Guide to Kubernetes Security Posture Management (KSPM)
Bad security posture impacts your ability to respond to new and emerging
threats because of extra “strain” on your security capabilities caused by
misconfigurations, gaps in tooling, or inadequate training. ... GitOps manages
all cluster changes via Configuration as Code (CaC) in Git, eliminating manual
cluster modifications. This approach aligns with the Principle of Least
Privilege and offers benefits beyond security. GitOps ensures deployment
predictability, stability and admin awareness of the cluster’s state,
preventing configuration drift and maintaining consistency across test and
production clusters. Additionally, it reduces the number of users with write
access, enhancing security. ... Human log analysis is crucial for
retrospectively reviewing security incidents. However, real-time monitoring
and correlation are essential for detecting incidents initially. While manual
methods like SIEM solutions with dashboards and alerts can be effective, they
require significant time and effort to extract relevant data.
Where’s the ROI for AI? CIOs struggle to find it
The AI market is still developing, and some companies are adopting the
technology without a specific use case in mind, he adds. Kane has seen
companies roll out Microsoft Copilot, for example, without any employee
training about its uses. ... “I have found very few companies who have found
ROI with AI at all thus far,” he adds. “Most companies are simply playing with
the novelty of AI still.” The concern about calculating the ROI also rings
true to Stuart King, CTO of cybersecurity consulting firm AnzenSage and
developer of an AI-powered risk assessment tool for industrial facilities.
With the recent red-hot hype over AI, many IT leaders are adopting the
technology before they know what to do with it, he says. “I think back to the
first discussions that we had within the organizations that are working with,
and it was a case of, ‘Here’s this great new thing that we can use now, let’s
go out and find a use for it,’” he says. “What you really want to be doing is
finding a problem to solve with it first.” As a developer who has integrated
AI into his own software, King is not an AI skeptic.
100 Groups Urge Feds to Put UHG on Hook for Breach Notices
Some experts advise HIPAA-regulated entities that are likely affected by a
Change Healthcare breach to take precautionary measures now to prepare for
their potential notification duties involving a compromise of their patients'
PHI. ... HIPAA-regulated Change Healthcare customers also have an
obligation under HIPAA to perform "reasonable diligence" to investigate and
obtain information about the incident to determine whether the incident
triggers notice obligations to their patients or members, said attorney Sara
Goldstein of law firm BakerHostetler. Reasonable diligence includes
Change Healthcare customers frequently checking UHG and Optum's websites for
updates on the restoration and data analysis process, contacting their Change
Healthcare account representative on a regular basis to see if there are any
updates specific to their organization, and engaging outside privacy counsel
to submit a request for information directly to UnitedHealth Group to obtain
further information about the incident, Goldstein said.
‘Innovation Theater’ in Banking Gives Way to a More Realistic and Productive Function
The conservative approach many institutions are taking to GenAI reflects that
reality. Buy Now, Pay Later meanwhile makes a great example of how exciting
new innovations can unexpectedly reveal a dark side. ... In many institutions,
innovation has become less about pure invention and more about applying what’s
out there already in new ways and combinations to solve common problems. Doing
so doesn’t necessarily require geniuses, but you do need highly specialized
“plumbers” who can link together multiple technologies in smart ways. Even the
regulatory view has evolved. There was a time when federal regulators held
open doors to innovation, even to the extent of offering “sandboxes” to let
innovations sprout without weighing them down initially with compliance
burdens. But the Consumer Financial Protection Bureau, under the Biden
administration, did away with its sandbox early on. Washington today walks a
more cautious line on innovation, and that line could veer. The bottom line?
Innovators who take their jobs, and the impact of their jobs, seriously,
realize that banking innovation must grow up.
AI glasses + multimodal AI = a massive new industry
Both OpenAI and Google demos clearly reveal a future where, thanks to the
video mode in multimodal AI, we’ll be able to show AI something, or a room
full of somethings, and engage with a chatbot to help us know, process,
remember or understand. It would be all very natural, except for one awkward
element. All this holding and waving around of phones to show it what we want
it so “see” is completely unnatural. Obviously — obviously! — video-enabled
multimodal AI is headed for face computers, a.k.a. AI glasses. And, in fact,
one of the most intriguing elements of the Google demo was that during a video
demonstration, the demonstrator asked Astra-enhanced Gemini if it remembered
where her glasses were, and it directed her back to a table, where she picked
up the glasses and put them on. At that point, the glasses — which were
prototype AI glasses — seamlessly took over the chat session from the phone
(the whole thing was surely still running on the phone, with the glasses
providing the camera, microphones and so on).
