Daily Tech Digest - June 05, 2025


Quote for the day:

"The greatest accomplishment is not in never falling, but in rising again after you fall." -- Vince Lombardi


Your Recovery Timeline Is a Lie: Why They Fall Apart

Teams assume they can pull snapshots from S3 or recover databases from a backup tool. What they don’t account for is the reconfiguration time required to stitch everything back together. ... RTOs need to be redefined through the lens of operational reality and validated through regular, full-system DR rehearsals. This is where IaC and automation come in. By codifying all layers of your infrastructure — not just compute and storage, but IAM, networking, observability and external dependencies, too — you gain the ability to version, test and rehearse your recovery plans. Tools like Terraform, Helm, OpenTofu and Crossplane allow you to build immutable blueprints of your infrastructure, which can be automatically redeployed in disaster scenarios. But codification alone isn’t enough. Continuous testing is critical. Just as CI/CD pipelines validate application changes, DR validation pipelines should simulate failover scenarios, verify dependency restoration and track real mean time to recovery (MTTR) metrics over time. ... It’s also time to stop relying on aspirational RTOs and instead measure actual MTTR. It’s what matters when things go wrong, indicating how long it really takes to go from incident to resolution. Unlike RTOs, which are often set arbitrarily, MTTR is a tangible, trackable indicator of resilience.


The Dawn of Unified DataOps—From Fragmentation to Transformation

Data management has traditionally been the responsibility of IT, creating a disconnect between this function and the business departments that own and understand the data’s value. This separation has resulted in limited access to unified data across the organization, including the tools and processes to leverage it outside of IT. ... Organizations looking to embrace DataOps and transform their approach to data must start by creating agile DataOps teams that leverage software-oriented methodologies; investing in data management solutions that leverage DataOps and data mesh concepts; investing in scalable automation and integration; and cultivating a data-driven culture. Much like agile software teams, it’s critical to include product management, domain experts, test engineers, and data engineers. Approach delivery iteratively, incrementally delivering MVPs, testing, and improving capabilities and quality. ... Technology alone won’t solve data challenges. Truly transformative DataOps strategies align with unified teams that pair business users and subject matter experts with DataOps professionals, forming a culture where collaboration, accessibility, and transparency are at the core of decision making.


Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation

A BVA brings clarity to that timeline. It identifies the exposures most likely to prolong an incident and estimates the cost of that delay based on both your industry and organizational profile. It also helps evaluate the return of preemptive controls. For example, IBM found that companies that deploy effective automation and AI-based remediation see breach costs drop by as much as $2.2 million. Some organizations hesitate to act when the value isn't clearly defined. That delay has a cost. A BVA should include a "cost of doing nothing" model that estimates the monthly loss a company takes on by leaving exposures unaddressed. We've found that for a large enterprise, that cost can exceed half a million dollars. ... There's no question about how well security teams are doing the work. The issue is that traditional metrics don't always show what their work means. Patch counts and tool coverage aren't what boards care about. They want to know what's actually being protected. A BVA helps connect the dots – showing how day-to-day security efforts help the business avoid losses, save time, and stay more resilient. It also makes hard conversations easier. Whether it's justifying a budget, walking the board through risk, or answering questions from insurers, a BVA gives security leaders something solid to point to. 


Fake REAL Ids Have Already Arrived, Here’s How to Protect Your Business

When the REAL ID Act of 2005 was introduced, it promised to strengthen national security by setting higher standards for state-issued IDs, especially when it came to air travel, access to federal buildings, and more. Since then, the roll-out of the REAL ID program has faced delays, but with an impending enforcement deadline, many are questioning if REAL IDs deliver the level of security intended. ... While the original aim was to prevent another 9/11-style attack, over 20 years later, the focus has shifted to protecting against identity theft and illegal immigration. The final deadline to get your REAL ID is now May 7th, 2025, owing in part to differing opinions and adoption rates state-by-state which has dragged enforcement on for two decades.  ... The delays and staggered adoption has given bad actors the chance to create templates for fraudulent REAL IDs. Businesses may incorrectly assume that an ID bearing a REAL ID star symbol are more likely to be legitimate, but as our data proves, this is not the case. REAL IDs can be faked just as easily as any other identity document, putting the onus on businesses to implement robust ID verification methods to ensure they don’t fall victim to ID fraud. ... AI-powered identity verification is one of the only ways to combat the increasing use of AI-powered criminal tools. 


How this 'FinOps for AI' certification can help you tackle surging AI costs

To really adopt AI into your enterprise, we're talking about costs that are orders of magnitude greater. Companies are turning to FinOps for help dealing with this. FinOps, a portmanteau of Finance and DevOps, combines financial management and collaborative, agile IT operations into a discipline to manage costs. It started as a way to get a handle on cloud pricing. FinOps' first job is to optimize cloud spending and align cloud costs with business objectives. ... Today, they're adding AI spending to their concerns. According to the FinOps Foundation, 63% of FinOps practitioners are already being asked to manage AI costs, a number expected to rise as AI innovation continues to surge. Mismanagement of these costs can not only erode business value but also stifle innovation. "FinOps teams are being asked to manage accelerating AI spend to allocate its cost, forecast its growth, and ultimately show its value back to the business," said Storment. "But the speed and complexity of the data make this a moving target, and cost overruns in AI can slow innovation when not well managed." Besides, Storment added, C-level executives are asking that painful question: "You're using this AI service and spending too much. Do you know what it's for?" 


