Chef Shifts to Policy as Code, Debuts SaaS Offering
As for ease of use, Chef Enterprise Automation Stack (EAS) will also be
available in both AWS and Azure marketplaces. The company has begun a Chef
Managed Services program, and Chef EAS is also now available in a beta SaaS
offering. All of these together, said Nanjundappa, will make Chef EAS “easy to
access and adopt, which will help reduce overall time to value.” Looking
forward, Nanjundappa said that the focus will include features like cloud
security posture management (CSPM) and Kubernetes security. “We are seeing more
and more compute workloads being migrated towards containers and Kubernetes. We
currently offer Chef Inspec + content for CIS profiles for K8s and Docker that
help secure Containers and Kubernetes,” wrote Nanjundappa. “But we will be
adding additional abilities to maintain security posture in containers and
Kubernetes platforms in the coming years.” More specifically, upcoming
Kubernetes features will offer visibility into containers and the Kubernetes
environment, scanning for common misconfigurations, vulnerability management,
and runtime security.
Private vs. Public Blockchains For Enterprise Business Solutions
Not all blockchains are created equal. Businesses have always required a
reasonable degree of privacy as well as control over their networks. Since the
popularisation of the internet, and the advance of eCommerce, it’s been
essential that companies protect their systems from outside attackers, both to
preserve their workflow but also any sensitive information they might be
storing. Hence, as blockchain technology becomes integrated into the modern
digital workplace, it is only logical that private networks are often seen as
preferable for many organizations. This is no big surprise — especially given
that some of the main selling points of blockchain include a completely
transparent ledger containing all data as well as the ability to move value
around. And it’s clear why a business wouldn’t want just anyone to be able to
access their internal network. This way, the company gets many of the benefits
of the novel tech but can remain opaque to most of the world. It’s also quite
valid that private blockchains are typically much more efficient than public
ones.
Many organizations likely don’t know how many APIs they are using, what tasks
they are performing, or how high a permission level they hold. Then there is
the question of whether those APIs contain any vulnerabilities. Industry and
private groups have come up with API testing tools and platforms to help
answer those questions. Some testing tools are designed to perform a single
function, like mapping why specific Docker APIs are improperly configured.
Others take a more holistic approach to an entire network, searching for APIs
and then providing information about what they do and why they might be
vulnerable or over-permissioned. Several well-known commercial API testing
platforms are available as well as a large pool of free or low-cost
open-source tools. The commercial tools generally have more support options
and may be able to be deployed remotely though the cloud or even as a service.
Some open-source tools may be just as good and have the backing of the
community of users who created them. Which one you select depends on your
needs, the security expertise of your IT teams, and budget.
How do risk professionals quantify risk? Using dollars and cents. Taking the
information gathered in the Open FAIR model simulations, risk quantification
further breaks down primary and secondary losses into six different types for
each loss, allowing the organization to determine how best to categorize them.
CISOs and other risk professionals can consider data points from the market,
their data and additional available information. They can classify each type
of data they’re inputting as high or low confidence. Primary loss equals
anything that’s a direct loss to the company due to a specific event.
Secondary loss includes something which may or may not occur, like
reputational damage or potential lost revenue. Risk quantification also
enables risk professionals to communicate risk to leaders and other
stakeholders in a shared language everyone understands: dollars and cents.
Quantifying risk in financial terms enables organizations to assess where
their biggest loss exposures may be, conduct cost-benefit analyses for those
initiatives designed to improve risk activities, and prioritize those risk
mitigation activities based on their impact to the business.
10 top API security testing tools
Many organizations likely don’t know how many APIs they are using, what tasks
they are performing, or how high a permission level they hold. Then there is
the question of whether those APIs contain any vulnerabilities. Industry and
private groups have come up with API testing tools and platforms to help
answer those questions. Some testing tools are designed to perform a single
function, like mapping why specific Docker APIs are improperly configured.
Others take a more holistic approach to an entire network, searching for APIs
and then providing information about what they do and why they might be
vulnerable or over-permissioned. Several well-known commercial API testing
platforms are available as well as a large pool of free or low-cost
open-source tools. The commercial tools generally have more support options
and may be able to be deployed remotely though the cloud or even as a service.
Some open-source tools may be just as good and have the backing of the
community of users who created them. Which one you select depends on your
needs, the security expertise of your IT teams, and budget.Implementing risk quantification into an existing GRC program
How do risk professionals quantify risk? Using dollars and cents. Taking the
information gathered in the Open FAIR model simulations, risk quantification
further breaks down primary and secondary losses into six different types for
each loss, allowing the organization to determine how best to categorize them.
CISOs and other risk professionals can consider data points from the market,
their data and additional available information. They can classify each type
of data they’re inputting as high or low confidence. Primary loss equals
anything that’s a direct loss to the company due to a specific event.
Secondary loss includes something which may or may not occur, like
reputational damage or potential lost revenue. Risk quantification also
enables risk professionals to communicate risk to leaders and other
stakeholders in a shared language everyone understands: dollars and cents.
Quantifying risk in financial terms enables organizations to assess where
their biggest loss exposures may be, conduct cost-benefit analyses for those
initiatives designed to improve risk activities, and prioritize those risk
mitigation activities based on their impact to the business.
The Architecture of a Web 3.0 application
Unlike Web 2.0 applications like Medium, Web 3.0 eliminates the middle man.
