The New Paradigm – The Rise of the Virtual Architect
We’re on the brink of a new paradigm in Enterprise Architecture—one where
architects will have unprecedented access to knowledge, insights, and tools
through what I call the Virtual Architect. The Virtual Architect isn’t limited
to financial services. I’ve seen interest across industries like insurance and
telecoms, where clients are eager to deploy such solutions. Why? Because it
promises to provide accurate, real-time information, support colleagues, and
even generate designs. Yes, you read that right—design generation is on the
table. Naturally, this raises a big question: does this mean architects will be
replaced? We’ll get to that in a moment. ... But here’s the catch: how do we
ensure the designs generated by a Virtual Architect are accurate? The old saying
applies—it’s only as good as the quality of the data and designs you feed in.
That is where ongoing training and validation from architects remain crucial.
So, will the Virtual Architect replace human architects? I don’t believe so, not
in the near future. Designing systems is just one aspect of an architect’s role.
Stakeholder engagement, strategic thinking, and soft skills are equally
important—and these are areas where AI still falls short. For now, the Virtual
Architect is an enhancement, not a replacement.
IT/OT convergence propels zero-trust security efforts
Companies want flexibility in how end users and business applications access
and interact with OT systems. ... Enterprises also want to extract data from
OT systems, which requires network connectivity. For example, manufacturers
can pull real-time data from their assembly lines so that specialized
analytics applications can identify opportunities for efficiency and predict
disruptions to production. While converging OT onto IT networks can drive
innovation, it exposes OT systems to the threats that proliferate the digital
world. Companies often need new security solutions to protect OT. EMA’s latest
research report, “Zero Trust Networking: How Network Teams Support
Cybersecurity,” revealed that IT/OT convergence drives 38% of enterprise
zero-trust security strategies. ... IT/OT convergence leads enterprises to set
different priorities for zero-trust solution requirements. When modernizing
secure remote access solutions for zero trust, OT-focused companies have a
stronger need for granular policy management capabilities. These companies are
more likely to have a secure remote access solution that can cut off network
access in response to anomalous behavior or changes in the state of a device.
When implementing zero-trust network segmentation, OT-focused companies are
more likely to seek a solution with dynamic and adaptive segmentation
controls.
Why Enterprises Still Grapple With Data Governance
“Even in highly regulated industries where the acceptance and understanding of
the concept and value of governance more broadly are ingrained into the
corporate culture, most data governance programs have progressed very little
past an expensive [check] boxing exercise, one that has kept regulatory
queries to a minimum but returned very little additional business value on the
investment,” says Willis in an email interview. ... Why the disconnect? Data
teams don’t feel they can spend time understanding stakeholders or even
challenging business stakeholder needs. Though executive support is critical,
data governance professionals are not making the most out of that support. One
often unacknowledged problem is culture. “Unfortunately, in many
organizations, the predominant attitude towards governance and risk management
is that [they are] a burden of bureaucracy that slows innovation,” says
Willis. “Data governance teams too frequently perpetuate that mindset,
over-rotating on data controls and processes where the effort to execute is
misaligned to the value they release.” One way to begin improving the
effectiveness of data governance is to reassess the organization’s objectives
and approach.
What Is Next-Generation Data Protection and Why Should Enterprise Tech Buyers Care?
Next-generation data protection was created to combat today’s most
sophisticated and dangerous cyberattacks. It expands the purview of what is
protected and how it is protected within an enterprise data infrastructure.
This new approach also adds preemptive and predictive capabilities that help
mitigate the effects of massive cyberattacks. Moreover, next-generation data
protection is the last line of defense against the most vicious, unscrupulous
cyber criminals who want nothing more than to take down and harm large
companies, either for monetary gain or respect amongst fellow criminals.
Therefore, understanding and implementing next-generation data protection is
vital. ... To make data protection highly effective today for the datasets
that seem most critical, it has to be highly integrated and orchestrated. You
don’t want a manual process making a weak spot for your organization. To
resolve this issue, one of the breakthrough capabilities of next-generation
data protection is automated cyber protection. Automated cyber protection
seamlessly integrates cyber storage resilience into a cyber security operation
center (SOC) and data center-wide cyber security applications, such as SIEM
and SOAR cyber applications.
Federal Cyber Operations Would Downgrade Under Shutdown
The pending shutdown could trigger major cutbacks to critical technology
services across the federal government, including DHS's Science and Technology
Directorate, which provides technical expertise to address emerging threats
impacting DHS, first responders and private sector organizations. During a
lapse in appropriations, just 31 of its staff members would be retained,
representing a staggering 94% reduction in its workforce. The shutdown could
lead to longer airport lines, furloughs for hundreds of thousands of federal
workers. Brian Fox, CTO of software supply chain management firm Sonatype,
previously told Information Security Media Group that CISA plays a critical
role in safeguarding government infrastructure during periods of political
turbulence. "It's no secret that times of uncertainty, change and disruption
are prime opportunities for threat actors to increase efforts to infiltrate
systems," Fox said. The shutdown is set to begin at 12:01 a.m. on Saturday,
December 21, unless lawmakers can pass a short-term spending bill, after the
House rejected a compromise package Thursday night following online remarks
from President-elect Donald Trump and his billionaire government efficiency
advisor, Elon Musk.
Why cybersecurity is critical to energy modernization
Connected infrastructures for renewables, in many cases, are operated by new
companies or even residential users. They don’t have a background in managing
reliability and, generally, have very limited or no cybersecurity expertise.