Technological complexity drives new wave of identity risks
The concept zero standing privilege (ZSP) requires that a user only be granted
the minimum levels of access and privilege needed to complete a task, and only
for a limited amount of time. Should an attacker gain entry to a user’s
account, ZSP ensures there is far less potential for attackers to access
sensitive data and systems. The study found that 93% of security leaders
believe ZSP is effective at reducing access risks within their organization.
Additionally, 91% reported that ZSP is being enforced across at least some of
their company’s systems. As security leaders face greater complexity across
their organizations’ systems and escalating attacks from adversaries, it’s no
surprise that risk reduction was cited as respondents’ top priority for
identity and access management (55%). This was followed by improving team
productivity (50%) and automating processes (47%). Interestingly, improving
user experience was cited as the top priority among respondents who
experienced multiple instances of attacks or breaches due to improper access
in the last year.
The Legal Issues to Consider When Adopting AI
Different types of data bring different issues of consent and liability. For
example, consider whether your data is personally identifiable information,
synthetic content (typically generated by another AI system), or someone
else’s intellectual property. Data minimization—using only what you need—is a
good principle to apply at this stage. Pay careful attention to how you
obtained the data. OpenAI has been sued for scraping personal data to train
its algorithms. And, as explained below, data-scraping can raise questions of
copyright infringement. ... Companies also need to consider the potential
forinadvertent leakage of confidential and trade-secret information by an AI
product. If allowing employees to internally use technologies such as ChatGPT
(for text) and Github Copilot (for code generation), companies should note
that such generative AI tools often take user prompts and outputs as training
data to further improve their models. Luckily, generative AI companies
typically offer more secure services and the ability to opt out of model
training.
How innovative power sourcing can propel data centers toward sustainability
The increasing adoption of Generative AI technologies over the past few years
has placed unprecedented energy demands on data centers, coinciding with a
global energy emergency exacerbated by geopolitical crises. Electricity prices
have since reached record highs in certain markets, while oil prices soared to
their highest level in over 15 years. Volatile energy markets have awakened a
need in the general population to become more flexible in their energy use. At
the same time, the trends present an opportunity for the data center sector to
get ahead of the game. By becoming managers of energy, as opposed to just
consumers, market players can find more efficient and cost-effective ways to
source power. Innovative renewable options present a highly attractive avenue
in this regard. As a result, data center providers are working more
collaboratively with the energy sector for solutions. And for them, it’s
increasingly likely that optimizing efficiency won’t be just about being close
to the grid, but also about being close to the power-generation site – or even
generating and storing power on-site.
Google DeepMind Introduces the Frontier Safety Framework
Existing protocols for AI safety focus on mitigating risks from existing AI
systems. Some of these methods include alignment research, which trains models
to act within human values, and implementing responsible AI practices to
manage immediate threats. However, these approaches are mainly reactive and
address present-day risks, without accounting for the potential future risks
from more advanced AI capabilities. In contrast, the Frontier Safety Framework
is a proactive set of protocols designed to identify and mitigate future risks
from advanced AI models. The framework is exploratory and intended to evolve
as more is learned about AI risks and evaluations. It focuses on severe risks
resulting from powerful capabilities at the model level, such as exceptional
agency or sophisticated cyber capabilities. The Framework aims to align with
existing research and Google’s suite of AI responsibility and safety
practices, providing a comprehensive approach to preventing any potential
threats.
Proof-of-concept quantum repeaters bring quantum networks a big step closer
There are two main near-term use cases for quantum networks. The first use
case is to transmit encryption keys. The idea is that public key encryption –
the type currently used to secure Internet traffic – could soon be broken by
quantum computers. Symmetrical encryption – where the same key is used to both
encrypt and decrypt messages – is more future proof, but you need a way to get
that key to the other party. ... Today, however, the encryption we
currently have is good enough, and there’s no immediate need for companies to
look for secure quantum networks. Plus, there’s progress already being made on
creating quantum-proof encryption algorithms. The other use for quantum
networks is to connect quantum computers. Since quantum networks transmit
entangled photons, the computers so connected would also be entangled,
theoretically allowing for the creation of clustered quantum computers that
act as a single machine. “There are ideas for how to take quantum repeaters
and parallelize them to provide very high connectivity between quantum
computers,” says Oskar Painter, director of quantum hardware at AWS.
Quote for the day:
"Many of life’s failures are people
who did not realize how close they were to success when they gave up." --
Thomas Edison
No comments:
Post a Comment