Showing posts with label Ethical Debt. Show all posts
Showing posts with label Ethical Debt. Show all posts

Daily Tech Digest - July 29, 2023

A New Paradigm In Cybersecurity

Currently, many enterprises still focus on tower-based security (that is, securing the “home”)—securing networks, datacenter, databases, endpoints, applications and middleware and then applying horizontal security solutions for rights management, policy, access management and authentication. The overarching framework creates a secure environment, but fails to prevent breaches by insiders or by external threat actors that have seized credentials or exploited the hundreds of vulnerabilities in every domain at any given time. The crown jewels—specifically data representing client information, contracts, legal documents, employee information, KYC files and other pertinent information—must remain secure and private, even if the credentials are breached, or vulnerabilities lead to breach in the networks, data centers or endpoints. Particularly in this era of increased cyber risk, along with growing reliance on data across every industry, enterprise leaders should consider this level of security and privacy, and this ease of access, as non-negotiable for keeping their valuable data and digital assets safe.


EU opens Microsoft antitrust investigation into Teams bundling

The European Commission will now carry out an in-depth investigation into whether Microsoft may have breached EU competition rules by tying or bundling Microsoft Teams to its Office 365 and Microsoft 365 productivity suites. “Remote communication and collaboration tools like Teams have become indispensable for many businesses in Europe,” explains Margrethe Vestager, executive vice-president in charge of competition policy at the European Commission. “We must therefore ensure that the markets for these products remain competitive, and companies are free to choose the products that best meet their needs. This is why we are investigating whether Microsoft’s tying of its productivity suites with Teams may be in breach of EU competition rules.” Microsoft has responded to the EU’s complaint. “We respect the European Commission’s work on this case and take our own responsibilities very seriously,” says Microsoft spokesperson Robin Koch, in a statement to The Verge.


How to define your ideal embedded build system

You might think that your software stack has nothing to do with your build system; However, the build configurations you select may dictate how your software is organized. After all, building to simulate your application code shouldn’t include low-level target drivers. In fact, you may find that even the middleware you use is entirely different! Defining your ideal build configurations may impact your software stack and vice versa. A modern embedded software stack will include several layers of independent software that are glued together through HALs and API’s. ... Today, are you using your ideal build system? Do you even know what that ideal build system looks like and the benefits it creates for your team? I highly recommend that you take a few minutes to answer these questions. If you don’t have an ideal build system you’re trying to reach, you can easily define your ideal system in 30 minutes or less. Once you have your ideal build system, look at where your build system is today. If it’s not your ideal system, don’t fret! Define some simple goals with deadlines and work on creating your ideal build system.


The Future of the Enterprise Cloud Is Multi-Architecture Infrastructure

Data centers and the cloud grew up on a single, monolithic approach to computing — one size fits all. That worked in the days when workloads were relatively few and very straightforward. But as cloud adoption exploded, so too have the number and types of workloads that users require. A one-size-fits-all environment just isn’t flexible enough for users to be able to run the types of workloads they want in the most effective and cost-efficient manner. Today, technologies have emerged to overthrow the old paradigm and give developers and cloud providers what they need: flexibility and choice. One of its manifestations is multi-architecture, the ability of a cloud platform or service to support more than one legacy architecture and offer developers the flexibility to choose. Flexibility to run workloads on the architecture of your choice is important for organizations for two reasons: better price performance and — a reason that is far downstream from data centers but nevertheless important — laptops and mobile devices. 


The lost art of cloud application engineering

AI-driven coders learn from existing code repositories. They often need a more contextual understanding of the code generated. They produce code that works but may need help to comprehend or maintain. This hinders developers’ control over their software and often causes mistakes when fixing or changing applications. Moreover, the generated code must meet style conventions or best practices and include appropriate error handling. This can make debugging, maintenance, and collaboration difficult. Remember that AI-driven code generation focuses on learning from existing code patterns to generate net-new code. Generative AI coders have a “monkey see, monkey do” approach to development, whereas the coding approaches are learned from the vast amount of code used as training data. This approach is helpful for repetitive or standard tasks, which is much of what developers do, but enterprises may require more creativity and innovation for complex or unique problems.


Beyond generative AI, data quality a data management trend

"We have seen a belated -- but much required -- resurgence in the interest in data quality and supporting capabilities," Ghai said. "Generative AI may be one of the factors. But also organizations are realizing that their data is the only sustainable moat, and without data quality, this moat is not that strong." Tied in with data quality and observability, which fall under the purview of data governance, Ghai added that data privacy continues to gain importance. "There's a growing focus on building analytics with strong privacy protection via techniques like confidential computing and differential privacy," he said. ... Like Ghai, Petrie noted that many organizations are prioritizing data quality -- and overall data governance -- as their data volume grows and fuels new use cases, including generative AI. "AI creates exciting possibilities," he said. "But without accurate and governed data, it will not generate the expected business results. I believe this realization will prompt companies to renew their investments in product categories such as data observability, master data management and data governance platforms."


