Showing posts with label Business Process Management. Show all posts
Showing posts with label Business Process Management. Show all posts

Daily Tech Digest - July 10, 2026


Quote for the day:

“When people are financially invested, they want a return. When people are emotionally invested, they want to contribute.” -- Simon Sinek

🎧 Listen to this digest on YouTube Music

▶ Play Audio Digest

Duration: 22 mins • Perfect for listening on the go.


The next killer AI feature? No AI at all

As artificial intelligence increasingly saturates everyday technology, a growing number of people are experiencing frustration rather than excitement. While tech companies forcefully integrate these capabilities into search engines, email, and productivity apps, many users find the additions unhelpful, invasive, and distracting. This widespread fatigue is creating an unexpected opportunity in the technology market: the ability to pay for services that are completely free of artificial intelligence. Consumers are demonstrating a willingness to spend money on platforms that prioritize simplicity and privacy over automated features. For example, Kagi, a paid search engine that omits automated summaries and advertisements, has seen its subscriber base double as people seek out cleaner, more reliable search results. Similarly, privacy-focused alternatives like DuckDuckGo are experiencing increased adoption whenever major providers push more automated features. This shift highlights a distinct gap between what companies are building and what users actually want. Ultimately, the next highly sought-after software feature might simply be the absence of automated assistance, allowing people to work peacefully and deliberately without forced interruptions. For organizations willing to deliver high-quality, streamlined tools, providing an escape from this technological clutter could prove to be a highly successful and reliable long-term business strategy.


Practical challenges in managing Kubernetes at enterprise scale

Managing Kubernetes at an enterprise scale introduces complex challenges that go far beyond basic engineering and deployment tasks. While the system effectively automates container orchestration, running it in a large organization shifts the focus heavily toward governance and standardization. Rather than relying on developers to become infrastructure experts, companies must create a structured environment with clear guidelines, approved templates, and standard security controls. Access permissions and network policies require continuous review and rigorous testing to prevent security gaps, as default settings are rarely sufficient over extended periods of time. Additionally, resource management becomes a direct financial concern, meaning engineering teams must collaborate closely with finance departments to monitor operational efficiency and control rising cloud costs. Automation features like autoscaling require careful configuration using relevant performance signals, and system observability must be designed to answer specific operational questions rather than just collecting endless data logs. Routine upgrades demand thorough, complete testing instead of last minute heroic efforts. Ultimately, Kubernetes cannot fix poorly built applications on its own. Success requires the platform team to operate with a product mindset, building a reliable internal system that balances developer speed with strict security and financial accountability.


Strategic Board Oversight: Architecting Institutional Fidelity in 2026

Effective board oversight requires more than passively checking boxes for compliance; it demands an active dedication to an organization’s core purpose. With upcoming regulatory changes, such as the UK’s 2026 requirement for explicit declarations on internal controls, directors must shift from simply observing past operations to actively guiding future strategy. Currently, over half of board members lack access to real-time data between meetings, leaving them vulnerable to significant blind spots. To close this gap, boards need to adopt clear frameworks and digital tools that provide continuous, reliable information without crossing the line into micromanagement. The key is maintaining a healthy balance where directors support their executives while rigorously testing their underlying assumptions. This approach relies on fostering an environment of complete honesty, where management feels safe sharing bad news early. Practical methods, like applying a structured test to every proposal to clearly check its aim, authority, evidence, and risks, help ensure that decisions are based on hard facts rather than hopeful assumptions. Ultimately, strong oversight protects the long-term value and historical knowledge of the institution, ensuring that leaders act with clear authority and objective evidence to navigate complex challenges confidently.


Why Entrepreneurs Who Master the Art of the Value Chain Have a Greater Advantage

The article argues that entrepreneurs gain a meaningful advantage when they learn to see any product or service as a composition of interconnected parts rather than a single, isolated offering. This perspective, described as mastering the “art of the value chain,” helps entrepreneurs understand that opportunities usually sit within broader systems of value. Instead of focusing only on what customers see, the article encourages looking at the underlying elements that make a product work — technology, processes, expertise, infrastructure, distribution and support — and recognizing how these pieces rely on one another. The author explains that strong entrepreneurial judgment comes from identifying where within this composition one can add value, strengthen weak links or reorganize existing elements to create better outcomes. Many successful ventures, such as Airbnb and Netflix, did not invent entirely new products; they reconfigured existing value structures in ways that improved utility for everyone involved. The article also stresses that some of the most valuable positions in a value chain are not the most visible ones, but the ones that quietly enable other parts to function well. As industries grow more complex and technologies multiply, the ability to understand how value flows through a system becomes an increasingly important entrepreneurial skill.


Standalone CDPs Fade as Enterprise Suites Expand

The customer data platform industry is undergoing a significant shift. For years, businesses relied on standalone systems to gather customer information from different sources—like websites, mobile apps, and physical stores—and piece it together into a single, unified profile. Now, these independent systems are slowly fading out. Instead, companies prefer to manage customer data directly within their existing cloud setups or larger, integrated marketing toolkits. This change is driven by a desire for efficiency. Rather than moving data into a separate platform, businesses want to use it right where it lives. This approach prevents data duplication and keeps everything streamlined. However, it also brings new challenges. When data stays in its original storage, its quality must be excellent from the start, and analyzing it frequently can drive up computing costs. Furthermore, as businesses rely more on artificial intelligence to make real-time decisions based on this data, they need to implement strict safeguards. Marketers must understand exactly how these automated systems make choices to ensure fair and accurate outcomes. Ultimately, the focus has shifted away from simply collecting and organizing data. Today, the priority is putting that information to work seamlessly within broader, more powerful business systems.


The Hidden Security Risks of Reduced Summer IT Coverage

The article explains that summer often creates quiet but significant security risks for organizations because IT and security teams typically operate with fewer people. Attackers take advantage of this seasonal slowdown, knowing that reduced oversight and slower response times make it easier to slip past defenses. The piece notes that common issues such as delayed patching, slower investigations and missing institutional knowledge can turn routine alerts into overlooked threats. Phishing and business email compromise become especially dangerous when approval chains are disrupted and employees are less inclined to verify unusual requests. The article also highlights how modern attacks move quickly, often using automation and AI, while many organizations still rely on manual processes that depend on someone being available at the right moment. This mismatch becomes more pronounced during vacation periods. To counter these gaps, the article stresses the value of automation, including automated patching, intelligent alert prioritization and runbook execution, which help maintain steady protection even when staffing is thin. Continuous monitoring ensures threats are detected and contained regardless of schedules. The overall message is that summer exposes weaknesses, but the real solution is building year‑round resilience that does not depend solely on human availability.


