CISO and CIO Convergence: Ready or Not, Here It Comes
While CIOs are still responsible for setting and meeting technology goals and
for staying on budget, their primary mandate is determining how the company can
harness technology to innovate, and then procure and manage those resources.
While plenty of companies still maintain large, on-premise IT estate, it's just
a matter of time before they digitally transform. Either way, the CIO role has
become markedly less operational over time. On the other hand, the profile of
CISOs has been growing since the early 2000s, set against a non-stop carousel of
compliance mandates, data breaches, and emerging cybersecurity threats. While
data breaches may have forced businesses to pay attention to security, it was
compliance mandates that funded it. From HIPAA and PCI DSS to GDPR, SOC 2, and
more, compliance has been a double-edged sword for CISOs. Compliance increased
the role of cybersecurity teams and made them more visible across IT and the
business as a whole, providing CISOs with bigger budgets and increased latitude
on how to spend it. However, all the effort they put into compliance did little
to stymie phishing, ransomware, big breaches, and/or malicious
insiders.
Will Generative AI Kill DevSecOps?
Beyond having automation and guardrails in place, you also need security
policies at the company level, Moisset said, to make sure that DevSecOps
understands all the generative AI tools colleagues are using. Then you can
educate them on how to use it, like creating and communicating a generative AI
policy. Because a total ban on GenAI just won’t fly. When Italy temporarily
banned ChatGPT, Foxwell said there was a visible decrease in productivity across
the country’s GitHub organizations, but, when it was reinstated, “what also
picked up was the usage of tools that circumvented all of the government
policies and firewalls around the prevention of using these” tools. Engineers
always find a way. Particularly when using generative AI for customer service
chatbots, Moisset said, you need guardrails in place around both the inputs and
outputs, as malicious actors can potentially “socialize” the chatbot via prompt
injection to give a desired result — like when someone was able to buy a Chevy
for $1 from a chatbot. “It’s back to educating the users and developers that
it’s good to use AI, we should be using AI, but we need to actually put
guardrails around it,” she said, which also demands an understanding of how your
customers interact with GenAI.
Combining heat and compute
Data centers offer a predictable supply of heat because they keep their
servers running continuously. But the heat is “low-grade:” It is warm rather
than hot, and it comes in the form of air, which is difficult to transport.
So, most data centers vent their heat to the atmosphere. Sometimes, there are
district heat networks, which provide warmth to local homes and businesses
through a piped network. If your data center is near one of these, it is a
matter of extending it to connect to the data center, and boosting the grade
of heat. But you have to be in the right place to connect to one. “There are
certain countries that have established or developing heat networks, but the
majority don't have a heat network per se, so it's going on a piecemeal
basis,” Neal Kalita, senior director of power and energy at NTT, tells DCD.
You are unlikely to find one in the US, says Rolf Brink of cooling consultancy
Promersion: “The United States is a fundamentally different ecosystem. But
Europe is a lot more dense in terms of population, and there is more heat
demand.” The Nordic countries have a lot of heat networks. Stockholm Data
Parks is a well-known example - a data center campus in urban Stockholm, where
every data center has a connection to the district heating network and gets
paid for its heat.
Harmonizing human potential and AI: The evolution of work in the digital era
The evolving landscape of work is witnessing a profound transformation as the
fusion of human potential with AI takes center stage. Concerns about the
ethical implications of AI are well-known, including the potential for
perpetuating bias and discrimination and its impact on employment and job
security. Ensuring that AI is developed and deployed ethically and responsibly
is crucial, taking into account fairness, transparency and accountability. ...
Optimizing human-centric capabilities with automation and an AI-first mindset
is significant for long-term success. Consider a telecoms operator with
employees struggling to grapple with the labor-intensive process of manually
reviewing a high volume of mobile tower lease contracts. By embracing an
AI-powered platform equipped with capabilities for faster and more accurate
extraction of contract clauses, employees were able to shift their focus
toward leveraging hidden risks identified by the platform. This enabled the
renegotiation of existing contracts, leading to millions of dollars in
savings. It’s no coincidence that the enterprises that are more inclined to
augment human potential are those resilient enough to maximize the value of
AI-led transformations.
5 Wi-Fi vulnerabilities you need to know about
Like wired networks, Wi-Fi is susceptible to Denial of Service (DoS) attacks,
which can overwhelm a Wi-Fi network with excessive amount of traffic. This can
cause the Wi-Fi to become slow or unavailable, disrupting normal operations of
the network, or even the business. A DoS attack can be launched by generating
a large number of connection or authentication requests, or injecting the
network with other bogus data to break the Wi-Fi. ... Wi-jacking occurs when a
Wi-Fi-connected device has been accessed or taken over by an attacker. The
attacker could retrieve saved Wi-Fi passwords or network authentication
credentials on the computer or device. Then they could also install malware,
spyware, or other software on the device. They could also manipulate the
device’s settings, including the Wi-Fi configuration, to make the device
connect to rogue APs. ... RF interference can cause Wi-Fi disruptions. Instead
of being caused by bad actors, RF interference could be triggered by poor
network design, building changes, or other electronics emitting or leaking
into the RF space. Interference can result in degraded performance, reduced
throughput, and increased latency.
