6 Strategies for Overcoming the Weight of Process Debt
While technical debt is a more familiar concept stemming from software
development that describes the cost of taking shortcuts or using quick fixes in
code, process debt relates to inefficiencies and redundancies within
organizational workflows and procedures. Process debt can also have far-reaching
effects that are often less obvious to business leaders, making it an insidious
force that can silently undermine business operations. ... Rather than simply
adding a new technology into an old process or duplicating legacy steps in a new
application, organizations need to undertake a detailed audit of existing
processes to uncover inefficiencies, redundancies, and inaccuracies that
contribute to process debt. This audit should involve a systematic review of all
workflows, procedures, and operational activities to identify areas where
performance is falling short or where resources are being wasted. To gain a
deeper understanding, leverage process mapping tools to create visual
representations of workflows. These tools allow you to document each step of a
process, highlight how tasks flow between different departments or systems, and
uncover hidden bottlenecks or points of friction.
Domain-specific GenAI is Coming to a Network Near You
Now, we're seeing domain-specific models crop up. These are specialized models
that focus on some industry or incorporate domain best practices that can be
centrally trained and then deployed and fine-tuned by organizations. They are
built on specific knowledge sets rather than the generalized corpus of
information on which conversational AI is trained. ... By adopting
domain-specific generative AI, companies can achieve more accurate and relevant
outcomes, reducing the risks associated with general-purpose models. This
approach not only enhances productivity but also aligns AI capabilities with
specific business needs. ... The question now is whether this specialization can
be applied to domains like networking, security, and application delivery. Yes,
but no. The truth is that predictive (classic) AI is going to change these
technical domains forever. But it will do so from the inside-out; that is,
predictive AI will deliver real-time analysis of traffic that enables an
operational AI to act. That may well be generative AI if we are including
agentic AI in that broad category. But GenAI will have an impact on how we
operate networking, security, and application delivery.
The human factor: How companies can prevent cloud disasters
A company’s post-mortem process reveals a great deal about its culture. Each of
the top tech companies require teams to write post-mortems for significant
outages. The report should describe the incident, explore its root causes and
identify preventative actions. The post-mortem should be rigorous and held to a
high standard, but the process should never single out individuals to blame.
Post-mortem writing is a corrective exercise, not a punitive one. If an engineer
made a mistake, there are underlying issues that allowed that mistake to happen.
Perhaps you need better testing, or better guardrails around your critical
systems. Drill down to those systemic gaps and fix them. Designing a robust
post-mortem process could be the subject of its own article, but it’s safe to
say that having one will go a long way toward preventing the next outage. ... If
engineers have a perception that only new features lead to raises and
promotions, reliability work will take a back seat. Most engineers should be
contributing to operational excellence, regardless of seniority. Reward
reliability improvements in your performance reviews. Hold your senior-most
engineers accountable for the stability of the systems they oversee.
Ransomware siege: Who’s targeting India’s digital frontier?
Small and medium-sized businesses (SMBs) are often the most vulnerable. This
past July, a ransomware attack forced over 300 small Indian banks offline,
cutting off access to essential financial services for millions of rural and
urban customers. This disruption has severe consequences in a country where
digital banking and online financial services are becoming lifelines for
people’s day-to-day transactions. According to a report by Kaspersky, 53% of
Indian SMBs experienced ransomware attacks in 2023, with 559 million attacks
occurring between April and May of this year, making them the most targeted
segment. ... For SMBs, the cost of paying ransomware, retrieving proprietary
data, returning to full operations, and recovering lost revenue can be too
much to bear. For this reason, many businesses opt to pay the ransom, even
when there is no guarantee that their data will be fully restored. The Indian
financial sector, in particular, has been a favourite target. This year the
National Payment Corporation of India (NPCI), which runs the country’s digital
payment systems, was forced to take systems offline temporarily due to an
attack. Beyond the financial impact, these incidents erode trust in India’s
push for a digital-first economy, impacting the country’s progress toward
digital banking adoption.
What AMD and Intel’s Alliance Means for Data Center Operators
.jpg?width=700&auto=webp&quality=80&disable=upscale)
AMD and Intel’s alliance was a surprise for many. But industry analysts said
their partnership makes sense and is much needed, given the threat that Arm
poses in both the consumer and data center space. While x86 processors still
dominate the data center space, Arm has made inroads with cloud providers
Amazon Web Services, Google Cloud and Microsoft Azure building their own
Arm-based CPUs and startups like Ampere having entered the market in recent
years. Intel and AMD’s partnership confirms how strong Arm is as a platform in
the PC, data center and smartphone markets, the Futurum Group's Newman said.
But the two giant chipmakers still have the advantage of having a huge
installed base and significant market share. Through the new x86 advisory
group, AMD and Intel can benefit by making it easier for data center operators
to leverage x86, he said. “This partnership is about the experience of the x86
customer base, trying to make it stickier and trying to give them less reason
to potentially move off of the platform is valuable,” Newman said. “x86’s
longevity will benefit meaningfully from less complexity and making it easier
for customers.”
