Cloud Exit: 42% of Companies Move Data Back On-Premises
Agarwal said: ‘Nobody is running a cloud business as a charity.’ When businesses
reach a size where it is economically viable, constructing their own
infrastructure can save significant costs while eliminating the ‘cloud
middleman’ and associated expenses. That said, the cloud is certainly not “Just
someone else’s computer,” as the joke goes. It has added immense value to those
who adapted to it. But like artificial intelligence (AI), it has been
mythologized and exaggerated as the ultimate tool for efficiency — romanticized
to the point where pervasive myths about cost-effectiveness, reliability, and
security are enough for businesses to dive headfirst into adoption. These myths
are frequently discussed in high-profile forums, shaping perceptions that may
not always align with reality, leading many to commit without fully considering
potential drawbacks and real-world challenges. ... Avoidable charges and cloud
waste were another noteworthy issue revealed in the 2023 State of Cloud Strategy
Survey by Hashicorp. 94% of respondents in this survey reported incurring
unnecessary expenses because of the underutilization of cloud resources. These
costs often result from maintaining idle resources that do not cater to any of
the company’s actual operational needs.
Revitalize aging data centers
Before tackling the specifics of upgrading a data center, it is important to
conduct a thorough assessment to identify the specific needs and areas for
improvement. This assessment should examine the data center's existing
infrastructure, including server capacity, storage solutions, and energy
consumption. It is also important to evaluate how these elements stack up
against current power standards, grid connection requirements, efficiency
benchmarks, and environmental and permit regulations. By benchmarking against
newer facilities, operators can identify key areas where technological and
infrastructural enhancements are needed. ... While integrating the latest
server technologies might seem obvious, these systems demand different support
from existing infrastructure. The increased computational loads should not
compromise system reliability. Therefore, transitioning to newer generations
of processors can result in updates of your data center support
infrastructure. This includes upgrading power distribution units (PDUs) to
handle higher power densities, enhancing network infrastructure to support
faster data transfer rates, and reinforcing structural components to
accommodate the increased weight and space requirements of modern
equipment.
Personhood: Cybersecurity’s next great authentication battle as AI improves
Although intriguing, the personhood plan has fundamental issues. First,
credentials are very easily faked by gen AI systems. Second, customers may be
hard-pressed to take the significant time and effort to gather documents and
wait in line at a government office to prove that they are human simply to
visit public websites or sales call centers. Some argue that the mass creation
of humanity cookies would create another pivotal cybersecurity weak spot.
“What if I get control of the devices that have the humanity cookie on it?”
FaceTec’s Meier asks. “The Chinese might then have a billion humanity cookies
at one person’s control.” Brian Levine, a managing director for cybersecurity
at Ernst & Young, believes that, while such a system might be helpful in
the short run, it likely won’t effectively protect enterprises for long. “It’s
the same cat-and-mouse game” that cybersecurity vendors have always played
with attackers, Levine says. ... Sandy Carielli, a Forrester principal analyst
and lead author of the Forrester bot report, says a critical element of any
bot defense program is to not delay good bots, such as legitimate search
engine spiders, in the quest to block bad ones.“The crux of any bot management
system has to be that it never introduces friction for good bots and certainly
not for legitimate customers.
What’s behind the return-to-office demands?
The effect is clear: an average employee wants to work three days a week in
the office, while managers want them there four days. The managers win, of
course: today half of all civil servants in Stockholm County work in the
office four days a week, a clear increase. There are different conclusions one
can draw. Mine are these: Physical workplaces and physical interaction are
better than digital workspaces and meetings when it comes to creative tasks
and social/cultural togetherness. I think, depending on what you work with,
employees and managers are quite in agreement. Leadership in the hybrid work
models has not developed in the ways and at the pace required. Managers still
have an excessive need for control, with no way to deal with this without
trying to return to what was previously comfortable. Employees have probably
not managed to convey to their bosses the positive aspects of home work — for
the employer. It’s great that your life puzzle is easier and you can take
power walks and do laundry, but how does that help the company? It’s no wonder
that whispering about sneaky vacations is taking off. And there’s an elephant
in the room we should talk about — people really hate open office spaces and
activity-based workplaces.
Passwordless AND Keyless: The Future of (Privileged) Access Management
Because SSH keys are functionally different from passwords, traditional PAMs
don't manage them very well. Legacy PAMs were built to vault passwords, and
they try to do the same with keys. Without going into too much detail about
key functionality (like public and private keys), vaulting private keys and
handing them out at request simply doesn't work. Keys must be secured at the
server side, otherwise keeping them under control is a futile effort.
Furthermore, your solution needs to discover keys first to manage them. Most
PAMs can't. There are also key configuration files and other key(!) elements
involved that traditional PAMs miss. ... Let's come back to the topic of
passwords. Even if you have them vaulted, you aren't managing them in the best
possible way. Modern, dynamic environments - using in-house or hosted cloud
servers, containers, or Kubernetes orchestration - don't work well with vaults
or with PAMs that were built 20 years ago. This is why we offer modern
ephemeral access where the secrets needed to access a target are granted
just-in-time for the session, and they automatically expire once the
authentication is done. This leaves no passwords or keys to manage - at
all.
