Daily Tech Digest - May 03, 2024

Multi-cloud, multi-headaches?

Achieving true cloud portability requires adhering to open standards, avoiding proprietary services, and abstracting away cloud-specific dependencies. This often involves refactoring or re-architecting existing applications, which can be a daunting task for banks with extensive legacy systems and monolithic architectures. Failure to properly plan for portability can lead to vendor lock-in, negating one of the key benefits of a multi-cloud strategy. Another challenge lies in managing and optimising costs across multiple cloud providers. Each provider has its own pricing models, billing mechanisms, and cost optimisation strategies, making it difficult to maintain a consistent and efficient cost management approach. Banks must invest in specialised tools and expertise to monitor and optimise cloud spending across their multi-cloud environment, ensuring they are not overpaying for resources or services. As I mentioned last week, this is a burgeoning area called FinOps. Security and compliance are also critical concerns in a multi-cloud world. Banks must ensure that their data and applications are protected according to industry standards and regulations, regardless of the cloud provider they are using. 

How to Streamline Your M&A Process with Active Directory Migration

In an enterprise setting, AD is a core component of managing user authentication and authorization—a dual function critical to maintaining secure and systematic access to company resources. Take, for example, a platform like SharePoint, which is deeply integrated with AD. SharePoint uses AD to authenticate user credentials and authorize different access levels to documents and collaborative spaces. The strategic realignment of AD during a merger ensures that SharePoint and similar applications continue to function seamlessly, following the established user permissions and security measures while maintaining the system’s integrity. AD consolidation is a strategic move toward streamlining company operations during a merger or acquisition. When you merge different AD environments, you reduce the complexity and the need for multiple teams to manage each system. It's like having a single remote control linked to all your devices instead of a different one for each. With this approach, there's less chance for disruptions and data, and companies can minimize downtime, preserve data integrity, and maintain compliance with regulatory requirements.

Dealing With Chaos: A Guide for Leaders Feeling Overwhelmed at Work

Being able to handle these scenarios requires the ability to take this blurry problem and turn it into one that can be solved. This can be rewarding, but often also involves very long-running, complex work that requires wrangling multiple stakeholders with differing motivations, long-running negotiations, and, somehow, getting a tangible deliverable out at the end — which can be months or even years out. As a result, leaders also lack the positive experience and dopamine hits that come with getting things done. Many leaders are in the middle of not just hierarchies, but also communication and context levels, translating higher-level messages from senior leaders for lower-level team members who require more clarity and want to understand what those messages mean for them. It’s taxing to constantly be in the middle, translating between higher and lower levels of the organization, making your boss care about issues they’re not super interested in, and helping teammates understand decisions from higher-up leaders. The tech industry, while fast-paced and innovative, often pressures leaders to adopt the mantras of, “Move fast, break stuff, do more with less and better to ask for forgiveness than for permission.” 

Now Is the Time for Executives to Deploy Ethical Rules Around AI

The evolution of technology is a runaway train. In many respects, the field of AI is in its adolescence, but in the past year alone advances in AI and other nascent technologies have continued at a breakneck pace. Globally, the public and private sector and academia are engaging in ongoing debates over the promise, peril, and appropriate uses of AI. As a result, we can expect 2024 to be a year of enhanced government regulation of the technology. I believe it will ultimately fall to governments to set standards and laws around what those parameters will be. But while governments will undoubtedly play a critical regulatory role, the speed of AI adoption will require that company executives create ethical guidelines of their own around AI. ... Making sure all AI tools are being formed using unbiased and balanced data will be of particular importance. Consider facial recognition technology powered by generative AI. If an AI dataset is trained to favor a certain type of ethnicity, unfair biases and outcomes will almost certainly be baked into the tool. Working to create AI tools that avoid these types of dangerous and inequitable outcomes will be critical to the technology’s continued development.

Superconducting "Islands" Could Lead to Magnetic Memory

The superconductor in question is yttrium barium copper oxide (YBCO), which acts as a superconductor below -181 °C—far from room temperature but positively balmy by the standards of most superconductors. When YBCO is chilled below that critical temperature, any magnetic field lines that pass through its interiorgets expelled to its exterior. However, researchers can still cast magnetic field lines throughthe YBCO’s interior byblasting it with a new external magnetic field, then quickly turning off that magnetic field. Researchers have found that if they layer a non-superconducting ferromagnetic material atop the YBCO, they can imprint those temporary magnetic patterns through the superconductor and “write” them into the ferromagnet. Then, the ferromagnet will hold this pattern even after the external magnetic field is switched off. This is an ability of great interest for spintronics, the discipline already investigating how to use these kinds of magnetic structures as computer memory instead of the CMOS transistors that underpin most of today’s electronics.

