Will genAI kill the help desk and other IT jobs?
AI is transforming cybersecurity by automating threat detection, anomaly
detection, and incident response. “AI-powered tools can quickly identify unusual
behavior, analyze security pattern, scan for vulnerabilities, and even predict
cyberattacks, making manual monitoring less necessary,” Foote said. “Security
professionals will focus more on developing AI models that can defend against
complex threats, especially as cybercriminals begin using AI to attack systems.
There will be a demand for experts in AI ethics in cybersecurity, ensuring that
AI systems used in security aren’t biased or misused.” IT support and systems
administration positions — especially tier-one and tier-two help desk jobs — are
expected to be hit particularly hard with job losses. Those jobs entail basic IT
problem resolution and service desk delivery, as well as more in-depth technical
support, such as software updates, which can be automated through AI today. The
help desk jobs that remain would involve more hands-on skills that cannot be
resolved by a phone call or electronic message. ... Data scientists
and analysts, on the other hand, will be in greater demand with AI, but their
tasks will shift towards more strategic areas like interpreting AI-generated
insights, ensuring ethical use of AI
Just-in-Time Access: Key Benefits for Cloud Platforms
Identity and access management (IAM) is a critical component of cloud security,
and organizations are finding it challenging to implement it effectively. As
businesses increasingly rely on multiple cloud environments, they face the
daunting task of managing user identities across all their cloud systems. This
requires an IAM solution that can support multiple cloud environments and
provide a single source of truth for identity information. One of the most
pressing challenges is the management of identities for non-human entities such
as applications, services and APIs. IAM solutions must be capable of managing
these identities, providing visibility, controlling access and enforcing
security policies for non-human entities. ... Just-in-time (JIT) access is a
fundamental security practice that addresses many of the challenges associated
with traditional access management approaches. It involves granting access
privileges to users for limited periods on an as-needed basis. This approach
helps minimize the risk of standing privileges, which can be exploited by
malicious actors. The concept of JIT access aligns with the principle of least
privilege, which is essential for maintaining a robust security
posture.
Maximize Cloud Efficiency: What Is Object Storage?
Although object storage has existed in one form or another for quite some time,
its popularity has surged with the growth of cloud computing. Cloud providers
have made object storage more accessible and widespread. Cloud storage
platforms generally favor object storage because it allows limitless capacity
and scalability. Furthermore, object storage usually gets accessed via a RESTful
API instead of conventional storage protocols like Server Message Blocks (SMB).
This RESTful API access makes object storage easy to integrate with web-based
applications. ... Object storage is typically best suited for situations where
you need to store large amounts of data, especially when you need to store that
data in the cloud. In cloud environments, block storage often stores virtual
machines. File storage is commonly employed as a part of a managed solution,
replacing legacy file servers. Of course, these are just examples of standard
use cases. There are numerous other uses for each type of storage. ... Object
storage is well-suited for large datasets, typically offering a significantly
lower cost per gigabyte (GB). Having said that, many cloud providers sell
various object storage tiers, each with its own price and performance
characteristics.
How human-led threat hunting complements automation in detecting cyber threats
IoBs are patterns that suggest malicious intent, even when traditional IoCs
aren’t present. These might include unusual access patterns or subtle deviations
from normal procedures that automated systems might miss due to the nature of
rule-based detection. Human threat hunters excel at recognizing these anomalies
through intuition, experience, and context. The combination of automation and
human-led threat hunting ensures that all bases are covered. Automation handles
the heavy lifting of data processing and detection of known threats, while human
intelligence focuses on the subtle, complex, and context-dependent signals that
often precede major security incidents. Together, they create a layered defense
strategy that is comprehensive and adaptable. ... Skilled threat hunters are
essential to a successful cybersecurity team. Their experience and deep
understanding of adversarial tactics help to identify and respond to threats
that would otherwise go unnoticed. Their intuition and ability to adapt quickly
to new information also make them invaluable, especially when dealing with
advanced persistent threats. However, the demand for skilled threat hunters far
exceeds the supply.
A critical juncture for public cloud providers
Enterprises are no longer limited to a single provider and can strategically
distribute their operations to optimize costs and performance. This multicloud
mastery reduces dependency on any specific vendor and emphasizes cloud
providers’ need to offer competitive pricing alongside robust service
offerings. There is something very wrong with how cloud providers are
addressing their primary market. ... As enterprises explore their options, the
appeal of on-premises solutions and smaller cloud providers becomes
increasingly apparent. These alternatives, which I’ve been calling
microclouds, often present customized services and transparent pricing models
that align more closely with economic objectives. Indeed, with the surge of
interest in AI, enterprises are turning to these smaller providers for GPUs
and storage capabilities tailored to the AI systems they want to develop. They
are often much less pricy, and many consider them more accessible than the
public cloud behemoths roaming the land these days. Of course, Big Cloud
quickly points out that it has thousands of services on its platform and is a
one-stop shop for most IT needs, including AI. This is undoubtedly the case,
and many entrepreneurs leverage public cloud providers for just those
reasons.