Cybersecurity is Beyond Protecting Personal Data
/dq/media/media_files/OexavGA5G5w0jZEnOBT3.jpg)
Cyberattacks are not just about stealing personal data; they also involve
stealing intellectual property and sensitive corporate information. In India,
the number of data breaches has surged in recent years. The Indian Computer
Emergency Response Team (CERT-IN) reported over 150,000 cyber incidents in
2023 alone, with significant breaches occurring in sectors such as finance,
healthcare, and government. ... While there is a global scarcity of competent
cybersecurity personnel, India is experiencing an exceptionally severe
shortfall. A report conducted by (ISC)² indicates that there is a 3 million
cybersecurity workforce shortage worldwide, with India contributing
significantly to this shortfall. This deficiency hinders businesses' capacity
to detect and address cyber threats that should be looked after by team
members' ignorance and lack of training might lead to human mistakes, which
are a common way for cyberattacks to get started. ... Compliance with
cybersecurity legislation and standards is critical for data protection and
retaining confidence. India's legal landscape is changing, with initiatives
like the Information Technology Act and the Personal Data Protection Bill
aimed at improving cybersecurity.
Google calls for halting use of WHOIS for TLS domain verifications
TLS certificates are the cryptographic credentials that underpin HTTPS
connections, a critical component of online communications verifying that a
server belongs to a trusted entity and encrypts all traffic passing between it
and an end user. ... The rules for how certificates are issued and the process
for verifying the rightful owner of a domain are left to the CA/Browser Forum.
One "base requirement rule" allows CAs to send an email to an address listed
in the WHOIS record for the domain being applied for. When the receiver clicks
an enclosed link, the certificate is automatically approved. ... Specifically,
watchTowr researchers were able to receive a verification link for any domain
ending in .mobi, including ones they didn’t own. The researchers did this by
deploying a fake WHOIS server and populating it with fake records. Creation of
the fake server was possible because dotmobiregistry.net—the previous domain
hosting the WHOIS server for .mobi domains—was allowed to expire after the
server was relocated to a new domain. watchTowr researchers registered the
domain, set up the imposter WHOIS server, and found that CAs continued to rely
on it to verify ownership of .mobi domains.
How API Security Fits into DORA Compliance: Everything You Need to Know
Financial institutions rely heavily on third-party service providers, and APIs
are the gateway through which many of these vendors access core banking
systems. This introduces significant risk, as third-party APIs may become the
weakest link in the supply chain. DORA places substantial emphasis on managing
these risks, as outlined in Article 28, stating that financial entities must
ensure that third-party providers “implement and maintain appropriate measures
to manage ICT risks" and that institutions must "ensure the quality and
integration of ICT services provided by third parties." You need to start
simple and to be able to answer two questions: Who are your vendors? What
third-party apps do you have connected? One of the biggest challenges here is
the concept of shadow APIs—those untracked, unauthorized, or forgotten
endpoints that can remain active long after their intended purpose. Shadow
APIs expose financial institutions to vulnerabilities, making it difficult to
track and control third-party access. DORA’s Article 28 further reinforces the
need for financial institutions to "assess third-party ICT service providers’
ability to protect the integrity, security, and confidentiality of data, and
to manage risks related to outsourcing."
Dirty code still runs, and that’s not a good thing
Quality code benefits developers by minimizing the time and effort spent on
patching and refactoring later. Having confidence that code is clean also
enhances collaboration, allowing developers to more easily reuse code from
colleagues or AI tools. This not only simplifies their work but also reduces
the need for retroactive fixes and helps prevent and lower technical debt. To
deliver clean code, it’s important to note that developers should start with
the right guardrails, tests, and analysis from the beginning, in the IDE.
Pairing unit testing with static analysis can also guarantee quality. The
sooner these reviews happen in the development process, the better. ...
Developers and businesses can’t afford to perpetuate the cycle of bad code
and, consequently, subpar software. Pushing poor-quality code through to
development will only reintroduce software that breaks down later, even if it
seems to run fine in the interim. To end the cycle, developers must deliver
software built on clean code before deploying it. By implementing effective
reviews and tests that gatekeep bad code before it becomes a major problem,
developers can better equip themselves to deliver software with both
functionality and longevity.
The Perfect Balance: Merging AI and Design Thinking for Innovative Pricing Strategies
This combination of AI’s optimization and Design Thinking’s creative
transformation is exactly what modern businesses need to stay competitive.
Relying solely on AI to adjust pricing may lead to efficiency gains, but
without the innovation brought by Design Thinking, businesses risk missing out
on new opportunities to reshape their pricing models and align them more
closely with customer needs. Conversely, while Design Thinking can spark
innovation, without AI’s precision, companies might struggle to implement
their ideas in a way that maximizes profitability. It is by uniting these two
approaches that organizations can build pricing strategies that are both
efficient and forward-looking. For businesses, pricing is a powerful lever
that influences profitability, market position, and customer perception. In
today’s competitive landscape, those that fail to leverage both AI and Design
Thinking risk falling behind. AI offers the operational benefits of real-time
optimization, driving immediate financial returns. Design Thinking provides
the creative space to explore new value propositions and pricing structures
that can secure long-term customer loyalty.
Quote for the day:
"A sense of humor is part of the art
of leadership, of getting along with people, of getting things done." --
Dwight D. Eisenhower
No comments:
Post a Comment