Daily Tech Digest - February 15, 2024

CISO and CIO Convergence: Ready or Not, Here It Comes

While CIOs are still responsible for setting and meeting technology goals and for staying on budget, their primary mandate is determining how the company can harness technology to innovate, and then procure and manage those resources. While plenty of companies still maintain large, on-premise IT estate, it's just a matter of time before they digitally transform. Either way, the CIO role has become markedly less operational over time. On the other hand, the profile of CISOs has been growing since the early 2000s, set against a non-stop carousel of compliance mandates, data breaches, and emerging cybersecurity threats. While data breaches may have forced businesses to pay attention to security, it was compliance mandates that funded it. From HIPAA and PCI DSS to GDPR, SOC 2, and more, compliance has been a double-edged sword for CISOs. Compliance increased the role of cybersecurity teams and made them more visible across IT and the business as a whole, providing CISOs with bigger budgets and increased latitude on how to spend it. However, all the effort they put into compliance did little to stymie phishing, ransomware, big breaches, and/or malicious insiders. 

Will Generative AI Kill DevSecOps?

Beyond having automation and guardrails in place, you also need security policies at the company level, Moisset said, to make sure that DevSecOps understands all the generative AI tools colleagues are using. Then you can educate them on how to use it, like creating and communicating a generative AI policy. Because a total ban on GenAI just won’t fly. When Italy temporarily banned ChatGPT, Foxwell said there was a visible decrease in productivity across the country’s GitHub organizations, but, when it was reinstated, “what also picked up was the usage of tools that circumvented all of the government policies and firewalls around the prevention of using these” tools. Engineers always find a way. Particularly when using generative AI for customer service chatbots, Moisset said, you need guardrails in place around both the inputs and outputs, as malicious actors can potentially “socialize” the chatbot via prompt injection to give a desired result — like when someone was able to buy a Chevy for $1 from a chatbot. “It’s back to educating the users and developers that it’s good to use AI, we should be using AI, but we need to actually put guardrails around it,” she said, which also demands an understanding of how your customers interact with GenAI.

Combining heat and compute

Data centers offer a predictable supply of heat because they keep their servers running continuously. But the heat is “low-grade:” It is warm rather than hot, and it comes in the form of air, which is difficult to transport. So, most data centers vent their heat to the atmosphere. Sometimes, there are district heat networks, which provide warmth to local homes and businesses through a piped network. If your data center is near one of these, it is a matter of extending it to connect to the data center, and boosting the grade of heat. But you have to be in the right place to connect to one. “There are certain countries that have established or developing heat networks, but the majority don't have a heat network per se, so it's going on a piecemeal basis,” Neal Kalita, senior director of power and energy at NTT, tells DCD. You are unlikely to find one in the US, says Rolf Brink of cooling consultancy Promersion: “The United States is a fundamentally different ecosystem. But Europe is a lot more dense in terms of population, and there is more heat demand.” The Nordic countries have a lot of heat networks. Stockholm Data Parks is a well-known example - a data center campus in urban Stockholm, where every data center has a connection to the district heating network and gets paid for its heat.

Harmonizing human potential and AI: The evolution of work in the digital era

The evolving landscape of work is witnessing a profound transformation as the fusion of human potential with AI takes center stage. Concerns about the ethical implications of AI are well-known, including the potential for perpetuating bias and discrimination and its impact on employment and job security. Ensuring that AI is developed and deployed ethically and responsibly is crucial, taking into account fairness, transparency and accountability. ... Optimizing human-centric capabilities with automation and an AI-first mindset is significant for long-term success. Consider a telecoms operator with employees struggling to grapple with the labor-intensive process of manually reviewing a high volume of mobile tower lease contracts. By embracing an AI-powered platform equipped with capabilities for faster and more accurate extraction of contract clauses, employees were able to shift their focus toward leveraging hidden risks identified by the platform. This enabled the renegotiation of existing contracts, leading to millions of dollars in savings. It’s no coincidence that the enterprises that are more inclined to augment human potential are those resilient enough to maximize the value of AI-led transformations. 

5 Wi-Fi vulnerabilities you need to know about

Like wired networks, Wi-Fi is susceptible to Denial of Service (DoS) attacks, which can overwhelm a Wi-Fi network with excessive amount of traffic. This can cause the Wi-Fi to become slow or unavailable, disrupting normal operations of the network, or even the business. A DoS attack can be launched by generating a large number of connection or authentication requests, or injecting the network with other bogus data to break the Wi-Fi. ... Wi-jacking occurs when a Wi-Fi-connected device has been accessed or taken over by an attacker. The attacker could retrieve saved Wi-Fi passwords or network authentication credentials on the computer or device. Then they could also install malware, spyware, or other software on the device. They could also manipulate the device’s settings, including the Wi-Fi configuration, to make the device connect to rogue APs. ... RF interference can cause Wi-Fi disruptions. Instead of being caused by bad actors, RF interference could be triggered by poor network design, building changes, or other electronics emitting or leaking into the RF space. Interference can result in degraded performance, reduced throughput, and increased latency.

