Quote for the day:
"To be an enduring, great company, you have to build a mechanism for preventing or solving problems that will long outlast any one individual leader" -- Howard Schultz
Identity Authentication: How Blockchain Puts Users In Control
One key benefit of blockchain is that it's decentralized. Instead of a single
database that records user information -- one ripe for data breaches --
blockchain uses something called decentralized identifiers (DIDs). DIDs are
cryptographic key pairs that allow users to have more control over their
online identities. They are becoming more popular, with Forbes claiming
they're the future of online identity. To explain what DIDs are, let's start
by explaining what they are not. Today, most people interact online via a
centralized identifier, such as an email address, username or password. This
allows the database to store your digital information on that platform. But
single databases are more vulnerable to data breaches and users have no
control over their data. When we use centralized platforms, we really hand
over all our trust to whatever platform we use. DIDs provide a new way to
access information while allowing users to maintain ownership. ... That said,
identity authentication and blockchain technology don't have to be complex
topics. They can be easy to use but require intuitive platforms and simple
user experiences. The EU's digital policies offer a strong foundation for
integrating blockchain. If blockchain becomes part of the initial rulemaking,
it could fuel more widespread adoption. There's a long way to go before people
feel confident understanding concepts like DIDs.
Cloud providers aren’t delivering on security promises
With 44% of businesses already spending between £101,000 and £250,000 on cloud
migrations in the past 12 months there is a clear need for organizations to
ensure they are working with trusted partners who can meet this security need.
Otherwise, companies will run the risk of having to spend more to not only
move to new suppliers but also respond to the cost of a data breach. The cost
and resources needed for organizations to boost their own security skills and
technology is often too prohibitive. ... However, despite the clear advantages
to security and job stability, only 22% of CISOs use a channel partner in
their cloud migration process. This is leaving many exposed to unnecessary
risk from attacks or job loss. “It is clear that many organizations are
struggling when it comes to securing cloud environments. A combination of
underdelivering cloud providers and a lack of in-house skills is resulting in
a dangerous situation which can leave valuable company data exposed to risk.
Simply adding more technology will not solve this problem,” said Clare
Loveridge, VP and GM EMEA at Arctic Wolf. “Securing the cloud is a shared
responsibility between the cloud provider and the organization. While cloud
providers offer good security tools it is important that you have a team of
security experts to help you run the operation.
CISOs are taking on ever more responsibilities and functional roles – has it gone too far?
“The CISO role has expanded significantly over the years as companies realize
that information security has a unique picture of what is going on across the
organization,” says Doug Kersten, CISO of software company Appfire.
“Traditionally, CISOs have focused on fundamental security controls and threat
mitigation,” he adds. “However, today they are increasingly expected to play a
central role in maintaining business resilience and compliance. Many CISOs are
now responsible for risk management, business continuity, and disaster
recovery as well as overseeing regulatory compliance across various
jurisdictions.” ... “We’re seeing a convergence of roles under head of
security because of the background and problem-solving skills of these people.
They have become problem-solver in chief,” says Steve Martano, IANS Research
faculty and executive cyber recruiter at Artico Search. That, though, comes
with challenges. “CISOs are already experiencing high levels of stress, with
recent data highlighting that nearly one in four CISOs are considering leaving
the profession due to stress,” Kersten says. “Many CISOs only stay in the role
for two to three years. With this, the expectations placed on CISOs are
undeniably growing, and organizations risk overburdening them without
sufficient resources and support. ..."
Fixing the Fixing Process: Why Automation is Key to Cybersecurity Resilience
Cybersecurity environments have seen nonstop evolution, driven by increasingly
sophisticated attack techniques, the expansion of complex cloud-native
architecture, and the rise of AI-powered threats that outpace traditional
defense strategies. At the same time, development timelines have accelerated,
pushing security teams to keep pace without becoming a bottleneck. ... It’s a
daunting and intimidating task that requires sufficient time and attention.
Moreover, adopting automation means ensuring that security and development
teams trust the outputs. Many organizations struggle with this transition
because automation tools, if not properly configured, can generate
inaccuracies or miss critical context. Security teams fear losing control over
decision-making, while developers worry about receiving even more noise if
automation isn’t fine-tuned. ... Attackers are already leveraging AI to
exploit vulnerabilities rapidly, while security teams often rely on static and
manual processes that have no chance of keeping up. AI-enabled EAPs help teams
proactively identify and mitigate vulnerabilities before adversaries can
exploit them. By automating exposure assessments, organizations can shrink the
reconnaissance window available to attackers, limiting their ability to target
common vulnerabilities and exposures (CVEs), security misconfigurations,
software flaws, and other weaknesses.
Can we make AI less power-hungry? These researchers are working on it.
Two key drivers of that efficiency were the increasing adoption of GPU-based
computing and improvements in the energy efficiency of those GPUs. “That was
really core to why Nvidia was born. We paired CPUs with accelerators to
drive the efficiency onward,” said Dion Harris, head of Data Center Product
Marketing at Nvidia. In the 2010–2020 period, Nvidia data center chips
became roughly 15 times more efficient, which was enough to keep data center
power consumption steady. ... The increasing power consumption has pushed
the computer science community to think about how to keep memory and
computing requirements down without sacrificing performance too much. “One
way to go about it is reducing the amount of computation,” said Jae-Won
Chung, a researcher at the University of Michigan and a member of the ML
Energy Initiative. One of the first things researchers tried was a technique
called pruning, which aimed to reduce the number of parameters. Yann LeCun,
now the chief AI scientist at Meta, proposed this approach back in 1989,
terming it (somewhat menacingly) “the optimal brain damage.” You take a
trained model and remove some of its parameters, usually targeting the ones
with a value of zero, which add nothing to the overall performance.
