The 6 Biggest Technology Trends In Accounting And Finance
When the internet of things, the system of interconnected devices and
machines, combines with artificial intelligence, the result is the
intelligence of things. These items can communicate and operate without human
intervention and offer many advantages for accounting systems and finance
professionals. The intelligence of things helps finance professionals track
ledgers, transactions, and other records in real-time. With the support of
artificial intelligence, patterns can be identified, or issues can be resolved
quickly. ... Robots don't have to be physical entities. In accounting
and finance, robotic process automation (RPA) can handle repetitive and
time-consuming tasks such as document analysis and processing, which is
abundant in any accounting department. Freed up from these mundane tasks,
accountants are able to spend time on strategy and advisory work. Intelligent
automation (IA) is capable of mimicking human interaction and can even
understand inferred meaning in client communication and adapt to an activity
based on historical data. In addition, drones and unmanned aerial vehicles can
even be deployed on appraisals and the like.
Transportation takes a leading edge with smart technology
As airports and aircraft become digitally connected through Edge IoT
technology, many potential opportunities to improve air travel become an
everyday reality. By harnessing Edge technology, 5G, and computer vision, many
airlines are now able to drive significant operational efficiency. There are
many use cases here, including: visual inspection-based pre-emptive
maintenance that reduces downtime and delays, smarter scheduling and runway
utilization, and cost-savings through smarter fuel usage. Safety and security
can be significantly enhanced through Edge computing. Combining computer
vision, computer audition, and analytics at the Edge can facilitate less
disruptive and more rigorous safety and security. For example, facial
recognition can be employed at smart gates to help tackle crime, and smart
technology can be used to improve health screenings at airports. And there is
huge potential for improving customer experience. By using Edge computing and
smart technologies, the whole passenger journey can be connected and made
smoother; from parking and arrival at the airport, through check-in, boarding,
and inflight entertainment to arrival and baggage claim.
Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns
The flaw specifically exists in the web services interface of Firepower Threat
Defense (FTD) software, which is part of Cisco’s suite of network security and
traffic management products; and its Adaptive Security Appliance (ASA)
software, the operating system for its family of ASA corporate network
security devices. The potential threat surface is vast: Researchers with
Rapid7 recently found 85,000 internet-accessible ASA/FTD devices. Worse, 398
of those are spread across 17 percent of the Fortune 500, researchers said.
The flaw stems from a lack of proper input validation of URLs in HTTP requests
processed by affected devices. Specifically, the flaw allows attackers to
conduct directory traversal attacks, which is an HTTP attack enabling bad
actors to access restricted directories and execute commands outside of the
web server’s root directory. Soon after patches were released,
proof-of-concept (POC) exploit code was released Wednesday for the flaw by
security researcher Ahmed Aboul-Ela. A potential attacker can view more
sensitive files within the web services file system: The web services files
may have information such as WebVPN configuration, bookmarks, web cookies,
partial web content and HTTP URLs.
Scrum’s Nature: It Is a Tool; It Is Not About Love or Hate
The question then is: Why would I “hate” a tool unsuited for the intended
purpose or applied incompetently? Would I hate a hammer for not being capable
of accurately driving a screw into a wooden beam? Probably not, as the hammer
wasn’t designed for that purpose, and neither sheer will-power nor stamping
with your feet will change the fact. ... The job of the Scrum Master is hence
to support the Scrum team by removing impediments—problems the team members
cannot solve by themselves-thus supporting this decentralized leadership
approach. Moreover, those impediments are mostly situated at an organizational
level. Here, change is not happening by simply “getting things done,” but by
working with other stakeholders and their plans, agendas, objectives, etc.
... Agile software development is not about solving (code) puzzles all
day long. As a part of creating new products in complex environments, it is
first-of-all about identifying which problems are worth solving from a
customer perspective. Once that is established, and Scrum’s empirical approach
has proven to be supportive in that respect, we strive to solve these puzzles
with as little code as possible.
Dave: Mobile Banking App Breach Exposes 3 Million Accounts
Dave says the breach traces to the Waydev analytics platform for engineering
teams that it formerly used. "As the result of a breach at Waydev, one of
Dave's former third-party service providers, a malicious party recently gained
unauthorized access to certain user data at Dave, including user passwords
that were stored in hashed form using bcrypt, an industry-recognized hashing
algorithm," Dave says in its Saturday data breach notification. Waydev, which
is based in San Francisco, first warned on July 2 that its service may have
been breached. "We learned from one of our trial environment users about an
unauthorized use of their GitHub OAuth token," Waydev says in a data breach
notification posted on its site that details security measures it recommends
all users take. "The security of your data is our highest priority. Therefore,
as a precautionary measure to protect your account, we revoked all GitHub
OAuth tokens." Beyond that notice, "we notified the potentially affected
users" directly, Waydev's Mike Dums tells Information Security Media Group.
