Quote for the day:
"Efficiency is doing the thing right. Effectiveness is doing the right thing." -- Peter F. Drucker
Legacy to Cloud: Accelerate Modernization via Containers
What could be better than a solution that lets you run applications across
environments without dependency constraints? That’s where containers come in.
They accelerate your modernization journey. The containerization of legacy
applications liberates them from the rusty old VMs and servers that limit the
scalability and agility of applications. Containerization offers benefits
including agility, portability, resource efficiency, scalability and security.
... migrating legacy applications to containers is not a piece of cake. It
requires careful planning and execution. Unlike cloud native applications, which
are built for containers and Kubernetes, legacy applications were not designed
with containerization in mind. The process demands significant time and
expertise, and organizations often struggle at the very first step. Legacy
monoliths, with their tightly coupled components and complex dependencies,
require particularly extensive Dockerfiles. Writing Dockerfiles for legacy
monoliths is complex and error-prone, often becoming a significant bottleneck in
the modernization journey. ... The challenge intensifies when documentation is
outdated or missing, turning what should be a modernization effort into a
resource-draining archaeological expedition through layers of technical debt.
Four paradoxes of software development
No one knows how long the job will take, but the customer demands a completion
date. This, frankly, is probably the biggest challenge that software development
organizations face. We simply can’t be certain how long any project will take.
Sure, we can estimate, but we are almost always wildly off. Sometimes we
drastically overestimate the time required, but usually we drastically
underestimate it. For our customers, this is both a mystery and a huge pain. ...
Adding developers to a late project makes it later. Known as Brooks’s Law, this
rule may be the strangest of the paradoxes to the casual observer. Normally, if
you realize that you aren’t going to make the deadline for filing your monthly
quota of filling toothpaste tubes, you can put more toothpaste tube fillers on
the job and make the date. If you want to double the number of houses that you
build in a given year, you can usually double the inputs—labor and materials—and
get twice as many houses, give or take a few. ... The better you get at coding,
the less coding you do. It takes many years to gain experience as a software
developer. Learning the right way to code, the right way to design, and all of
the rules and subtleties of writing clean, maintainable software doesn’t happen
overnight. ... Software development platforms and tools keep getting
better, but software takes just as long to develop and run.
Drones are the future of cybercrime
The rapid evolution of consumer drone technology is reshaping its potential uses
in many ways, including its application in cyberattacks. Modern consumer drones
are quieter, faster, and equipped with longer battery life, enabling them to
operate further from their operators. They can autonomously navigate obstacles,
track moving objects, and capture high-resolution imagery or video. ... And
there are so many other uses for drones in cyberattacks: Network sniffing and
spoofing: Drones can be equipped with small, modifiable computers such as a
Raspberry Pi to sniff out information about Wi-Fi networks, including MAC
addresses and SSIDs. The drone can then mimic a known Wi-Fi network, and if
unsuspecting individuals or devices connect to it, hackers can intercept
sensitive information such as login credentials. Denial-of-service attacks:
Drones can carry devices to perform local de-authentication attacks, disrupting
communications between a user and a Wi-Fi access point. They can also carry
jamming devices to disrupt Wi-Fi or other wireless communications. Physical
surveillance: Drones equipped with high-quality cameras can be used for physical
surveillance to observe shift changes, gather information on security protocols,
and plan both physical and cyberattacks by identifying potential entry points or
vulnerabilities.
From Silos to Strategy: Why Holistic Data Management Drives GenAI Success
While data distribution is essential to mitigate risks, it requires a unified
approach to be effective. Many enterprises are recognizing the value of
implementing unified data architectures that simplify storage and data
management and centralize the management of diverse data platforms. These
architectures, combined with intelligent data platforms, enable seamless access
and analysis of data, making it easier to support analytics and ingestion by
generative AI. IT managers can further enhance a system’s data analysis, network
security, and introduce a hybrid cloud experience to simplify data management.
Today, the tech industry is focused on streamlining how enterprises manage and
optimize storage, data, and workloads and a platform-based approach to hybrid
cloud management is critical to manage IT across on-premises, colocation and
public cloud environments. Innovations like unified control planes and,
software-defined storage solutions are being utilized to enable seamless data
and application mobility. These solutions allow enterprises to move data and
applications across hybrid and multi-cloud environments to optimize performance,
cost, and resiliency. By simplifying cloud data management, enterprises can
efficiently manage and protect globally dispersed storage environments without
over-emphasizing resilience at the expense of overall system optimization.
Why remote work is a security minefield (and what you can do about it)
The remote work environment makes employees more vulnerable to phishing and
social engineering attacks, as they are isolated and may find it harder to
verify suspicious activities. Working from home can create a sense of comfort
that leads to relaxation, making employees more prone to risky security
behavior. The isolation associated with remote work can also result in impulsive
decisions, increasing the likelihood of mistakes. Cybercriminals exploit this by
tailoring social engineering attacks to mimic IT staff or colleagues, taking
advantage of the lack of direct verification. ... To address these challenges,
organizations must prioritize a security-first culture. By prioritizing
cybersecurity at every level, from executives to remote workers, organizations
can reduce their vulnerability to cyber threats. Additionally, companies can
foster peer support networks where employees can share security tips and
collaborate on solutions. Another problem that can arise with remote work is
privacy. Some companies monitor employee activity to protect their data and
ensure compliance with regulations. Monitoring helps detect suspicious behavior
and mitigate cyber threats, but it can raise privacy concerns, especially when
it involves intrusive methods like tracking keystrokes or taking periodic
screenshots. To find a good balance, companies should be upfront about what
they’re monitoring and why.