IT isn’t holding AI back, your business processes are

While most IT leaders feel confident in their ability to deploy artificial intelligence, the real barrier to realizing its value lies in outdated business processes. According to a recent survey, over 80% of senior IT executives trust their teams to roll out AI, yet 75% recognize that their operating models must change significantly. The core issue is that applying advanced technology to inefficient, manual routines such as spreadsheet data entry will not yield meaningful improvements. Instead of treating AI as a basic software upgrade or simply hosting prompt engineering workshops, organizations need to fundamentally redesign how work gets done. This requires a deep understanding of current workflows to identify where tasks stall and where AI can actually help. True progress demands that companies stop treating AI like a fancy word processor and start examining their core operations to determine what should be automated, supported by technology, or left to humans. To succeed, this shift requires strong commitment from top executives and tight collaboration between IT and business operations. IT teams cannot build systems in isolation; they must understand practical business problems, data quality, and management rules from the start. Ultimately, unlocking the full potential of artificial intelligence is less about overcoming technological limits and more about restructuring how an enterprise operates day to day.


India’s Aadhaar Shows Foreign Dependencies Reach Beyond US-China

When India introduced its Aadhaar digital identity system, the government presented it as a homegrown achievement. It was framed as a sovereign infrastructure built to free the country from relying on American or Chinese technology. However, this narrative overlooks a critical reality: the system relies heavily on the Japanese multinational firm NEC Corporation, which provided the core fingerprint matching technology. Because Japan maintains strong relations with India and lacks a colonial history, NEC has largely escaped the strict scrutiny applied to Western and Chinese firms. This situation highlights a significant flaw in current debates about digital sovereignty. Often, the push for technological independence simply means substituting one foreign dependency for another based on geopolitical convenience rather than genuine autonomy. While NEC technology performs well in controlled testing, its practical application in India has struggled. Authentication success rates hover around 94 percent, resulting in millions of failed attempts every month and cutting off vulnerable rural populations from essential services. Because NEC operates behind the scenes, there is a distinct lack of accountability for these failures. Ultimately, selecting preferred foreign suppliers does not equate to actual control over digital infrastructure. True digital sovereignty requires transparent and democratic oversight rather than just picking more favorable international partners.


India’s DPDP Act and the GenAI paradox in the context of sovereignty

India recently introduced the Digital Personal Data Protection Act to secure the privacy of its citizens. The law focuses on clear rules like gathering only necessary data, strictly defining its purpose, securing explicit consent, and allowing people to delete their personal information. However, this creates a major conflict with generative artificial intelligence. These models operate by absorbing massive amounts of information without a specific end goal in mind, which makes securing specific consent almost impossible. Furthermore, once personal data is permanently integrated into a complex model, extracting and deleting it becomes incredibly difficult and expensive. This mismatch presents a deep paradox for policymakers trying to govern borderless technology with rigid, location-based rules. Beyond basic consumer privacy, the government is increasingly concerned about national security. Officials worry that foreign platforms could analyze patterns in the queries submitted by government employees, potentially revealing sensitive strategic information. As a result, businesses are currently working hard to adjust their operations to comply with these strict new regulations, while the government simultaneously limits the use of certain foreign tools and invests heavily in domestic alternatives. Ultimately, India faces the complex challenge of comprehensively protecting its people's data and maintaining its national sovereignty without stalling necessary technological progress.


How Hyperscale Infrastructure, Sovereign AI And Quantum Computing Redefine Enterprise Strategy

Data centers are no longer just places to store static information; they have become the central engines of the digital economy. Modern "hyperscale data centers" are filled with advanced processors working together to analyze information and create new content continuously. Because processing power is now essential for survival, huge amounts of money that used to go into traditional industries are now flowing into artificial intelligence infrastructure. Recognizing this shift, many countries are building their own local tech hubs. This push for "sovereign AI" allows nations to keep their data secure while training systems that reflect their unique languages and cultures. This move is reshaping international alliances, as countries secure the critical minerals and technology they need to stay independent. Looking ahead, adding quantum computing into these data centers will be the next major leap, potentially solving incredibly complex problems in seconds and upending current security protocols. For business leaders, this means that computing power is no longer just a basic tech expense but a core part of long-term strategy. Organizations and nations that invest in their own infrastructure and talent will secure their competitive edge, while those that do not risk falling behind and relying entirely on outside technology.

Daily Tech Digest - April 16, 2026


Quote for the day:

“You may be disappointed if you fail, but you are doomed if you don’t try.” -- Beverly Sills


🎧 Listen to this digest on YouTube Music

▶ Play Audio Digest

Duration: 21 mins • Perfect for listening on the go.


How technical debt turns your IT infrastructure into a game you can’t win

Technical debt is compared to a high-stakes game of Jenga where every shortcut or deferred refactoring pulls a vital block from an organization’s structural foundation. Initially, quick fixes seem harmless, driven by aggressive deadlines and resource constraints; however, they eventually create a "velocity trap" where development speed plummets because engineers spend more time navigating fragile code than building new features. Beyond slow shipping, this debt manifests as a silent budget killer through architectural mismatches—such as using stateless frameworks for real-time systems—resulting in exorbitant cloud costs and significant cybersecurity vulnerabilities, evidenced by massive data breaches at firms like Equifax. While agile startups leverage modern, scalable architectures to outpace incumbents, many established organizations suffer because their internal culture discourages developers from addressing these structural issues, viewing refactoring as a distraction from value creation. To break this cycle, businesses must move beyond pretending the trade-off doesn’t exist. Successful companies explicitly measure their "technical debt ratio," tracking the percentage of engineering time spent on maintenance versus innovation. By acknowledging that high-quality code is a strategic asset rather than an optional luxury, organizations can stop pulling the "safe blocks" of their infrastructure and instead build the resilient, high-velocity systems required to survive in an increasingly competitive global market.


