The Role of Business Architecture in Defining Data Architecture
Data architects can systematically examine the information concepts in the
information map and define corresponding data entities for each of those
concepts. There is no assumption that the data model and the information map
will be identical. Data architects will apply data modeling techniques to
formalize data entities as appropriate. The information map’s role is rather to
provide business ecosystem transparency, delivering a business-driven
perspective to ensure that data models and related deployments enable and do not
hinder the organization they are meant to benefit. As data entities are defined,
data architects can leverage information concept relationships to establish
corresponding relationships among data entities in the data models. All
information maps have a set of relationships that data architects may
interrogate to derive their entity relationships. The next step is to attribute
the data entities. Figure 5 depicts data attribute derivation using child
capabilities defined under Agreement Management.
HTTP/2 Implementation Errors Exposing Websites to Serious Risks
To show how such an attack would work, Kettle pointed to an exploit he executed
against Netflix where front-end servers performed HTTP downgrading without
verifying request lengths. The vulnerability allowed Kettle to develop an
exploit that triggered Netflix's back-end to redirect requests from Netflix's
front-end to his own server. That allowed Kettle to potentially execute
malicious code to compromise Netflix accounts, steal user passwords, credit card
information, and other data. Netflix patched the vulnerability and awarded
Kettle its maximum bounty of $20,000 for reporting it to the company. In another
instance, Kettle discovered that Amazon's Application Load Balancer had failed
to implement an HTTP/2 specification regarding certain message-header
information that HTTP/1.1 uses to derive request lengths. With this
vulnerability, Kettle was able to show how an attacker could exploit it to
redirect requests from front-end servers to an attacker-controlled server.
How to prepare your Windows network for a ransomware attack
Too many of us are still reliant on older server platforms that make it harder
to roll out security solutions through Active Directory. We may have Server
2016 and Server 2019 servers in our network, but we’re not taking advantage of
the security features of that domain functional level. Too many of us are
still on older forest and domain functional levels because we have older
servers or applications and a lack of testing that keep us from rolling out
these newer features. Or we have vendors that won’t certify newer platforms
and Active Directory features. Raising your forest level to 2016 provides many
features that better protect the network such as privileged access management
and automatic rolling of NTLM secrets on a user account. If your functional
level is still 2008 R2, you don’t have a UI for the Active Directory recycle
bin, which makes it easier for recovery. It also doesn’t allow you to get rid
of an old security hole of unchanging passwords on your service accounts if
you are still running 2008 R2 functional level.
Can the public cloud become confidential?
The Confidential Cloud is a secure confidential computing environment formed
over one or more public cloud providers. Applications, data, and workloads
within a Confidential Cloud are protected by a combination of hardware-grade
encryption, memory isolation, and other services in the underlying host. Like
micro-segmentation and host virtualization, resources within a Confidential
Cloud are isolated from all processes and users in a default zero-trust
posture. But the Confidential Cloud does more than isolate network
communications, it isolates the entire IT environment used by a
workload—including compute, storage, and networking. That enables support for
virtually any application. Because Confidential Cloud protection is
inextricably part of data, the protection extends wherever the data goes.
Legacy enterprise perimeters are defined by physical appliances, but a
Confidential Cloud’s perimeter is established by an inextricable combination
of hardware isolation, encryption, and explicit least-privileged access
policy.
Why the future of service is hybrid
For many businesses though, this has led to employment issues, especially as
the workforce ages. Knowledge loss is an increasingly common problem.
According to the Service Council, 70% of service organisations say they would
be burdened by the knowledge loss of a retiring workforce in the next five to
10 years, while 50% claim they are currently facing a shortage of resources to
adequately meet service demand. Automation is great, but it will only go so
far to help. Interestingly, the TSIA recently found that half of all field
services organisations don’t have a formal career path in place for their
field service engineers. This, in my view, is a huge point of unnecessary
commercial risk. These organisations are not doing enough to prepare younger
service techs for a mixed reality future – one where they will have to work
more closely with digital technology and machines than any previous
generation. It won’t happen by accident. There is certainly a need for an
integral ‘system of record’ that captures accurate data about equipment ‘as
maintained’.
