Daily Tech Digest - May 27, 2024

10 big devops mistakes and how to avoid them

“One of the significant challenges with devops is ensuring seamless communication and collaboration between development and operations teams,” says Lawrence Guyot, president of IT services provider Empowerment through Technology & Education (ETTE). ... Ensuring the security of the software supply chain in a devops environment can be challenging. “The speed at which devops teams operate can sometimes overlook essential security checks,” Guyot says. “At ETTE, we addressed this by integrating automated security tools directly into our CI/CD pipeline, conducting real-time security assessments at every stage of development.” This integration not only helped the firm identify vulnerabilities early, but also ensured that security practices kept pace with rapid deployment cycles, Guyot says. ... “Aligning devops with business goals can be quite the hurdle,” says Remon Elsayea, president of TechTrone IT Services, an IT solutions provider for small and mid-sized businesses. “It often seems like the rapid pace of devops initiatives can outstrip the alignment with broader business objectives, leading to misaligned priorities,” Elsayea says.


Why We Need to Get a Handle on AI

A recent World Economic Forum report also found a widening cyber inequity, which is accelerating the profound impact of emerging technologies. The path forward therefore demands strategic thinking, concerted action, and a steadfast commitment to cyber resilience. Again, this isn’t new. Organizations of all sizes and maturity levels have often struggled to maintain the central tenets of organizational cyber resilience. At the end of the day, it is much easier to use technology to create malicious attacks than it is to use technology to detect such a wide spectrum of potential attack vectors and vulnerabilities. The modern attack surface is vast and can overwhelm an organization as they determine how to secure it. With this increased complexity and proliferation of new devices and attack vectors, people and organizations have become a bigger vulnerability than ever before. It is often said that humans are the biggest risk when it comes to security and deepfakes can more easily trick people into taking actions that benefit the attackers. Therefore, what questions should security teams be asking to protect their organization?


Demystifying cross-border data transfer compliance for Indian enterprises

The variability of these laws introduces complex compliance issues. As Indian enterprises expand globally, the significance of robust data compliance management escalates. Organizations like ours assist companies worldwide with customized solutions tailored to the complexities of cross-border data transfer compliance. We ensure that businesses not only meet international data protection standards but also enhance their data governance practices through our comprehensive suite of tools. The evolution of India’s data localization policies could significantly influence global digital diplomacy. Moving from strict data localization to permitting certain cross-border data flows aligns India more closely with global digital trade norms, potentially enhancing its relationships with major markets like the US and EU. India is proactively revising its legal frameworks to better address the intricacies of cross-border data transfers within the realm of data privacy, especially for businesses. The forthcoming DPDPA regulations aim to balance the need for data protection with the operational requirements of digital commerce and governance.


Digital ID adoption: Implementation and security concerns

Digital IDs are poised to revolutionize sectors that rely heavily on secure and efficient identity verification. ... “As the Forrester experts note in the study, the complexities and disparities of global implementation across various landscapes highlight the strategic necessity of adopting a hybrid approach to digital IDs. Moreover, there is no single, universally accepted set of global standards for digital IDs that applies across all countries and sectors. Therefore, the large number of companies at the stage of active implementation demonstrates a growing need for frameworks and guidelines that aim to foster interoperability, security, and privacy across different digital ID systems,” said Ihar Kliashchou, CTO at Regula. “The good news is that several international organizations and standards bodies — New Technology Working Group in the International Civil Aviation Organization, the International Organization for Standardization (ISO), etc. — are working towards those standards. This seems to be a case in which slow and steady wins the race,” concluded Kliashchou.


Forrester: Preparing for the era of the AI PC

AI PCs are now disrupting the cloud-only AI model to bring that processing to local devices running any OS. But what is an AI PC exactly? Forrester defines an AI PC as a PC embedded with an AI chip and algorithms specifically designed to improve the experience of AI workloads across the computer processing unit (CPU), graphics processing unit (GPU) and neural processing unit (NPU). ... An AI PC also offers a way to improve the collaboration experience. Dedicated AI chipsets will improve the performance of classic collaboration features, such as background blur and noise, by sharing resources across CPUs, GPUs and NPUs. On-device AI offers the ability to render a much finer distinction between the subject and the blurred background. More importantly, the AI PC will also enable new use cases, such as eye contact correction, portrait blur, auto framing, lighting adjustment and digital avatars. Another benefit of AI chipsets on PCs is that they provide the means to optimise device performance and longevity. Previous AI use cases were feasible on PCs, but they drained the battery quickly. The addition of an NPU will help preserve battery life while employees run sustained AI workloads.