The Compliance Blueprint: Handling Minors’ Data in the Post-DPDP Era

The blog post titled "The Compliance Blueprint: Handling Minors’ Data in the Post-DPDP Era" explores the stringent regulatory landscape established by India’s Digital Personal Data Protection (DPDP) Act regarding users under eighteen. Under Section 9, organizations face significant mandates, including securing verifiable parental consent, prohibiting behavioral tracking, and banning targeted advertising to children. Failure to comply can result in catastrophic penalties of up to ₹200 Crore, making data protection a critical operational priority rather than a mere policy update. The author outlines various verification methods, such as utilizing government-backed tokens or linked family accounts, while highlighting the "implementation paradox" where verifying age often requires collecting even more sensitive data. Operationally, businesses must redesign user interfaces to "fork" into protective modes for minors, provide itemized notices in multiple languages, and maintain detailed audit logs. Despite the heavy compliance burden and challenges like the "death of personalization" for EdTech and gaming firms, the Act serves as a vital safeguard for India’s 450 million children. Ultimately, the article advises companies to adopt a "Safety First" mindset, viewing children’s data as a potential liability that necessitates a fundamental shift in product design and data governance to ensure long-term viability in the Indian digital ecosystem.


The need for a board-level definition of cyber resilience

The article emphasizes that the lack of a standardized definition for cyber resilience creates significant systemic risks for organizational boards and executive teams. Currently, conceptual fragmentation across various regulatory frameworks makes it difficult for leadership to determine what to oversee or how to measure success. To address this, the focus must shift from technical metrics and security controls toward broader business outcomes, such as maintaining operational continuity, preserving stakeholder confidence, and ensuring financial stability during disruptions. Cyber resilience is increasingly framed as a core leadership responsibility, with many jurisdictions now legally requiring boards to oversee these outcomes. However, a major point of contention remains regarding the scope of resilience—specifically whether it includes proactive preparedness or is limited strictly to response and recovery phases. Furthermore, resilience is no longer just about defending against cybercrime; it encompasses all forms of digital disruption, including unintentional outages. As global economies become more interdependent, an individual organization’s ability to recover quickly is essential not only for its own survival but also for overall economic stability. Ultimately, establishing a clear, board-level definition is a critical governance requirement that provides the foundation for navigating the complexities of modern digital economies and ensuring long-term institutional health.


2026 global semiconductor industry outlook: Delloite

Deloitte’s 2026 global semiconductor industry outlook forecasts a transformative year, with annual sales projected to reach a historic peak of $975 billion. Driven primarily by an intensifying artificial intelligence infrastructure boom, the sector expects a remarkable 26% growth rate following a robust 2025. This surge is reflected in the staggering $9.5 trillion market capitalization of the top ten global chip companies, though wealth remains highly concentrated among the top three leaders. While AI chips generate half of total revenue, they represent less than 0.2% of total unit volume, creating a stark structural divergence. Personal computing and smartphone markets may face declines as specialized AI demand causes consumer memory prices to spike. Technological advancements will likely focus on integrating high-bandwidth memory via 3D stacking and adopting co-packaged optics to reduce power consumption by up to 50%. However, the outlook warns of a "high-stakes paradox." While the immediate future appears solid due to backlogged orders, 2027 and 2028 may face significant headwinds from power grid constraints—requiring 92 gigawatts of additional energy—and potential return-on-investment concerns. Ultimately, long-term success hinges on balancing aggressive AI investments with proactive risk mitigation against infrastructure limits and geopolitical shifts, including India’s emergence as a vital back-end assembly hub.


New Executive Leadership Challenges Emerging—And What’s Driving Them

In the article "New Executive Leadership Challenges Emerging—And What's Driving Them," members of the Forbes Coaches Council highlight a significant shift in the corporate landscape driven by hybrid work, AI integration, and rapid systemic change. Today’s executives face a "leadership vortex," where they must navigate role compression and overwhelming demands while maintaining strategic clarity. A primary challenge is rebuilding connection in hybrid environments, where communication gaps are more visible and psychological safety is harder to cultivate. Leaders are moving beyond traditional performance metrics to focus on their "being"—cultivating a leadership identity that prioritizes generative dialogue and mutual accountability over mere individual contribution. The rise of AI has introduced systemic ambiguity, requiring a pivot from "expert" to "explorer" to manage fears of obsolescence. Furthermore, the modern era demands a heightened appetite for change and a renewed focus on team cohesion, as previous playbooks rewarding certainty and control become less effective. Ultimately, successful leadership now hinges on expanding personal capacity and translating technical uncertainty into a shared, meaningful vision. This evolution reflects a broader trend where emotional intelligence and adaptive identity are as critical as technical expertise in steering organizations through unprecedented volatility and complexity.


New US Air Force Office Will Focus on OT Cybersecurity

The U.S. Air Force has pioneered a critical shift in military defense by establishing the Cyber Resiliency Office for Control Systems (CROCS), the first dedicated office within the American military services focused specifically on operational technology (OT) cybersecurity. Launched to address vulnerabilities in essential infrastructure like power grids, water supplies, and HVAC systems, CROCS serves as a central "front door" for managing the security of non-traditional IT assets that are vital for mission readiness. While the office reached initial operating capability in 2024, its creation followed years of bureaucratic effort to recognize OT systems as primary targets for foreign adversaries seeking asymmetric advantages. A significant milestone for the office was successfully integrating OT security costs into the Department of Defense’s long-term budgeting process, ensuring that assessments, training, and mitigations are formally funded rather than treated as secondary mandates. Directed by Daryl Haegley, CROCS does not execute all security tasks directly but instead coordinates contracts, personnel, and prioritized strategies to bridge reporting gaps between engineering teams and the CIO. By modeling itself after the Air Force’s existing weapon systems resiliency office, CROCS aims to build a robust defense pipeline, ultimately securing the foundational utilities that allow the military to function globally.


