing the potential duplication or better sources of data.

Software Engineering in the Age of Climate Change: A Testing Perspective

Regression testing confirms that new code does not break existing functionality. Preventing regressions reduces the need for repeated testing and bug fixes, optimizing the software development lifecycle and minimizing unnecessary computational resources. ... Online education platforms introduce new features to enhance user experiences. Regression testing ensures these changes do not disrupt existing lessons or content delivery. By maintaining stability, energy is saved by minimizing the need for post-deployment fixes. Suppose a telecommunications company is rolling out a software update for its network infrastructure to improve data transmission efficiency and reduce latency. The update includes changes to the routing algorithms used to direct data traffic across the network. While the primary goal is to enhance network performance, there is a potential risk of introducing regressions that could disrupt existing services. Before deploying the software update to the entire network, the telecommunications company conducts thorough regression testing.

How to make your developer organization more efficient

Automating manual tasks and repetitive processes is crucial for increasing developer efficiency. “Employing automation for tasks that many engineers face throughout their SDLC helps to shift focus towards human value-add activities. This also increases overall delivery throughput, with higher confidence in our development lifecycle, and produces consistent processes across teams that would otherwise be handled one-off and uniquely” said Joe Mills. Developers can engage a team of automation experts to assess certain processes and tasks and help uncover automation opportunities. The team uses a hub-and-spoke model to scale their efforts across development teams at Discover and can help teams with robotic process automation, business automation, or code automation. ... In addition to these initiatives, engineers at Discover adhere to a set of practices, internally called CraftWorx, that define and direct the agile development process. Aligning engineers across these practices reduces friction because engineers and developers are following the same development practices.

Quote for the day:

"A leader takes people where they would never go on their own." -- Hans Finzel

No comments:

Post a Comment