Tackling Business Loneliness

Leaders who intentionally reach out to their employees do more than combat loneliness; they directly influence performance and business success. "To lead effectively, you need to lead with care. Because care creates connection. Connection fuels commitment. And commitment drives results. It's in those moments of real connection that collective brilliance is unlocked," she concludes. ... But it's not just women, with many men facing isolation in the workplace too, especially where a culture of 'put up and shut up' is frequently seen. Reflected in the high prevalence of suicide in the UK construction industry, it is essential that toxic cultures are dismantled and all employees feel valued and part of the team. "Whether they work on site or remotely, full time or part time, building an inclusive culture helps to ensure people do not experience prolonged loneliness or lack of connection. When we prioritise inclusion, everyone benefits," Allen concludes. ... Providing a safe, non-judgemental space for employees to discuss loneliness, things that are troubling them, and ways to manage any negative feelings is crucial. "This could be with a trusted line manager or colleague, but objective support from professional therapists and counsellors should also be accessible to prevent loneliness from manifesting into more serious issues," she emphasises. 


Revolutionizing Software Development: Agile, Shift-Left, and Cybersecurity Integration

While shift-left may cost more resources in the short term, in most cases, the long-term savings more than make up for the initial investment. Bugs discovered after a product release can cost up to 640 times more than those caught during development. In addition, late detection can increase the risk of fines from security breaches, as well as causing damage to a brand’s trust. Automation tools are the primary answer to these concerns and are at the core of what makes shift-left possible. The popular tech industry mantra, “automate everything,” continues to apply. Static analysis, dynamic analysis, and software composition analysis tools scan for known vulnerabilities and common bugs, producing instant feedback as code is first merged into development branches. ... Shift-left balances speed with quality. Performing regular checks on code as it is written reduces the likelihood that significant defects and vulnerabilities will surface after a release. Once software is out in the wild, the cost to fix issues is much higher and requires extensively more work than catching them in the early phases. Despite the advantages of shift-left, navigating the required cultural change can be a challenge. As such, it’s crucial for developers to be set up for success with effective tools and proper guidance.


Feeling Reassured by Your Cybersecurity Measures?

Organizations must pursue a data-driven approach that embraces comprehensive NHI management. This approach, combined with robust Secrets Security Management, can ensure that none of your non-human identities become security weak points. Remember, feeling reassured about your cybersecurity measures is not just about having security systems in place, but also about knowing how to manage them effectively. Effective NHI management will be a cornerstone in instilling peace of mind and enhancing security confidence. With these insights into the strategic importance of NHI management in promoting cybersecurity confidence, organizations can take a step closer to feeling reassured by their cybersecurity measures. ... Imagine a simple key, one that turns tumblers in the lock mechanism but isn’t alone in doing so. There are other keys that fit the same lock, and they all have the power to unlock the same door. This is similar to an NHI and its associated secret. There are numerous NHIs that could access the same system or part of a system, granted via their unique ‘Secret’. Now, here’s where it gets a little complex. ... Just as a busy airport needs security checkpoints to screen passengers and verify their credentials, a robust NHI management system is needed to accurately identify and manage all NHIs. 


How to Capitalize on Software Defined Storage, Securely and Compliantly

Because it fundamentally transforms data infrastructure, SDS is critical for technology executives to understand and capitalize on. It not only provides substantial cost savings and predictability and while reducing staff time required for managing physical hardware; SDS also makes companies much more agile and flexible in their business operations. For example, launching new initiatives or products that can start small and quickly scale is much easier with SDS. As a result, SDS does not just impact IT, it is a critical function across the enterprise. Software-defined storage in the cloud has brought major operational and cost benefits for enterprises. First, subscription business models enable buyers to make much more cost-conscious decisions and avoid wasting resources and usage. ... In addition, software-defined storage has also transformed technology management frameworks. SDS has enabled a move to agile DevOps, which includes real-time analytics resulting in faster iteration, less downtime and more efficient resource allocation. With real-time dashboards and alerts, organizations can now track key KPIs such as uptime and performance and react instantly. IT management can be more proactive by increasing storage or resource capacity when needed, rather than waiting for a crash to react.


The habits that set future-ready IT leaders apart

Constructive discomfort is the impetus to continuous learning, adaptability, agility, and anti-fragility. The concept of anti-fragile means designed for change. How do we build anti-fragile humans so they are unbreakable and prepared for tomorrow’s world, whatever it brings? We have these fault-tolerant designs where I can unplug a server and the system adapts and you don’t even know it. We want to create that same anti-fragility and fault tolerance in the human beings we train. We’re living in this ever-changing, accelerating VUCA [volatile, uncertain, complex, ambiguous] world, and there are two responses when you are presented with the unknown or the unexpected: You can freeze and be fearful and have it overcome you, or you can improvise, adapt, and overcome it by being a continuous learner and continuous adapter. I think resiliency in human beings is driven by this constructive discomfort, which creates a path to being continuous learners and continuous adapters. ... Strategic competence is knowing what hill to take, tactical competence is knowing how to take that hill safely, and technical competence is rolling up your sleeves and helping along the way. The leaders I admire have all three. The person who doesn’t have technical competence may set forth an objective and even chart the path to get there, but then they go have coffee. That leader is probably not going to do well. 

No comments:

Post a Comment