Rethinking Business Processes for the Age of AI

The article "Rethinking Business Processes for the Age of AI" by Vasily Yamaletdinov explores the fundamental evolution of business architecture as organizations transition from human-centric automation to agentic AI systems. Traditionally, business processes have relied on BPMN 2.0, a notation designed for deterministic, repeatable, and rigid sequences. However, these classical methods struggle with the non-deterministic nature of AI, which requires dynamic planning and context-driven decision-making. The author argues that modern AI-native processes must shift from "rigid conveyor belts" to flexible systems that prioritize goals, guardrails, and autonomy over strict algorithmic steps. To address the limitations of traditional BPMN—such as poor exception handling and an inability to model uncertainty—the article advocates for Goal-Oriented BPMN (GO-BPMN). This approach decomposes processes into a tree of objectives and modular plans, allowing AI agents to dynamically select the best path based on real-time context. By integrating a "Human-in-the-loop" framework and supporting the "Reason-Act-Observe" cycle, GO-BPMN enables a hybrid environment where deterministic operations and intelligent agents coexist. Ultimately, while traditional modeling remains valuable for highly regulated tasks, GO-BPMN provides the necessary framework for building resilient, adaptive, and truly intelligent enterprise operations in the burgeoning age of AI.


Runtime FinOps: Making Cloud Cost Observable

The article "Runtime FinOps: Making Cloud Cost Observable" argues for transforming cloud spend from a delayed financial report into a real-time system metric. Author David Iyanu Jonathan identifies a "structural information deficit" in modern engineering, where the lag between code deployment and billing visibility prevents timely remediation of expensive inefficiencies. Runtime FinOps addresses this by integrating cost data directly into observability tools like Grafana, enabling "dollars-per-minute" tracking alongside traditional metrics like latency and CPU usage. While static infrastructure estimation tools like Infracost provide initial value, they often fail to capture variable operational costs such as data transfer and API calls that scale with traffic patterns. To bridge this gap, the piece advocates for adopting SRE-inspired practices, including cost-based error budgets, robust tagging governance, and routing anomaly alerts directly to on-call engineering teams rather than isolated finance departments. This shift fosters a culture of accountability where costs are treated as visceral signals during blameless postmortems and architectural reviews. Ultimately, the article concludes that the primary barriers to effective FinOps are cultural rather than technical; success requires clear service-level ownership and a fundamental commitment to treating cloud expenditure as a critical performance indicator that is functionally inseparable from the code itself.


Shadow AI and the new visibility gap in software development

The rise of "shadow AI" in software development has introduced a significant visibility gap, posing new challenges for organizations and managed service providers. As developers increasingly turn to unapproved AI tools and agents to boost productivity, they inadvertently create a "lethal trifecta" of risks involving sensitive private data, external communications, and vulnerability to malicious prompt injections. This unauthorized usage bypasses traditional security monitoring like SaaS discovery platforms because AI agents often operate within local engineering environments or through personal API keys. To address this, the article suggests shifting from futile attempts to block AI toward a governance-first infrastructure. By routing AI access through centrally managed platforms and implementing process-level controls at runtime, organizations can secure data flows and restrict agents to approved services without stifling innovation. This approach allows developers to maintain their preferred workflows while providing the oversight necessary to prevent code leaks and compliance breaches. Ultimately, closing the visibility gap requires building governance around fundamental development processes rather than individual tools, enabling partners to guide businesses through a secure evolution of AI integration that scales from initial modernization to advanced agentic automation.


Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests

A recent independent audit conducted by privacy organization WebXray reveals that major technology companies, specifically Google, Meta, and Microsoft, frequently fail to honor legally mandated data collection opt-out requests in California. Despite the California Consumer Privacy Act (CCPA) requiring businesses to respect the Global Privacy Control (GPC) signal—a browser-based mechanism allowing users to decline personal data sharing—the audit found widespread non-compliance. Google emerged as the worst offender with an 86% failure rate, followed by Meta at 69% and Microsoft at 50%. Researchers observed that Google’s servers often respond to opt-out signals by explicitly commanding the creation of advertising cookies, such as the “IDE” cookie, effectively ignoring the user's preference in "plain sight." In response, Meta dismissed the findings as a “marketing ploy,” while Microsoft claimed that some cookies remain necessary for operational functions rather than unauthorized tracking. This systemic disregard for privacy signals underscores the ongoing tension between Big Tech and state regulations. To address these gaps, the report recommends that security professionals treat privacy telemetry with the same rigor as security data, conducting frequent audits of third-party data flows and aligning runtime behavior with privacy controls to ensure legitimate regulatory compliance.

Daily Tech Digest - July 24, 2022

AI can see things we can’t – but does that include the future?

“What we focus on is augmented intelligence for humans to take action [on],” says Radtke when I raise this concern. “We are not prescribing the action to be taken based on the insights that we get – we're trying to make sure that the human has all the necessary intelligence to drive the behavior that they need to drive. We're reporting facts back – this actually happened here, this is what has happened in the past – and you can take action based on that. It's all about driving improved safety for everyone in that area.” When I press him on the possible human rights concern and the inevitable pushback that will arise if AI is routinely used to pre-emptively police areas deemed as problematic, he answers: “I think that with every technology that's ever been out there in history there is always a way to use it for non-good. I think you have to focus on the good that it can provide and make sure that you police the non-good behavior that could happen from it.” This will entail some sort of oversight. “There are consortiums out there to help drive the ethical adoption of AI throughout the industry – we definitely keep aware of those.


RPA vs. BPA: Which approach to automation should you use?

Where BPA and RPA overlap, according to Mullakara, is the goal of eliminating human intervention in order to process multiple automation. “The whole idea of BPA was to remove people from the process and that's kind of what RPA is also aiming for. In the sense of the simple workflow automation, both can do it. RPA does it through a UI integration whereas BPA does it mostly with APIs. And you know, automating the workflow with the systems by invoking the systems,” he tells us. However, Taulli explains that automation really won’t get rid of people at this point and it will be the usual suspects that will, such as recessions. Mullakara agrees that this messaging for BPA and RPA is a common misconception and has earned both technologies quite a bad rap. “So, what you actually automate with RPA for example is tasks – it's not jobs. It's not an entire job even if it's a process. It’s not jobs, so we still need people,” he says. 


