Daily Tech Digest - July 19, 2024

Master IT Compliance: Key Standards and Risks Explained

IT security focuses on protecting an organization’s data and guarding against breaches and cyberattacks. While IT regulatory policies are generally designed to ensure security, making security and compliance closely intertwined, they are not identical. Regulatory policies frequently mandate specific security practices, thus aligning compliance efforts with security goals. For example, regulations might require an organization to have data encryption, access controls, and regulatory security audits. However, being compliant does not automatically guarantee an organization’s security. Compliance mandates often set minimum standards, and organizations may need to implement additional security measures beyond what is required to adequately protect their data. Conversely, some aspects of the compliance process may do nothing to enhance security. ... Creating an IT compliance checklist can greatly simplify the arduous task of maintaining compliance. The checklist ensure critical tasks are consistently performed, tailored to each organization’s industry, specific compliance requirements, and daily operations.


The Dynamic Transformation Of Enterprise Fraud Management Ecosystems

While collaboration and information sharing has become pivotal, financial institutions are also faced with the pressure to consolidate technology and reduce the number of vendors with whom they work. This is evidenced by the growing number of financial institutions investing in cyber fraud fusion centres to create a centralized environment that aligns the data, technology and operational capabilities of traditionally siloed teams. ... Given the complexity of cybercrime and the differences in financial institutions and their unique requirements, EFM strategy requires a layered approach and flexibility in the solutions that support it. A layered defence allows financial institutions to address different aspects and stages of fraud attempts across the digital lifecycle and cross-verify suspicious activities to increase confidence in risk decisions. The importance of behavioural biometrics intelligence within the EFM ecosystem can no longer be ignored given customer adoption and success. Many forward-thinking institutions have implemented the technology to bolster or complement existing EFM systems, detect emerging fraud types and elevate customer safety in digital banking.


Law Enforcement Eyes AI for Investigations and Analysis

For all of its potential benefits, AI is also vulnerable to misuse. Weak oversight, for instance, can lead to biases in predictive policing or errors in evidence analysis. "It's crucial to implement checks and balances to ensure that AI is used ethically and accurately," Rome says. Meanwhile, many law enforcement organizations are reluctant to embrace technology due to budget constraints, a lack of technical expertise, and an overall resistance to change. Concerns about privacy and civil liberties are also hindering adoption. In particular, there's the possibility of AI bias, which can lead to inaccurate conclusions when discriminatory data and algorithms are baked into AI models. ... Despite the challenges, the long-term outlook is promising, Rome says. "As technology advances and law enforcement agencies become more familiar with AI's potential, its adoption is likely to increase," he predicts. Claycomb agrees, but notes that adopters will need to implement workflows that take full advantage of other technology tools, including deploying powerful and connected mobile device fleets.


How Generative AI Has Forever Changed the Software Testing Process

Automation has been a game changer in the software testing process, but there is still one big problem: tests can eventually lose their relevance and accuracy. ... Generative AI, unlike your average automation process, is backed up by a pool of data. To top that up, it’s continuously learning with each command and addition to the database. This means that if the new test case has a slightly different aim, the AI system should pick up on that and make the necessary adjustments. This type of action can still be a hit-or-miss, depending on how well-trained the database is, but with the proper human intelligence assistance, it could take off a lot from the development process. ... When testing models are created manually, they are done with a standard background. The developer had an environment in mind (or several of them), creating a realistic area to test it against. This can bring various limitations, depending on how many data sets you use. However, Generative AI can create diverse models that the human brain could not have even thought about. Indeed, AI can tend to hallucinate when it does not have enough data, but even those scenarios can give you a couple of ideas


Amid Licensing Uncertainty, How Should IaC Management Adapt?

It’s a deliberation that organizations might have comfortably back-burnered, until last summer when Terraform’s continued viability as an IaC industry-standard suddenly came under intense scrutiny when HashiCorp changed its license scheme from a purely open source model to a less-than-open alternative. Since that time, the Linux Foundation-backed OpenTofu initiative appears to have changed the headers of code HashiCorp had previously released under its new Business Source License (BUSL), rereleasing it under the MPL 2.0 license. ... Organizations will want to impose restrictions on developers’ resource usage, Williams foresees. Those restrictions will be based not on capacity — which the IaC engineer understands more readily — but instead upon cost. Presently, enabling the restrictions necessary to maintain compliance and achieve security objectives requires, at the very least, expert guidance. Meanwhile, the influx of talent in platform engineering is weighted towards AI engineers who may not know what these infrastructure resources even are.