Two Letters, Four Principles: Mercedes Way of Responsible AI
In the past, intelligent systems were repeatedly the target of criticism. Such
examples included chatbots using offensive language and discriminating facial
recognition algorithms. These cases show that the use of AI requires some
clear guidelines. "We adhere to stringent data principles, maintain a clear
data vision and have a governance board that integrates our IT, engineering
and sustainability efforts," said Renata Jungo Brüngger, member of the board
of management for integrity, governance and sustainability at Mercedes-Benz
Group, said during the company’s recent India sustainability dialogue 2024. AI
is being applied to optimize supply chains, predictive vehicle maintenance and
personalize customer interactions. Each of these use cases is developed with a
strong focus on ethical considerations, ensuring that AI systems operate
within a framework of privacy, fairness and transparency. ... "Data governance
is the backbone of our AI strategy," said Umang Dharmik, senior vice president
at Mercedes-Benz R&D (India). "There are stringent data governance
frameworks to ensure responsible data management throughout its life cycle.
This not only ensures compliance with global regulations but also fosters
trust with our customers and stakeholders."
The Software Development Trends Challenging Security Teams
With the intense pace of development, chasing down each and every
vulnerability becomes unfeasible – it is therefore not surprising to see
prioritizing remediation top the list of challenges. Security teams can't
afford to spend time, money, and effort fixing something that doesn't actually
represent real risk to the organization. What's missing is contextual
prioritization of the overall development environment in order to select which
vulnerabilities to fix first based on the impact to the business. Security
teams should aim to shift the focus to overall product security rather than
creating silos for cloud security, application security, and other components
of the software supply chain. ... Infrastructure as code use is exploding as
developers look for ways to move faster. With IaC, developers can provision
their own infrastructure without waiting for IT or operations. However, with
increased use comes increased chance of misconfigurations. In fact, 67% of
survey respondents noted that they are experiencing an increase in IaC
template misconfigurations. These misconfigurations are especially dangerous
because one flaw can proliferate easily and widely.
One of the best ways to get value for AI coding tools: generating tests
In our conversations with programmers, a theme that emerged is that many
coders see testing as work they HAVE to do, not work they WANT to do. Testing
is a best practice that results in a better final outcome, but it isn’t much
fun. It’s like taking the time to review your answers after finishing a math
test early: crucial for catching mistakes, but not really how you want to
spend your free time. For more than a decade, folks have been debating the
value of tests on our sites. ... The dislike some developers have for writing
tests is a feature, not a bug, for startups working on AI-powered testing
tools. CodiumAI is a startup which has made testing the centerpiece of its
AI-powered coding tools. “Our vision and our focus is around helping verify
code intent,” says Itamar Friedman. He acknowledges that many devs see testing
as a chore. “I think many developers do not tend to add tests too much during
coding because they hate it, or they actually do it because they think it's
important, but they still hate it or find it as a tedious task.” The company
offers an IDE extension, Codiumate, that acts as a pair programmer while you
work: “We try to automatically raise edge cases or happy paths and challenge
you with a failing test and explain why it might actually fail.”
Quantum Safe Encryption is Next Frontier in Protecting Sensitive Data
/dq/media/media_files/KhXRkhRATvhED3nupbpC.jpg)
In the digital world that we live in today, cryptographic encryption and
authentication are the de rigour techniques employed to secure data,
communications, access to systems as well as digital interactions. Public-key
cryptography is a widely prevalent technique used to secure digital
infrastructure. Codes and keys used for encryption and authentication in these
schemes are specific mathematical problems such as prime factorization that
classical computers cannot solve in a reasonable time. ... As standards for
the quantum era have been introduced, PQC-based solutions are being introduced
in the market. Governments and organizations across the spectrum must move
quickly to enhance their cyber resilience to tackle the challenges of the
quantum era. The imperative is not only to prepare for an era of readily
available powerful quantum computers that could attack incumbent systems but
also devise mechanisms to deal with the imminent possibility of decryption of
data secured by classical encryption techniques. This could be the existing
encrypted data or those that were stolen prior to the availability of
quantum-safe encryption standards and hoarded in anticipation of the
availability of quantum computer assisted tools to crack them.
Want to get ahead? Four activities that can enable a more proactive security regime
As Goerlich notes, CISOs who want a more proactive program need to be looking
into the future. To ensure he has time to do that, Goerlich schedules regular
off-site meetings every quarter where he and his team ask what is changing.
“This establishes a process and a cadence to get [us] out of the day-to-day
activities so we can see the bigger picture,” he explains. “We start fresh and
look at what’s coming in the next quarter. We ask what we need to be prepared
for. We look back and ask what’s working and what’s not. Then we set goals so
we can move forward.” Goerlich says he frequently invites outside security
pros, such as vendor executives and other thought leaders, to these meetings
to hear their insights into evolving threats as well as emerging security
tools and techniques to counteract them. He also sometimes invites his
executive colleagues from within his own organization, so that they can share
details on their plans and strategies — a move that helps align security with
the business needs as the organization moves forward. He has seen this effort
pay off. He points to actions resulting from one particular off-site where the
team identified challenges around its privilege access management (PAM)
process and, more specifically, the number of manual steps it required.
Quote for the day:
"It takes courage and maturity to know
the difference between a hoping and a wishing." --
Rashida Jourdain
No comments:
Post a Comment