Quote for the day:
"Empowerment is the magic wand that turns a frog into a prince. Never estimate the power of the people, through true empowerment great leaders are born." -- Lama S. Bowen
Service as Software Changes Everything
Service as software, also referred to as SaaS 2.0, goes beyond layering AI atop
existing applications. It centers on the concept of automating business
processes through intelligent APIs and autonomous services. The framework aims
to eliminate human input and involvement through AI agents that act and react to
conditions based on events, behavioral changes, and feedback. The result is
autonomous software. “Traditional SaaS provides cloud-based tools where staff
still do the work. Service as software flips that script. Instead of having
staff do the work, you're making calls to an API or using software that does the
work for you,” says Mark Strefford, founder of TimelapseAI, a UK-based
consulting firm. ... CIOs and IT leaders should start small and iterate, experts
say. As an organization gains confidence and trust, it can expand the autonomy
of a SaaS 2.0 component. “More AI initiatives have failed from starting too big
than too small,” Strefford notes. Consequently, it’s critical to understand the
entire workflow, build in oversight and protections, establish measurement and
validation tools, and stay focused on outcomes. A few factors can make or break
an initiative, Giron says. Data quality and the ability to integrate across
systems is crucial. A framework for standardization is critical. This includes
cleaning, standardizing, and preparing legacy data.
The Missing Sustainability Perspective in Cloud Architecture
The Well-Architected Framework provides a structured approach to making
architectural decisions. While it originally focused on operational, security,
and financial trade-offs, the Sustainability Pillar introduces specific guidance
for designing cloud solutions with minimal environmental impact. One key
architectural trade-off is between performance efficiency and sustainability.
While performance efficiency emphasizes speed and low latency, these benefits
often come at the cost of over-provisioning resources. A more sustainable
approach involves optimizing compute resources to ensure they are only consumed
when necessary. Serverless computing solutions, such as AWS Lambda or Azure
Functions, help minimize idle capacity by executing workloads only when
triggered. Similarly, auto-scaling for containerized applications, such as
Kubernetes Horizontal Pod Autoscaler (HPA) or AWS Fargate, ensures that
resources are dynamically adjusted based on demand, preventing unnecessary
energy consumption. Another critical balance is between cost optimization and
sustainability. Traditional cost optimization strategies focus on reducing
expenses, but without considering sustainability, businesses might make
short-term cost-saving decisions that lead to long-term environmental
inefficiencies. For example, many organizations store large volumes of data
without assessing its relevance, leading to excessive storage-related energy
use.
Quantum Computing Has Arrived; We Need To Prepare For Its Impact
Many now believe that the power and speed of quantum computing will enable us to
address some of the biggest and most difficult problems our civilization faces.
Problem-solving will be made possible by quantum computing’s unprecedented
processing speed and predictive analytics. That is a remarkable near-term
potential. Mckinsey & Company forecasts that Quantum Technologies could
create an economic value in the market of up to $2 trillion by 2035. Quantum
measuring and sensing is one field where quantum technologies have already made
their appearance. Navigational devices and magnetic resonance imaging already
employ it. Quantum sensors detect and quantify minute changes in time, gravity,
temperature, pressure, rotation, acceleration, frequency, and magnetic and
electric fields using the smallest amounts of matter and energy. Quantum will
have a direct impact on many scientific fields, including biology, chemistry,
physics, and mathematics. Industry applications will have an impact on a wide
range of fields, including healthcare, banking, communications, commerce,
cybersecurity, energy, and space exploration. In other words, any sector in
which data is a component. More specifically, quantum technology has incredible
potential to transform a wide range of fields, including materials science,
lasers, biotechnology, communications, genetic sequencing, and real-time data
analytics.
Industrial System Cyberattacks Surge as OT Stays Vulnerable
"There's a higher propensity for manufacturing organizations to have cloud
connectivity just as a way of doing business, because of the benefits of the
public cloud for manufacturing, like for predictive analytics, just-in-time
inventory management, and things along those lines," he says, pointing to
Transportation Security Administration rules governing pipelines and logistics
networks as one reason for the difference. "There is purposeful regulation to
separate the IT-OT boundary — you tend to see multiple kinds of ring-fence
layers of controls. ... There's a more conservative approach to
outside-the-plant connectivity within logistics and transportation and natural
resources," Geyer says. ... When it comes to cyber-defense, companies with
operational technology should focus on protecting their most important
functions, and that can vary by organization. One food-and-beverage company, for
example, focuses on the most important production zones in the company, testing
for weak and default passwords, checking for the existence of clear-text
communications, and scanning for hard-coded credentials, says Claroty's Geyer.
"The most important zone in each of their plants is milk receiving — if milk
receiving fails, everything else is critical path and nothing can work
throughout the plant," he says.
How to create an effective incident response plan
“When you talk about BIA and RTOs [recovery time objective], you shouldn’t be
just checking boxes,” Ennamli says. “You’re creating a map that shows you, and
your decision-makers, exactly where to focus efforts when things go wrong.
Basically, the nervous system of your business.” ... “And when the rubber hits
the road during an actual incident, precious time is wasted on less important
assets while critical business functions remain offline and not bringing in
revenue,” he says. ... It’s vital to have robust communication protocols, says
Jason Wingate, CEO at Emerald Ocean, a provider of brand development services.
“You’re going to want a clear chain of command and communication,” he says.
“Without established protocols, you’re about as effective as trying to
coordinate a fire response with smoke signals.” The severity of the incident
should inform the communications strategy, says David Taylor, a managing
director at global consulting firm Protiviti. While cybersecurity team members
actively responding to an incident will be in close contact and collaborating
during an event, he says, others are likely not as plugged in or consistently
informed. “Based on the assigned severity, stemming from the initial triage or a
change to the level of severity based on new information during the response,
governance should dictate the type, audience, and cadence of communications,”
Taylor says.