Implementing Threat Modeling in a DevOps Workflow

Integrating threat modeling into a DevOps workflow involves embedding security practices throughout the development and operations lifecycle. This approach ensures continuous security assessment and improvement, aligning with the DevOps principles of continuous integration and continuous deployment (CI/CD). ... Automated tools play a crucial role in facilitating continuous threat modeling and security assessments. Tools such as OWASP Threat Dragon, Microsoft Threat Modeling Tool and IriusRisk can automate various aspects of threat modeling, making it easier to integrate these practices into the CI/CD pipeline. Automation helps ensure that threat modeling is performed consistently and efficiently, reducing the burden on development and security teams. ... Effective threat modeling requires close collaboration between development, operations and security teams. This cross-functional approach ensures that security is considered from multiple perspectives and throughout the entire development lifecycle. Collaboration can be fostered through regular meetings, joint workshops and shared documentation.


Want ROI from genAI? Rethink what both terms mean

Early genAI apps often delivered breathtaking results in small pilots, setting expectations that didn’t carry over to larger deployments. “One of the primary culprits of the cost versus value conundrum is lack of scalability,” said KX’s Twomey. He points to an increasing number of startup companies using open-source genAI technology that is “sufficient for introductory deployments, meaning they work nicely with a couple hundred unstructured documents. Once enterprises feel comfortable with this technology and begin to scale it up to hundreds of thousands of documents, the open-source system bloats and spikes running costs,” he said. ... Even when genAI succeeds, its results are sometimes less valuable than anticipated. For example, generative AI is a very effective tool for creating information that is generally handled by lower-level staffers or contractors, where it is simply tweaking existing material for use in social media or e-commerce product descriptions. It still needs to be verified by humans, but it has the potential for cutting costs in creating low-level content. But because it often is low level, some have questioned whether that is really going to deliver any meaningful financial advantages.


How AI Will Fuel the Future of Observability

A unified observability platform makes use of AI via AIOps, which applies AI and machine learning (ML) models to collect data from throughout the enterprise – from logs and alerts to applications, containers, and clouds. It performs tasks ranging from root cause analysis and incident prevention to advanced correlation. And although AI has already proved valuable, its impact is about to become considerably more pronounced, fueling observability in the near- and long-term future. ... Via constant monitoring, an AI could ingest incoming data and detect an anomaly or some other activity that exceeds preset thresholds. It could then perform a series of actions, similar to what happens with remediation scripts, to resolve the problem. Just as importantly, if the AI model doesn’t resolve the problem, it would automatically open a ticket with the platform used for managing issues. ... AI and ML models need data to work well. And part of assessing your environment is identifying the visibility gaps in your organization. A unified observability platform can provide visibility into the entire enterprise and how everything within it is connected.


Fearing disruption? A skills-based talent strategy builds business resiliency

“It’s important for IT leaders to understand that being proactive in developing the skills of their tech workforce is crucial to helping future-proof their operations against technological disruption. Those who invest in the right skills — and help their workforce gain new skills — are likely to remain ahead of the wave of digital transformation,” says Ryan Sutton, a technology hiring and consulting expert at Robert Half. Developing the skills necessary to support transformation initiatives builds business resiliency. By anticipating future skills needs, IT leaders can ensure their organizations have the right training programs in place to upskill workers as necessary, Sutton says. ... “The best way for IT leaders to know which skills gap would be a threat is by establishing a strategic workforce plan connected to changing business demands. Some organizations are getting better at building databases that track employee skills in real-time as opposed to relying on job descriptions, which may not always be accurate or updated. It’s time to understand what skills exist on your team to help identify gaps,” says Jose Ramirez, director analyst at Gartner.


Data centre trends: Is it possible to digitalise and decarbonise?

It can be difficult to balance the push for digitalisation and tech progress with the need for sustainability with the climate crisis bearing down. Add in developing regulation, cybersecurity and the need to upgrade infrastructure and there are a lot of factors for IT teams to consider right now. ... Lantry also argues that digitalisation can be a pathway to sustainability, rather than a barrier to it, as businesses “adopting digital-first strategies” can help achieve their environmental, social and governance (ESG) objectives. “By integrating these practices, IT leaders can ensure that their digital transformation initiatives align with their sustainability goals,” he said. When Google revealed its significant rise in emissions earlier this year, it described its own climate neutral goals as “extremely ambitious” and said that it “won’t be easy”. But the tech giant also claimed that technology like AI can play a “critical enabling role” in helping the world to reach a “low-carbon future” by aiding in various environmental tasks. Lantry had a similar view when it comes to the potential benefits of the broader data centre sector.



Quote for the day:

"Education is the ability to listen to almost anything without losing your temper or your self-confidence." -- Robert Frost

No comments:

Post a Comment