Daily Tech Digest - April 10, 2024

Time to rethink cloud strategies in the AI era

The proliferation of AI technologies is busting datacenter boundaries, as running data close to compute and storage capabilities often offers the best outcomes. No workload embodies this more than GenAI, whose large language models (LLMs) require large amounts of compute processing. While it may make sense to run some GenAI workloads in public clouds – particularly for speedy proof-of – concepts, organizations also recognize that their corporate data is one of the key competitive differentiators. As such, organizations using their corporate IP to fuel and augment their models may opt to keep their data in house – or bring their AI to their data – to maintain control. The on-premises approach may also offer a better hedge against the risks of shadow AI, in which employees’ unintentional gaffes may lead to data leakage that harms their brands’ reputation. Fifty-five percent of organizations feel preventing exposure of sensitive and critical data is a top concern, according to Technalysis Research. With application workloads becoming more distributed to maximize performance it may make sense build, augment, or train models in house and run the resulting application in multiple locations. 

Zero Trust for Legacy Apps: Load Balancer Layer Can Be a Solution

There are a number of specific strengths inherent to deploying zero trust at the load balancer layer via SAML. Implementing zero trust at the load balancer layer allows organizations to enforce a unified access control mechanism for all applications. This ensures consistent security enforcement across diverse technological platforms, and extends to internal nodes policing East-West traffic or externally to cloud native service networking and partner APIs. Certificate management and rotation is a considerable pain point for cloud native applications, let alone for hybrid constellations of applications that might range from a few months old to 30 years old. Load balancers natively manage TLS certificates, offering a centralized point for efficient certificate management that is relatively application agnostic. This centralization not only eases the administrative burden but also enhances security by ensuring timely certificate renewal and efficient handling of encryption/decryption processes. By moving zero trust into an infrastructure point that is already integrated with all other parts of your infrastructure, this approach significantly reduces the complexity associated with modifying each application individually to align with zero trust principles. 

Is the power of people skills enough to keep gen AI in check?

The first area of interest is with Copilot technologies in the context of integrated development environments that the company is already using. “First, we optimize the individual,” he says, using gen AI to make developers more productive. But it’s not about reducing headcount. “My issue isn’t that we have too many developers,” he says. “It’s how we can go faster. I have to compete harder on brain power in a market that’s growing quickly. I’m looking to turn every developer into the single most productive engineer on the team.” And even if the engineers do get dramatically more productive, he says, there’s a big backlog of work the company wants to get done. But just moving faster isn’t enough, he says. Without communication skills and the curiosity needed to find out why things are being done, those productivity benefits can easily go to waste. “I can produce 10 times more useless garbage,” he says. The company has three full-time people who create internal training materials, as well as vet third-party training providers. “We’ve actually made significant investments in learning and development across a variety of domains,” Merkel says. “Core leadership skills is one.”

Why are many businesses turning to third-party security partners?

As organizations weigh the cost of security solutions alongside the rising cost of experienced employees, some are electing to prioritize spending in other areas, forgoing software licenses in favor of third-party partnerships. While moving from an in-house security program to one that relies on outside partners can represent a significant shift in mentality for many organizations, a growing number have found that working with third-party experts can help them secure their systems in a more effective—and scalable—manner. As the threat landscape continues to evolve at a rapid pace, no longer having to track and account for each new development can free up substantial time and resources for organizations. Another factor driving organizations toward external partnerships is the challenge of application onboarding. Enterprises use a massive number of software solutions, cloud services, and other applications, and ensuring those applications are properly configured and protected can be a challenge. As data privacy and security regulations continue to arise in a wide range of jurisdictions, it’s increasingly critical for today’s businesses to clearly demonstrate that they are effectively managing and protecting data within their applications.

Why global warnings about China’s cyber-espionage matter to CISOs

Chinese APTs have penetrated networks of companies providing goods and services to the defense sector, a leading equipment provider of 5G network equipment, and entities involved in wireless technology. Those compromised not only permit the pilfering of intellectual property, but China is also able to leverage their acquired knowledge or capability to continue to engage in both internal and external efforts to silence those in dissent of the current government. We have learned of the external effort largely through the various arrests and prosecutions of individuals, both Chinese nationals and those whom they have suborned to do their bidding. This effort has a moniker — Operation Fox Hunt. This operation was ordered created by President Xi Jinping in 2014. China has had varying degrees of success in its intimidation and coercion methodologies. FBI Director Christopher Wray described this operation as “a sweeping bid by Xi to target Chinese nationals who he sees are threats and who live outside of China, across the world. We’re talking about political rivals, dissidents, and critics seeking to expose China’s extensive human rights violations.”