Cyber resilience is improving but managing systemic risk will be key
“Cyber insurance is recognised as a core component of a robust cyber risk
management strategy. While we have seen fluctuations in cyber rates and
capacity over the last five years, more recently we have seen rates softening
in the market,” Cotelle said. “The emergence and adoption of AI has clear
potential to revolutionise how businesses operate, which will create new
opportunities but also new exposures. “In the cyber risk context, AI is a
double-edged sword. First, it can be exploited by threat actors to conduct
more sophisticated attacks between agencies to address ransomware,” he said.
... He stressed, however, that one of the biggest challenges facing the cyber
market is how it understands and manages systemic cyber risks. He said there
is a case for considering the use of reinsurance pools and public/private
partnerships to do this. “The continued attractiveness of the cyber insurance
solution is paramount to the sustainability and growth of the market. “In
recent years, we have seen work by insurers to clarify particular aspects of
coverage relating to areas such as cyber-related property damage, cyber war or
infrastructure which has led to coverage restrictions.”
Cyber resilience vs. cybersecurity: Which is more critical?
A common misconception is that cyber resilience means strong cybersecurity and
that the organization won’t be compromised because their defenses are
impenetrable. No defense is ever 100 percent secure because IT products have
flaws and cybercriminals, and nation state-sponsored threat actors are
continually changing their tactics, techniques and procedures (TTPs) to take
advantage of any weaknesses they can find. And, of course, any organization
with cyber resilience still needs quality cyber security in the first place.
Resilience isn’t promising that bad things won’t happen; resilience promises
that when they do, the organization can overcome that and continue to thrive.
Cybersecurity is one of the foundations upon which resilience stands. Although
cyber threats have increased in frequency and sophistication in recent years,
there’s a huge amount that businesses in every sector can do to reduce the
chances of being compromised and to prepare for the worst. The investment in
time, energy and resources to prepare for a cyber incident is well worth it
for the results you’ll see. Being cyber resilient is becoming a selling point
as well.
Building Digital Resilience: Insider Insights for a Safer Cyber Landscape
These “basics” sound simple and are not difficult to implement, but we (IT,
Security teams, and the Business) routinely fail at it. We tend to focus on
the fancy new tool, the shiny new dashboard, quarterly profits, or even the
latest analytical application. Yes, these are important and have their place,
but we should ensure we have the “basics” down to protect the business so it
can focus on profit and growth. Using patching as an example, if we can patch
our prioritized vulnerabilities promptly, we reduce our threat landscape,
which, in turn, offers attackers fewer doors and windows into our environment.
The term may seem a little dated, but defense in depth is a solid method used
to defend our often-porous environments. Using multiple levels of security,
such as strong passwords, multi-factor authentication, resilience training,
and patching strategies, makes it harder for threat actors, so they tend to
move to another target with weaker defenses. ... In an increasingly digital
world, robust recovery capabilities are not just a safety net but a strategic
advantage and a tactical MUST. The actions taken before and after a breach are
what truly matter to reduce the costliest impacts—business
interruption.
Information Integrity by Design: The Missing Piece of Values-Aligned Tech
To have any chance of fixing our dysfunctional relationship with information,
we need solutions that can take on the powerful incentives, integration scale,
and economic pull of the attention economy as we know it, and realign the
market. One good example is the emerging platform Readocracy, designed from
the outset with features that allow users to have much more control and
context over their information experience. This includes offering users
control over the algorithm, providing nudges to direct attention more
mindfully, and providing information on how informed commenters are on
subjects on which they are commenting. ... An information integrity by design
initiative can focus on promoting the six components of information integrity
outlined above so readers and researchers can make informed decisions on the
integrity of the information provided. Government promotion and support can
drive and support corporate adoption of the concept much like it's done for
security by design, privacy by design, and, most recently, safety by design.
... Information integrity deserves fierce advocacy from governments, the
intellectual ingenuity of civil society, and the creative muscle of
industry.
The backbone of security: How NIST 800-88 and 800-53 compliance safeguards data centers
When discussing data center compliance, it’s important to not leave out an
important player: the National Institute of Standards and Technology (NIST).
NIST is one of the most widely recognized and adopted cybersecurity
frameworks, is the industry’s most comprehensive and in-depth set of framework
controls, and is a non-regulatory federal agency. NIST’s mission is to educate
citizens on information system security for all applications outside of
national security, including industry, government, academia, and healthcare on
both a national and global scale. Their strict and robust standards and
guidelines are widely recognized and adopted by both data centers and
government entities alike seeking to improve their processes, quality, and
security. ... NIST 800-88 covers various types of media, including hard drives
(HDDs), solid-state drives (SSDs), magnetic tapes, optical media, and other
media storage devices. NIST 800-88 has quickly become the utmost standard for
the U.S. Government and has been continuously referenced in federal data
privacy laws. More so, NIST 800-88 regulations have been increasingly adopted
by private companies and organizations, especially data centers.
Quote for the day:
"To have long-term success as a coach
or in any position of leadership, you have to be obsessed in some way." --
Pat Riley
No comments:
Post a Comment