Daily Tech Digest - November 07, 2023

Where businesses use honeypots as part of their defences, they typically rely on traditional honeypots, i.e. a non-existent computer on the network or perhaps an entire network range, and then alert on any attempt to connect to the computer or range. This can be effective, for instance by identifying an attacker who has gained access to the internal network and is port-scanning the entire range. However, many advanced attackers do not resort to ‘noisy’ techniques such as port scanning once on the internal network, they instead often rely on subtle lateral movement such as obtaining network maps and connecting directly to servers of interest. To catch such advanced attackers requires more sophisticated honeypots. Attackers will often attempt to obtain administrative credentials to aid their movement around networks. They can do this by a number of means, from password-guessing attacks against administrative accounts, to more advanced attacks that allow them to carry out actions with the permissions of anyone using the computer they are accessing. 

What Happens When You Lose Your Cyber Insurance?

If there has been outright fraud or misrepresentation on the application, the loss of coverage could be sudden. In most cases, companies will not find themselves unexpectedly without insurance. “You're going to have notice, whether that's 60 to 90 days out,” says Cigarroa. Even with notice, organizations will be working against the clock. Can they get new coverage in time to avoid a gap? If an enterprise does experience a gap in coverage, any costs associated with a data breach or cyberattack that occurs during that period will not be offset by insurance. The prospect of getting new coverage also means that companies will have a new retroactive date for coverage. If an incident that dates back months or even years is uncovered, the new policy is very unlikely to cover it. “You are not going to be able to go back and cover things that happened under the prior insurance or especially during that window of time between when the last policy was cancelled or lapsed to when the new policy is placed,” says Moss.

Platform Engineering — Navigating Today, Forecasting Tomorrow

Platform engineering emerges as a radical shift in the world of software development and DevOps. It’s where traditional coding meets modern operational practices, aiming to keep pace with our ever-evolving tech scene. Here’s a quick dive into what’s shaking things up in platform engineering: Early bird gets the worm — The shift-left approach: The idea is simple. Tackle tasks upfront in the development process. By catching potential issues early, we boost efficiency and save headaches down the line. Walking the golden path: Imagine giving developers a roadmap through the software delivery life cycle, one that encourages freedom but within clear guidelines. ... As we dive deeper into the world of platform engineering, it’s clear that AI is shaking things up in a big way, making our work smoother and more user-friendly. Just imagine, operations teams, the unsung heroes behind the scenes, are starting to think more like product managers. Their focus is shifting from just keeping the lights on to genuinely enhancing the tools and systems developers use. And as with any major change, it’s crucial to manage the transition well. 

The impact of public cloud price hikes

Price hikes are inevitable. Those that can produce, operate, and maintain cloud services also have their own increasing bills for talent, power, and regulatory issues that make running a public cloud service challenging. Switching cloud service providers is not easy for enterprises that spent much money and time leveraging services native to specific public clouds. Moving to another cloud provider is out of the budget for most enterprises. It just costs too much to switch. Lock-in was always a known risk, and the more we optimize our applications and data sets for a specific cloud provider, the more we’re stuck with that provider. It’s a catch-22. If we choose not to use native cloud features, we give up the ability to get the most from the public cloud platforms. As a result, customers are effectively locked into their cloud service provider. The lack of mobility leaves customers at the mercy of price increases. ... Most need better options. Cloud services are vital for their operations; they feel they must find the money when the price rises. We may even see this with businesses that consume cloud services indirectly, such as retail, streaming services, and personal cloud storage systems. Those higher cloud costs are passed along to indirect cloud consumers as well.

7 Ways to Become a Software Engineer Without a Degree

You don't need a CS degree to work as a software engineer, but having some type of document that attests to your ability to program is important for landing job interviews. That's why it's worth investing time in earning at least one or two technical certifications related to programming. Some online programming courses, such as Coursera's "Introduction to Software Engineering," offer certificates of completion. You can also pay for training and certification in software engineering from organizations like the IEEE Computer Society. ... Enrolling in a coding bootcamp — which is an accelerated program that promises to teach students how to code in as little as a couple of months — has become a popular path for folks who want to work in software engineering without obtaining college degrees. There are many potential downsides of coding bootcamps. They often require you to attend class full-time, which means you can't work a job while attending the bootcamp, and there is no guarantee that you'll finish successfully. Nor is there a guarantee that employers will view completion of a coding bootcamp as evidence that you're truly prepared for a software engineering job.

