Daily Tech Digest - May 15, 2024

Why Capability-Based IT Investments Planning Doesn’t Work for Enterprises Today

Capability-based Planning has been around for long in the world of Enterprise Architecture (EA), and often finds a mention in leading EA frameworks. At its core is the concept of “business capability” (or simply “capability”) which represents the “what” that the business does. This is different from the “how” of the business, which is represented by constructs such as business processes, value streams, and value chains. ... Capability-based IT planning approaches are typically linear and spread over years. They do not consider the real and dynamic nature of the enterprises of today, wherein new themes such as Product Management, Agile enterprise, and AI-led business disruption require continuous introspection and adaptation to evolving industry practices and customer preferences. ... The product roadmap provides prioritised inputs for the landscape to respond to. The good thing here is that such roadmaps typically have clarity up to a few quarters ahead (up to 1- 2 years generally), with the initial quarters being more concrete and stable as opposed to the later quarters. When combined with EA-driven landscape impact analysis, the resulting IT initiatives are much more aligned to the dynamics of the business.

Evolving Roles: Developers and AI in Coding

The increasing use of AI in software development is causing a paradigm shift in the jobs of developers. Developers are evolving from being merely code writers to orchestrators of technology, strategists, and leaders of innovation. This calls for adjusting to new roles that prioritize higher-level decision-making, problem characterization, and system design. One of the changes involves that the developers need to be skilled in incorporating and tailoring AI tools into their workflow. This entails knowing the possibilities and limitations of these instruments in addition to being able to use them. Developers can devote their time to more complicated and valuable operations by becoming proficient with these technologies and freeing up time from repetitive jobs. As AI assumes greater responsibility for the technical coding process, soft skills like project management, communication, and creative problem-solving become more crucial. Developers need to be multidisciplinary collaborators, proficient communicators with non-technical team members, and project managers of both people and technology.

Why is embedded insurance so popular right now?

“Consumers get good value with embedded insurance for two main reasons. The first is trust. Customers want to buy insurance products from their trusted brands, not financial services and insurance organisations. Through embedded solutions, customers can stick to shopping with and purchasing from the brands they love and trust. There is also no need to head to a physical outlet to buy insurance – customers get protection at the exact point of sale and the service or product will be covered instantly. There is a lot of value in this ease and simplicity. Embedded solutions do a lot of the hard work and it means safeguarding what you care about is no more complicated than ticking a box on purchase. The second reason is data. Embedded insurance utilises customer data to provide bespoke costs and policies. Thanks to technology such as open banking APIs (which facilitate the data transfer between entities), tech players can assess the preferences of users, their needs and financial behaviour. Embedded insurance platforms can therefore make informed decisions and provide diverse and tailored offerings to consumers based on their risk profiles. 

Understanding the Modern Data Stack

The architecture of a modern data stack is meticulously designed to ensure utmost flexibility and seamless integration, thereby revolutionizing the workflow for businesses. The hallmark of such an advanced system lies in its ability to adapt to the evolving demands of data processing and analysis. This flexibility is not just limited to handling diverse data types but also extends to its capability to integrate with a myriad of tools and platforms. Integration plays a pivotal role in enhancing this ecosystem, acting as the glue that binds all components of the data stack together. It ensures that data flows smoothly from one process to another without bottlenecks, enabling real-time analytics and insights. This interconnectedness allows for a holistic view of operations, making it easier for businesses to make informed decisions quickly. ... Ensuring Data Quality and security while maintaining cross-platform compatibility forms a cornerstone of the modern data stack. This holistic approach integrates various components, from databases and analytics tools to data integration and visualization platforms, ensuring seamless interoperability across different environments. 

Private cloud makes its comeback, thanks to AI

Private cloud providers may be among the key beneficiaries of today’s generative AI gold rush as, once seemingly passé in favor of public cloud, CIOs are giving private clouds — either on-premises or hosted by a partner — a second look. At the center of this shift is increasing acknowledgement that to support AI workloads and to contain costs, enterprises long-term will land on a hybrid mix of public and private cloud. ... Todd Scott, senior vice president for Kyndryl US, acknowledges that AI and cost are among the key factors driving enterprises toward private clouds. “Most enterprises are currently exploring AI on the public cloud, but we expect clients will ultimately bring the app to their data and run AI where the data is, in private environments and at the edge,” he says. “Another factor that’s driving a move back to private cloud is predictability of cost,” Scott says. “Agile enterprises, by definition, make frequent changes to their applications, so they sometimes see big fluctuations in the cost of having their data on public clouds. Private clouds provide more predictability because the infrastructure is dedicated.”