Maximizing Business Value with Generative AI

As C-Suite leaders begin to understand GenAI, they are starting to uncover some questions: Which use cases will deliver the most value for my business? And how do we transition from a Proof of Concept (PoC) to full-scale implementation or enterprise-level deployment? A lot of the work currently remains in the PoC stage, though some industries are ahead of the curve, such as chatbots for HR and legal contracts, which have become relatively common. So, now what remains to be seen is how enterprises move toward widespread adoption by integrating GenAI into other business processes. To move from the PoC to the deployment stage, organizations must identify their strategy, as we covered earlier, as well as the use cases with high impact. Prioritizing these use cases based on their impact, cost, data readiness, and resistance to adoption is essential. Becoming familiar with the limitations and capabilities will also be important for decision-makers. A roadmap must be developed, and you must leave room for the possibility of failure. Once this is done, various PoCs and pilots can be launched, based on the problems an organization genuinely wants to solve. Additionally, transparency with your internal stakeholders is key. 

How to answer “why should we hire you?” in a job interview

In an ever-increasingly automated world, problem-solving and critical thinking are more important than ever. Here’s your chance to place yourself as a solution to current challenges. First state your understanding of the big issue you see the company or industry is facing, be that tech disruption, changing customer preferences, in-house inefficiencies, or something else. Next, state the transferrable experience that would help solve this. For example, “In my current role, I led a cross-functional team that delivered an AI integration that added value to our customers, which had a shorter time-to-market, and helped to increase product subscriptions by 12 per cent in three months.” Lastly, bring it back to this organisation. “For this role, I’m very interested to leverage this experience and to collaborate with different teams to find a solution to X that works for the company in the short and long-term.” ... Finally, show how you’ll fit in, and this doesn’t mean highlighting how you went to the same school or uni as someone in the C-suite. Here you should focus on the company’s values, and how they align with your own experience. Look for natural fits like customer focus, transparency, collaboration, or trust.

Securing Open Source Software, the Cyber Resilience Act Way

The European Union (EU) figured this out a while back. In its Cyber Resilience Act (CRA), it asked the open source community to establish common specifications for secure software development. The Eclipse Foundation and a host of other leading open source organizations, including the Apache Software Foundation, Blender Foundation, OpenSSL Software Foundation, PHP Foundation, Python Software Foundation and the Rust Foundation, are up for the challenge. The Eclipse Foundation is spearheading the effort to create a unified framework for secure software development. The foundations and allies are doing this via a new working group, established under the Eclipse Foundation Specification Process. The collaboration is spurred by more than regulatory compliance. In an era where open source software is pivotal to modern society, the imperative for safety, reliability and security in software has never been more critical. As Arpit Joshipura, the Linux Foundation‘s senior VP of networking, said at the Open Source Summit Europe in Bilbao, Spain, last year, “We must look at the end goal. The end goal for all of us is the same. We want to secure software, and we want to secure open source software.”

7 Top IT Challenges in 2024

“Government agencies at all levels are issuing an increasing number of regulations or mandates that need to be complied with. Some are inconsistent, some are duplicative but require separate reporting. They all have penalties for non-compliance so that creates liability concerns that shifts the focus from security and compliance,” says Scott Algeier, executive director of industry association Information Technology-Information Sharing and Analysis Center (IT-ISAC). “Security and compliance are not the same thing, so you may need to make additional investments to be both secure and compliant.” ... Return on investment is a key metric for financial services companies. However, after years of regulation, mergers, and growth, technology estates have become bloated and underperforming. As a result, financial institutions want technology that is user-friendly, value-drive and rapidly adaptable to new technologies like AI. “To accomplish this goal, CIOs and CTOs are facing the need to streamline enterprises by reducing spans and layers, increasing reuse of architectural patterns and ultimately increasing [the] productivity of their organizations,” says Fredric Cibelli.

US Bipartisan Privacy Bill Contains Cybersecurity Mandates

The bill's main focus is on creating rights of access and correction and allowing consumers the right to opt out from their data being used for targeted advertising. It would prohibit corporations from retaliating against individuals for exercising their opt-out rights, such as by denying service or charging different rates. It would also create oversight requirements for large companies with minimum revenues of $250 million that use decision-making algorithms, including algorithms that facilitate human decision-making. Those companies would need to annually assess their algorithms for potential biases and evaluate them for bias prior to putting them into production. Annual assessment would be publicly available and transmitted to the Federal Trade Commission. Consumers would have a right to opt out of algorithmic assessment in matters such as access to housing, employment, education, healthcare and financial activities. The FTC would publish guidance on how to comply with that section within two years. Individuals could sue companies for violations of most sections of the act. This would preempt the bevy of state data privacy laws that have come up in recent years, including in California.

Quote for the day:

“People are not lazy. They simply have important goals – that is, goals that do not inspire them.” -- Tony Robbins

No comments:

Post a Comment