Cloud cost management is not working
The Forrester report illuminates significant visibility challenges when using existing CCMO tools. Tracking expenses across different cloud activities, such as data management, egress charges, and application integration, remains a challenge. Finops is normally on the radar, but these enterprises have yet to adopt useful finops practices, with most programs either nonexistent or not yet off the ground, even if funded. Then there’s the fact that enterprises are not good at using these tools yet, and they seem to add more cost with little benefit. The assumption is that they will get better and costs will get under control. However, given the additional resource needs for AI deployments, improvements are not likely to occur for years. At the same time, there is no plan to provide IT with additional funding, and many companies are attempting to hold the line on spending. Despite these challenges, getting cloud spending under control continues to be a priority, even if results do not show that. This means major fixing needs to be done at the architecture and integration level, which most in IT view as overly complex and too expensive to fix.
Why Selecting the Appropriate Data Governance Operating Model Is Crucial
When deciding on the data governance operating model, you cannot simply pick one approach without evaluating the benefits each one offers. You need to weigh the potential benefits of centralized and decentralized governance models before making a decision. If you find that the benefits of centralizing your governance operations exceed those of a decentralized model by at least 20%, then it’s best to centralize. With a centralized governance model, you can bridge the skills gap, enjoy consistent outcomes across all business units, easily report on operations, ensure executive buy-in at the C-level, and plan for effectiveness in continuous feedback elicitation, improvements, and change management. However, the downside is that it often leads to operation rigidity, which reduces motivation among mid-level managers, and bureaucracy often outweighs the benefits. It’s important to consider socio-cultural aspects when formulating your operating model, as they can significantly influence the success of your organization.
5 Steps Toward Military-Grade API Security
When evaluating client security, you must address environment-specific threats.
In the browser, military grade starts with ensuring the best protections against
token theft, where malicious JavaScript threats, also known as cross-site
scripting (XSS), are the biggest concern. To reduce the impact of an XSS
exploit, it is recommended to use the latest and most secure HTTP-only SameSite
cookies to transport OAuth tokens to your APIs. Use a backend-for-frontend (BFF)
component to issue cookies to JavaScript apps. The BFF should also use a client
credential when getting access tokens. ... A utility API then does the cookie
issuing on behalf of its SPA without adversely affecting your web architecture.
In an OAuth architecture, clients obtain access tokens by running an OAuth flow.
To authenticate users, a client uses the OpenID Connect standard and runs a code
flow. The client sends request parameters to the authorization server and
receives response parameters. However, these parameters can potentially be
tampered with. For example, an attacker might replay a request and change the
scope value in an attempt to escalate privileges.
Break Security Burnout: Combining Leadership With Neuroscience
The problem for cybersecurity pros is that they often get stuck in a constant
state of psychological fight-or-flight response pattern due to the constant
stress cycle of their jobs, Coroneos explains. iRest is a training that helps
them switch out of this cycle to bring them to a deeper state of relaxation to
reset that fight-or-flight response. This will help the brain switch off, so it
is not constantly creating stress not only in the workplace but throughout their
everyday lives, thus creating burnout, he says. "We need to get them into a
position where they can come into a proper relationship into their
subconscious," Coroneos says, adding that so far cybersecurity professionals who
have experienced the training — which Cybermindz is currently piloting— report
they are sleeping better and making clearer decisions after only a few sessions
of the program. Indeed, while burnout remains a serious problem, the message
Coroneos and Williams ultimately want to convey is one of hope that there are
solutions to solve the burnout problem currently facing cybersecurity
professionals, and that the enormous pressures these dedicated professionals
face is not being overlooked.
Unlocking Customer Experience: The Critical Role of Your Supply Chain
It is crucial to find a partner that understands that digital transformation
alone is not enough. Unlike point solution vendors who solve isolated problems,
prioritize a partner that focuses on three main areas: people, processes, and
systems. A good partner will begin its approach by understanding what is
actually happening with mission-critical processes in the supply chain like
inbound and outbound logistics, supplier management, customer service, help
desk, and financial processes. Understanding these root causes helps identify
opportunities for improvement and automation. Analyzing data and feedback
reveals pain points, bottlenecks, and inefficiencies within each process.
Utilizing process mapping and performance metrics helps pinpoint areas ripe for
enhancement. Automation technologies, like AI and machine learning, streamline
repetitive tasks, reducing errors and enhancing efficiency. By continuously
assessing and optimizing these processes, businesses can improve responsiveness,
reduce costs, and enhance overall supply chain performance, ultimately driving
customer satisfaction and competitive advantage.