CISOs Reconsider Their Roles in Response to GenAI Integration

The rise of AI and generative AI tools is a double-edged sword. “On one hand, it’s increasing their organizations’ threat exposure because cybercriminals can now use generative AI tools to rapidly scale their attacks,” said Mike Britton, CISO of Abnormal Security. “On the other hand, CISOs also have a valuable opportunity to leverage AI in strengthening their defenses.” GenAI can help enhance security content creation, security testing and analytics, incident response, and forensics. AI and machine learning can play a role in that, Britton pointed out, by ingesting signals from across the email and SaaS environment and deeply understanding normal behavior across this ecosystem. “AI models can then be used to detect anomalous activity and understand when a message or an event may be malicious,” Britton said. “This can help security teams detect more attacks at a faster speed, ensuring that threat actors never successfully reach their targets.” Jose Seara, CEO and founder of DeNexus, pointed out that modern cybersecurity solutions are already AI-enabled and take advantage of AI’s data processing power to make sense of a large volume of cybersecurity signals. 

How Adobe manages AI ethics concerns while fostering creativity

At Adobe, ethical innovation is our commitment to developing AI technologies in a responsible way that respects our customers and communities and aligns with our values. Back in 2019, we established a set of AI Ethics Principles we hold ourselves to when we're innovating, including accountability, responsibility, and transparency. With the development of Firefly, our focus has been on leveraging these principles to help mitigate biases, respond to issues quickly, and incorporate customer feedback. Our ongoing efforts help ensure that we are implementing Firefly responsibly without slowing down innovation. ... Even before Adobe began work on Firefly, our Ethical Innovation team had leveraged our AI Ethics Principles to create a standardized review process for our AI products and features -- from design to development to deployment. For any product development at Adobe, my team first works with the product team to assess potential risks, evaluate mitigations, and demonstrate how our AI Ethics Principles are being applied. It is not done in isolation.

Why Tokens Are Like Gold for Opportunistic Threat Actors

Once a threat actor has a token, they also have whatever rights and authorizations are imbued to the user. If they have captured an IdP token, they can access all corporate applications' SSO capabilities integrated with the IdP — without an MFA challenge. If it is an admin-level credential with associated privileges, they can potentially wage a world of devastation against systems, data, and backups. The longer the token is active, the more they can access, steal, and damage. Further, they can then create new accounts that no longer require the use of the token for ongoing network access. While expiring session tokens more frequently will not stop these sorts of attacks, it will greatly minimize the risk footprint by shortening the window of opportunity for a token to function. Unfortunately, we often see that tokens are not being expired at regular intervals, and some breach reporting also suggests that default token expirations are being deliberately extended. ... Longer token expiries provide user convenience — but at a high security price.

Low-tech tactics still top the IT security risk chart

Low-tech attack vectors are being adapted by cyber criminals to overcome security defenses because they can often evade detection until it’s too late. ... Hyatt’s team recently identified a rogue USB drive used to install the Raspberry Robin malware, which acts as a launchpad for subsequent attacks and gives bad actors the ability to fulfil the three key elements of a successful attack — establish a presence, maintain access and enable lateral movement. ... Even commonplace tasks such as generating a QR code to configure the Microsoft Authenticator app that’s used for two-factor authentication with Office 365 is open to exploitation, because it normalizes QR codes as a secure mechanism in the minds of users, Heiland says. “People have been trained not to click on links, but not when it comes to using QR codes for authentication,” Helland tells CSO. The danger with a QR code is that it can be configured to launch almost any application on a device, download a file, or open a browser and go to a website, all without the user being aware of what it’s going to do.

Cyber Insurers Pledge to Help Reduce Ransom Payments

As ransomware continues to pummel Britain, the government's cybersecurity agency and three major insurance associations have pledged to offer better support and guidance to victims. ... "Ransomware continues to be the biggest day-to-day cybersecurity threat to most U.K. organizations," Oswald said in a keynote speech. "In recent months, law enforcement has dramatically reduced the global threat from ransomware by disrupting LockBit's activities and just last week unmasking and sanctioning one of its Russia-based leaders." Nevertheless, officials continue to urge organizations to hone their defenses and constantly keep improving their resilience capabilities, to better repel hack attacks and avoid ever having to even consider paying a ransom. "The NCSC does not encourage, endorse or condone paying ransoms, and it's a dangerous misconception that doing so will make an incident go away or free victims of any future headaches," Oswald said. "In fact, every ransom that is paid signals to criminals that these attacks bear fruit and are worth doing."

Quote for the day:

''The distance between insanity and genius is measured only by success.'' -- Bruce Feirstein

No comments:

Post a Comment