Daily Tech Digest - July 05, 2024

AI washing: Silicon Valley’s big new lie

The cumulative effect of AI washing is that it leads both the public and the technology industry astray. It fuels the delusion that AI can do things it cannot do. It makes people think AI is some kind of all-purpose solution to every problem — or a slippery slope into dystopia, depending on one’s worldview. AI washing incentivizes inferior solutions, focusing on “magic” rather than quality. Claims that your dog-washing hose is “powered by AI” doesn’t mean you end up with a cleaner dog. It just means you have an overpriced hose. AI washing warps funding. Silicon Valley investment nowadays is totally captured by both actual AI and AI-washing solutions. Even savvy investors may overlook AI-washing exaggeration and lies knowing that the AI story will sell in the marketplace thanks to buyer naiveté. The biggest problem, however, is not delusional selling by the industry, but self-delusion. Purveyors of AI solutions believe that human help is a badge of shame, when in fact I think human involvement would be received with relief. People actually want humans involved in their shopping and driving experience.

Healing cyber wounds in global healthcare

Since AI technology has advanced and medical device security lags, the ease of attack and the potential reward for doing so have made healthcare institutions too tempting to ignore. The Office of Civil Rights (OCR) at Health and Human Services (HHS) is investigating the Change Healthcare attack to understand how it happened. The investigation will address whether Change Healthcare followed HIPAA rules. ... The financial impact of cyberattacks on healthcare providers can be devastating. The Change Healthcare breach led to significant cash flow disruptions, with providers losing millions daily. In response to this crisis, industry leaders and political figures have called for federal funding to support healthcare providers and ensure the continuity of essential services. The Senate majority leader and the American Hospital Association (AHA) have urged the federal government to provide financial assistance to mitigate the impact of the cyberattack, including accelerated and advanced payments to hospitals, pharmacies, and other affected entities. This federal funding can help healthcare providers adopt advanced security measures and recover from the financial impact of cyberattacks. 

The next 10 years for cloud computing

The anticipated productivity gains and cost savings have not materialized, for the most part. The promised efficiencies did not translate into significant improvements in operational productivity for many organizations, and cloud platforms cost at least twice as much as traditional systems. The sharp decline in the costs of on-premises computing and storage servers during the past decade exacerbated the situation for public cloud providers. This threw a monkey wrench into the savings that the cloud promised over traditional on-premises systems. ... Cloud providers are now faced with “cloud exit” issues while focusing on AI growth. Their market continues to stagnate as enterprises find that a mix of on-premises and cloud platforms is perhaps more cost-effective, considering the operational costs of AI. In other words, AI is delaying the reality they would otherwise likely face in the short term. ... The days of enterprises buying cloud systems in haste left too many to repent at leisure. Vendors must better understand what enterprises should pay to find value and thus reduce the exodus to colocation providers, managed service providers, and enterprise data centers.

State of play: cloud in financial services

Banks are fully aware of the need for digital transformation and shifting legacy applications to the cloud in order to remain competitive, but enacting it across the entire banking value chain in a unified manner is not a simple task. Omdia’s 2024 IT Enterprise Insights Survey, for instance, shows that most retail banks have made some inroads into digital transformation, with respondents most likely to have made progress in adopting cloud services, but just 29% state that they have made significant progress. Many banks have taken a phased approach to digital transformation, often working with multiple product vendors. But there is a growing recognition that this approach brings its own challenges in terms of managing numerous vendors and roadmaps. ... Modernising the core banking system can be costly, time-consuming, and complex. However, anecdotal evidence suggests that banks are spending 85% on maintaining their existing core banking tech and the remainder on launching new products, which can be flipped once they have fully modernised their core, providing them with enormous scope to innovate.

What is dark fiber and is it right for your business?

The type of dark fiber available varies between locations. So-called metro dark fiber, typically found in built-up urban areas, tends to comprise larger cables with a higher fiber count, which means they offer more flexibility and different types of connection, such as point-to-multipoint, where a cable can service multiple destinations. Long-haul dark fiber, in contrast, is often constructed using single-mode fiber which has a smaller glass core, and as such is likely to only offer more simple, point-to-point, connections. However, there are no significant distance limitations on dark fiber, meaning it can be used to connect sites in locations many miles apart. Dark fiber can be an alluring solution for businesses with rapidly evolving or highly variable networking needs. Users can choose when and how to scale up bandwidth to meet the demands of their organization without having to wait for their ISP to carry out this process. It also avoids the limitations of a contract with an ISP, which will likely dictate the available data transfer rates and impose fees for network upgrades.

