How DPUs Make Collaboration Between AppDev and NetOps Essential
While GPUs have gotten much of the limelight due to AI, DPUs in the cloud are
having an equally profound impact on how applications are delivered and network
functions are designed. The rise of DPU-as-a-Service is breaking down
traditional silos between AppDev and NetOps teams, making collaboration
essential to fully unlock DPU capabilities. DPUs offload network, security, and
data processing tasks, transforming how applications interact with network
infrastructure. AppDev teams must now design applications with these offloading
capabilities in mind, identifying which tasks can benefit most from DPUs—such as
real-time data encryption or intensive packet processing. ... AppDev teams must
explicitly design applications to leverage DPU-accelerated encryption, while
NetOps teams need to configure DPUs to handle these workloads efficiently. This
intersection of concerns creates a natural collaboration point. The benefits of
this collaboration extend beyond security. DPUs excel at packet processing, data
compression, and storage operations. When AppDev and NetOps teams work together,
they can identify opportunities to offload compute-intensive tasks to DPUs,
dramatically improving application performance.
The CFO may be the CISO’s most important business ally
“Cybersecurity is an existential threat to every company. Gone are the days
where CFOs could only be fired if they ran out of money, cooked the books, or
had a major controls outage,” he said. “Lack of adequate resourcing of
cybersecurity is an emerging threat to their very existence.” This sentiment
reflects the reality that for most organizations cyber threat is the No. 1
business risk today, and this has significant implications for the strategic
survival of the enterprise. It’s time for CISOs and CFOs to address the natural
barriers to their relationship and develop a strategic partnership for the good
of the company. ... CISOs should be aware of a few key strategies for improving
collaboration with their CFO counterparts. The first is reverse mentoring.
Because CFOs and CISOs come from differing perspectives and lead domains rife
with terminology and details that can be quite foreign to the other, reverse
mentoring can be important for building a bridge between the two. In such a
relationship, the CISO can offer insights into cybersecurity, while
simultaneously learning to communicate in the CFO’s financial language. This
mutual learning creates a more aligned approach to organizational risk. Second,
CISOs must also develop their commercial perspective.
Establishing a Software-Based, High-Availability Failover Strategy for Disaster Mitigation and Recovery
No one should be surprised that cloud services occasionally go offline. If you
think of the cloud as “someone else’s computer,” then you recognize there are
servers and software behind it all. Someone else is doing their best to keep the
lights on in the face of events like human error, natural disasters, and DDoS
and other types of cyberattacks. Someone else is executing their disaster
response and recovery plan. While the cloud may well be someone else’s computer,
when there is a cloud outage that affects your operations, it is your problem.
You are at the mercy of someone else to restore services so you can get back
online. It doesn’t have to be that way. Cloud-dependent organizations can adopt
strategies that allow them to minimize the risk someone else’s outage will knock
them offline. One such strategy is to take advantage of hybrid or multi-cloud
architecture to achieve operational resiliency and high availability through
service redundancy through SANless clustering. Normally a storage area network
(SAN) uses local storage to configure clustered nodes on-premises, in the cloud,
and to a disaster recovery site. It’s a proven approach, but because it is
hardware dependent, it is costly in terms of dollars and computing resources,
and comes with additional management demands.
Trusted Apps Sneak a Bug Into the UEFI Boot Process
UEFI is a kind of sacred space — a bridge between firmware and operating system,
allowing a machine to boot up in the first place. Any malware that invades this
space will earn a dogged persistence through reboots, by reserving its own spot
in the startup process. Security programs have a harder time detecting malware
at such a low level of the system. Even more importantly, by loading first, UEFI
malware will simply have a head start over those security checks that it aims to
avoid. Malware authors take advantage of this order of operations by designing
UEFI bootkits that can hook into security protocols, and undermine critical
security mechanisms like UEFI Secure Boot or HVCI, Windows' technology for
blocking unsigned code in the kernel. To ensure that none of this can happen,
the UEFI Boot Manager verifies every boot application binary against two lists:
"db," which includes all signed and trusted programs, and "dbx," including all
forbidden programs. But when a vulnerable binary is signed by Microsoft, the
matter is moot. Microsoft maintains a list of requirements for signing UEFI
binaries, but the process is a bit obscure, Smolár says. "I don't know if it
involves only running through this list of requirements, or if there are some
other activities involved, like manual binary reviews where they look for not
necessarily malicious, but insecure behavior," he says.
How CISOs Can Build a Disaster Recovery Skillset
In a world of third-party risk, human error, and motivated threat actors, even
the best prepared CISOs cannot always shield their enterprises from all
cybersecurity incidents. When disaster strikes, how can they put their skills to
work? “It is an opportunity for the CISO to step in and lead,” says Erwin.
“That's the most critical thing a CISO is going to do in those incidents, and if
the CISO isn't capable doing that or doesn't show up and shape the response,
well, that's an indication of a problem.” CISOs, naturally, want to guide their
enterprises through a cybersecurity incident. But disaster recovery skills also
apply to their own careers. “I don't see a world where CISOs don't get some
blame when an incident happens,” says Young. There is plenty of concern over
personal liability in this role. CISOs must consider the possibility of being
replaced in the wake of an incident and potentially being held personally
responsible. “Do you have parachute packages like CEOs do in their corporate
agreements for employability when they're hired?” Young asks. “I also see this
big push of not only … CISOs on the D&O insurance, but they're also starting
to acquire private liability insurance for themselves directly.”