What Exactly Does a Head of Enterprise Design Do?

Where the head of the enterprise design sits in the organizational hierarchy depends on various factors, Heiligenthal said. Company size and maturity play a role, but typically, she said, it starts in marketing and lands within product, digital and technology groups. “Organizations can be matrixed or hierarchically structured, and success depends on visibility within the organization. The further the design organization is buried, the harder it is to receive buy-in and get work done,” she explained. A struggle that many enterprises come up against, she said, is how and where the design organization sits. “Is it centralized, decentralized or embedded within products?” Each setup has its own benefits and drawbacks, but what’s worked for her is a centralized partnership; one with a distinct, centralized design team that shares a sense of purpose with various product and business teams. “It’s a hub-and-spoke model that centralizes design teams (the hub) and gives us freedom to execute across the organization (the spokes) based on north-star alignment across the business.”


How Intelligent Automation is Driving Positive Change in the Public Sector

When implemented strategically and with the needs of an organisation at the forefront, intelligent automation can support collaboration, communication and new, modern ways of working, not only contributing to increased efficiency and cost-effectiveness, but also boosting employee experience. In particular, the elimination of repetitive, manual and time-intensive administrative work – which is often cited as one of the main factors of public sector job dissatisfaction – can help with retaining key talent within the sector. Along with meeting employee expectations, strategic deployment of automation also helps public bodies to keep pace with the expectations of the general public. Automation allows citizens to access support more effectively, without the need for human intervention, especially in the case of adult social services, being resource-intensive centres that manage access to help and support across many key areas such as pensions, healthcare and benefits. 


Ethical Debt: Why ESG Matters As Much As Technical Debt

Ethical debt is the combined consequences of a lack of optimization in your organization's environmental, social, and governance (ESG) capabilities. As pressure on organizations to meet ethical standards intensifies, managing ethical debt is becoming essential. ... Just like technical debt, the consequences of ethical debt aren't just financial. Your debt getting out of control can impact your reputation, relationship with regulators, talent retention, and partnerships. Another key consideration of the concept of ethical debt, however, is possible exploitation. When you're creating a product, you now need to consider what the consequences could be if it is misused by your customers. Ethical debt isn't just a theoretical concept. ... Environmental, social, and governance (ESG) ethical debt is much like technical debt. Every organization has a certain amount and getting it down to zero is likely not worth your investment, but your ethical debt must be reduced to a reasonable level or there will be consequences for your organization.


Cloud Computing Services: Revolutionizing Data Management in Telecommunications

In addition to cost savings and scalability, cloud computing services also provide robust data security. With cyber threats becoming increasingly sophisticated, data security is a top priority for telecommunications companies. Cloud service providers employ advanced security measures, including encryption and multi-factor authentication, to protect data from unauthorized access. Furthermore, data stored in the cloud is typically backed up in multiple locations, ensuring its availability even in the event of a disaster. The integration of cloud computing services in telecommunications also facilitates improved collaboration and productivity. With data stored in the cloud, employees can access it from anywhere, at any time, using any device with an internet connection. This promotes a more flexible and efficient work environment, enabling teams to collaborate effectively regardless of their geographical location. The adoption of cloud computing services in telecommunications is also driving innovation. 


Quote for the day:

"Leaders are the ones who keep faith with the past, keep step with the present, and keep the promise to posterity." -- Harold J. Seymour
Posted by at No comments:
Labels: , , , , , , , , ,

Daily Tech Digest - October 23, 2020

Enterprise Architecture and Tech Debt

Architects must assess the changed needs of the business, – customers, staff, supply chain and identify efficient technology to support those new requirements. There is opportunity to walk away from legacy technology containing Unplanned Tech Debt that has never been corrected, the result of poor practices or poorly communicated requirements. The move to remote workspace may present the option to discontinue the use of equipment or applications that have become instances of Creeping Tech Debt where features become obsolete, replaced by the better, faster more capable upgrades. Or, the applications and operating systems are no longer supported, causing security vulnerabilities. Changes in market dynamics as the customer base struggles to understand their new needs, constraints and opportunities invite architects and product developers to consider incurring Intentional Tech Debt. By releasing prototypes and minimal viable products (MVPs) customers become partners in product development, helping to build the plane even as it reaches cruising altitude. Architects know this will entail false starts as perceived requirements morph or fade away and require rework as the product matures.