3 Leadership Secrets That Lead to Team Empowerment

The biggest obstacle to team empowerment is the failure of leaders to enable people to make their own decisions — most often, because they did not provide the strategic blueprint to guide those decisions. Even I can occasionally be guilty of this. When our company hits a point of change, I can be inclined to require the escalation of a decision up to me. Sometimes, that is necessary, but even after making that decision, I still need to remember to let go again and re-establish the blueprint so everyone else will be empowered to make that decision moving forward. ... Part of empowering a team is recognizing those capable of working with greater responsibility and those who might not be comfortable with the level of risk involved. It can also mean compensating high-performers at the level of their contribution if they do not want to rise to another level. In my first job with a software company, I worked with a colleague who was a phenomenal technical writer and was comfortable remaining in that role. The head of the department recognized his skill, too, and changed the pay structure so individuals could be paid at a level similar to a manager or above because of the superior level of their work.

2024 network plans dogged by uncertainty, diverging strategies

Every network operator and vendor will stand up and pledge standards support, but every vendor will at the same time design their products and strategies to pull through their whole portfolio. Add different strokes for all those vendor folks to different mission drivers, and you understand why 79 of those 83 CIOs say they don’t really have a “single network architecture model” in place, and 48 say they’re actually moving away from a standard approach. Virtualization can make the unreal look real, so why not allow multiple personalized “unreals”? Look into the virtual-network mirror and you see...yourself. Nowhere is this more visible than in the management space. A couple decades ago, companies had a “network operations center” and a “single pane of glass” to show network status was the goal. Only 14 of 83 enterprises said they really had a NOC today, and when asked about a single pane of glass, one CIO quipped “I have five single panes of glass!” CIOs say that the current craze in “observability” is a response to the fact that it’s become very difficult to determine what the cause of an outage is.

Overheating datacenter stopped 2.5 million bank transactions

DBS and Citibank, the banks involved, experienced outages in the mid-afternoon of October 14, 2023 that resulted in full or partial unavailability of online banking apps for around two days – leaving customers and vendors without a way to make payments in a city-state that is increasingly reliant on digital financial systems. ... The root cause of the outages was issues in the cooling system that caused the temperature to rise above optimal operating range at the Equinix datacenter used by both institutions. Equinix has reportedly blamed a contractor, alleging that person "incorrectly sent a signal to close the valves from the chilled water buffer tanks" during a planned system upgrade. Upon the outage, both banks immediately activated IT disaster recovery and business continuity plans. "However," according to Tan, "both banks encountered technical issues which prevented them from fully recovering their affected systems at their respective backup datacenters – DBS due to a network misconfiguration and Citibank due to connectivity issues." Tan concluded that the two banks had "fallen short" of MAS requirements to ensure critical IT systems are resilient. 

Breaking down data silos for digital success

To break down data and political silos to drive democratization and standardization of data, technology research and advisory firm ISG started by rolling out an initiative to build and deliver a common data platform, says Kathy Rudy, chief data and analytics officer at ISG. Those spearheading the effort briefed leaders of the business units about it and asked for their support, as they approached data owners across their businesses. In preparation for the rollout, “we inventoried our data across the organization and categorized by type, owner, platform, data usage, data formats, terminology, etc.,” Rudy says. “With that knowledge, we built a data dictionary and common taxonomy.” Having this information ahead of time was critical to build trust and cooperation from data owners, whose participation was key to the program success, Rudy says. “Our understanding of their data and its structure allowed us to have pragmatic conversations about the effort required to create the common taxonomy and data structure necessary to allow for better access, usage, and monetization of data across the company,” Rudy says.

A Practical Guide to Mitigating DevOps Backlog

Business requirements are dynamic and evolve over time, adding complexity to the DevOps backlog. ... Managing these new environments and ensuring compliance with relevant regulations adds to the workload of the DevOps team and adds to the DevOps backlog stockpile. ... The symbiotic relationship between business growth and technological advancements is undeniable. As time progresses, the architecture inevitably becomes more intricate, resulting in a growing number of tasks and challenges within the DevOps backlog. The complexities surrounding DevOps resonate with numerous companies, yet the proactive approach to addressing them remains an issue. ... Observability is the key to implementing effective monitoring practices for applications. This involves setting up alerts, capturing relevant metrics and configuring dashboards to track application performance and resource utilization. Prioritizing observability empowers teams to proactively identify and resolve any issues within the DevOps pipeline, ensuring a stable and reliable environment for continuous improvement.

Quote for the day:

"Limitations live only in our minds. But if we use our imaginations, our possibilities become limitless." --Jamie Paolinetti

No comments:

Post a Comment