Site Reliability Engineering Teams Face Rising Challenges
While AI adoption continues to grow, it hasn't reduced operational burdens as
expected. Performance issues are now considered as critical as complete outages.
Organizations are also grappling with balancing release velocity against
reliability requirements. ... Daoudi suspects that there are a series of
contributing factors that have led to the unexpected rise in toil levels. The
first is AI systems maintenance: AI systems themselves require significant
maintenance, including updating models and managing GPU clusters. AI systems
also often need manual supervision due to subtle and hard-to-predict errors,
which can increase the operational load. Additionally, the free time created by
expediting valuable activities through AI may end up being filled with toilsome
tasks, he said. "This trend could impact the future of SRE practices by
necessitating a more nuanced approach to AI integration, focusing on balancing
automation with the need for human oversight and continuous improvement," Daoudi
said. Beyond AI, Daoudi also suspects that organizations are incorrectly
evaluating toolchain investments. In his view, despite all the investments in
inward-focused application performance management (APM) tools, there are still
too many incidents, and the report shows a sentiment for insufficient
observability instrumentation.
The Hidden Cost of Open Source Waste
Open source inefficiencies impact organizations in ways that go well beyond
technical concerns. First, they drain productivity. Developers spend as much
as 35% of their time untangling dependency issues or managing vulnerabilities
— time that could be far better spent building new products, paying down
technical debt, or introducing automation to drive cost efficiencies. ...
Outdated dependencies compound the challenge. According to the report, 80% of
application dependencies remain un-upgraded for over a year. While not all of
these components introduce critical vulnerabilities, failing to address them
increases the risk of undetected security gaps and adds unnecessary complexity
to the software supply chain. This lack of timely updates leaves development
teams with mounting technical debt and a higher likelihood of encountering
issues that could have been avoided. The rapid pace of software evolution adds
another layer of difficulty. Dependencies can become outdated in weeks,
creating a moving target that’s hard to manage without automation and
actionable insights. Teams often play catch-up, deepening inefficiencies and
increasing the time spent on reactive maintenance. Automation helps bridge
this gap by scanning for risks and prioritizing high-impact fixes, ensuring
teams focus on the areas that matter most.
The Virtualization Era: Opportunities, Challenges, and the Role of Hypervisors
Choosing the most appropriate hypervisor requires thoughtful consideration of
an organization’s immediate needs and long-term goals. Scalability is a
crucial factor, as the selected solution must address current workloads and
seamlessly adapt to future demands. A hypervisor that integrates smoothly with
an organization’s existing IT infrastructure reduces the risks of operational
disruptions and ensures a cost-effective transition. Equally important is the
financial aspect, where businesses must look beyond the initial licensing fees
to account for potential hidden costs, such as staff training, ongoing
support, and any necessary adjustments to workflows. The quality of support
the vendor provides, coupled with the strength of the user community, can
significantly influence the overall experience, offering critical assistance
during implementation and beyond. For many businesses, partnering with Managed
Service Providers (MSPs) brings an added layer of expertise, ensuring that the
chosen solution delivers maximum value while minimizing risk. The ongoing
evolution and transformation of the virtualization market presents both
challenges and opportunities. As the foundation for IT efficiency and
flexibility, hypervisors remain central to these changes.
DORA’s Deadline Looms: Navigating the EU’s Mandate for Threat Led Penetration Testing
It’s hard to defend yourself, if you have no idea what you’re up against, and
history and countless news stories are evidence that trying to defend against
all manner of digital threat is a fool’s errand. As such, the first step to
approaching DORA compliance is profiling not only the threat actors that
target the financial services sector, but specifically which actors, and by
what Tactics Techniques and Procedures (TTPs), you are likely to be attacked.
However, first before you can determine how an actor may view and approach
you, you need to know who you are. So, the first profile that must be built is
of your own business. Not just financial services, but what sector/aspect,
what region, and finally what is the specific risk profile based on the
critical assets in organizational, and even partner, infrastructures. The
second profile begins with the current population of known actors that target
the financial services industry. It then moves to narrowing to the actors
known to be aligned with the specific targeting profile. From there,
leveraging industry standard models such as the MITRE ATT&CK framework, a
graph is created of each actor/group’s understood goals and TTPs, including
their traditional and preferred methods of access and exploitation, as well as
their capabilities for evasion, persistence and command and control.
With AGI looming, CIOs stay the course on AI partnerships
“The immediate path for CIOs is to leverage gen AI for augmentation rather
than replacement — creating tools that help human teams make smarter, faster
decisions,” Nardecchia says. “There are very promising results with causal AI
and AI agents that give an autonomous-like capability and most solutions still
have a human in the loop.” Matthew Gunkel, CIO of IT Solutions at the
University of California at Riverside, agrees that IT organizations should
keep moving forward regardless of the growing delta between AI technology
milestones and actual AI implementations. ... “The rapid advancements in
AI technology, including projections for AGI and ACI, present a paradox: While
the technology races ahead, enterprise adoption remains in its infancy. This
divergence creates both challenges and opportunities for CIOs, employees, and
AI vendors,” Priest says. “Rather than speculating on when AGI/ACI will
materialize, CIOs would be best served to focus on what preparation is
required to be ready for it and to maximize the value from it.” Sid Nag, vice
president at Gartner, agrees that CIOs should train their attention on laying
the foundation for AI and addressing important matters such as privacy,
ethics, legal issues, and copyright issues, rather than focus on AGI advances.
Quote for the day:
"When you practice leadership,The evidence of quality of your leadership, is
known from the type of leaders that emerge out of your leadership" --
Sujit Lalwani
No comments:
Post a Comment