How can we build engagement in our organization’s data governance efforts?
The first thing to recognize is that establishing a data governance initiative
is a change program—not a one-off project. Successful data governance programs
change behaviors around how data is used, and changing behaviors takes time.
Top-down impositions of data governance based on theory and text-heavy policies
often fail to build engagement because they are detached from organizational
context. The most successful transformations we have seen are the result of an
organic development of data governance from organization and culture. This
requires intentional communication, iteration, and open feedback based on
listening to stakeholders and users. Communicate the benefits of data governance
by emphasizing the positive impact the program can have on your organization’s
ability to achieve its strategic objectives, such as improving decision-making,
enhancing data quality, and ensuring regulatory compliance. Organizations must
be willing to accept that there will be challenges and pushback to the
program.
The State of Organizations 2023: Ten shifts transforming organizations
‘True hybrid’: The new balance of in-person and remote work. Since the COVID-19
pandemic, about 90 percent of organizations have embraced a range of hybrid work
models that allow employees to work from off-site locations for some or much of
the time. It’s important that organizations provide structure and support
around the activities best done in person or remotely. ... Closing the
capability chasm. Companies often announce technological or digital elements in
their strategies without having the right capabilities to integrate them. To
achieve a competitive advantage, organizations need to build institutional
capabilities—an integrated set of people, processes, and technology that enables
them to do something consistently better than competitors do. ... Walking the
talent tightrope. Business leaders have long walked a talent tightrope—carefully
balancing budgets while retaining key people. In today’s uncertain economic
climate, they need to focus more on matching top talent to the highest-value
roles. McKinsey research shows that, in many organizations, between 20 and 30
percent of critical roles aren’t filled by the most appropriate people.
How prompt injection can hijack autonomous AI agents like Auto-GPT
A new security vulnerability could allow malicious actors to hijack large
language models (LLMs) and autonomous AI agents. In a disturbing demonstration
last week, Simon Willison, creator of the open-source tool datasette, detailed
in a blog post how attackers could link GPT-4 and other LLMs to agents like
Auto-GPT to conduct automated prompt injection attacks. Willison’s analysis
comes just weeks after the launch and quick rise of open-source autonomous AI
agents including Auto-GPT, BabyAGI and AgentGPT, and as the security community
is beginning to come to terms with the risks presented by these rapidly emerging
solutions. In his blog post, not only did Willison demonstrate a prompt
injection “guaranteed to work 100% of the time,” but more significantly, he
highlighted how autonomous agents that integrate with these models, such as
Auto-GPT, could be manipulated to trigger additional malicious actions via API
requests, searches and generated code executions. Prompt injection attacks
exploit the fact that many AI applications rely on hard-coded prompts to
instruct LLMs such as GPT-4 to perform certain tasks.
Agility and Architecture
When making architectural decisions, teams balance two different constraints:If
the work they do is based on assumptions that later turn out to be wrong, they
will have more work to do: the work needed to undo the prior work, and the new
work related to the new decision. They need to build things and deliver them to
customers in order to test their assumptions, not just about the architecture,
but also about the problems that customers experience and the suitability of
different solutions to solve those problems. No matter what, teams will have to
do some rework. Minimizing rework while maximizing feedback is the central
concern of the agile team. The challenge they face in each release is that they
need to run experiments and validate both their understanding of what customers
need but also the viability of their evolving answer to those needs. If they
spend too much time focused just on the customer needs, they may find their
solution is not sustainable, but if they spend too much time assessing the
sustainability of the solution they may lose customers who lose patience waiting
for their needs to be met.
Beginning of the End of OpenAI
Maybe OpenAI was not anticipating its success with ChatGPT technology back then.
Now, the explanation for the trademark application can be just so that no one
clones the company makes the most sense currently. Or maybe not. Maybe the Sam
Altman led company has bigger plans. The company had already registered with
AI.com to redirect it to ChatGPT — a pretty strong statement. Well, now that the
AI arms race is in full glory, there might be something that Google can do as
well to catch up. Up until now, Google made strides by improving its technology,
but it might have another trick up its sleeve. If OpenAI files for a trademark
on ‘GPT’, which is more than just a product name, but a name of technology, and
the USPTO accepts it or even considers it, the application will be moved for an
‘opposition period’. ... OpenAI may be getting a bit too possessive about their
products. GPT stands for Generative Pre-trained Transformers and interestingly,
‘Transformer’ was introduced by Google in 2017 as a neural network architecture,
for which the company has also filed a patent.
