Daily Tech Digest - May 22, 2024

Guide to Kubernetes Security Posture Management (KSPM)

Bad security posture impacts your ability to respond to new and emerging threats because of extra “strain” on your security capabilities caused by misconfigurations, gaps in tooling, or inadequate training. ... GitOps manages all cluster changes via Configuration as Code (CaC) in Git, eliminating manual cluster modifications. This approach aligns with the Principle of Least Privilege and offers benefits beyond security. GitOps ensures deployment predictability, stability and admin awareness of the cluster’s state, preventing configuration drift and maintaining consistency across test and production clusters. Additionally, it reduces the number of users with write access, enhancing security. ... Human log analysis is crucial for retrospectively reviewing security incidents. However, real-time monitoring and correlation are essential for detecting incidents initially. While manual methods like SIEM solutions with dashboards and alerts can be effective, they require significant time and effort to extract relevant data. 


Where’s the ROI for AI? CIOs struggle to find it

The AI market is still developing, and some companies are adopting the technology without a specific use case in mind, he adds. Kane has seen companies roll out Microsoft Copilot, for example, without any employee training about its uses. ... “I have found very few companies who have found ROI with AI at all thus far,” he adds. “Most companies are simply playing with the novelty of AI still.” The concern about calculating the ROI also rings true to Stuart King, CTO of cybersecurity consulting firm AnzenSage and developer of an AI-powered risk assessment tool for industrial facilities. With the recent red-hot hype over AI, many IT leaders are adopting the technology before they know what to do with it, he says. “I think back to the first discussions that we had within the organizations that are working with, and it was a case of, ‘Here’s this great new thing that we can use now, let’s go out and find a use for it,’” he says. “What you really want to be doing is finding a problem to solve with it first.” As a developer who has integrated AI into his own software, King is not an AI skeptic. 


100 Groups Urge Feds to Put UHG on Hook for Breach Notices

Some experts advise HIPAA-regulated entities that are likely affected by a Change Healthcare breach to take precautionary measures now to prepare for their potential notification duties involving a compromise of their patients' PHI. ... HIPAA-regulated Change Healthcare customers also have an obligation under HIPAA to perform "reasonable diligence" to investigate and obtain information about the incident to determine whether the incident triggers notice obligations to their patients or members, said attorney Sara Goldstein of law firm BakerHostetler. Reasonable diligence includes Change Healthcare customers frequently checking UHG and Optum's websites for updates on the restoration and data analysis process, contacting their Change Healthcare account representative on a regular basis to see if there are any updates specific to their organization, and engaging outside privacy counsel to submit a request for information directly to UnitedHealth Group to obtain further information about the incident, Goldstein said.


‘Innovation Theater’ in Banking Gives Way to a More Realistic and Productive Function

The conservative approach many institutions are taking to GenAI reflects that reality. Buy Now, Pay Later meanwhile makes a great example of how exciting new innovations can unexpectedly reveal a dark side. ... In many institutions, innovation has become less about pure invention and more about applying what’s out there already in new ways and combinations to solve common problems. Doing so doesn’t necessarily require geniuses, but you do need highly specialized “plumbers” who can link together multiple technologies in smart ways. Even the regulatory view has evolved. There was a time when federal regulators held open doors to innovation, even to the extent of offering “sandboxes” to let innovations sprout without weighing them down initially with compliance burdens. But the Consumer Financial Protection Bureau, under the Biden administration, did away with its sandbox early on. Washington today walks a more cautious line on innovation, and that line could veer. The bottom line? Innovators who take their jobs, and the impact of their jobs, seriously, realize that banking innovation must grow up.


AI glasses + multimodal AI = a massive new industry

Both OpenAI and Google demos clearly reveal a future where, thanks to the video mode in multimodal AI, we’ll be able to show AI something, or a room full of somethings, and engage with a chatbot to help us know, process, remember or understand. It would be all very natural, except for one awkward element. All this holding and waving around of phones to show it what we want it so “see” is completely unnatural. Obviously — obviously! — video-enabled multimodal AI is headed for face computers, a.k.a. AI glasses. And, in fact, one of the most intriguing elements of the Google demo was that during a video demonstration, the demonstrator asked Astra-enhanced Gemini if it remembered where her glasses were, and it directed her back to a table, where she picked up the glasses and put them on. At that point, the glasses — which were prototype AI glasses — seamlessly took over the chat session from the phone (the whole thing was surely still running on the phone, with the glasses providing the camera, microphones and so on).
 