AI migration woes: Brain drain threatens India’s tech future
To address the challenge of talent migration, the biggest companies in India
must work together to democratise access to resources and opportunities within
its tech ecosystem. One key aspect of this approach involves fostering a culture
of open collaboration among key stakeholders, including top-tier venture
capitalists (VCs), corporates, academia and leading startups because no single
entity can drive AI innovation in isolation. By creating a collaborative
ecosystem where information is freely shared and resources are pooled, can level
the playing field and provide equal opportunities for aspiring AI professionals
across the nation. This could involve the establishment of platforms dedicated
to knowledge exchange, networking events and cross-sector partnerships aimed
towards accelerating innovation. ... In addition to these fundamental elements,
the tech ecosystem in India must also prioritise accessibility and affordability
in the adoption of AI-integrated technologies. The future-ready benefits of AI
should be democratised, reaching not only large brands but also small and
medium-sized enterprises (SMEs), startups and grassroots organisations.
Are you a toxic cybersecurity boss? How to be a better CISO
Though most CISOs treat their employees fairly, CISOs are human beings — with
all the frailties, quirks, and imperfections of the human condition. But CISOs
behaving badly expose their own organizations to huge risks. ... One of the
thorniest challenges of a toxic CISO is that the person causing the problem is
also the one in charge, making them susceptible to blind spots about their own
behavior. Nicole L. Turner, a specialist in workplace culture and leadership
coaching, got a close-up look at this type of myopia when a top exec (in a
non-security role) recently hired her to deliver leadership training to the
department heads at his company. “He felt like they needed training because he
could tell some things were going on with them, that they were burned out and
overwhelmed. But as I’m training them, I notice these sidebar conversations
[among his staff] that he was the problem, more so than the work itself. It was
just such an ironic thing and he didn’t know,” recounts Turner, owner and chief
culture officer at Nicole L. Turner Consulting in Washington, D.C. There’s also
some truth to the adage that it’s lonely at the top, especially in a
hypercompetitive corporate environment.
Who owns customer identity?
Onboarding users securely but still seamlessly is a constant conflict in many
types of businesses, from retail, insurance, to fintech. ... If you are from a
regulated industry, MFA becomes important. Make it a risk-based MFA, however, to
reduce undue friction. If your business offers a D2C or B2C product or service,
seamless onboarding is your number one priority. If user friction is the primary
reason for your CIAM initiative, the product team or engineering team should
take the lead and bring other teams along. If MFA is the main use case, the CISO
should lead the discussions and then bring other teams along. ... If testing or
piloting is possible, do so. Experimentation is very valuable in a CIAM context.
Whether you are moving to a new CIAM solution, trying a new auth method, or
changing your onboarding process in any other way, run a pilot or an A/B test
first. Starting small, measuring the results, and taking longer-term decisions
accordingly is a healthy cycle to follow when it comes to customer identity
processes.
GenAI: A New Headache for SaaS Security Teams
The GenAI revolution, whose risks remain in the realm of the unknown unknown,
comes at a time when the focus on perimeter protection is becoming increasingly
outdated. Threat actors today are increasingly focused on the weakest links
within organizations, such as human identities, non-human identities, and
misconfigurations in SaaS applications. Nation-state threat actors have recently
used tactics such as brute-force password sprays and phishing to successfully
deliver malware and ransomware, as well as carry out other malicious attacks on
SaaS applications. Complicating efforts to secure SaaS applications, the lines
between work and personal life are now blurred when it comes to the use of
devices in the hybrid work model. With the temptations that come with the power
of GenAI, it will become impossible to stop employees from using the technology,
whether sanctioned or not. The rapid uptake of GenAI in the workforce should,
therefore, be a wake-up call for organizations to reevaluate whether they have
the security tools to handle the next generation of SaaS security threats.
What CIOs Can Learn from an Attempted Deepfake Call
Defending against deepfake threats takes a multifaceted strategy. “There's a
three-pronged approach where there's education, there's culture, and there's
technology,” says Kosak. NINJIO focuses on educating people on cybersecurity
risks, like deepfakes, with short, engaging videos. “If you can deepfake a voice
and a face or an image based on just a little bit of information or maybe three
to four seconds of that voice tone, that's sending us down a path that is going
to require a ton of verification and discipline from the individual’s
perspective,” says McAlmont. He argues that an hour or two of annual training is
insufficient as threats continue to escalate. More frequent training can help
increase employee vigilance and build that culture of talking about
cybersecurity concerns. When it comes to training around deepfakes, awareness is
key. These threats will continue to come. What does a deepfake sound or look
like? (Pretty convincing in many cases.) What are some of the common signs that
the person you hear or see isn’t who they say they are?
Quote for the day:
“A real entrepreneur is somebody who
has no safety net underneath them.” -- Henry Kravis
No comments:
Post a Comment