Macro trends in the tech industry
Managing tech debt and maintaining system health are essential for the
long-term success of any product or system. Tech debt has beenin the news
cycle over the last six months, but it’s certainly not a new concept. We’re
happy that it’s being discussed, but ultimately managing tech debt is not
rocket science: good product managers and tech leads should already be
considering cross-functional requirements, including tech debt management.
Fitness functions can identify and measure important quality characteristics,
and we can describe tech debt in terms of how it may improve those
characteristics. ... As low-code and no-code platforms continue to evolve and
mature — and especially because these tools are likely to be augmented with AI
enabling them to produce applications faster or for less expert users — we
decided to reiterate our advice around bounded low-code platforms. We remain
skeptical because the vendor claims around these tools are, basically,
dangerously optimistic. There are no silver bullets and a low-code platform
should always be evaluated in context as a potential solution, not used as a
default option.
7 venial sins of IT management
First of all, comparing the two, being a business person is easier. Second of
all, unless you think the company’s CFO should be a business person, not a
finance person, and that the chief marketing officer should be a business
person and not a marketeer, the whole thing just isn’t worth your time and
attention. But since I have your attention anyway, here’s the bad news about
the good news: CIOs who try to be business people instead of technology people
are like the high school outcasts who are desperately trying to join the Cool
Kids Club. They’ll still be excluded, only now they’ve added being pathetic to
their coolness deficit. ... Product management is the business discipline of
managing the evolution of one of a company’s products or product lines to
maintain and enhance its marketplace appeal. IT product management comes out
of the agile world, and has at best a loose connection to business product
management. Because while there is some limited point in enhancing the appeal
of some chunk of a business’s technology or applications portfolio, that isn’t
what IT product management is about.
UK government introduces Digital Markets Bill to Parliament
CMA chief executive Sarah Cardell welcomed the Bill and the powers it granted
to the competition regulator. “This has the potential to be a watershed moment
in the way we protect consumers in the UK and the way we ensure digital
markets work for the UK economy, supporting economic growth, investment and
innovation,” she said. “Digital markets offer huge benefits, but only if
competition enables businesses of all shapes and sizes the opportunity to
succeed,” said Cardell. “This Bill is a legal framework fit for the digital
age. It will establish a tailored, evidenced-based and proportionate approach
to regulating the largest and most powerful digital firms to ensure effective
competition that benefits everyone.” She added that the CMA will support the
Bill through the legislative process, and that it stands ready to use these
powers once it has been approved by Parliament. Baroness Stowell, chair of the
House of Lords Communications and Digital Committee, which called for the
creation of a new digital regulator like the DMU in March 2019, said the Bill
is about ensuring a level playing field in digital markets.
Spring Cleaning the Tech Stack
As a company matures, part of the natural process is accumulating a plethora
of applications along the way, which then requires IT to routinely evaluate to
eliminate waste. Richard Capatosto, IT manager at Backblaze, explains IT
spends a lot of time and energy tracking down, identifying, and
operationalizing these “rogue” applications. “They are typically very
inefficient to support for several reasons,” he says. “First, they are
sometimes one-off apps which were purchased outside of our enterprise
applications stack and may not have enterprise-level security.” Usually in
those instances, they’ve been purchased outside of normal processes (e.g., on
credit cards), which creates further downline work. “Second, these
applications often do not support enterprise SSO and provisioning, which is
key to maintaining efficient and secure IT operations,” he says. Eliminating
or upgrading these applications reduces unnecessary spend, conforms to
security best practices, and lets the IT team provide guidance about better
tech-based workflows based on existing and potential applications.
Generative AI and security: Balancing performance and risk
From a security perspective, it’s both appealing and daunting to imagine an
ultra-smart, cloud-hosted, security-specific AI beyond anything available
today. In particular, the sheer speed offered by an AI-powered response to
security events is appealing. And the potential for catastrophic mistakes and
their business consequences is daunting. As an industry observer, I often see
this stark dichotomy reflected in marketing, like that of the
recently-launched Microsoft Security Copilot. One notices Microsoft’s
velocity-driven pitch – “triage signals at machine speed” and “respond to
incidents in minutes, instead of hours or days.” But one also notices the
cautious conservatism of the product name: it’s not a pilot, it’s merely a
copilot. Microsoft doesn’t want people getting the idea that this tech can,
all by itself, handle the complex job of creating and executing a company’s
cybersecurity strategy. That, it seems to me, is the approach we should all be
taking to these tools, while carefully considering what type of data can and
should be fed to these algorithms.
Quote for the day:
"Time is neutral and does not change
things. With courage and initiative, leaders change things." --
Jesse Jackson
