Daily Tech Digest - December 18, 2023

How to Select the Right Industry Cloud for Your Business

One of the biggest mistakes IT leaders make when shopping for an industry cloud is searching for a solution without first constructing a holistic strategy, Campbell says. He recommends focusing on areas that will maximize the overall investment value, including data management and security operations, while ensuring both business and IT buy-in. Due to multiple factors, including, compliance, business continuity, customer trust, and financial health, cybersecurity should be a central consideration when assessing industry clouds, says Nigel Gibbons, a director and partner with cyber threat consultancy NCC Group. ... Gibbons adds that it’s also important to be aware of data sovereignty requirements and the impact of laws on where and how data is stored, particularly for businesses operating internationally. To ensure tight alignment with both present and future business goals it’s important to choose a forward-looking provider, Gibbons says. “It’s essential to future-proof investments by choosing a provider that regularly innovates and updates its offerings.”

What to do when receiving unprompted MFA OTP codes

When receiving an unprompted 2FA code, the account holder should assume their credentials were stolen and log directly into Amazon, without clicking on any links in text messages or emails, to change their password. If that same password is used with any of your other accounts, it should also be changed immediately on those sites. It is also important to not think that since 2FA protected your account you no longer need to change your password. This is a false sense of security, as threat actors have figured out ways to bypass MFA in the past, so there is no reason to give them the opportunity to do so with your account. Furthermore, while SMS and email 2FA provide extra protection to your accounts, they are the most risky MFA method to use. This is because if someone gains access to your email or phone number, such as through a SIM swapping attack, they'll also have access to your OTP codes. This would allow them to reset your password without you knowing until it was too late. Instead, if a site provides support for authentication apps, hardware security keys, or passkeys, you should use one of these options instead as they’ll require attackers to have access to your device to pass the multi-factor authentication challenge.

Chilling on the Edge: Navigating the challenges of cooling Edge data centers

“In order to manage the complete value supply chain for critical Edge applications, service support is critical for our end user customers. Our products are designed with full consideration of service access and maintenance processes,” he adds. With the global warming phenomenon, summer ambient temperatures are rising globally, with the UK even seeing thermometers reaching 40 degrees Celsius in some parts in recent times. “The result is that design considerations for standard products require a summer ambient operation up to 50 degrees ambient in most markets now. This can be exacerbated when we take into account microclimates, where you have a large population of equipment working together, further increasing the local ambient temperature” says Ansari. Increasingly, he adds, greenfield sites are also abandoning raised floor designs in favour of maximising the indoor cooling space and creating a larger floor-to-ceiling area. “This seems to have become the norm for Edge and, increasingly for colo,” he adds. This is ideal for our latest fan wall cooling range, AireWall ONE™, which is a parametric design suitable for horizontal airflow and configurable to maximise design options.

EU AI Act agreed: 5 key considerations for businesses for the road ahead

A company may use AI in a variety of ways, such uses falling into different risk-based categories under the AI Act. Therefore, a ‘one size fits all’ AI governance strategy may not be appropriate. When structuring an AI governance team, businesses should consider including individuals from a range of existing teams to ensure that the requirements of the AI Act can be fully met. For example, although certain requirements will be familiar to privacy teams (e.g. risk and impact assessments), when it comes to AI there is a level of technical knowledge needed relating to testing and monitoring of systems, oversight and transparency requirements. ... The AI Act will not exist in a vacuum and is not the beginning and end for AI governance. It must be read alongside other laws in the regulatory landscape e.g. GDPR. The interplay with privacy is clear, given that data is at the heart of AI systems. This inextricable link is demonstrated by, for example, the provisions in the GDPR on automated decision-making. Earlier this month we saw the first judgment where the CJEU interpreted Article 22 GDPR when deciding what constitutes ‘automated decision-making’

Unpacking The Rise of AI: Its Potential, Its Disruptions, and What It Entails in the Near Future

The timely and cost-effective results produced by AI have already made a host of businesses replace their human resources with technology, while many others have started contemplating the same. One of the recent examples is the replacement of humans with bots in customer service by businesses mainly to save costs and redirect them towards their core business. AI-driven tools are also better equipped to study customer feedback and aid businesses and business leaders in identifying customer preferences and making informed decisions. Meanwhile, AI has also found its way into the healthcare and finance sectors. In healthcare, AI has improved diagnostics, personalised treatment plans, and drug discovery, fostering more effective and targeted medical interventions. In finance, AI algorithms analyse vast datasets to enhance decision-making, risk management, and fraud detection. Moreover, according to Goldman Sachs, about 300 million people could potentially lose their jobs due to automation and technologies like generative AI. Consequently, there are concerns among professionals and aspiring students about the potential automation within their domains and the resultant loss of work.