All the Things a Service Mesh Can Do

Many organizations have different teams and services dispersed across different networks and regions of a given cloud. Many also have services deployed across multiple cloud environments. Securely connecting these services across different cloud networks is a highly desirable function that typically requires significant effort by network teams. In addition, limitations that require non-overlapping Classless Inter-Domain Routing (CIDR) ranges between subnets can prevent network connectivity between virtual private clouds (VPCs) and virtual networks (VNETs). Service mesh products can securely connect services running on different cloud networks without requiring the same level of effort. HashiCorp Consul, for example, supports a multidata center topology that uses mesh gateways to establish secure connections between multiple Consul deployments running in different networks across clouds. Team A can deploy a Consul cluster on EKS. Team B can deploy a separate Consul cluster on AKS. Team C can deploy a Consul cluster on virtual machines in a private on-premises data center. 


Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments

The proliferation of ransomware targeting ESXi systems poses a major threat to organizations using the technology, security experts have noted. An attacker that gains access to an EXSi host system can infect all virtual machines running on it and the host itself. If the host is part of a larger cluster with shared storage volumes, an attacker can infect all VMs in the cluster as well, causing widespread damage. "If a VMware guest server is encrypted at the operating system level, recovery from VMware backups or snapshots can be fairly easy," McGuffin says. '[But] if the VMware server itself is used to encrypt the guests, those backups and snapshots are likely encrypted as well." Recovering from such an attack would require first recovering the infrastructure and then the virtual machines. "Organizations should consider truly offline storage for backups where they will be unavailable for attackers to encrypt," McGuffin adds. Vulnerabilities are another factor that is likely fueling attacker interest in ESXi. VMware has disclosed multiple vulnerabilities in recent months.


5 typical beginner mistakes in Machine Learning

Tree-based models don’t need data normalization as feature raw values are not used as multipliers and outliers don’t impact them. Neural Networks might not need the explicit normalization as well — for example, if the network already contains the layer handling normalization inside (e.g. BatchNormalization of Keras library). And in some cases, even Linear Regression might not need data normalization. This is when all the features are already in similar value ranges and have the same meaning. For example, if the model is applied for the time-series data and all the features are the historical values of the same parameter. In practice, applying unneeded data normalization won’t necessarily hurt the model. Mostly, the results in these cases will be very similar to skipped normalization. However, having additional unnecessary data transformation will complicate the solution and will increase the risk of introducing some bugs.


Git for Network Engineers Series – The Basics

Version control systems, primarily Git, are becoming more and more prevalent outside of the realm of software development. The increase in DevOps, network automation, and infrastructure as code practices over the last decade has made it even more important to not only be familiar with Git, but proficient with it. As teams move into the realm of infrastructure as code, understanding and using Git is a key skill. ... Unlike other Version Control Systems, Git uses a snapshot method to track changes instead of a delta-based method. Every time you commit in Git, it basically takes a snapshot of those files that have been changed while simply linking unchanged files to a previous snapshot, efficiently storing the history of the files. Think of it as a series of snapshots where only the changed files are referenced in the snapshot, and unchanged files are referenced in previous snapshots. Git operations are local, for the most part, meaning it does not need to interact with a remote or central repository. 


Deep learning delivers proactive cyber defense

The timing couldn’t be better. The increasing availability of ransomware-as-a-service offerings, such as ransomware kits and target lists, are making it easier than ever for bad actors—even those with limited experience—to launch a ransomware attack, causing crippling damage in the very first moments of infection. Other sophisticated attackers use targeted strikes, in which the ransomware is placed inside the network to trigger on command. Another cause for concern is the increasing disappearance of an IT environment’s perimeter as cloud compute storage and resources move to the edge. Today’s organizations must secure endpoints or entry points of end-user devices, such as desktops, laptops, and mobile devices, from being exploited by malicious hackers—a challenging feat, according to Michael Suby, research vice president, security and trust, at IDC. “Attacks continue to evolve, as do the endpoints themselves and the end users who utilize their devices,” he says. “These dynamic circumstances create a trifecta for bad actors to enter and establish a presence on any endpoint and use that endpoint to stage an attack sequence.”


Towards Geometric Deep Learning III: First Geometric Architectures

The neocognitron consisted of interleaved S- and C-layers of neurons (a naming convention reflecting its inspiration in the biological visual cortex); the neurons in each layer were arranged in 2D arrays following the structure of the input image (‘retinotopic’), with multiple ‘cell-planes’ (feature maps in modern terminology) per layer. The S-layers were designed to be translationally symmetric: they aggregated inputs from a local receptive field using shared learnable weights, resulting in cells in a single cell-plane have receptive fields of the same function, but at different positions. The rationale was to pick up patterns that could appear anywhere in the input. The C-layers were fixed and performed local pooling (a weighted average), affording insensitivity to the specific location of the pattern: a C-neuron would be activated if any of the neurons in its input are activated. Since the main application of the neocognitron was character recognition, translation invariance was crucial. 


Don’t Just Climb the Ladder. Explore the Jungle Gym

Most of us do not approach work (or life) with a master plan in mind, and many of the steps we take are beautiful accidents that help us become who we are. “I’m 67 years old,” Guy said, “and I think I finally found my true calling.” He was referring to his podcast, Remarkable People, where he interviews exceptional leaders and innovators (think Jane Goodall, Neil deGrasse Tyson, Steve Wozniak, and Kristi Yamaguchi) about how they got to be remarkable. “In a sense, my whole career has prepared me for this moment. I’ve had decades of experience in startups and large companies. So that gives me the data to ask great questions that my listeners really want the answers to,” Guy said. Guy is undeniably brilliant, and his success is no accident. But still, he believes that luck has played a part in his success. In his words, “Basically, I’ve come to the conclusion that it’s better to be lucky than smart.” Maybe Guy is right. Or perhaps, the smartest people know when to take advantage of luck and act on the opportunities that present themselves. Whatever the case, it’s important to take calculated risks.


Should You Invest in a Digital Transformation Office?