Five Years of Cloud Innovation: 2020 to 2025
The FinOps organization and the implementation of FinOps standards across
cloud providers has been the most impactful development over the last five
years, states Allen Brokken, head of customer engineering at Google, in an
online interview. This has fundamentally transformed how organizations
understand the business value of their cloud deployments, he states.
"Standardization has enabled better comparisons between cloud providers and
created a common language for technical teams, business unit owners, and
CFOs to discuss cloud operations." ... The public cloud has democratized
access to technology and increased accessibility for organizations across
industries that have faced intense volatility and change in the past five
years, Adams observes via email. "This innovation has facilitated a new
level of co-innovation and enabled new business models that allow companies
to realize future opportunities with ease." Public cloud platforms offer
adopters immense benefits, Adams says. "With the public cloud, businesses
can scale IT infrastructure on-demand without significant upfront
investment." This flexibility comes with a reduced total cost of ownership,
since public cloud solutions often lead to lower costs for hardware,
software and maintenance.
Cloud, colocation or on-premise? Consider all options
Following the rush to the cloud, the cost implications should have prompted
some companies to move back to on-premise, but it hasn’t, according to Lamb.
“I thought it might happen with AI, because potentially the core per hour
rate for AI is going to be far higher, but it hasn’t.” Lamb’s advice for
CIOs is to be wary of being tied into particular providers or AI models,
noting that Microsoft is creating models and not charging for them, knowing
that companies will still be paying for the compute to use them. Lamb also
says that, whether we’re talking on-premise, colocation or cloud, the
potential for retrofitting existing capacity is limited, at least when it
comes to capacity aimed at AI. After all, those GPUs often require liquid
cooling to the chip. This changes the infrastructure equation, says Lamb,
increasing the footprint for cooling infrastructure in comparison to
compute. Quite apart from the real estate impact, this isn’t something most
enterprises will want to tackle. Also, cooling and power will only become
more complicated. Andrew Bradner, Schnieder Electric’s general manager for
cooling, is confident that many sectors will continue to operate on-premise
datacentre capacity – life sciences, fintech and financial, for
example.
How GenAI is Changing Work by Supporting, Not Replacing People
A common misconception is that AI adoption leads to workforce reduction.
While automation has historically replaced repetitive, manual labor, the
rise of GenAI is fundamentally different. Unlike traditional automation,
which replaces human effort, GenAI amplifies human potential by reducing
workload friction. The same science study reinforces this point: AI doesn’t
just increase speed; it also improves work quality. Employees using
AI-powered tools experienced a 40% reduction in task completion time and an
18% improvement in output quality, demonstrating that AI is an efficiency
enabler rather than a job replacer. Consider the historical trend: The
Industrial Revolution automated factory work but also created entirely new
job categories and industries. Similarly, the digital revolution reduced the
need for clerical roles yet generated millions of jobs in software
development, cybersecurity, and IT infrastructure. ... Biases in machine
learning models are still an issue since AI based on data from the past will
perpetuate prevailing biases, and thus human monitoring is critical. GenAI
can also generate misleading or inaccurate results, further highlighting the
need for oversight. AI can generate reports, but it cannot negotiate deals,
understand organizational culture, or make leadership decisions.
Frankenstein Fraud: How to Protect Yourself Against Synthetic Identity Fraud
Synthetic identity fraud is an exercise in patience, at least on the
criminal's part, especially if they're using the Social Security number of a
child. The identity is constructed by using a real Social Security number in
combination with an unassociated name, address, date of birth, phone number or
other piece of identifying information to create a new "whole" identity.
Criminals can purchase SSNs on the dark web, steal them from data breaches or
con them from people through things like phishing attacks and other scams.
Synthetic identity theft flourishes because of a simple flaw in the US
financial and credit system. When the criminal uses the synthetic identity to
apply to borrow from a lender, it's typically denied credit because there's no
record of that identity in their system. The thieves are expecting this since
children and teens may have no credit or a thin history, and elderly
individuals may have poor credit scores. Once an identity applies for an
account and is presented to a credit bureau, it's shared with other credit
bureaus. That act is enough to allow credit bureaus to recognize the synthetic
identity as a real person, even if there's little activity or evidence to
support that it's a real person. Once the identity is established, the
fraudsters can start borrowing credit from lenders.
Will AI erode IT talent pipelines?
“The pervasive belief that gen AI is an automation technology, that gen AI
increases productivity by automation, is a huge fallacy,” says Suda, though he
admits it will eliminate the need for certain skills — including IT skills.
“Losing skills is fine,” he says, adding that machines have been eliminating
the need for certain skills for centuries. “What gen AI is helping us do is
learn new skills and learn new things, and that does create an impact on the
workforce. “What it is eroding is the opportunity for junior IT staff to have
the same experiences that junior staff have today or yesterday,” he says.
“Therefore, there’s an erosion of yesterday’s talent pipeline. Yesterday’s
talent pipeline is changing, and the steps to get through it are changing from
what we have today to what we need [in the future].” Steven Kirz, senior
partner for operations excellence at consulting firm West Monroe, shares
similar insights. Like Suda, Kirz says AI doesn’t “universally make everybody
more productive. It’s unequal across roles and activities.” Kirz also says
both research and anecdotal evidence show that AI is replacing lower-level,
mundane, and repetitive tasks. In IT, that tends to be reporting, clerical,
data entry, and administrative activities. “And routine roles being replaced
[by technology] doesn’t feel new to me,” he adds.
No comments:
Post a Comment