How to Recognise and Reduce HumanDebt
HumanDebt™ is the equivalent to Technical Debt but for people. All of the
initiatives, the projects, the intentions we (the organisation) had to do
better by our employees, but we abandoned halfway. All of the missed
opportunities to make their lives and their work easier and more joyful. All
of the empty talk on equality, respect, lack of blame, courage and trust. All
of the missing focus on empowered teams and servant leadership. All of the
lack of preoccupation or resources for building better team dynamics. All of
the toxic culture created by these. That’s Human Debt. ... It is tempting to
believe that this type of debt is the organisation’s problem only. Even more
tempting is to believe that it only happens at that macro, cultural level and
that that is the only level where it can be fixed. Both are fallacies though.
It’s important that the organisation has a degree of recognition, which
enables them to offer "organisational permission" and help, as there really is
only one solid thing to start with - empower teams to work on their own
dynamics and improve their happiness by giving them the resources they need to
do so.
How to deal with a toxic teammate
Toxic behavior may have occurred less frequently or been less noticeable
during the pandemic. “There has been more stress but also a lot of
grace-giving and cutting-of-slack to account for whatever people have going on
in their personal and professional lives,” Cuthbert says. “The water cooler is
gone and hasn’t been replaced and there is less of a forum for those who are
negative or unhappy.” But it can take numerous forms. “Motivating through fear
and unattainable goals and timelines, obfuscating expectations and scope of
job descriptions or projects, not clearly identifying the North Star and who
is doing what, being inconsistent in holding people accountable, dominating,
yelling, talking over others, and interrupting are all signs of toxic
behavior,” Mattheis says. “Working remotely has not changed that reality. What
it has done is adjust how it looks and feels as well as made it more difficult
to speak to it and hold people accountable.” Like dealing with a toxic boss,
responding to a peer’s unhealthy dynamics can be tricky, but there are
constructive approaches for using emotional intelligence to address the issues
and mitigate their impact on your own productivity and well being.
Chip shortage has networking vendors scrambling
The semiconductor industry is predicting a possible recovery in 2023. But who
knows what demand will be at that time, Sadana said. Part of the problem is
that current semiconductor foundry capacity is not adequate to meet the recent
surge in global demand, wrote Baron Fung, industry analyst at Dell'Oro Group,
in a recent blog. “The cost of servers and other data center equipment is
projected to rise sharply in the near term partly due to the global
semiconductor shortages,” Fung stated. “An increase of server average selling
prices could approach the double-digit level that was observed in 2018, which
was another period of tight supply and high demand. However, in the longer
term, we anticipate that supply and demand dynamics could reach equilibrium
and that technology transitions could drive market growth.” ... “We continue
to proactively manage the supply chain, and our strategic relationship with
Broadcom is helping us in this regard. Importantly, we have secured vendor
commitments that will allow us to accelerate product delivery and bring down
backlog as of Q2 and beyond,” Thomas stated.
Why businesses should embrace cloud-native development
Containers provide the infrastructure to realise a microservices architecture
in practice. It provides individual standalone components for an app that can
be independently replaced, changed, or removed without jeopardising the rest
of your infrastructure. This is essential to realise the cloud-native vision
because the completeness of a container package and its agnosticism to its
environment ensures the portability needed for cloud-native apps –
containerised apps can be deployed in whatever cloud environment you operate
in, whether it be public, private, or hybrid. The use of containers in the
cloud-native model thereby brings speed and scalability that cannot be
achieved through traditional systems architecture, and addresses a fundamental
business need: for changes in software to be applied quickly and seamlessly so
that tasks can be completed efficiently and inexpensively. For all these
reasons, containers are one of the biggest trends in enterprise software
development
CISA's Easterly Unveils Joint Cyber Defense Collaborative
"To some extent, some of these activities are already going on across the
federal government, but they're running largely in stovepipes. So the idea is
that we bring together our partners in the government and our private sector
partners to really mature this planning capability," Easterly said. Besides
CISA and its parent organization, the Department of Homeland Security, other
federal government participants will include the U.S. National Security
Agency, U.S. Cyber Command and the FBI. Easterly announced nine companies have
signed up to participate,: CrowdStrike, Palo Alto Networks, FireEye, Amazon
Web Services, Google, Microsoft, AT&T, Verizon and Lumen. The JCDC will
build on the relationships CISA has with Information Sharing and Analysis
Centers, or ISACs, which represent various industries. The concept for the new
initiative came from the Cyberspace Solarium Commission, which published its
report in 2020 (see: Senate Approves Chris Inglis as National Cyber
Director).
Quote for the day:
"Added pressure and responsibility
should not change one's leadership style, it should merely expose that which
already exists." -- Mark W. Boyer
