Daily Tech Digest - February 12, 2024

Is privacy being traded away in the name of innovation and security?

The adage is that if you collect it, you must protect it. Every CISO knows this, and every instance where information is collected should have in place a means to protect that information. With this thought in mind, John A. Smith, founder and CSO of Conversant, proffered some thoughts which are easily embraceable:Adhere to regulations and compliance requirements. Understand that compliance isn’t enough. Measure your secure controls against current threat actor behaviors. Change your paradigms. Remember that most breaches follow the same high-level pattern. Smith’s comment about changing paradigms piqued my interest and his expansion is worthy of taking on board, as a different way of thinking. “Systems are generally open by default and closed by exception,” he tells CSO. “You should consider hardening systems by default and only opening access by exception. This paradigm change is particularly true in the context of data stores, such as practice management, electronic medical records, e-discovery, HRMS, and document management systems.” “How data is protected, access controls are managed, and identity is orchestrated are critically important to the security of these systems. ...”

Is 2024 the Year of Cloud Repatriation?

Security is one of them. At the same time that multi-cloud deployments are showing signs of decline, concerns about security threats are on the rise. The inability to achieve consistent security policies across multi-clouds topped the list as a problem or extreme problem for 56% of the organizations surveyed in 2023 compared to just 26% in 2022. And security mistakes are costly. According to the survey, downtime due to a successful application DDoS attack costs organizations an average of $6,130 per minute. Other security areas respondents ranked as problems or extreme problems included protection between platforms (61% in 2023 vs. 38% in 2022), unified visibility (58% in 2023 vs. 41% in 2022) and centralized management (46% in 2023 vs. 34% in 2022). Security is not, however, the only factor causing companies to rethink their security strategies and move applications and data back on-premise. Other considerations include: Cost management: While the cloud’s pay-as-you-go model can be cost-effective for variable workloads, it can lead to unexpected expenses when usage spikes. Where predictable workloads are concerned, it can be more cost-efficient to invest in on-premise infrastructure over the long term, rather than paying ongoing cloud service fees.

Data Mesh 101: What It Is and Why You Should Care

With the disaggregation of the data stack and profusion of tools and data available, data engineering teams are often left to duct-tape the pieces together to build their end-to-end solutions. The idea of the data mesh, first promulgated by Zhamak Dehghani a few years back, is an emerging concept in the data world. It proposes a technological, architectural, and organizational approach to solving data management problems by breaking up the monolithic data platform and de-centralizing data management across different domain teams and services. In a centralized architecture, data is copied from source systems into a data lake or data warehouse to create a single source of truth serving analytics use cases. This quickly becomes difficult to scale with data discovery and data version issues, schema evolution, tight coupling, and a lack of semantic metadata. The ultimate goal of the data mesh is to change the way data projects are managed within organizations. This enables organizations to empower teams across different business units to build data products autonomously with unified governance principles. It is a mindset shift from centralized to decentralized ownership, with the idea of creating an ecosystem of data products built by cross-functional domain data teams.

The Impact of Open-Source Software on Public Finance Management

The most obvious benefit of OSS is that it’s often free or at least low-cost. Software is the fastest-growing government IT spending category, so switching to a more affordable platform could yield significant savings. Government saving aside, open public finance solutions could reduce the financial burden on consumers. Consider how many U.S. citizens spend hundreds of dollars a year on tax preparation services, which typically use proprietary software. A free or low-cost open-source alternative could dramatically reduce this spending, making tax filing more affordable. ... Public finance agencies also introduce more transparency by embracing OSS. The Consumer Financial Protection Bureau (CFPB) — an early leader in government OSS in the U.S. — cites this visibility as the key driver of its open-source philosophy. The Bureau even runs a public GitHub page to provide developers with OSS tools and show consumers how their platforms work. Accountability is essential for government financial agencies like the CFPB. Consumers can only trust the office enforces regulations fairly and is truly open about its comparisons and advice when they understand how it approaches these issues.

9 traits of great IT leaders

Although it’s true that leading, which is about visioning, is not synonymous with managing, aka accomplishing tasks, true IT leaders are indeed “great at the business of IT,” says Eric Bloom, executive director of the IT Management and Leadership Institute and part of the Society for Information Management (SIM) Leadership Institute. In other words, they excel at managing IT budgets, projects, staffing needs, and so on. They have some, although not deep, understanding of the various technologies within their IT portfolios. And they understand how IT interrelates with cybersecurity and the other functional areas of their organizations. ... Furthermore, CIOs now must engage a wider spectrum of stakeholders, from their own IT teams to business project owners to their C-suite peers, the CEO, board members, and sometimes even outside customers and partners. And they are expected to brief each group on their technical roadmap and vision in ways that each and every one of those groups can understand and embrace. All that, Bloom says, requires the CIO to formulate much more intentional and deliberate interactions because “you could come up with the best vision for IT, but if you can’t articulate it to those you want to motivate, it will fall on deaf ears.”