The company says that it immediately hired a third-party cybersecurity firm,
Bit Sentinel to help investigate the intrusion and lock down its environment,
including having now fixed the vulnerability exploited by attackers.
Intelligent ways to tackle cyber attack
Absalom recommends that security practitioners balance the need for human
oversight with the confidence to allow AI-supported controls to act
autonomously and effectively. He says: “Such confidence will take time to
develop, just as it will take time for practitioners to learn how best to work
with intelligent systems.” Given time to develop and learn together,
Absalom believes the combination of human and artificial intelligence should
become a valuable component of an organisation’s cyber defences. As Morris
points out, fraud management, SIEM, network traffic detection and endpoint
detection all make use of learning algorithms to identify suspicious activity
– based on previous usage data and shared pattern recognition – to establish
“normal” patterns of use and flag outliers as potentially posing a risk to the
organisation. For companies with a relatively small and/or simple IT
infrastructure, Wenham argues that the cost of an AI-enabled SIEM would
probably be prohibitive while offering little or no advantage when coupled
with good security hygiene. On the other hand, for an enterprise with a large
and complex IT infrastructure, Wenham says the cost of an AI-enabled SIEM
might well be justified.
Are newer medical IoT devices less secure than old ones?
Mularski does concede that some particularly vulnerable old devices are often
more isolated on the network by design, in part because they’re more
recognizable as vulnerable assets. Windows 95-vintage x-ray machines, for
example, are easy to spot as a potential target for a bad actor. “For the most
part, I think most of the hospital environments, they do a good job at
recognizing that they have these old deices, and the ones that are more
vulnerable,” he said. This underlines a topic most experts on – simple
awareness of the potential security flaws on a given network are central to
securing healthcare networks. Greg Murphy is the CEO of Ordr, a network
visibility and security startup based in Santa Clara. He said that both
Mularski and Staynings have points in their favor. “Anyone who minimizes the
issue of legacy devices needs to walk a mile in the shoes of the biomedical
engineering department at a hospital,” he said. “[But] on the flipside, new
devices that are being connected to the network have huge vulnerabilities
themselves. Many manufacturers themselves don’t know what vulnerabilities
their devices have.”
The Opportunity in App Modernization
Domain Driven Design and modeling techniques like SWIFT, Wardley Maps, Bounded
Context Canvas have provided the technical and business heuristics in carving
out microservices. There is however an emerging backlash from the complexity
of microservices and an impetus to move towards simpler deployment
architectures like modular monoliths. See To Microservices and Back Again.
There are significant gaps that libraries and frameworks can fill by driving a
backlog of stories and implementation from event storming or monolith
decomposition. Generating a backlog of user stories and epics from event
storming is a work of art and requires heavy facilitation because DDD Is
Broken. Dividing business capabilities in sub-business capabilities is tough
and candidate microservices need expert judgment before implementation.
Observability tools and frameworks that aid in understanding the existing
application runtime metadata paired with a profiler theoretically have the
information needed to make recommendations on starting points to decomposing
monoliths. A tool that has started to look at this problem is vFunction.
Ten ‘antipatterns’ that are derailing technology transformations
One of the biggest sources of impact in technology transformations comes from
simplifying the path to production, the steps involved from defining
requirements to releasing software and using it with disciplined repetition
across teams. This requires a lot of organizational and executive patience, as
the impacted teams—app development, operations, security, support—can take
weeks and months to perfect this coordinated dance. Tools and architecture
changes can help, but to be effective, they need to be paired with changes to
engineering practices, processes, and behaviors. Launching programs for large
architecture and tooling changes often requires minimal effort, catches the
executive and board’s fancy, and represents that things are moving. However,
in our experience, without changes to engineering practices, processes, and
behaviors, such programs have minimal or no impact. ... After months of futile
top-down incentives and nudges for tools adoption, the bank refocused on how
the tools enabled a new set of engineering practices and collaboration between
teams. It showed how the new tools could simplify the path to
production.
Is Robotic Process Automation As Promising As It Looks?
RPA works best when application interfaces are static, procedures don’t
change, and data patterns stay stable – a mix that is progressively uncommon
in today’s dynamic, digital scenario. The issue with RPA, in any case, isn’t
that the tools aren’t clever enough. Rather, its main challenge is
progressively about strength –handling the unexpected sudden changes in the IT
world. Adding cognitive abilities to RPA doesn’t resolve these strength issues
– you essentially end up with more intelligent technology that is still
similarly as weak it was in the past. RPA is still in the phase of
advancement, thus it can introduce difficulties that may bring about
undesirable results. Consequently, it is difficult for associations to decide
whether they ought to put their resources into robotic automation or wait
until its extension. A far-reaching business model must be created while
thinking about the implementation of this technology; else, it will be futile
if returns are just marginal, which may not be worth taking the risk. RPA is
equipped for dealing with specific tasks and assignments, however isn’t
planned to deal with processes. Therefore, it appears to be legitimate to
believe that combined with other more specific instruments, it can drive
better execution.
Quote for the day:
