Understanding Security's New Blind Spot: Shadow Engineering
_blickwinkel_Alamy.jpg?width=850&auto=webp&quality=95&format=jpg&disable=upscale)
Shadow engineering leaves security teams with little or no control over LCNC apps that citizen developers can deploy. These apps also bypass the usual code tests designed to flag software vulnerabilities and misconfigurations, which could lead to a breach. This lack of visibility prevents organizations from enforcing policies to keep them in compliance with corporate or industry security standards. ... LCNC apps have many of the same problems found in conventionally developed software, such as hard-coded or default passwords and leaky data. A simple application asking employees for their T-shirt size for a company event could give hackers access to their HR files and protected data. LCNC apps should routinely be evaluated for threats and vulnerabilities, so they can be detected and remediated. ... Give citizen developers guidance in easy-to understand terms to help them remediate risks themselves as quickly and easily as possible. Collaborate with business developers to ensure that security is integrated into the development process of LCNC applications going forward.
‘Technology must augment humanity’: An interview with former IBM CEO Ginni Rometty
While we can't control disruptions, we can control our outlook on the future. Leaders must instill confidence in their teams, emphasising the inevitability of change and the collective ability to find positive solutions. Honesty is a form of optimism, so be honest with yourself and your teams about the issues at hand, resisting attempts to ignore or minimise them. ... Problem-solving is at the core of leadership, so leaders should be unafraid to ask questions, seek insights from others, and involve their teams and wider network in finding solutions. Remember, you do not have to tackle everything alone or have all the answers. When I face a complex problem, I dissect it into manageable pieces and think through each disparate part. ... The right relationships in your life, personal and professional, provide perspective and ideas which is essential for progress. Building a robust network—from friends and family to colleagues and industry peers—provides support and inspiration to maintain optimism and courage amid disruption. The more diverse your network, the more people you can call on to fuel your optimism and courage in the face of disruption.
How Cybersecurity and Sustainability Intersect
Cybersecurity and sustainability are discrete functions in many enterprises, yet
they could benefit greatly from being de-siloed. Sustainability and
cybersecurity initiatives need C-suite awareness and resources to permeate an
enterprise’s culture and actually achieve their goals. “It's not a one-person
show anymore. It's really an ownership in that responsibility and a stewardship
that cuts across functional leadership across … the entire organization,” says
Lynch. In more mature organizations, cybersecurity already has board-level
involvement, which can make it easier to see and act on its intersection with
sustainability. But for many organizations, cybersecurity and sustainability are
separate and even back-office functions. “The cybersecurity leader should not
wait for someone to come [and] invite them into these conversations,” says
Govindankutty. The stakeholders who need to be involved in cybersecurity and
sustainability extend beyond an enterprise’s four walls. Third-party vendors are
a vital part of an enterprise’s ecosystem.
Flipping The Script On Startup Success
The first step is to identify the narrowly defined vertical market segments
that the company will focus on. The second step is to find a lighthouse
customer or two to focus all the team’s attention on to define the minimum
viable product (MVP). That is iterative as the customer and the product team
go back and forth with features that are must-haves. Then the startup team
tests that candidate MVP with a few other customers. ... If you ask any
experienced entrepreneur, investor or board member what the most important
thing a startup CEO must stay on top of is, it’s to know at all times how much
cash they have, what the monthly burn rate is and how long the runway is
before cash runs out. Many mistakes are excusable and recoverable, but running
out of cash by surprise is neither. ... Culture is not pizza and beer on
Fridays, foosball tables or little rooms filled with toys. It is about the
values of the company and how they are espoused. It is about the tone the CEO
sets and how they communicate with all of their constituents. And the
importance of culture is not not just about company morale, although that is
very important. It is about attracting and retaining the best talent. While it
might be nice to think you can put this off while focusing on the first four
things, you would be wrong.
Empowering Developers to Harness Sensor Data for Advanced Analytics
Data from sensors offers a treasure trove of insights from the physical world
for data scientists. From tracking temperature fluctuations in a greenhouse to
analyzing the vibrations of industrial machines in a manufacturing plant,
these tiny devices capture crucial information that can be used for
groundbreaking research and development. The journey from collecting raw
sensor data to actionable analysis can be riddled with stumbling blocks, as
the realities of hardware components and environmental conditions come into
play. The typical approach to sensor data capture often involves a cumbersome
workflow across the various teams involved, including data scientists and
engineers. While data scientists meticulously define sensor requirements and
prepare their notebooks to process the information, engineers deal with the
complexities of hardware deployment and software updates that reduce the
scientists’ ability to quickly adjust these variables on the fly. This creates
a long feedback loop that delays the pace of innovation across the
organization.