AI-Powered DevOps: Transforming CI/CD Pipelines for Intelligent Automation
Traditional software testing faces challenges as organizations must assess
codes to ensure they do not downgrade system performance or introduce bugs.
Applications with extensive functionalities are time-consuming as they demand
several test cases. They must ensure appropriate management, detailing their
needs and advancing critical results in every scope. Nonetheless, smoke and
regression testing ensures the same test cases are conducted, leading to
time-consuming activities. The difficulty makes it hard for the traditional
approach to have critical coverage of what is needed, and it is challenging to
ensure that every approach can be tackled appropriately, channeling value
toward the demanded selection. ... Using ML-driven test automation leads to
increased efficiency in managing repetitive tasks. These automated measures
ensure an accelerated testing approach, allowing teams to work with better
activities. ML also integrates quality assessment into the software, marking
an increasingly beneficial way to attend to individual requirements to ensure
every software is assessed for high risk, potential failures and critical
functions, which achieve a better post-deployment result. Additionally, using
ML automation leads to cost savings, enabling testing cycles to have minimal
operational costs as they are automated and prevent defects from being
deployed within the software.
Prompt Engineering: Challenges, Strengths, and Its Place in Software Development's Future
/articles/prompt-engineering/en/smallimage/prompt-engineering-thumbnail-1739797104596.jpg)
Prompt engineering and programming share the goal of instructing machines but
differ fundamentally in their methodologies. While programming relies on
formalized syntax, deterministic execution, and precision to ensure consistency
and reliability, prompt engineering leverages the adaptability of natural
language. This flexibility, however, introduces certain challenges, such as
ambiguity, variability, and unpredictability. ... Mastering prompt engineering
requires a level of knowledge and expertise comparable to programming. While it
leverages natural language, its effective use demands a deep understanding of AI
model behavior, the application of specific techniques, and a commitment to
continuous learning. Similar to programming, prompt engineering involves
continual learning to stay proficient with a variety of evolving techniques. A
recent literature review by OpenAI and Microsoft analyzed over 1,500 prompt
engineering-related papers, categorizing the various strategies into a formal
taxonomy. This literature review is indicative of the continuous evolution of
prompt engineering, requiring practitioners to stay informed and refine their
approaches to remain effective.
Avoiding vendor lock-in when using managed cloud security services
An ideal managed cloud security provider should take an agnostic approach. Their
solution should be compatible with whatever CNAPP or CSPM solution you use. This
gives you maximum flexibility to find the right provider without locking
yourself into a specific solution. Advanced services may even enable you to take
open-sourced tooling and get to a good place before expanding to a full cloud
security solution. You could also partner with a managed cloud security service
that leverages open standards and protocols. This approach will allow you to
integrate new or additional vendors while reducing your dependency on
proprietary technology. Training and building in-house knowledge also helps. A
confident service won’t keep their knowledge to themselves and helps enable and
provide training to your team along the way. ... And there’s IAM—a more
complex but equally concerning component of cloud security. In recent news, a
few breaches started with low-level credentials being obtained before the
attackers self-escalated themselves to gain access to sensitive information.
This is often due to overly permissive access given to humans and machines. It’s
also one of the least understood components of the cloud. Still, if your managed
cloud security service truly understands the cloud, it won’t ignore IAM, the
foundation of cloud security.
Observability Can Get Expensive. Here’s How to Trim Costs
“At its core, the ‘store it all’ approach is meant to ensure that when something
goes wrong, teams have access to everything so they can pinpoint the exact
location of the failure in their infrastructure,” she said. “However, this has
become increasingly infeasible as infrastructure becomes more complex and
ephemeral; there is now just too much to collect without massive expense.” ...
“Something that would otherwise take developers weeks to do — take an inventory
of all telemetry collected and eliminate the lower value parts — can be
available at the click of a button,” she said. A proper observability platform
can continually analyze telemetry data in order to have the most up-to-date
picture of what is useful rather than a one-time, manual audit “that’s
essentially stale as soon as it gets done,” Villa said. “It’s less about
organizations wanting to pay less for observability tools, but they’re thinking
more long-term about their investment and choosing platforms that will save them
down the line,” she said. “The more they save on data collection, the more they
can reinvest into other areas of observability, including new signals like
profiling that they might not have explored yet.” Moving from a “store it all”
to a “store intelligently” strategy is not only the future of cost optimization,
Villa said, but can also help make the haystack of data smaller
The Aftermath of a Data Breach
For organizations, the aftermath of a data breach can be highly devastating. In
an interconnected world, a single data vulnerability can cascade into decades of
irreversible loss – intellectual, monetary, and reputational. The consequences
paralyze even the most established businesses, uprooting them from their
foundation. ... The severity of a data breach often depends on how long it goes
undetected; however, identifying the breach is where the story actually begins.
From containing the destruction and informing authorities to answering customers
and paying for their damages, the road to business recovery is long and
grueling. ... Organizations must create, implement, and integrate a data
management policy in their organizational setup that provides a robust framework
for managing data throughout its entire lifecycle, from creation to disposal.
This policy should also include a data destruction policy that specifies data
destruction methods, data wiping tools, type of erasure verification, and
records of data destruction. It should further cover media control and
sanitization, incident reporting, the roles and responsibilities of the CIO,
CISO, and privacy officer. Using a professional software-based data destruction
tool erases data permanently from IT assets including laptops, PCs, and Mac
devices.
No comments:
Post a Comment