Despite this, they all oversee internet-connected systems that are digitally
controlled and therefore vulnerable to hacking. The cumulated power controlled
by many connected parties also poses a risk of blackouts. The concern is about
the suppliers, especially for consumer equipment, as it is not possible to
impose security regulations on consumers. The Cyber Resilience Act tries to
address suppliers but is likely not sufficient. ... International
collaboration is crucial in addressing the cybersecurity risks posed by
interconnected energy grids. By sharing knowledge, harmonizing standards, and
coordinating joint incident response efforts, countries can collectively
enhance their preparedness and resilience. There are various formal
international collaborations, such as ENTSO-E and the DSO Entity SEEG,
coordination groups like WG8 in NIS, and partnerships between experts and
authorities in groups like NCCS. International exercises led by organizations
like ENISA and NATO further support these initiatives.
US Ban on TP-Link Routers More About Politics Than Exploitation Risk
While no researcher has called out a specific backdoor or zero-day
vulnerability in TP-Link routers, restricting products from a country that is
a political and economic rival is not unreasonable, says Thomas Pace, CEO of
extended Internet of Things (IoT) security firm NetRise and a former head of
cybersecurity for the US Department of Energy. ... Companies and consumers
should do their due diligence, keep their devices up to date with the latest
security patches, and consider whether the manufacturer of their critical
hardware may have secondary motives, says Phosphorus Cybersecurity's Shankar.
"The vast majority of successful attacks on IoT are enabled by preventable
issues like static, unchanged default passwords, or unpatched firmware,
leaving systems exposed," he says. "For business operators and consumer
end-users, the key takeaway is clear: adopting basic security hygiene is a
critical defense against both opportunistic and sophisticated attacks. Don’t
leave the front door open." For companies worried about the origin of their
networking devices or the security their supply chain, finding a trusted third
party to manage the devices is a reasonable option. In reality, though, almost
every device should be monitored and not trusted, says NetRise's Pace.
The Next Big Thing: How Generative AI Is Reshaping DevOps in the Cloud
One of the biggest impacts of AI on DevOps is in Continuous Integration and
Continuous Delivery (CI/CD) pipelines. These pipelines help automate how code
changes are managed and deployed to production environments. Automation in
this area makes operations more efficient. However, as codebases grow and get
more complex, these pipelines often need manual tuning and adjustments to run
smoothly. AI impacts this by making pipelines smarter. It can analyze
historical data, like build times, test results, and deployment patterns. By
doing this, it can adjust how pipelines are set up to minimize bottlenecks and
use resources better. For example, AI can decide which tests to run first. It
chooses tests that are more likely to find bugs from code changes. This helps
to speed up the process of testing and deploying code. ... Security has always
been very important for cloud-native apps and DevOps teams. With Generative
AI, we can now move from reactive to proactive when it comes to system
vulnerabilities. Instead of just waiting for security issues to appear, AI
helps DevOps teams spot and prevent potential risks ahead of time. AI-powered
security tools can perform data analysis on a company’s cloud system.
US order is a reminder that cloud platforms aren’t secure out of the box
Affected IT departments are ordered to implement a set of baseline
configurations set out by the Secure Cloud Business Applications (SCuBA)
project for certain software as a service (SaaS) platforms. So far, the
directive notes, the only final configuration baseline set is for Microsoft
365. There is also a baseline configuration for Google Workspace listed on the
SCuBA website that isn’t mentioned in this week’s directive. However, the
order does say that in the future, CISA may release additional SCuBA Secure
Configuration Baselines for other cloud products. When the baselines are
issued, they will also will fall under the scope of this week’s directive. ...
Coincidentally, the CISA directive comes the same week as CSO reported that
Amazon has halted its deployment of M365 for a full year, as Microsoft tries
to fix a long list of security problems that Amazon identified. A CISA
spokesperson said he couldn’t comment on why the directive was issued this
week, but Dubrovsky believes it’s “more of a generic warning” to federal
departments, and not linked to an event. Asked how private-sector CISOs should
secure cloud platforms, Dubrovsky said they should start with cybersecurity
basics. That includes implementing tough identity and access management
policies, including MFA, and performing network monitoring and alerting for
abnormalities, before going into the cloud.
The value of generosity in leadership
For the first time we have five generations in the workforce, which means that
needs, priorities, and sources of meaning vary. Generosity becomes much more
important because you cannot achieve everything by yourself. You can only do
that by empowering others and giving them the tools, opportunities, and trust
they need to succeed. And then, hopefully, they can together fulfill the
organization’s purpose, objectives, and dreams. ... The opposite of a generous
leader is a narcissistic leader, who is focused on themselves. Narcissistic
leaders are not as effective as leaders who have higher EQs [emotional
quotients], who are more generous and recognize that the team’s performance is
a result of something beyond themselves. But for one reason or another,
narcissistic leaders continue to rise to the top. ... That link between
being generous with yourself and being generous with others is so important.
When I’ve seen leaders really unlock a new level of leadership, and generosity
in leadership, it comes from first and foremost understanding how to lead
themselves, and specifically, how to control the amygdala hijack that can send
you below the line. Those are very real physiological tendencies that can
create what appears to be a zero-sum context based on winning and
losing.
Quote for the day:
"Small daily imporevement over time
lead to stunning results." -- Robin Sherman
No comments:
Post a Comment