Why Capability-Based IT Investments Planning Doesn’t Work for Enterprises Today
Capability-based Planning has been around for long in the world of Enterprise Architecture (EA), and often finds a mention in leading EA frameworks. At its core is the concept of “business capability” (or simply “capability”) which represents the “what” that the business does. This is different from the “how” of the business, which is represented by constructs such as business processes, value streams, and value chains. ... Capability-based IT planning approaches are typically linear and spread over years. They do not consider the real and dynamic nature of the enterprises of today, wherein new themes such as Product Management, Agile enterprise, and AI-led business disruption require continuous introspection and adaptation to evolving industry practices and customer preferences. ... The product roadmap provides prioritised inputs for the landscape to respond to. The good thing here is that such roadmaps typically have clarity up to a few quarters ahead (up to 1- 2 years generally), with the initial quarters being more concrete and stable as opposed to the later quarters. When combined with EA-driven landscape impact analysis, the resulting IT initiatives are much more aligned to the dynamics of the business.
Evolving Roles: Developers and AI in Coding
The increasing use of AI in software development is causing a paradigm shift in the jobs of developers. Developers are evolving from being merely code writers to orchestrators of technology, strategists, and leaders of innovation. This calls for adjusting to new roles that prioritize higher-level decision-making, problem characterization, and system design. One of the changes involves that the developers need to be skilled in incorporating and tailoring AI tools into their workflow. This entails knowing the possibilities and limitations of these instruments in addition to being able to use them. Developers can devote their time to more complicated and valuable operations by becoming proficient with these technologies and freeing up time from repetitive jobs. As AI assumes greater responsibility for the technical coding process, soft skills like project management, communication, and creative problem-solving become more crucial. Developers need to be multidisciplinary collaborators, proficient communicators with non-technical team members, and project managers of both people and technology.
Why is embedded insurance so popular right now?
“Consumers get good value with embedded insurance for two main reasons. The
first is trust. Customers want to buy insurance products from their trusted
brands, not financial services and insurance organisations. Through embedded
solutions, customers can stick to shopping with and purchasing from the brands
they love and trust. There is also no need to head to a physical outlet to buy
insurance – customers get protection at the exact point of sale and the service
or product will be covered instantly. There is a lot of value in this ease and
simplicity. Embedded solutions do a lot of the hard work and it means
safeguarding what you care about is no more complicated than ticking a box on
purchase. The second reason is data. Embedded insurance utilises customer data
to provide bespoke costs and policies. Thanks to technology such as open banking
APIs (which facilitate the data transfer between entities), tech players can
assess the preferences of users, their needs and financial behaviour. Embedded
insurance platforms can therefore make informed decisions and provide diverse
and tailored offerings to consumers based on their risk profiles.
Understanding the Modern Data Stack
The architecture of a modern data stack is meticulously designed to ensure
utmost flexibility and seamless integration, thereby revolutionizing the
workflow for businesses. The hallmark of such an advanced system lies in its
ability to adapt to the evolving demands of data processing and analysis. This
flexibility is not just limited to handling diverse data types but also extends
to its capability to integrate with a myriad of tools and platforms. Integration
plays a pivotal role in enhancing this ecosystem, acting as the glue that binds
all components of the data stack together. It ensures that data flows smoothly
from one process to another without bottlenecks, enabling real-time analytics
and insights. This interconnectedness allows for a holistic view of operations,
making it easier for businesses to make informed decisions quickly. ... Ensuring
Data Quality and security while maintaining cross-platform compatibility forms a
cornerstone of the modern data stack. This holistic approach integrates various
components, from databases and analytics tools to data integration and
visualization platforms, ensuring seamless interoperability across different
environments.
Private cloud makes its comeback, thanks to AI
Private cloud providers may be among the key beneficiaries of today’s
generative AI gold rush as, once seemingly passé in favor of public cloud,
CIOs are giving private clouds — either on-premises or hosted by a partner — a
second look. At the center of this shift is increasing acknowledgement that to
support AI workloads and to contain costs, enterprises long-term will land on
a hybrid mix of public and private cloud. ... Todd Scott, senior vice
president for Kyndryl US, acknowledges that AI and cost are among the key
factors driving enterprises toward private clouds. “Most enterprises are
currently exploring AI on the public cloud, but we expect clients will
ultimately bring the app to their data and run AI where the data is, in
private environments and at the edge,” he says. “Another factor that’s driving
a move back to private cloud is predictability of cost,” Scott says. “Agile
enterprises, by definition, make frequent changes to their applications, so
they sometimes see big fluctuations in the cost of having their data on public
clouds. Private clouds provide more predictability because the infrastructure
is dedicated.”