Inside a Cyberattack: How Hackers Steal Data
Once a hacker breaches the perimeter, the standard practice is to beachhead (dig
down) and then move laterally to find the organization’s crown jewels: their
most valuable data. Within a financial or banking organization, it is likely
there is a database on their server that contains sensitive customer
information. A database is essentially a complicated spreadsheet, wherein a
hacker can simply click Select and copy everything. In this instance, data
security is essential; many organizations, however, confuse data security with
cybersecurity. Organizations often rely on encryption to protect sensitive data,
but encryption alone isn’t enough if the decryption keys are poorly managed. If
an attacker gains access to the decryption key, they can instantly decrypt the
data, rendering the encryption useless. Many organizations also mistakenly
believe that encryption protects against all forms of data exposure, but weak
key management, improper implementation, or side-channel attacks can still lead
to compromise. To truly safeguard data, businesses must combine strong
encryption with secure key management, access controls, and techniques such as
tokenization or format-preserving encryption to minimize the impact of a breach.
A database protected by privacy enhancing technologies (PETs), such as
tokenization, becomes unreadable to hackers if the decryption key is stored
offsite.
You’re always a target, so it pays to review your cybersecurity insurance
Right now, either someone has identified your firm and your weak spots and begun
a campaign of targeted phishing attacks, scam links, or credential harvesting,
or they are blindly trying to use any number of known vulnerabilities on the web
to crack into remote access and web properties. ... Reviewing my compliance with
cyber insurance policies was a great exercise in self-assessing just how
thorough my base security is, but it also revealed an important fact: that
insurance requirements only scratch the surface of the types of discussions you
should be having internally regarding your risks of attack. No matter if you
feel you are merely at risk of being accidental roadkill on the information
superhighway or are actually in the crosshairs of a malicious attacker, always
review the risks not only with your cyber insurance carrier in mind, but also
with what the attackers are planning. ... During the annual renewal of cyber
insurance, the insurance carrier would not even consider insuring my business if
we did not demonstrate that we had some fundamental protections in place. Based
on the questions and bullet points, you could tell they saw the remote access,
third-party vendor access, and network administrator accounts as weak points
that needed additional protection.
9 steps to take to prepare for a quantum future
To get ahead of the quantum cryptography threat, companies should immediately
start assessing their environment. “What we’re advising clients to do – and
working on with clients today – is first go and inventory your encryption
algorithms and know what you’re using,” says Saylors. That can be tricky, he
adds. ... Because of the complexity of the tasks, ISG’s Saylors suggest that
enterprises prioritize their efforts. The first step, he says, is to look at
perimeter security. The second step is to look at the encryption around the most
critical assets. And the third step is to look at the encryption around data
backups. All of this needs to happen as soon as possible. In fact, according to
Gartner, enterprises should have created a cryptography database by the end of
2024. Companies should have created cryptography polices and planned their
transition to post-quantum encryption by the end of 2024, the research firm
says. ... So everything will have to be carefully tested and some cryptographic
processes may need to be rearchitected. But the bigger problem is that the new
algorithms might themselves be deprecated as technology continues to evolve.
Instead, Horvath and other experts recommend that enterprises pursue quantum
agility. If any cryptography is hard-coded into processes, it needs to be
separated out. “Make it so that any cryptography can work in there,” he
says.
Why neurodivergent perspectives are essential in AI development
Experts in academia, civil society, industry, media, and government discussed
and debated the latest developments in AI safety and ethics, but representation
of neurodivergent perspectives in AI development wasn’t examined. This is a huge
oversight especially considering 70 million people in the US alone learn and
think differently, including many in tech. Technology should be built for and
serve all, so how do we make sure future AI models are accessible and unbiased
if neurodivergent representation isn’t considered? It all starts at the
development stage. ... A neurodivergent team also makes it easier to explore a
wider range of use cases and the risks associated with applications. When you
engage neurodivergent people at the development stage, you create a team that
understands and prioritizes diverse ways of thinking, learning, and working. And
that benefits all users. ... New data from EY found that 85% of neurodivergent
employees think gen AI creates a more inclusive workplace, so it’s incumbent on
more companies to level the playing field by casting a wider net to include a
broader range of employees and tools needed to thrive and generate more accurate
and robust datasets. Gen AI can also go a long way to help neurodivergent
workers with simple tasks like productivity, quality assurance, and time
management.
Your data's probably not ready for AI - here's how to make it trustworthy
"AI and gen AI are raising the bar for quality data," according to a recent
analysis published by Ashish Verma, chief data and analytics officer at Deloitte
US, and a team of co-authors. "GenAI strategies may struggle without a clear
data architecture that cuts across types and modalities, accounting for data
diversity and bias and refactoring data for probabilistic systems," the team
stated. ... "Creating a data environment with robust data governance, data
lineage, and transparent privacy regulations helps ensure the ethical use of AI
within the parameters of a brand promise," said Clayton. Building a foundation
of trust helps prevent AI from going rogue, which can easily lead to uneven
customer experiences." Across the industry, concern is mounting over data
readiness for AI. "Data quality is a perennial issue that businesses have faced
for decades," said Gordon Robinson, senior director of data management at SAS.
There are two essential questions on data environments for businesses to
consider before starting an AI program, he added. First, "Do you understand what
data you have, the quality of the data, and whether it is trustworthy or not?"
Second, "Do you have the right skills and tools available to you to prepare your
data for AI?"
No comments:
Post a Comment