AI outsourcing: A strategic guide to managing third-party risks

Bias may persist in many face detection systems. Naturally, this misidentification could have severe consequences for the parties involved. Diverse training data and transparent algorithms are necessary to mitigate the risk of discriminatory outcomes. Furthermore, complex AI models often encounter the “black box” problem or how some AI models arrive at their decisions. Teaming with a third-party AI service requires human oversight to navigate the threat of biased algorithms. ... Most of us can admit that the risk of becoming overly reliant on AI is significant. AI can quickly become a go-to solution for many challenges. It’s no surprise that companies face a similar risk, becoming too dependent on a single vendor’s AI solutions. However, this approach can become problematic. Companies can “get stuck,” and switching providers seems almost impossible. ... Quality and reliability concerns are top-of-mind for most company leaders partnering with third-party AI services. Some primary concerns include service outages, performance issues, and unexpected disruptions. Operational resilience is necessary, and contingency plans are a significant piece of the resiliency puzzle, given the damage business downtime can cause. 

Practices for Implementing an Effective Data Governance Strategy

Ensuring the integrity and usability of data within an organization requires implementing clear data quality standards and metrics. These standards serve as a benchmark for data quality, guiding data management practices and ensuring that data is accurate, complete, and reliable. Organizations can streamline their data governance processes by defining what constitutes quality data, making it easier to identify and rectify data issues. This approach enhances data quality, supports compliance with regulatory requirements, and improves decision-making capabilities. Developing a comprehensive set of data quality metrics is crucial for monitoring and maintaining high data standards. These metrics should be aligned with the organization’s strategic objectives and include criteria such as accuracy, completeness, consistency, timeliness, and uniqueness. ... Creating an environment where data stewardship and accountability are at the forefront requires strategic planning and commitment from all levels of an organization. It is essential to embed data governance principles into the corporate culture, ensuring that every team member understands their role in maintaining data integrity and security.

What is the impact of AI on storage and compliance?

Right now, when you look at traditional storage, generally speaking you look at your environment, your ecosystem, your data, classifying that data, and putting a value on it. And, depending on that value and the potential impact, you put in the right security and assign the length of time you need to keep the data and how you keep it, delete it. But, if you look at a CRM [customer relationship management service], if you put the wrong data in then the wrong data comes out, and it’s one set of data. So, to be blunt, garbage in, garbage out. With AI, it’s much more complex than that, so you may have garbage in, but instead of one dataset out that might be garbage, there might be a lot of different datasets and they may or may not be accurate. If you look at ChatGPT, it’s a little bit like a narcissist. It’s never wrong and if you give it some information and then it spits out the wrong information and then you say, “No, that’s not accurate”, it will tell you that’s because you didn’t give it the right dataset. And then at some stage it will stop talking to you, because it will have used up all its capability to argue with you, so to speak. From a compliance perspective, if you are using AI – a complicated AI or a simple AI like ChatGPT – to create a marketing document, that’s OK.

How to Get Your Failing Data Governance Initiatives Back on Track

Data governance is a big lift. Organizations might make the mistake of attempting to roll the initiative out across the entire enterprise without building in the steps to get there. “If you make it too broad and end up not focusing on short-term goals that you can demonstrate to keep the funding going, these engagements [tend] to fail,” says Prasad. Organizational issues are some of the major stumbling blocks standing in the way of successful data governance, but there can also be technical obstacles. Reiter points to the importance of leveraging automation. If an enterprise team attempts to manually undertake data governance mapping, it could be irrelevant by the time it is completed. ... Documentation, or lack thereof, can be a good indicator of a data governance initiatives' progress and sustainability. “As things are changing over time and documentation isn’t updated, that's a great sign that governance is not maintainable,” Holiat says. Getting feedback from end users can alert data governance leaders to issues standing in the way of adoption. Are people throughout the organization frustrated with the data governance program? Does it facilitate their access to data, or is it making their jobs more difficult?

Adopting AI with Eyes Wide Open

For businesses in general, AI can increase efficiency, make the workplace safer, improve customer service, create competitive advantage and lead to new business models and revenue streams. But like any technological innovation, AI has its risks and challenges. At the heart of AI is code and data; code can (and often does) contain bugs, and data can (and often does) contain anomalies. But that is no different to the technological innovations that we have embraced to-date. Arguably, the risks and challenges of AI are greater – not least of all because of the potential breadth of its application – and they include (but are certainly not limited to): overreliance, lack of transparency, ethical concerns, security, and regulatory and statutory challenges which typically lag behind the pace of progress. So, what does have this to do with strategy and architecture, and in particular digital transformation? Too often in organizations, new technologies are rushed in, in the belief that there is no time to lose. Before you know it, the funds and resources have been found to embark on an initiative (programme or project) to adopt it, spearheading the way to the future. It is the future! 

Quote for the day:

"I find that the harder I work, the more luck I seem to have." -- Thomas Jefferson

No comments:

Post a Comment