With the digital transformation office comes a transformation team, who initiates organizational change. Laute says that it’s crucial that everyone inside the organization stand behind the transformation team if they truly want to see changes happening. “You need to have an environment where these people, the transformation lead and the transformation team, are allowed and are not afraid to speak up. These people shouldn't be biased, not just following what the executive board says, but really [being] able to challenge and to speak up. And they should have the freedom to call out if something is going in the wrong direction, may it be content or behavioral-wise,” she explains. And while clearly there can be technology-related challenges, Laute tells us that digital transformation is also a people problem, and calls for a change in culture and mindset in order to find success. The cultural shift, she explains, is truly where everything starts to come together in order to get the transformation going. “Digital [transformation] is not only technology. You need to change behaviors and you need to change processes. And most of the time, you change your target operating model, right?”



Quote for the day:

"Uncertainty is a permanent part of the leadership landscape. It never goes away." -- Andy Stanley

Daily Tech Digest - December 09, 2021

How should we regulate DeFi?

There is opportunity for the appropriate level of regulation to give DeFi enough breathing space to make a difference: boosting transparency, increasing financial inclusion and enabling credit to 8 billion people that will see the world take a tremendous jump toward prosperity. Yet there is also potential for overreach that would stifle innovation and growth and have unintended consequences. Unfortunately, we seem to be well down this path already. What is needed is the realization that DeFi shares many of the same goals as financial regulators: overhauling inflexible processes and delivering wider access, cheaper prices and more stability — all while ensuring these benefits are widely shared with all participants in the market. ... DeFi has the potential to create fairer, more transparent and more liquid markets through completely new mechanisms, helping everyone to reduce fraud and front-running, resolving fragmentation and creating markets that are efficient, resilient, fair and equally accessible to all — not just participants that have the right connections.


How to make agile actually work for analytics

The most striking difference between what we do and what software developers do is in our end products. In software, the goal is to get to a product that the end-user loves. In data, our goal is to help people make a decision they trust, and the journey the user takes to get there can be just as important as the end result. Most commonly we see this manifested in how we tell stories with our data. We use notebooks to capture context and process, and presentations to guide users to an understanding. It’s in this process that we establish trust, turn charts into insights, and make our data valuable. This is also the driver behind one of the greatest pains of our work: the follow-up questions, and ad-hoc requests. These questions and requests come from a place of curiosity and represent a desire to have that same intimate understanding of data that we get in crafted data stories. And yet, in practice, we try to eliminate these questions with processes that front-load requirements gathering and tools that have made no room for this way of working.


Cloudentity SaaS platform enables zero trust access control for APIs

Deployable in minutes, Cloudentity empowers businesses to deliver Open Banking, Embedded Finance and other innovative online services without changing identity providers or application code. Cloudentity delivers a declarative identity and authorization framework that works across any cloud to simplify access control and data governance. From Open Banking to eCommerce fraud prevention, Cloudentity makes it easier to deliver cloud-native applications and safer to extend your data to the customers and partners that matter most. A standout capability of the new SaaS platform is its drag and drop Data Lineage feature, which provides a simple and intuitive way of mapping identity and user context data to an application. For developers, Data Lineage solves the complexities of Single Sign On (SSO) and provides real-time control over who can access each element of your API data. For ITops, DevOps and SecurityOps, teams can rapidly validate controls and pinpoint areas that need to be updated or fixed to prevent API data leakage and meet personal data protection obligations.


SaaS DR/BC: If You Think Cloud Data is Forever, Think Again.

Humans and technology have always had co-dependent challenges. Let’s face it, it’s one of the main reasons my career exists! So it stands to reason that human inference, whether deliberate or not, is a common reason for losing information. This can be as innocuous as uploading a CSV file that corrupts data sets, accidentally deleting product listings, or overwriting code repositories with a forced push. There’s also intentional human interference. This means someone who has authorized access, nuking a bunch of stuff. It may sound far-fetched but we have seen terminated employees or third-party contractors cause major issues. It’s not very common, but it happens. Cyberthreats are next on the list, which are all issues that most technical operations teams are used to. Most of my peers are aware that the level of attacks increased during the global pandemic, but the rate of attacks had already been increasing prior to COVID-19. Ransomware, phishing, DDoS, and more are all being used to target and disrupt business operations. If this happens, data can be compromised or completely wiped out.


Starting an SRE Team? Stay Away From Uptime.

Why shouldn't you be too concerned about your uptime metrics? In reality SRE can mean different things to different teams but at its core, it’s about making sure your service is reliable. After all, it’s right there in the name. Because of this many people assume that uptime is the most valuable metric for SRE teams. That is flawed logic. For instance, an app can be “up” but if it’s incredibly slow or its users don’t find it to be practically useful, then the app might as well be down. Simply keeping the lights on isn’t good enough and uptime alone doesn’t take into account things like degradation or if your site’s pages aren’t loading. It may sound counterintuitive, but SRE teams are in the customer service business. Customer happiness is the most important metric to pay attention to. If your service is running well and your customers are happy, then your SRE team is doing a good job. If your service is up and your customers aren’t happy, then your SRE team needs to reevaluate. A more holistic approach is to view your service in terms of health.
 

An opportunity is coming to drive up the number of women in tech

Another key element is creating the right culture and environment for diversity to thrive. In a gender context, an important aspect here is male allyship. Men have a real role to play in supporting the ‘levelling up’ agenda. They need to see that increasing gender diversity and equity is not just an issue for women themselves – it’s for everyone. They can become active allies through their own behaviours and actions. This extends right up to board level and executive leadership. We need to continue to work to influence leader behaviour and build their understanding of people’s different styles. Instances of men talking over women in the boardroom or not listening to ideas are still all too common. Reporting is also critical. You can’t change what you don’t measure. Collating diversity statistics and reporting them to the board and more widely around the business is an essential part of raising awareness and stimulating action. Transparent reporting was in fact seen as the most effective lever for improving diversity and inclusion in this year’s survey.


Is the “great resignation” coming for you?

When employees feel their personal ambitions are too difficult to achieve, they start to think about leaving. Those ambitions might involve having a family while maintaining a career, gaining a range of professional experiences, or even accumulating personal experiences such as travel. People will ask: “I don’t mind making sacrifices, but are the trade-offs producing the benefits I expected?” When that question surfaces, employees are already halfway out the door. For example, young men and women who are working extremely hard and don’t have time for friends, exercise, or adventures may start to doubt that the company is the right place for them—even if the pay is fabulous. ... Managers often show great care about performance and little concern about the whole person who is delivering the results. Feeling uncared for is deadly for motivation and destructive to performance over the long run. Many managers rarely ask about other aspects of their team members’ lives, their personal interests, or their ambitions. Too few managers show genuine understanding and appreciation for what it took to deliver such great results.