Technological complexity drives new wave of identity risks

The concept zero standing privilege (ZSP) requires that a user only be granted the minimum levels of access and privilege needed to complete a task, and only for a limited amount of time. Should an attacker gain entry to a user’s account, ZSP ensures there is far less potential for attackers to access sensitive data and systems. The study found that 93% of security leaders believe ZSP is effective at reducing access risks within their organization. Additionally, 91% reported that ZSP is being enforced across at least some of their company’s systems. As security leaders face greater complexity across their organizations’ systems and escalating attacks from adversaries, it’s no surprise that risk reduction was cited as respondents’ top priority for identity and access management (55%). This was followed by improving team productivity (50%) and automating processes (47%). Interestingly, improving user experience was cited as the top priority among respondents who experienced multiple instances of attacks or breaches due to improper access in the last year.


The Legal Issues to Consider When Adopting AI

Different types of data bring different issues of consent and liability. For example, consider whether your data is personally identifiable information, synthetic content (typically generated by another AI system), or someone else’s intellectual property. Data minimization—using only what you need—is a good principle to apply at this stage. Pay careful attention to how you obtained the data. OpenAI has been sued for scraping personal data to train its algorithms. And, as explained below, data-scraping can raise questions of copyright infringement. ... Companies also need to consider the potential forinadvertent leakage of confidential and trade-secret information by an AI product. If allowing employees to internally use technologies such as ChatGPT (for text) and Github Copilot (for code generation), companies should note that such generative AI tools often take user prompts and outputs as training data to further improve their models. Luckily, generative AI companies typically offer more secure services and the ability to opt out of model training.


How innovative power sourcing can propel data centers toward sustainability

The increasing adoption of Generative AI technologies over the past few years has placed unprecedented energy demands on data centers, coinciding with a global energy emergency exacerbated by geopolitical crises. Electricity prices have since reached record highs in certain markets, while oil prices soared to their highest level in over 15 years. Volatile energy markets have awakened a need in the general population to become more flexible in their energy use. At the same time, the trends present an opportunity for the data center sector to get ahead of the game. By becoming managers of energy, as opposed to just consumers, market players can find more efficient and cost-effective ways to source power. Innovative renewable options present a highly attractive avenue in this regard. As a result, data center providers are working more collaboratively with the energy sector for solutions. And for them, it’s increasingly likely that optimizing efficiency won’t be just about being close to the grid, but also about being close to the power-generation site – or even generating and storing power on-site.


Google DeepMind Introduces the Frontier Safety Framework

Existing protocols for AI safety focus on mitigating risks from existing AI systems. Some of these methods include alignment research, which trains models to act within human values, and implementing responsible AI practices to manage immediate threats. However, these approaches are mainly reactive and address present-day risks, without accounting for the potential future risks from more advanced AI capabilities. In contrast, the Frontier Safety Framework is a proactive set of protocols designed to identify and mitigate future risks from advanced AI models. The framework is exploratory and intended to evolve as more is learned about AI risks and evaluations. It focuses on severe risks resulting from powerful capabilities at the model level, such as exceptional agency or sophisticated cyber capabilities. The Framework aims to align with existing research and Google’s suite of AI responsibility and safety practices, providing a comprehensive approach to preventing any potential threats.


Proof-of-concept quantum repeaters bring quantum networks a big step closer

There are two main near-term use cases for quantum networks. The first use case is to transmit encryption keys. The idea is that public key encryption – the type currently used to secure Internet traffic – could soon be broken by quantum computers. Symmetrical encryption – where the same key is used to both encrypt and decrypt messages – is more future proof, but you need a way to get that key to the other party. ... Today, however, the encryption we currently have is good enough, and there’s no immediate need for companies to look for secure quantum networks. Plus, there’s progress already being made on creating quantum-proof encryption algorithms. The other use for quantum networks is to connect quantum computers. Since quantum networks transmit entangled photons, the computers so connected would also be entangled, theoretically allowing for the creation of clustered quantum computers that act as a single machine. “There are ideas for how to take quantum repeaters and parallelize them to provide very high connectivity between quantum computers,” says Oskar Painter, director of quantum hardware at AWS. 



Quote for the day:

"Many of life’s failures are people who did not realize how close they were to success when they gave up." -- Thomas Edison

No comments:

Post a Comment