AI outsourcing: A strategic guide to managing third-party risks
Bias may persist in many face detection systems. Naturally, this
misidentification could have severe consequences for the parties involved.
Diverse training data and transparent algorithms are necessary to mitigate the
risk of discriminatory outcomes. Furthermore, complex AI models often
encounter the “black box” problem or how some AI models arrive at their
decisions. Teaming with a third-party AI service requires human oversight to
navigate the threat of biased algorithms. ... Most of us can admit that the
risk of becoming overly reliant on AI is significant. AI can quickly become a
go-to solution for many challenges. It’s no surprise that companies face a
similar risk, becoming too dependent on a single vendor’s AI solutions.
However, this approach can become problematic. Companies can “get stuck,” and
switching providers seems almost impossible. ... Quality and reliability
concerns are top-of-mind for most company leaders partnering with third-party
AI services. Some primary concerns include service outages, performance
issues, and unexpected disruptions. Operational resilience is necessary, and
contingency plans are a significant piece of the resiliency puzzle, given the
damage business downtime can cause.
Practices for Implementing an Effective Data Governance Strategy
Ensuring the integrity and usability of data within an organization requires
implementing clear data quality standards and metrics. These standards serve
as a benchmark for data quality, guiding data management practices and
ensuring that data is accurate, complete, and reliable. Organizations can
streamline their data governance processes by defining what constitutes
quality data, making it easier to identify and rectify data issues. This
approach enhances data quality, supports compliance with regulatory
requirements, and improves decision-making capabilities. Developing a
comprehensive set of data quality metrics is crucial for monitoring and
maintaining high data standards. These metrics should be aligned with the
organization’s strategic objectives and include criteria such as accuracy,
completeness, consistency, timeliness, and uniqueness. ... Creating an
environment where data stewardship and accountability are at the forefront
requires strategic planning and commitment from all levels of an organization.
It is essential to embed data governance principles into the corporate
culture, ensuring that every team member understands their role in maintaining
data integrity and security.
What is the impact of AI on storage and compliance?
Right now, when you look at traditional storage, generally speaking you look
at your environment, your ecosystem, your data, classifying that data, and
putting a value on it. And, depending on that value and the potential impact,
you put in the right security and assign the length of time you need to keep
the data and how you keep it, delete it. But, if you look at a CRM [customer
relationship management service], if you put the wrong data in then the wrong
data comes out, and it’s one set of data. So, to be blunt, garbage in, garbage
out. With AI, it’s much more complex than that, so you may have garbage in,
but instead of one dataset out that might be garbage, there might be a lot of
different datasets and they may or may not be accurate. If you look at
ChatGPT, it’s a little bit like a narcissist. It’s never wrong and if you give
it some information and then it spits out the wrong information and then you
say, “No, that’s not accurate”, it will tell you that’s because you didn’t
give it the right dataset. And then at some stage it will stop talking to you,
because it will have used up all its capability to argue with you, so to
speak. From a compliance perspective, if you are using AI – a complicated AI
or a simple AI like ChatGPT – to create a marketing document, that’s OK.
How to Get Your Failing Data Governance Initiatives Back on Track
Data governance is a big lift. Organizations might make the mistake of
attempting to roll the initiative out across the entire enterprise without
building in the steps to get there. “If you make it too broad and end up not
focusing on short-term goals that you can demonstrate to keep the funding
going, these engagements [tend] to fail,” says Prasad. Organizational issues
are some of the major stumbling blocks standing in the way of successful data
governance, but there can also be technical obstacles. Reiter points to the
importance of leveraging automation. If an enterprise team attempts to
manually undertake data governance mapping, it could be irrelevant by the time
it is completed. ... Documentation, or lack thereof, can be a good indicator
of a data governance initiatives' progress and sustainability. “As things are
changing over time and documentation isn’t updated, that's a great sign that
governance is not maintainable,” Holiat says. Getting feedback from end users
can alert data governance leaders to issues standing in the way of adoption.
Are people throughout the organization frustrated with the data governance
program? Does it facilitate their access to data, or is it making their jobs
more difficult?
Adopting AI with Eyes Wide Open
For businesses in general, AI can increase efficiency, make the workplace
safer, improve customer service, create competitive advantage and lead to new
business models and revenue streams. But like any technological innovation, AI
has its risks and challenges. At the heart of AI is code and data; code can
(and often does) contain bugs, and data can (and often does) contain
anomalies. But that is no different to the technological innovations that we
have embraced to-date. Arguably, the risks and challenges of AI are greater –
not least of all because of the potential breadth of its application – and
they include (but are certainly not limited to): overreliance, lack of
transparency, ethical concerns, security, and regulatory and statutory
challenges which typically lag behind the pace of progress. So, what does have
this to do with strategy and architecture, and in particular digital
transformation? Too often in organizations, new technologies are rushed in, in
the belief that there is no time to lose. Before you know it, the funds and
resources have been found to embark on an initiative (programme or project) to
adopt it, spearheading the way to the future. It is the future!
Quote for the day:
"I find that the harder I work, the
more luck I seem to have." -- Thomas Jefferson
No comments:
Post a Comment