DevSecOps jobs: 3 ways to get hired

Automation is a major part of DevSecOps, and this requires the use of multiple software applications and tools. For example, companies use a variety of different application security testing tools (ASTs), which are essential to ensure that the code being used in development is safe and to prevent malicious packages from being introduced. These tools can be static (SAST), dynamic (DAST), and interactive (IAST) and they can also be from different vendors. Some may include automated vulnerability detection, prioritization, and even remediation capabilities that can address issues without requiring IT staff to spend much time researching vulnerabilities. The lesson: Many different tools are used in DevSecOps, and these will likely change as new innovations are introduced. Stay informed and updated on industry trends, especially if you are early in your journey because the tools and needs of today might be very different in a few years’ time. The idea behind shifting left and DevSecOps is to break down the traditional separation between developers, security, and IT professionals.


Google TAG Disrupts Blockchain-Enabled Botnet

Google is skeptical about the complete disruption of Glupteba's operations. It says: "The operators of Glupteba are likely to attempt to regain control of the botnet using a backup command and control mechanism that uses data encoded on the Bitcoin blockchain." The botnet also has a feature that allows it to evade traditional takedowns. TAG says that a conventional botnet-infected device looks for predetermined domain addresses that point to the C2 server. The instructions to locate these domains are hard-coded in the malware installed on the victim's device. If the predetermined domains are taken down by law enforcement agencies or others, the infected devices can no longer receive instructions from the C2 servers and therefore can no longer be operated by the bot controller. The Glupteba botnet, however, does not rely solely on predetermined domains to ensure its survival, the TAG researchers. They say that when the botnet’s C2 server is interrupted, Glupteba malware is hard-coded to search the public Bitcoin blockchain for transactions involving three specific Bitcoin addresses that are controlled by the Glupteba botnet operators.


You’re Doing it Wrong: It’s Not About Data and Applications – It’s About Processes

We often model processes to document them, to validate them with stakeholders, to teach them to others – and most of all, to improve them. In far too many companies, what they do and why they do it is implicit, not communicated well, and invites plenty of competing points of view as to what it really is. You need to tackle the process first before you attempt to automate any of its tasks. Not doing so would be like digging holes with a crane instead of a shovel, but without thinking about whether the holes are being dug in the right places (or should be dug at all). It’s not enough to think about saving time and money. Automating a process (not just its activity) documents it, makes it teachable and scalable, and goes a long way to reducing or eliminating mistakes (high profile errors can be a major catalyst for process automation). It also makes a process easily audited and monitored And it’s a lot easier to figure out how to improve a process you can see. And improvement is a must; if there’s one thing to expect when it comes to process automation, it’s change.



Quote for the day:

"Great Groups need to know that the person at the top will fight like a tiger for them." -- Warren G. Bennis

Daily Tech Digest - April 23, 2020

Indian IT desperately needed a new business model and coronavirus gave it one

remote-working-jeonghwaryu0.jpg
Some IT companies have implemented "employee productivity trackers like webcam-based movement capture, hourly timesheet entry, tracking of keyboards, and so on, to ensure employees are working at home," Yugal Joshi, vice-president at Texas-based consultancy Everest Group, told Quartz. "This indicates a deep-rooted malaise in Indian IT/ITes industry where the senior management generally mistrusts people," he added. Two, unlike the retail or manufacturing sectors that cannot operate with current social distancing norms, the top-tier Indian IT companies and their mid-sized brethren are responsible for keeping the lights on for a large collection global companies -- some of whom are depended on people every second of the day. This includes banks, utility companies, retailers, and, of course, pharmaceuticals. With the ongoing coronavirus outbreak, all of these industries are now being serviced from the apartments and houses of India's IT workforce, which as you can imagine, is a supremely difficult and exasperating task for everyone involved. Most of IT's clients have ironclad regulatory and privacy riders that have needed to be tweaked considerably in light of coronavirus.



How a basic cross-training program can ease disruptions on the IT team

If the coronavirus hasn't disrupted your business operations yet, there's a good chance it will soon. This first wave of illness will not be the last time the coronavirus disrupts daily business operations. First companies had to adjust to remote work for all employees. The next challenge may be filling in for colleagues who are out sick or caring for family members or friends who are ill. A cross-training program can make this transition go smoothly. Sam Maley, an IT operations manager at Bailey & Associates, an IT consultancy, said cross-training can minimize disruptions and reduce stress levels due to absenteeism. "Cross-training programs are designed to build versatility and skill overlaps in your team members," he said. Jeff Fleischman, CMO at the consulting firm Altimetrik, said cross-training needs to be part of business continuity plans. "To receive buy-in from top management, quantify the impact disruption has on the business such as revenue loss, reputational risk, defaulting on contractual obligations, and failing to meet regulatory requirements, and then explain how cross-training would eliminate these risks," Fleischman said.


Kubernetes vs. VMware: Drive the choice with IT architecture


The choice to run either containers in VMs vs. VMs in containers is an architectural design decision. This is because there's a line of thought that containers are the ideal abstraction for multi-cloud application delivery. Though VMware assures admins containers and VMs are the same in vSphere, it's difficult to draw a similar comparison for Kubernetes and VMs. Kubernetes is an orchestration product that admins use primarily for containers. In theory, Kubernetes could manage compute resources other than containers. However, a container as the primary abstraction layer means that traditional VM management tools don't map directly. Though networking can help solve this issue, KubeVirt could be the answer. KubeVirt uses Kubernetes network architecture and plugins rather than hypervisor abstractions, such as vSwitches, to manage networking. As a result, products must switch to network management based on Kubernetes namespaces. That's not necessarily a bad thing; it's just an overall change in operations mode from a VM-centric operating model to a container-centric operating model.