To lead a technology team, immerse yourself in the business first
When asked to rank the defining characteristics of a leading CIO, respondents
were split between the conventional and contemporary, saying the traditional,
more IT-centric qualities are just as important as the strategic and more
customer-focused ones. While aligning tech vision and strategy with the business
has been the role of CIOs and technology leaders for some time, the scope of
their duties now extends deeper into the business itself. "Establishing and
managing a tech vision isn't enough," said DiLorenzo. "Today's CIOs need to own
all the various technology uses across their organizations and ensure they're
actively coordinating and orchestrating their fellow tech leaders -- as well as
their business peers -- to co-create a vision and tech strategy that aligns
with, and furthers, the overall enterprise strategy." Getting to a leadership
position also requires immersing oneself in the business, Shaikh advised.
"Business acumen, which includes understanding various business functions and
industry dynamics, can be cultivated by spending time in business units," she
said. "This understanding is crucial for strategic thinking, to help identify
opportunities where technology can impact goals."
The unseen gen AI revolution on the AI PC and the edge
The shift towards edge and PC-based AI is not without its challenges. Privacy
and security concerns are paramount, as devices become more autonomous and
capable of processing sensitive data. Companies must focus on privacy and AI
ethics to be the cornerstone of their approach, ensuring that as AI becomes more
integrated into our devices, it does so in a manner that respects user privacy
and trust. Moreover, the energy efficiency of AI workloads is a critical
consideration, especially for battery-powered devices. Advancements in
low-power, high-performance processors are pivotal in addressing this challenge,
ensuring that the benefits of gen AI are not offset by decreased device
longevity or increased environmental impact. Intel’s OpenVINO toolkit further
enhances these benefits by optimizing deep learning models for fast, efficient
performance across Intel’s hardware portfolio. This optimization enables
customers to deploy AI applications more widely, even in resource-constrained
environments, without sacrificing performance. As we enter this new era, the way
we think about gen AI and how we engage with it will continue to change.
Enhancing Cloud Security in Response to Growing Digital Threats
Security challenges are unique to hybrid cloud environments where public clouds
combine with on-premises infrastructure. Secure migration tools and techniques
are vital to prevent data leaks or unauthorized access. Encrypt data before
transferring and place controls on both ends during migration to reduce
associated risks. Network segmentation in hybrid cloud environments requires
thorough interconnectivity planning. Carefully configure firewall connections,
firewalls, and network access controls to ensure only authorized traffic flows
between on-premises resources and those hosted within the cloud. Visibility
across hybrid cloud environments requires centralized monitoring to enhance
threat detection capability. SIEM solutions can collect security logs from both
on-premises and cloud systems, helping provide a unified view of an enterprise’s
security posture. The more organizations embrace cloud computing, the more
preparation for emerging trends is required. Zero-trust security models, which
allow continuous authentication and authorization regardless of the device or
location, are increasingly popular.
Ethical Issues in Information Technology (IT)
Establishing ethical IT practices is also important because people’s trust in
the tech industry chips away each time they learn about unethical practices,
especially in the wake of reports on data usage by companies such as Facebook
and Google. “If companies don’t have ethical IT practices in place, they’re
going to lose the trust of their customers and clients,” says Ferebee. “IT
professionals need to take it seriously. They also need to let the public know
they take it seriously so the public feels safe using their products and
services.” Whether or not you’re in a leadership position, it is important to
lead by example when it comes to ethics in IT. “People are often afraid to speak
up because they’re concerned with the repercussions,” says Ferebee. “But when it
comes to ethics in IT, you need to speak up — lead by example, advocate for it,
and talk about it all the time. That could include reporting ethical issues,
sourcing or creating and then implementing ethics training, and developing
internal frameworks for your IT department. You don’t have to be the director of
IT to start implementing this.”
Establishing Trust in AI Systems: 5 Best Practices for Better Governance
Security culture drives both behaviors and beliefs. A security-first
organization promotes information sharing, transparency, and collaboration. When
risks are discovered, or when issues occur, communication should be immediate
and designed to clearly convey to employees how their behaviors and actions can
both support and detract from security efforts. Enlist employees in these
efforts by ensuring that your culture is positive and supportive. ... Security
culture does not exist in a vacuum and does not evolve in a silo. Input from a
wide range of stakeholders—from employees to customers and partners, regulators
and the board—is critical for ensuring that you understand how AI is enabling
efficiencies, and where risks may be emerging. ... By seeking input from
key constituents in an open and transparent manner, they will be more likely to
share their concerns and help uncover potential risks while there’s still time
to adequately address those risks. Acknowledge and respond to feedback promptly
and highlight the positive impacts of that feedback.Tackling third-party
risks
Quote for the day:
"Don't wait for the perfect moment take the moment and make it perfect." --
Aryn Kyle
No comments:
Post a Comment