Daily Tech Digest - June 08, 2024

Understanding Security's New Blind Spot: Shadow Engineering

Shadow engineering leaves security teams with little or no control over LCNC apps that citizen developers can deploy. These apps also bypass the usual code tests designed to flag software vulnerabilities and misconfigurations, which could lead to a breach. This lack of visibility prevents organizations from enforcing policies to keep them in compliance with corporate or industry security standards. ... LCNC apps have many of the same problems found in conventionally developed software, such as hard-coded or default passwords and leaky data. A simple application asking employees for their T-shirt size for a company event could give hackers access to their HR files and protected data. LCNC apps should routinely be evaluated for threats and vulnerabilities, so they can be detected and remediated. ... Give citizen developers guidance in easy-to understand terms to help them remediate risks themselves as quickly and easily as possible. Collaborate with business developers to ensure that security is integrated into the development process of LCNC applications going forward.


‘Technology must augment humanity’: An interview with former IBM CEO Ginni Rometty

While we can't control disruptions, we can control our outlook on the future. Leaders must instill confidence in their teams, emphasising the inevitability of change and the collective ability to find positive solutions. Honesty is a form of optimism, so be honest with yourself and your teams about the issues at hand, resisting attempts to ignore or minimise them. ... Problem-solving is at the core of leadership, so leaders should be unafraid to ask questions, seek insights from others, and involve their teams and wider network in finding solutions. Remember, you do not have to tackle everything alone or have all the answers. When I face a complex problem, I dissect it into manageable pieces and think through each disparate part. ... The right relationships in your life, personal and professional, provide perspective and ideas which is essential for progress. Building a robust network—from friends and family to colleagues and industry peers—provides support and inspiration to maintain optimism and courage amid disruption. The more diverse your network, the more people you can call on to fuel your optimism and courage in the face of disruption.


How Cybersecurity and Sustainability Intersect

Cybersecurity and sustainability are discrete functions in many enterprises, yet they could benefit greatly from being de-siloed. Sustainability and cybersecurity initiatives need C-suite awareness and resources to permeate an enterprise’s culture and actually achieve their goals. “It's not a one-person show anymore. It's really an ownership in that responsibility and a stewardship that cuts across functional leadership across … the entire organization,” says Lynch. In more mature organizations, cybersecurity already has board-level involvement, which can make it easier to see and act on its intersection with sustainability. But for many organizations, cybersecurity and sustainability are separate and even back-office functions. “The cybersecurity leader should not wait for someone to come [and] invite them into these conversations,” says Govindankutty. The stakeholders who need to be involved in cybersecurity and sustainability extend beyond an enterprise’s four walls. Third-party vendors are a vital part of an enterprise’s ecosystem.


Flipping The Script On Startup Success

The first step is to identify the narrowly defined vertical market segments that the company will focus on. The second step is to find a lighthouse customer or two to focus all the team’s attention on to define the minimum viable product (MVP). That is iterative as the customer and the product team go back and forth with features that are must-haves. Then the startup team tests that candidate MVP with a few other customers. ... If you ask any experienced entrepreneur, investor or board member what the most important thing a startup CEO must stay on top of is, it’s to know at all times how much cash they have, what the monthly burn rate is and how long the runway is before cash runs out. Many mistakes are excusable and recoverable, but running out of cash by surprise is neither. ... Culture is not pizza and beer on Fridays, foosball tables or little rooms filled with toys. It is about the values of the company and how they are espoused. It is about the tone the CEO sets and how they communicate with all of their constituents. And the importance of culture is not not just about company morale, although that is very important. It is about attracting and retaining the best talent. While it might be nice to think you can put this off while focusing on the first four things, you would be wrong.


Empowering Developers to Harness Sensor Data for Advanced Analytics

Data from sensors offers a treasure trove of insights from the physical world for data scientists. From tracking temperature fluctuations in a greenhouse to analyzing the vibrations of industrial machines in a manufacturing plant, these tiny devices capture crucial information that can be used for groundbreaking research and development. The journey from collecting raw sensor data to actionable analysis can be riddled with stumbling blocks, as the realities of hardware components and environmental conditions come into play. The typical approach to sensor data capture often involves a cumbersome workflow across the various teams involved, including data scientists and engineers. While data scientists meticulously define sensor requirements and prepare their notebooks to process the information, engineers deal with the complexities of hardware deployment and software updates that reduce the scientists’ ability to quickly adjust these variables on the fly. This creates a long feedback loop that delays the pace of innovation across the organization.