Researchers Release Open Source Counterfactual Machine Learning Library

Three Counterfactuals for Loan Application Scenario
Exactly what machine learning counterfactuals are, and the reasons why they are important, are best explained by example. Suppose a loan company has a trained ML model that is used to approve or decline customers' loan applications. The predictor variables (often called features in ML terminology) are things like annual income, debt, sex, savings, and so on. A customer submits a loan application. Their income is $45,000 with debt = $11,000 and their age is 29 and their savings is $6,000. The application is declined. A counterfactual is change to one or more predictor values that results in the opposite result. For example, one possible counterfactual could be stated in words as, "If your income was increased to $60,000 then your application would have been approved." In general, there will be many possible counterfactuals for a given ML model and set of inputs. Two other counterfactuals might be, "If your income was increased by $50,000 and debt was decreased to $9,000 then your application would have been approved" and, "If your income was increased to $48,000 and your age was changed to 36 then your application would have been approved." Figure 1 illustrates three such counterfactuals for a loan scenario.


What is value stream mapping? A lean technique for improving business processes

What is value stream mapping? A lean technique for improving business processes
Before you can start building a value stream map, you need to objectively evaluate your organization’s business processes, products and systems. Start by talking to leadership, department heads and other key stakeholders who can give you more insight into what can be improved. You’ll need to get hands-on experience with the process, product or system yourself and have other employees walk you through their part. It’s important to collect as much data as possible — for example, any inefficiencies in the process, how many workers are involved, what resources are used and any downtime. Any potentially relevant or noteworthy data is helpful in fleshing out your final VSM flow chart and achieving insights into what can be refined or improved. You’ll then create two separate VSM flow charts — a current state value stream map and a future state value stream map. Your current state VSM will be used to establish how the process currently runs and functions in the business. This is where you will demonstrate issues, significant findings and establish key requirements. The future state VSM, on the other hand, focuses on what your process will look like once your organization has completed all of the necessary improvements.


Ethernet consortium announces completion of 800GbE spec 

Network Networking Ethernet
Based on many of the technologies used in the current top-end 400 Gigabit Ethernet protocol, the new spec is formally known as 800GBASE-R. The consortium that designed it (then known as the 25 Gigabit Ethernet Consortium) was also instrumental in developing the 25, 50, and 100 Gigabit Ethernet protocols and includes Broadcom, Cisco, Google, and Microsoft among its members. The 800GbE spec adds new media access control (MAC) and physical coding sublayer (PCS) methods, which tweaks these functions to distribute data across eight physical lanes running at a native 106.25Gbps. (A lane can be a copper twisted pair or in optical cables, a strand of fiber or a wavelength.) The 800GBASE-R specification is built on two 400 GbE 2xClause PCSs to create a single MAC which operates at a combined 800Gbps. And while the focus is on eight 106.25G lanes, it's not locked in. It is possible to run 16 lanes at half the speed, or 53.125Gbps. The new standard offers half the latency of 400G Ethernet specification, but the new spec also cuts the forward error correction (FEC) overhead on networks running at 50 Gbps, 100 Gbps, and 200 Gbps by half, thus reducing the packet-processing load on the NIC.


Application performance for remote workers becomes primary network issue for businesses


In addition to the top-line finding of dealing with complexity and performance, the study also highlighted that cost had become less of an issue for respondents, who also cited significant investment in automation, security, cloud connectivity and the potential of 5G. Drilling deeper into the pressing issues for firms, Aryaka found that as the number of remote workers increases across the globe, productivity and remote application performance have become more important for organisations across Europe, the Middle East and Africa (EMEA). Some 45% of UK businesses noted that slow application performance led to a poor user experience for remote and mobile users, and that it was a significant issue faced by IT and support teams. Accessing and integrating cloud and software-as-a-service (SaaS) applications was one of the most pressing issues for UK IT departments, cited by 39%.


Ransomware is now the biggest online menace you need to worry about - here's why


One of the reasons why ransomware attacks have risen so much is because cyber criminals are increasingly viewing it as the simplest and quickest means of making money from compromised networks. With ransomware, attackers can lockdown an organisation's entire network and demand a bitcoin payment in exchange for the decryption key. Ransomware attacks are often successful because organisations opt to pay the ransom demand, viewing it as the quickest and easiest way to restore functionality to the network, despite authorities warning never to give into the demand of extortionists. These ransomware demands commonly reach six-figure sums and, because the transfer is made in bitcoin, it's relatively simple for the criminals to launder it without it being traced back to them. "The 'beauty' of the ransomware model is you only need to write the ransomware once and its potential to infect is only limited by its reach, which with the internet is unlimited," Ed Williams, EMEA director of SpiderLabs, the research division at Trustwave, told ZDNet.


Remote business continuity techniques to implement now


This is not just an issue when facing a pandemic. If your business continuity plan addresses only short-term disruptions, such as those that last less than a month, it may not be prepared for an extended outage. Your technology disaster recovery plan may need to be activated, assuming outages occur due to insufficient IT staff available or technology disruptions that occur due to a shortage of vendor personnel. Fortunately, many data centers are designed to operate without human intervention or with remote access to system administration functions. Technology vendors frequently use managed IT resources such as cloud-based systems to support their service offerings. This reduces the likelihood of outages as long as the managed service providers are able to keep their systems operational. As many organizations use remotely hosted applications, users can keep using those systems, so long as their vendors are able to keep their operations working. The real challenge for organizations that have mostly locally hosted systems and databases is to remotely manage those assets.


New Enterprise Graph Framework for Data Scientists Leverages Machine Learning

The new Neo4j for Graph Data Science framework is designed to enable data scientists to operationalize better analytics and machine learning models that infer behavior based on connected data and network structures Frame described. The framework, she said in a statement announcing the product release, is intended to provide the most expeditious way to generate better predictions. "A common misconception in data science is that more data increases accuracy and reduces false positives," she explained. "In reality, many data science models overlook the most predictive elements within data -- the connections and structures that lie within. Neo4j for Graph Data Science was conceived for this purpose -- to improve the predictive accuracy of machine learning, or answer previously unanswerable analytics questions, using the relationships inherent within existing data." 



Quote for the day:


"Leadership is the wise use of power. Power is the capacity to translate intention into reality and sustain it." -- Warren Bennis