Ask a Data Ethicist: Can We Trust Unexplainable AI?

Similar to the term AI, ethics also covers a whole range of issues and depending on the particular situation, certain ethical concerns can become more or less prominent. To use an extreme example, most people will care less about their privacy in a life and death situation. In a missing person situation, the primary concern is locating that person. This might involve using every means possible to find them, including divulging a lot of personal information to the media. However, when the missing person is located, all of the publicity about the situation should be removed. The ethical question now centers on ensuring the story doesn’t follow the victim throughout their life, introducing possible stigma.  ... In order for a person to exercise their agency and to be held accountable as a moral agent, it’s important to have some level of understanding about a situation. For example, if a bank denies a loan, they should provide the applicant with an explanation as to how that decision was made. This ensures it wasn’t based on irrelevant factors (you wore blue socks) or factors outside a person’s control (race, age, gender, etc.) that could prove discriminatory. 

Digital experience becomes new boardroom metric

“In our survey, we learned that 94% of the respondents in their own experience have experienced really poorly performing applications. And then out of that, 70% of respondents said that they are more likely to proactively keep using digital services that don’t perform, so the tolerance is very low for experiences that are not world-class, seamless and immediate.” Chintan Patel, Cisco UK and Ireland chief technology officer, said the new experience economy was definitely something hugely top of mind to firms in terms of how they deliver services to their customers and employees. “We have genuinely moved, especially since the pandemic, from this bricks-to-clicks type of motion, and our attention span has changed as well as consumers’. CEOs are absolutely aware of this intimately, how they’re building services, because what they’re seeing is that people have a far greater propensity to change applications, change providers, if the service isn’t met. I think the survey underlines that in terms of 54% of people having deleted more apps in the past year than they’ve installed, and partly because of the type of service or experience they’ve received or not received.

Integrating cybersecurity into vehicle design and manufacturing

The first challenge is in the supply chain, not just in terms of who provides the software; the issue penetrates each layer. Automakers need to understand this from a risk management perspective to pinpoint the onset and location of each specific risk. Suppliers must be involved in this process and continue to follow guidelines put in place by the automaker. The second challenge involves software updating. As technology continues to evolve and more features are added, cybercriminals find new ways to exploit flaws and gaps in systems that we may not have been aware of because of the newness of the technology. Regular software updates must be administered to products to patch holes in systems, improve existing vulnerabilities and improve product performance. In order to address these challenges, automakers need to conduct an initial risk assessment to understand what kind of threats and the type of threat actors are active within each layer of the product and supply chain in the automotive industry. From the experience gained from the initial risk assessment, a procedure must be put in place to ensure each internal and external employee and supplier knows their role in maintaining security at the company.

Startups pursue GPU alternatives for AI

The pitch the GPU-alternative vendors are making is that they have built a better mousetrap. “You will find that the GPU does a good job as far as general training for a broad range of things, and you can learn how to deploy them very, very quickly,” said Rodrigo Liang, co-founder and CEO of SambaNova Systems. “As you get into these really, really large models, you start to see some deficiencies. When you get to the size of GPT, you’re needing to run thousands of these chips. And ultimately, those chips are not running at great efficiency.” James Wang, senior product marketing manager at Cerebras Systems, echoes the legacy design sentiment and says that the GPU chip is simply too small. Its chip, the Wafer-Scale Engine-2 (WSE-2), is the size of an album cover. Whereas the Hopper GPU has a few thousand cores, WSE-2 has 850,000 cores, and the company claims 9,800 times the memory bandwidth of the GPU. “The amount of memory determines what how large-scale of a model you can train,” said Wang. “So if your starting point is a GPU, the maximum you can have is geared toward the size of the GPU and the accompanying memory. If you want to go larger, that problem becomes much more difficult. And you basically have to program around all the weak points of the GPU.”

It's time to break free from Corporate Agile

To get an indication of the price we pay to do Corporate Agile, let’s review the time spent to perform a typical process. I’ll take a Scrum team as an example, making a few simplifications to make measures easy to follow. Our hypothetical team consists of 7 Developers doing 1-week sprints. They have four team meetings each sprint: Refinement, Planning, Retrospective and Review. We’ll assume each meeting takes one hour, totalling four hours a week per person. That's 28 person-hours spent each week “doing Scrum” instead of doing work that directly benefits customers, and we’re not even counting the Daily. Now add the overhead of a professional scrum master, dedicated product owner, and layers of management between the team and its real stakeholders. ... What did they gain? In my experience, efforts toward backlog grooming, task refinement, and sprint planning rarely yield noticeable benefits except to make work fit in a box. ... For those currently in Scrum teams, ask yourself which would make your products more awesome: These meetings? Another engineer, designer, artist or domain expert? Budget for tools, services or runway? A few hours to relax and recharge?

Quote for the day:

"You may only succeed if you desire succeeding; you may only fail if you do not mind failing." -- Philippos

No comments:

Post a Comment