Understanding GraphQL engine implementations

Generic and flexible are the key words here and it’s important to realize that it’s hard to keep generic APIs performant. Performance is the number one reason that someone would write a highly customized endpoint in REST (e.g. to join specific data together) and that is exactly what GraphQL tries to eliminate. In other words, it’s a tradeoff, which typically means we can’t have the cake and eat it too. However, is that true? Can’t we get both the generality of GraphQL and the performance of custom endpoints? It depends! Let me first explain what GraphQL is, and what it does really well. Then I’ll discuss how this awesomeness moves problems toward the back-end implementation. Finally, we’ll zoom into different solutions that boost the performance while keeping the generality, and how that compares to what we at Fauna call “native” GraphQL, a solution that offers an out-of-the-box GraphQL layer on top of a database while keeping the performance and advantages of the underlying database. Before we can explain what makes a GraphQL API “native,” we need to explain GraphQL. After all, GraphQL is a multi-headed beast in the sense that it can be used for many different things. First things first: GraphQL is, in essence, a specification that defines three things: schema syntax, query syntax, and a query execution reference.


Digital transformation starts with software development

Software development is another key requirement for businesses that are pursuing digital transformation quests. Leveraging technology and ensuring it is able to offer reliable and high quality results is a key focus for the majority of companies. At this stage, it is important for businesses to acknowledge what its strategic goals are and implement software that is going to help it reach those ambitions and achieve tangible results. Businesses should also ensure the technology it selects is equipped with sustainable software that is going to withstand time, inevitable digital advances and deliver the requirements of the new normal. In addition, today’s current climate has emphasised the importance of providing teams with reliable software that enables them to work remotely and complete projects without any constraints. In the midst of the pandemic, 60% of the UK’s adult population were working remotely. Unfortunately, many businesses did not have the technology in place to cope with this immediate change. Therefore, IT decision makers and leaders had to undergo a rapid shift to remain agile and maintain continuity during this unprecedented time. By keeping software up to date and regularly enhancing tools, employees can remain productive and maintain a high level of communication with colleagues.


We need to be more imaginative about cybersecurity than we are right now

“Trying to achieve security is something of a design attitude—where at every level in your system design, you are thinking about the possible things that can go wrong, the ways the system can be influenced, and what circuit-breakers you might have in place in case something unforeseen happens,” said Mickens. “That seems like a vague answer because it is: There isn’t a magic way to do it.” Designers, Mickens continued, might even need to consider the political or ethical mindset of the people using their system. “There’s no simple way to figure out if our system is going to be used ethically or not, because ethics itself is very poorly defined. And when we think about security, we need to have a similarly broad attitude, saying that there are fundamental questions which are ambiguous, and which have no clean answer—‘What is security and how do I make my product secure?’ As a result, we need to be more imaginative than we are right now.” Thus, suggested Zittrain, the question has moved to the supply side: Consumers want safe products, and the onus is on designers to provide them. This, he said, opens an even thornier question: Does there need to be a regulatory board for people producing code, and if not, “What would incent the suppliers to worry about systematic risks that might not even be traced back to them?”


How to Make DevOps Work with SAFe and On-Premise Software

The main issues we dealt with in speeding up our delivery from a DevOps perspective were: testing (unit and integration), pipeline security check, licensing (open source and other), builds, static code analysis, and deployment of the current release version. For some of these problems we had the tools, for some, we didn’t and we had to integrate new tools. Another issue was the lack of general visibility into the pipeline. We were unable to get a glimpse of what our DevOps status was, at any given moment. This was because we were using many tools for different purposes and there was no consolidated place where someone could take a look and see the complete status for a particular component or the broader project. Having distributed teams is always challenging getting them to come to the same understanding and visibility for the development status. We implemented a tool to enable a standard visibility into how each team was doing and how the SAFe train(s) were doing in general. This tool provided us with a good overview of the pipeline health. The QA department has been working as the key-holder of the releases. Its responsibility is to check the releases against all bugs and not allow the version to be released if there are critical bugs.


The Two Sides of AI in the Modern Digital Age

We will now discuss some of its more sinister aspects. As we’ve already mentioned, as the digital landscape welcomes an increasing number of technological advancements, so does the threat landscape. With rapid progress in the cybersecurity arena, cybercriminals have turned to AI to amp up on their sophistication. One such way through which hackers leverage the potential of artificial intelligence is by using AI to hide malicious codes in otherwise trustworthy applications. The hackers program the code in such a way that it executes after a certain period has elapsed, which makes detection even more difficult. In some cases, cybercriminals programmed the code to activate after a particular number of individuals have downloaded the application, which maximizes the attack’s attack’s impact. Furthermore, hackers can manipulate the power offered by artificial intelligence, and use the AI’s ability to adapt to changes in the environment for their gain. Typically, hackers employ AI-powered systems adaptability to execute stealth attacks and formulate intelligent malware programs. These malware programs can collect information on why previous attacks weren’t successful during attacks and act accordingly.