To lead a technology team, immerse yourself in the business first

When asked to rank the defining characteristics of a leading CIO, respondents were split between the conventional and contemporary, saying the traditional, more IT-centric qualities are just as important as the strategic and more customer-focused ones. While aligning tech vision and strategy with the business has been the role of CIOs and technology leaders for some time, the scope of their duties now extends deeper into the business itself. "Establishing and managing a tech vision isn't enough," said DiLorenzo. "Today's CIOs need to own all the various technology uses across their organizations and ensure they're actively coordinating and orchestrating their fellow tech leaders -- as well as their business peers -- to co-create a vision and tech strategy that aligns with, and furthers, the overall enterprise strategy." Getting to a leadership position also requires immersing oneself in the business, Shaikh advised. "Business acumen, which includes understanding various business functions and industry dynamics, can be cultivated by spending time in business units," she said. "This understanding is crucial for strategic thinking, to help identify opportunities where technology can impact goals."


The unseen gen AI revolution on the AI PC and the edge

The shift towards edge and PC-based AI is not without its challenges. Privacy and security concerns are paramount, as devices become more autonomous and capable of processing sensitive data. Companies must focus on privacy and AI ethics to be the cornerstone of their approach, ensuring that as AI becomes more integrated into our devices, it does so in a manner that respects user privacy and trust. Moreover, the energy efficiency of AI workloads is a critical consideration, especially for battery-powered devices. Advancements in low-power, high-performance processors are pivotal in addressing this challenge, ensuring that the benefits of gen AI are not offset by decreased device longevity or increased environmental impact. Intel’s OpenVINO toolkit further enhances these benefits by optimizing deep learning models for fast, efficient performance across Intel’s hardware portfolio. This optimization enables customers to deploy AI applications more widely, even in resource-constrained environments, without sacrificing performance. As we enter this new era, the way we think about gen AI and how we engage with it will continue to change. 


Enhancing Cloud Security in Response to Growing Digital Threats

Security challenges are unique to hybrid cloud environments where public clouds combine with on-premises infrastructure. Secure migration tools and techniques are vital to prevent data leaks or unauthorized access. Encrypt data before transferring and place controls on both ends during migration to reduce associated risks. Network segmentation in hybrid cloud environments requires thorough interconnectivity planning. Carefully configure firewall connections, firewalls, and network access controls to ensure only authorized traffic flows between on-premises resources and those hosted within the cloud. Visibility across hybrid cloud environments requires centralized monitoring to enhance threat detection capability. SIEM solutions can collect security logs from both on-premises and cloud systems, helping provide a unified view of an enterprise’s security posture. The more organizations embrace cloud computing, the more preparation for emerging trends is required. Zero-trust security models, which allow continuous authentication and authorization regardless of the device or location, are increasingly popular.


Ethical Issues in Information Technology (IT)

Establishing ethical IT practices is also important because people’s trust in the tech industry chips away each time they learn about unethical practices, especially in the wake of reports on data usage by companies such as Facebook and Google. “If companies don’t have ethical IT practices in place, they’re going to lose the trust of their customers and clients,” says Ferebee. “IT professionals need to take it seriously. They also need to let the public know they take it seriously so the public feels safe using their products and services.” Whether or not you’re in a leadership position, it is important to lead by example when it comes to ethics in IT. “People are often afraid to speak up because they’re concerned with the repercussions,” says Ferebee. “But when it comes to ethics in IT, you need to speak up — lead by example, advocate for it, and talk about it all the time. That could include reporting ethical issues, sourcing or creating and then implementing ethics training, and developing internal frameworks for your IT department. You don’t have to be the director of IT to start implementing this.”


Establishing Trust in AI Systems: 5 Best Practices for Better Governance

Security culture drives both behaviors and beliefs. A security-first organization promotes information sharing, transparency, and collaboration. When risks are discovered, or when issues occur, communication should be immediate and designed to clearly convey to employees how their behaviors and actions can both support and detract from security efforts. Enlist employees in these efforts by ensuring that your culture is positive and supportive. ... Security culture does not exist in a vacuum and does not evolve in a silo. Input from a wide range of stakeholders—from employees to customers and partners, regulators and the board—is critical for ensuring that you understand how AI is enabling efficiencies, and where risks may be emerging. ... By seeking input from key constituents in an open and transparent manner, they will be more likely to share their concerns and help uncover potential risks while there’s still time to adequately address those risks. Acknowledge and respond to feedback promptly and highlight the positive impacts of that feedback.Tackling third-party risks



Quote for the day:

"Don't wait for the perfect moment take the moment and make it perfect." -- Aryn Kyle

No comments:

Post a Comment