How to Strike a Balance Between Technology and Human Connection in the Workplace

Personal talk frequently goes by the wayside among remote teams. Rather than chalking this up to inevitability, create space at the beginning of Teams or Zoom meetings to discuss what's going on in everyone's lives. Setting aside five minutes of "family talk" to make way for 55 minutes of "business talk" is a decent trade-off. Or take a page from GitLab. They actively encourage new hires to schedule virtual coffee chats with colleagues during their onboarding to promote informal communication. During one-on-ones, the talk can be just as personalized. Leaders should remember that each one-on-one is about the employee rather than them. Therefore, the dedicated agenda should concentrate on the employee, not the supervisor. Concentrating on the employee's needs fosters a two-way dialogue. It also puts some of the responsibility on the employee to guide the talking points. Remember: Informal interactions can play critical roles in team and employee-leader bonding. These "water cooler conversations" don't always feel intuitive in a digital workspace, so they need to be intentionally allowed. 

Traditional corporate leadership structures are failing women in the C-suite

Perhaps the best solution to the decline in the C-suite, is women declining the C-suite. Women are rejecting patriarchal norms of rigidity, burnout, harassment, limited opportunity and unfair pay in what has been termed the “Great Breakup.” Women are more likely than men to leave their corporate jobs when their needs are not being met at work. In rejecting the C-suite model, women are calling for more power-balanced, equitable models of leadership that involve collaboration rather than domination — a model in which, as Gloria Steinem famously states, “we are linked, not ranked.” Likewise, in co-author Jennifer Walinga’s research on women entrepreneurs, women shared how leaving their corporate jobs to be an entrepreneur fulfilled their desires for a new universe where post-heroic, non-hierarchical leadership models can be enacted. RBC may have unveiled another possible solution to failed leadership parity that they call the “great wealth transfer” — a “seismic change” that is seeing wealth ownership transfer from men to women. In fact, it is estimated that, by 2028, women in Canada will control $4 trillion in assets — almost double the $2.2 trillion they control today.

SCCM Exploitation: Compromising Network Access Accounts

SCCM, or System Center Configuration Manager, is an administrative tool from Microsoft that helps with automating tasks such as deploying software, applying patches, and ensuring devices comply with organizational security policies—all from a central location. In a typical enterprise, SCCM is deployed with a primary site server at the core, coordinating with secondary servers and management points to manage client devices effectively. This setup allows for efficient control over an organization’s devices by defining network boundaries, grouping devices into collections, and assigning specific roles for tasks like software distribution. ... Perhaps an even more interesting avenue of attack is relaying the NTLM credentials of a machine account to the HTTP endpoint, registering a fake computer certificate with SCCM, and, in turn, using this fake registration to retrieve policy documents. ... This technique, or rather chain of techniques developed by Matt Creel, begins with low-privilege sock sessions. Many penetration testers can attest that sometimes after spoofing answers to LLMNR, NetBios Name Service, or mDNS requests, the only authenticated sessions that come in are low-privileged, non-admin sessions. 

Finserv State of Play: Perks of Open Source Collaboration

Indeed, even when banks and financial services providers do use open-source software, for Chris Howard, Head of the Open Source Program Office at EPAM, they do not necessarily leverage it transparently. He says: “Many traditional financial institutions are either still afraid to use open-source because they are still close-guarding their secrets, or –if they are using open-source – they are doing so in a very introverted way, consuming the technology but not contributing to the open source, blockchain-powered network. “As such, the main topic of consideration today is collaboration, and the need to come together to build data transparently and then for the industry to standardise these practices,” Howard adds. As not every financial institution leverages open-source software, and perhaps those that do are not open about their use of it, the first step to truly leverage the power of open-source technology is understanding the need to collaborate, with banks coming together to build data. There are some examples already of open-source collaboration across banking organisations, but it arguably does not happen enough, and, where it does, it is the neobanks and digital players that lead the charge.

World Password Day 2024: Are passwords here to stay?

A full-scale, password-based security strategy can be deployed across an enterprise of any size with zero additional hardware. Enterprise-grade hardware for fingerprint or facial recognition is expensive, and thus proves way tougher to scale without sapping the IT budget. Apart from that, adopting new forms of authentication involves a complete shift from the status quo, requiring employees to internalize such a drastic change through training, which a lack thereof would lead to difficulties in its implementation. Large-scale enterprises still use mainframe applications to store decades worth of data simply because it would cost more to transfer them to a different domain than it would to maintain the applications. Similarly, a full-scale enterprise-wide migration from passwords to other forms of authentication poses the risk of a complete financial misfire, even in a best case scenario. Besides, password-based authentication mechanisms, due to their long-standing presence, have the best tech support available, and almost all the problems that could arise when enterprise IT teams deal with passwords already have. 

Quote for the day:

"Develop success from failures. Discouragement and failure are two of the surest stepping stones to success." -- Dale Carnegie

No comments:

Post a Comment