Surviving the cyber arms race in the age of generative AI

It's critical that industry and government continually evaluate the guardrails in place to protect the public from unrestrained use of AI, whether by cybercriminals or established organizations. The EO promises to develop standards that will ensure AI systems are safe and tested against a rigorous set of qualifications. These qualifications and standards will require refinement over time to become truly standardized. The US Department of Commerce will also develop guidance for watermarking and content authentication to clearly label AI-generated content, while companies like Alphabet, Meta, and OpenAI have already made commitments to implement such measures. This approach is resonant with how the US Secret Service got manufacturers of color copiers and printers to include digital watermarks on printed pages after the copiers became advanced enough to counterfeit money. However, it does bring its own unique set of challenges for bad actors to misuse. To ensure the responsible development and deployment of AI technologies, the evolution of our legislative framework must continue. With transparency, visibility, and understanding as cornerstones, the tech industry and government can work together to mitigate risk and counteract threats.

Building A Lasting Data Management Strategy Requires A Data-First Mindset

Without the data owners' participation, this project won't work. They're the experts in the processes underpinned by the data, whether it’s procurement, marketing, production or another department. They bring a functional view to the project. The migration is just a means to an end. If you don’t do it in the context of the business process, you’re just moving ones and zeros. There’s no value creation. The other side of the coin is the technical people, those who work closely with the line of business owners to execute the migration. These are the IT people who understand the tools, the steps and what needs to happen next. ... As IT and business teams struggle to do more with less, there'll be increased pressure to make the ROI case even before purchasing new tools. Historically, there's been a missing link between tool implementation and recognition at the executive level of the tool’s importance. Data management is a technical challenge for many enterprises, one that's primarily internal. Poor governance and a lack of monitoring are the primary factors cited as the causes of faulty data. As a result, the opportunity resides in a more comprehensive grasp of data and a more potent means of driving change so that data matches up with corporate goals.

9 ways to keep your developer team happy

Good feedback is important in any type of job, and software development is no different. Programmers want to know how they are doing and what they could do to improve. Developers also want to know whether the products they create are beneficial to users and profitable for their companies. An important part of feedback is recognition. This can be informal, such as a team leader paying a compliment for a successful project, or formal, such as a reward or perk for work well done. Public recognition among peers is also important. “Regular recognition and constructive feedback for their contributions are essential for a developer's happiness,” James says. “Feeling appreciated and acknowledged for their hard work and expertise can significantly boost job satisfaction.” ... Developers want to work on projects that push the edge of innovation, such as software that leverages AI and machine learning capabilities. They also want to build products that make a difference. Knowing that their organization stands out in the market is a source of pride and satisfaction. Developers "feel happy when they are allowed to work on innovative solutions,” says Vinika Garg, COO of Webomaze, an SEO agency.

The Three Most Important Emerging AI Trends in Data Analytics

As AI-enabled applications performing analytics are spun up, it is increasingly critical that the training and production data sets are unbiased and incorruptible. Bad training or production data sets that are biased or just out of date can lead the system to make bad recommendations and worse decisions. Ensuring the safety of the data includes a legal process (asking the firm to guarantee that the data in the repository isn’t owned by someone else who might take exception to its use) and some form of indemnification. The use of indemnification isn’t consistent, however, with some of the more mature firms indemnifying their customers and some of the other firms asking for indemnification from their customers. ... AI is very expensive to run in the cloud because it uses substantial processing and storage resources. However, if you can shift the load to the client, it frees up those resources and allows for faster results with some loss of trainability and customization as, typically, the clients use a compressed data set and inferencing that is more limited than the capabilities of a cloud implementation. 

Creating a formula for effective vulnerability prioritization

Systems should operate continuously and collect live data to drive vulnerability prioritization efforts based on actual usage. Traditional vulnerability systems, on the other hand, typically collect information periodically – on-demand, weekly, and even monthly. However, the lack of current exposure context can lead to resourcing and security gaps. This causes a significant human resource overhead and creates security gaps since the information doesn’t present a current map of the organization’s exposure. Automated and continuous prioritization adapts to a dynamically changing attack surface. In turn, teams gain greater accuracy with less reliance on manual data collection and analysis. Automated systems allow for greater capacity to digest more (and higher priority) data and better leverage existing resources. In parallel, organizations should consider deploying patchless protection to reduce their attack surface until patches are deployed. Patchless protection protects known vulnerabilities that haven’t been patched yet while preventing unknown vulnerabilities from causing damage.

Quote for the day:

“If you don’t value your time, neither will others. Stop giving away your time and talents. Value what you know & start charging for it.” -- Kim Garst

No comments:

Post a Comment