A Pause to Address 'Ethical Debt' of Facial Recognition

This pause is needed. All too often, ethics lags technology. With all apologies to Jeff Goldblum, there's no need to be hunted by intelligent dinosaurs to realize that we often do things because "we can rather than that we should." This ACM's call for restraint is appropriate, although a few issues remain. What about the facial data that already exists from currently deployed systems? This is not unique to facial recognition, but rather one that is well known from GDPR compliance and other use cases. The stoppage is intended for private and public entities, but personal cameras — and an opening for facial recognition — are rapidly becoming ubiquitous. Log in to your neighborhood watch program for a close-to-home example. (What street doesn't have a doorbell camera?) Public life is being monitored and passive data on our habits and lives is continually collected; any place that there is a camera, facial recognition technology is in play. The call by the ACM could be stronger. They urge the immediate suspension of use of facial recognition technology anywhere that is "known or reasonably foreseeable to be prejudicial to established human and legal rights." What is considered reasonable here? Is good intent enough to absolve misuse of these systems from blame, for instance?


DevOps best practices Q&A: Automated deployments at GitHub

Ultimately, we push code to production on our own GitHub cloud platform, on our data centers, utilizing features provided by the GitHub UI and API along the way. The deployment process can be initiated with ChatOps, a series of Hubot commands. They enable us to automate all sorts of workflows and have a pretty simple interface for people to engage with in order to roll out their changes. When folks have a change that they’d like to ship or deploy to github.com, they just need to run .deploy with a link to their pull request and the system will automatically deconstruct what’s within that link, using GitHub’s API for understanding important details such as the required CI checks, authorization, and authentication. Once the deployment has progressed through a series of stages—which we will talk about in more detail later—you’re able to merge your pull request in GitHub, and from there you can continue on with your day, continue making improvements, and shipping features. The system will know exactly how to deploy it, which servers are involved, and what systems to run. The person running the command has no need to know that it’s all happening. Before any changes are made, we run a series of authentication processes to ensure a user even has the right access to run these commands.


Exploring the prolific threats influencing the cyber landscape

Ransomware has quickly become a more lucrative business model in the past year, with cybercriminals taking online extortion to a new level by threatening to publicly release stolen data or sell it and name and shame victims on dedicated websites. The criminals behind the Maze, Sodinokibi (also known as REvil) and DoppelPaymer ransomware strains are the pioneers of this growing tactic, which is delivering bigger profits and resulting in a wave of copycat actors and new ransomware peddlers. Additionally, the infamous LockBit ransomware emerged earlier this year, which — in addition to copying the extortion tactic — has gained attention due to its self-spreading feature that quickly infects other computers on a corporate network. The motivations behind LockBit appear to be financial, too. CTI analysts have tracked cybercriminals behind it on Dark Web forums, where they are found to advertise regular updates and improvements to the ransomware, and actively recruit new members promising a portion of the ransom money. The success of these hack-and-leak extortion methods, especially against larger organizations, means they will likely proliferate for the remainder of 2020 and could foreshadow future hacking trends in 2021.


Unsecured Voice Transcripts Expose Health Data - Again

In a report issued Tuesday, security researchers at vpnMentor write that they discovered the exposed voice transcript records in early July and contacted Pfizer about the problem three times before the pharmaceutical company finally responded on Sept. 22 and fixed the issue on Sept. 23. Contained in the exposed records were personally identifiable information, including customers' full names, home addresses, email addresses, phone numbers and partial details of health and medical status, the report says. ...  However, upon further investigation, we found files and entries connected to various brands owned by Pfizer," including Lyrica, Chantix, Viagra and cancer treatments Ibrance and Aromasin, the report says. Eventually, the vpnMentor team concluded the exposed bucket most likely belonged to the company's U.S. Drug Safety Unit. "Once we had concluded our investigation, we reached out to Pfizer to present our findings. It took two months, but eventually, we received a reply from the company." In a statement provided to Information Security Media Group, the pharmaceutical company says: "Pfizer is aware that a small number of non-HIPAA data records on a vendor-operated system used for feedback on existing medicines were inadvertently publicly available. ..."


Quote for the day:

"A leader or a man of action in a crisis almost always acts subconsciously and then thinks of the reasons for his action." -- Jawaharlal Nehru
Posted by at No comments:
Labels: , , , , , , , , , ,
Subscribe to: Comments (Atom)