CISOs Reconsider Their Roles in Response to GenAI Integration
The rise of AI and generative AI tools is a double-edged sword. “On one hand,
it’s increasing their organizations’ threat exposure because cybercriminals
can now use generative AI tools to rapidly scale their attacks,” said Mike
Britton, CISO of Abnormal Security. “On the other hand, CISOs also have a
valuable opportunity to leverage AI in strengthening their defenses.” GenAI
can help enhance security content creation, security testing and analytics,
incident response, and forensics. AI and machine learning can play a role in
that, Britton pointed out, by ingesting signals from across the email and SaaS
environment and deeply understanding normal behavior across this ecosystem.
“AI models can then be used to detect anomalous activity and understand when a
message or an event may be malicious,” Britton said. “This can help security
teams detect more attacks at a faster speed, ensuring that threat actors never
successfully reach their targets.” Jose Seara, CEO and founder of DeNexus,
pointed out that modern cybersecurity solutions are already AI-enabled and
take advantage of AI’s data processing power to make sense of a large volume
of cybersecurity signals.
How Adobe manages AI ethics concerns while fostering creativity
At Adobe, ethical innovation is our commitment to developing AI technologies
in a responsible way that respects our customers and communities and aligns
with our values. Back in 2019, we established a set of AI Ethics Principles we
hold ourselves to when we're innovating, including accountability,
responsibility, and transparency. With the development of Firefly, our focus
has been on leveraging these principles to help mitigate biases, respond to
issues quickly, and incorporate customer feedback. Our ongoing efforts help
ensure that we are implementing Firefly responsibly without slowing down
innovation. ... Even before Adobe began work on Firefly, our Ethical
Innovation team had leveraged our AI Ethics Principles to create a
standardized review process for our AI products and features -- from design to
development to deployment. For any product development at Adobe, my team first
works with the product team to assess potential risks, evaluate mitigations,
and demonstrate how our AI Ethics Principles are being applied. It is not done
in isolation.
Why Tokens Are Like Gold for Opportunistic Threat Actors
Once a threat actor has a token, they also have whatever rights and
authorizations are imbued to the user. If they have captured an IdP token,
they can access all corporate applications' SSO capabilities integrated with
the IdP — without an MFA challenge. If it is an admin-level credential with
associated privileges, they can potentially wage a world of devastation
against systems, data, and backups. The longer the token is active, the more
they can access, steal, and damage. Further, they can then create new accounts
that no longer require the use of the token for ongoing network access. While
expiring session tokens more frequently will not stop these sorts of attacks,
it will greatly minimize the risk footprint by shortening the window of
opportunity for a token to function. Unfortunately, we often see that tokens
are not being expired at regular intervals, and some breach reporting also
suggests that default token expirations are being deliberately extended. ...
Longer token expiries provide user convenience — but at a high security
price.
Low-tech tactics still top the IT security risk chart
Low-tech attack vectors are being adapted by cyber criminals to overcome
security defenses because they can often evade detection until it’s too late.
... Hyatt’s team recently identified a rogue USB drive used to install the
Raspberry Robin malware, which acts as a launchpad for subsequent attacks and
gives bad actors the ability to fulfil the three key elements of a successful
attack — establish a presence, maintain access and enable lateral movement.
... Even commonplace tasks such as generating a QR code to configure the
Microsoft Authenticator app that’s used for two-factor authentication with
Office 365 is open to exploitation, because it normalizes QR codes as a secure
mechanism in the minds of users, Heiland says. “People have been trained not
to click on links, but not when it comes to using QR codes for
authentication,” Helland tells CSO. The danger with a QR code is that it can
be configured to launch almost any application on a device, download a file,
or open a browser and go to a website, all without the user being aware of
what it’s going to do.
Cyber Insurers Pledge to Help Reduce Ransom Payments
As ransomware continues to pummel Britain, the government's cybersecurity
agency and three major insurance associations have pledged to offer better
support and guidance to victims. ... "Ransomware continues to be the biggest
day-to-day cybersecurity threat to most U.K. organizations," Oswald said in a
keynote speech. "In recent months, law enforcement has dramatically reduced
the global threat from ransomware by disrupting LockBit's activities and just
last week unmasking and sanctioning one of its Russia-based leaders."
Nevertheless, officials continue to urge organizations to hone their defenses
and constantly keep improving their resilience capabilities, to better repel
hack attacks and avoid ever having to even consider paying a ransom. "The NCSC
does not encourage, endorse or condone paying ransoms, and it's a dangerous
misconception that doing so will make an incident go away or free victims of
any future headaches," Oswald said. "In fact, every ransom that is paid
signals to criminals that these attacks bear fruit and are worth doing."
Quote for the day:
''The distance between insanity and
genius is measured only by success.'' -- Bruce Feirstein
No comments:
Post a Comment