Examining the Risks of IT Hero Culture

In an IT hero culture, individual accomplishments are celebrated over teamwork, with a high value placed on swift responses and constant availability. This type of workplace includes a small group of individuals who bear a disproportionate responsibility for critical tasks and decision making. Typically, this culture appears in organizations lacking formal processes, requiring these so-called heroes to work extensive hours to maintain operations. ... IT hero culture —despite its immediate benefits—often proves to be a short-term solution with significant long-term drawbacks. When these indispensable individuals are absent, organizations face bottlenecks and inefficiencies. Transitioning to a process-driven culture enhances organizational effectiveness and efficiency, addressing these challenges. This transition, usually prompted by external stakeholders such as bankers, shareholders, and customers, as well as internal forces such as the board and senior management, moves away from overreliance on individual heroics to a more sustainable, team-oriented approach.

Will the cost of scaling infrastructure limit AI’s potential?

AI scaling, much like any other type of technology scaling is dependent on infrastructure. “You can’t do anything else unless you go up from the infrastructure stack,” Paul Roberts, director of Strategic Account at AWS, told VentureBeat. Roberts noted that there was a big explosion of gen AI that got started in late 2022 when ChatGPT first went public. While in 2022 it might not have been clear where the technology was headed, he said that in 2024 AWS has its hands around the problem very well. AWS in particular has invested significantly in infrastructure, partnerships and development to help enable and support AI at scale. ... The resources required to train increasingly bigger LLMs isn’t the only issue. Bresniker noted that after an LLM is created, the inference is continuously run on them and when that is running 24 hours a day, 7 days a week, the energy consumption is massive “What’s going to kill the polar bears is inference,” Bresniker said. ... According to Bresniker, one potential way to improve AI scaling is to include deductive reasoning capabilities, in addition to the current focus on inductive reasoning.

Smashing Silos With a Vulnerability Operations Center (VOC)

The responsibility for VM typically sits within the security operations center (SOC). The SOC is, after all, the frontline defense against cyberthreats, equipped with the tools, resources and processes to identify and mitigate vulnerabilities. Yet this strategy comes with its pitfalls, as SOC teams are already navigating a variety of responsibilities, from managing active threats to threat hunting. Enter VOC, offering an approach that complements the SOC by prioritizing prevention rather than just responding to incidents. This collaboration between the two means that if the VOC discovers a log4j vulnerability, for instance, the SOC team will be promptly notified. Then, the response team can swoop in if prevention fails. A VOC lets organizations manage vulnerabilities strategically and coherently, which ensures that the most serious threats are handled systematically. This specialized entity within an organization focuses on identifying, assessing and mitigating vulnerabilities in IT systems and networks. It acts as a central hub for vulnerability management, leveraging advanced tools and processes to continuously monitor for security weaknesses and coordinate response strategies.

Software Engineering, Startup Thinking

The challenge for organizations trying to adopt a more agile approach is that there are often simply too many silos, not enough skilled people, and a saturated technology market with too many tools. “Turning around a culture like this that prohibits scale is time-consuming and takes on average, three years to achieve,” he says. Given that the end goal of developing a more agile approach is to generate untrammeled innovation across an organization, getting the culture right is critical. ... Brial says he recommends fostering an environment where cross-functional teams bring together individuals from different departments like development, operations and security, to work collaboratively toward a common goal. This requires cross-training, where team members can gather knowledge and skills in areas beyond their core expertise. Developers learn about infrastructure and operations, while operations engineers gain insights into software development practices. “This cross-pollination of skills builds an understanding and sense of empathy between teams,” he says. Brial says every layer of an IT department should be moving toward “everything” as code, noting provisioning and deploying any type of software is costly, time-consuming and complex.

Logic bombs explained: Definition, examples, prevention

A logic bomb is a set of instructions embedded in a software system that, if specified conditions are met, triggers a malicious payload to take actions against the operating system, application, or network. The actual code that does the dirty work, sometimes referred to as slag code, might be a standalone application or be hidden within a larger program. ... The actual behavior of a logic bomb can range widely. When it comes to the insider threats that make up much of the logic bomb landscape, a few types of attack are particularly common, including file or hard drive deletions, either as a ransom threat or act of revenge, or data exfiltration, as part of a plan to use privileged information in future employment. ... The best way to sniff out malicious code that’s being embedded in your own software, either deliberately by a disgruntled employee or inadvertently in the form of a third-party library, is to bake secure coding practices, like those that are part of the DevSecOps philosophy, into your development pipeline. These practices are meant to ensure that any code passes security tests before it’s put into production, and would prevent a lone wolf insider attacker from unilaterally changing code in an insecure way.

Quote for the day:

"Each day you are leading by example. Whether you realize it or not or whether it's positive or negative, you are influencing those around you." -- Rob Liano

No comments:

Post a Comment