There’s no centralized database that stores the application state, and there’s
no centralized web server where the backend logic resides. Instead, you can
leverage blockchain to build apps on a decentralized state machine that’s
maintained by anonymous nodes on the internet. By “state machine,” I mean a
machine that maintains some given program state and future states allowed on
that machine. Blockchains are state machines that are instantiated with some
genesis state and have very strict rules (i.e., consensus) that define how
that state can transition. Better yet, no single entity controls this
decentralized state machine — it is collectively maintained by everyone in the
network. And what about a backend server? Instead of how Medium’s backend was
controlled, in Web 3.0 you can write smart contracts that define the logic of
your applications and deploy them onto the decentralized state machine. This
means that every person who wants to build a blockchain application deploys
their code on this shared state machine.A Major Advance in Computing Solves a Complex Math Problem 1 Million Times Faster
That's an exciting development when it comes to tackling the most complex
computational challenges, from predicting the way the weather is going to
turn, to modeling the flow of fluids through a particular space. Such problems
are what this type of resource-intensive computing was developed to take on;
now, the latest innovations are going to make it even more useful. The team
behind this new study is calling it the next generation of reservoir
computing. "We can perform very complex information processing tasks in a
fraction of the time using much less computer resources compared to what
reservoir computing can currently do," says physicist Daniel Gauthier, from
The Ohio State University. "And reservoir computing was already a significant
improvement on what was previously possible." Reservoir computing builds on
the idea of neural networks – machine learning systems based on the way living
brains function – that are trained to spot patterns in a vast amount of
data.Enterprise data management: the rise of AI-powered machine vision
The process of training machine learning algorithms is dramatically hindered
for firms acquiring and centralising petabytes of unstructured data – whether
video, picture, or sensor data. The AI development pipeline and production
model tweaking are both delayed as a result of this centralised data
processing method. In an industrial setting, this could result in product
faults being overlooked, causing considerable financial loss or even putting
lives in peril. Recently, distributed, decentralised architectures have become
the preferred choice among businesses, resulting in most data being kept and
processed at the edge to overcome the delay and latency challenges and address
issues associated with data processing speeds. Deployment of edge analytics
and federated machine learning technologies is bringing notable benefits while
tackling the inherent security and privacy deficiencies of centralised
systems. Take, for example, a large-scale surveillance network that
continuously records video. Instead of focusing on hours of film of an empty
building or street, effectively training an ML model to differentiate between
certain items needs the model to assess footage in which anything new is
observed.
The evolution of DRaaS
In the days in which DRaaS was born, it was not unusual for companies to
maintain duplicate sets of hardware in an off-site location. Yes, they could
replicate the data from their production site to the off-site location, but
the expense of procuring and maintaining the secondary site was prohibitive.
This led many to use the secondary location for old and retired hardware or
even to use less powerful computer systems and less efficient storage to save
money. DRaaS is essentially DR delivered as a service. Expert third-party
providers either delivered tools or services, or both, to enable organizations
to replicate their workloads to data centers managed by those providers. This
cloud-based model allowed for increased agility than previous iterations of DR
could easily allow, empowering businesses to run in a geographically different
location as close to normal as possible while the original site was made ready
for operations again. And technology improvements over the course of the 2010s
only made the failover and failback process more seamless and granular.
JLL CIO: Hybrid Work, AI, and a Data and Tech Revolution
Offices typically offer multiple services, Wagoner explains. For instance,
someone puts the paper in the printers. Someone helps employees with laptop
problems. Someone runs the on-site cafeteria. Someone maintains the
temperature and air quality of the office. As an employee, if there’s an
issue, you need to go to a different group for each one of these different
issues. However, JLL’s vision is to remove that friction and collect all those
services into a single interface experience app for employees. “With the
experience app, we eliminate you having to know that you need to go to office
services for one thing and then remember the URL for the IT help desk for
another thing,” Wagoner says. “We don’t even necessarily replace any of the
existing technology. We just give the end user a much better, easier
experience to get to what they need.” This experience app is called “Jet,” and
it also can inform workers of rules for particular buildings during the
pandemic. For instance, if you book a desk in a building or as you approach a
building it might tell you if that building has a vaccine requirement or a
masking requirement.
Intel: Under attack, fighting back on many fronts
Each processor architecture has strengths and weaknesses, and all are better or best suited to specific use cases. Intel’s XPU project, announced last year, seeks to offer a unified programming model for all types of processor architectures and match every application to its optimal architecture. XPU means you can have x86, FPGA, AI and machine-language processors, and GPUs all mixed into your network, and the app is compiled to the best suited processor for the job. That is done through the oneAPI project, which goes hand-in-hand with XPU. XPU is the silicon part, while oneAPI is the software that ties it all together. oneAPI is a heterogeneous programming model with code written in common languages such as C, C++, Fortran, and Python, and standards such as MPI and OpenMP. The oneAPI Base Toolkit includes compilers, performance libraries, analysis and debug tools for general purpose computing, HPC, and AI. It also provides a compatibility tool that aids in migrating code written in Nvidia’s CUDA to Data Parallel C++ (DPC++), the language of Intel’s GPU.Quote for the day:
"Don't measure yourself by what you have accomplished. But by what you should have accomplished with your ability." -- John Wooden