Gartner Reveals 5 Trends That Will Make Software Engineer

Herschmann said that while there is a worry that AI could eliminate coding jobs instead of just enhancing them, that worry is somewhat unfounded. "If anything, we believe there's going to be a need for more developers, which may at first seem a little counterintuitive, but the reality is that we're still in the early stages of all of this," he said. "While generative AI is quite impressive in the beginning, if you dig a little bit deeper, you realize it's shinier than it really is," Herschmann said. So instead of replacing developers, AI will be more of a partner to them. ... Coding is just a small part of a developer's role. There are a lot of other things they need to do, such as keep the environment running, configuration work, and so on. So it makes sense to have a platform engineering team to take some of this work off developers' plates so they can focus on building the product, according to Herschmann. "Along with that though comes a potential scaling effect because you can then provide that same environment and the skills of that team to others as you scale up," he said. 


Beyond blockchain: Unlocking the potential of Directed Acyclic Graphs (DAGs)

DAGs are a type of data structure that uses a topological ordering, allowing for multiple branches that converge but do not loop back on themselves. Imagine a network of interconnected highways where each transaction can follow its own distinct course, branching off and joining forces with other transactions as required. This structure enables simultaneous transactions, eliminating the need for sequential processing, which is a bottleneck in traditional blockchain systems. ... One of the notable challenges of traditional blockchain technology is its scalability. DAGs address this issue by allowing more transactions to be processed in parallel, significantly increasing throughput, a key advantage for real-time applications in commodity trading and supply chain management. DAGs are more energy-efficient than proof-of-work blockchains, as they do not require substantial computational power for intensive mining activities, aligning with global and particularly India’s increasing focus on sustainable technological solutions. But the benefits of DAGs don’t stop here. Imagine a scenario where a shipment of perishable goods is delayed due to unforeseen circumstances, such as adverse weather conditions.


Pioneering the future of personalised experiences and data privacy in the digital age

Zero-party data (ZPD) is at the core of Affinidi's strategy and is crucial for businesses navigating consumer interactions. ZPD refers to information consumers willingly share with companies for specific benefits, such as personalised offers and services. Consider an avid traveller who frequently books trips online. He might share his travel preferences with a travel company, such as favourite destinations, preferred accommodation types, and activity interests. This data allows the company to tailor its offerings precisely to his tastes. For instance, if he loves beach destinations and luxury hotels, the company can send him personalised travel packages featuring exclusive beach resorts with premium amenities. ... As data privacy regulations tighten, businesses must prioritise consented and accurate data sources, reducing legal risks and dependence on external data pools. Trust can be viewed as a currency, altering customers' loyalty and buying decisions. A survey by PWC showed that 33% of customers pay a premium to companies because they trust them. 


Shut the back door: Understanding prompt injection and minimizing risk

You don’t have to be an expert hacker to attempt to misuse an AI agent; you can just try different prompts and see how the system responds. Some of the simplest forms of prompt injection are when users attempt to convince the AI to bypass content restrictions or ignore controls. This is called “jailbreaking.” One of the most famous examples of this came back in 2016, when Microsoft released a prototype Twitter bot that quickly “learned” how to spew racist and sexist comments. More recently, Microsoft Bing (now “Microsoft Co-Pilot) was successfully manipulated into giving away confidential data about its construction. Other threats include data extraction, where users seek to trick the AI into revealing confidential information. Imagine an AI banking support agent that is convinced to give out sensitive customer financial information, or an HR bot that shares employee salary data. And now that AI is being asked to play an increasingly large role in customer service and sales functions, another challenge is emerging. Users may be able to persuade the AI to give out massive discounts or inappropriate refunds. 


Say goodbye to break-and-fix patches

A ‘break-and-fix’ mindset can be necessary in emergency situations, but it can also make things worse. While it can be tempting to view maintenance work as adding little value, failing to address these problems properly will only create future issues as you accumulate tech debt. Fixing those issues will require more resources — time, money, skills — that will undoubtedly hurt your organization. ... Tech debt is one of those “invisible issues” hiding in IT systems. Opting for quick fixes to solve immediate issues, rather than undertaking comprehensive upgrades might seem cost-effective and straightforward at first. However, over time, the accumulation of these patches contributes significantly to tech debt. ... Despite the potential consequences of inadequate and reactive maintenance, adopting a more proactive approach can be challenging for many businesses. Economic pressures and budgetary constraints are forcing leaders to reduce expenses and ‘do more with less’ — this leads to situations where areas not traditionally viewed as value-adding (like maintenance) are deprioritized. This is where managed services can help. 



Quote for the day:

''Smart leaders develop people who develop others, don't waste your time on those who won't help themselves.'' -- John C Maxwell

No comments:

Post a Comment