What is DevSecOps and How Does it Work?
DevSecOps is a methodology that emphasizes integrating security practices into
the software development process. The idea is to promote collaboration and
communication among development, security, and operations teams to incorporate
security throughout the entire software development lifecycle. DevSecOps is a
combination of three words: Development + Security + Operations. The approach
acknowledges that security is an integral part of the software development
cycle, and we should integrate it right from the beginning instead of treating
it as an afterthought. ... Incorporate security practices as early as possible
in the software development lifecycle. It is because the entire DevSecOps team
is collectively responsible for ensuring the security of your system. By
implementing security from the beginning, your team can discover and fix
security threats early, providing smooth delivery cycles. ... DevSecOps can
significantly increase your chances of success by ensuring the software you
develop is free of any issues. However, getting it right is a real challenge.
The AI Act: What Does It Mean for Patenting Products
The Act lists three categories of AI systems. The first one relates to systems
associated with an ‘unacceptable risk’. It includes systems which seek to
manipulate vulnerable persons, social scoring and the use of real-time biometric
data, such as face recognition (with limited exceptions for law enforcement).
These systems are simply prohibited in the EU. The second category is ‘high
risk’. There are two main parts to this: systems which are key to safety and
systems which could potentially be socially damaging, such as those systems
where bias could be particularly harmful. For instance, AI systems associated
with access to opportunities in life, such as education, employment, credit
scores, and public services, fall into this category. The Act is intended to
ensure that everyone is treated fairly and not subjected to prejudice or
discrimination baked into an AI system. The AI act introduces additional burdens
in bringing such systems to market if they have an AI element.
Don’t Get Caught Off Guard: A Roadmap to Cyber Resilience
The term cybersecurity and cyber resilience have been used interchangeably by
many. While both share the same objective, implementation is where they
differ. While cybersecurity emphasizes on deploying strategies that prevent
cyber-attacks from penetrating the systems, cyber resilience is a holistic
approach that encompasses resisting, navigating, and surviving the entire
lifecycle of an attack. In short, cyber resilience is a broader scope of
cybersecurity. According to the World Economic Forum’s 2022 Global
Cybersecurity Outlook, the average cost of a corporate breach is $3.6 million
per incident, and it takes roughly 280 days to identify and address a
penetration. This survey in itself calls for the need for a game plan.
Building defenses along the perimeters, and following a siloed approach are
methods of the past years. Considering the massive attack landscape that
currently exists, business leaders must steer towards a holistic cybersecurity
strategy that involves identifying and securing all vulnerable
endpoints.
It’s a weird, weird quantum world
Shor’s work was the first to show that a quantum computer could solve a
real, practical problem. His talk set the seminar abuzz, and the news
spread, then became conflated. Four days after his initial talk, physicists
across the country were assuming Shor had solved a related, though much
thornier problem: prime factorization — the challenge of finding a very
large number’s two prime factors. ... “It was like the children’s game of
‘telephone,’ where the rumor spread that I had figured out factoring,” Shor
says. “And in the four days since [the talk], I had!” By tweaking his
original problem, Shor happened to find a similar quantum solution for prime
factorization. His solution, known today as Shor’s algorithm, showed how a
quantum computer could factorize very large numbers. Quantum computing, once
thought of as a thought experiment, suddenly had in Shor’s algorithm an
instruction manual for a very real, and potentially disruptive application.
His work simultaneously ignited multiple new lines of research in quantum
computing, information science, and cryptography.
Why You Should Give a Damn About Software Design
The Factory Design Pattern is a programming concept that allows you to
create objects in a more flexible and controlled way. Imagine you need to
create many products for your store, but each object is created differently
based on some conditions. For example, if you were building cars, you know
that they will all require at least 4 wheels, a gas tank, an engine, and so
forth, but every car will have a unique color, shape, year, and model.
Instead of creating each car entirely from scratch, you can build a
blueprint to determine exactly how each car should be engineered. No need to
keep returning to the drawing board. The factory has a method that takes in
some parameters and based on those parameters, it creates the appropriate
object and returns it to you. This way, you can create many objects easily
and you can change how the objects are created by changing the factory’s
method, instead of changing the entire program.
Good Things Happen When DevSecOps and Cloud Collide
Cloud-based data is accounting for 39% of successful cyberattacks.
Containerized applications, which have been a boon to both migration and
management can also lead to vulnerabilities – which is fitting for security
to be cited as a top concern for more than half of the organizations
surveyed. ... The idea is simple: You must find a way, a process, a method,
and the right partners to help secure all workloads across any cloud
environment, regardless of the platform or the amount of data and
application real estate needed. By establishing this model, organizations
are able to create a fundamental layer of protection against the
ever-evolving threat of cybercriminals. Take one of our large banking
customers, for example, who runs critical applications on AWS with stringent
security and compliance requirements. We implemented a secured framework to
protect their applications running on modern, cloud-native services like
containers and Lambda functions using DevSecOps principles and cloud-native
SIEM solutions.
Every third employee in IT will soon be a gig worker- are you one of them?
For enterprises, engagement with the gig workforce ensures cost savings,
flexibility of an ad-hoc, project-based working model that can be scaled or
descaled quickly, enable quick onboarding, and access to highly skilled,
niche talent. However, engaging with gig workers comes with its own set of
challenges, including concerns around data security, IP theft, access
management, cultural orientation, etc. These challenges span across
planning, onboarding, execution, and payment phases in the lifecycle of gig
workers. The study reveals that more than 70 per cent of CXOs feel that
onboarding and execution are the two difficult yet crucial phases,
addressing which can enable widespread adoption of the gig economy model.
Technologies such as cloud, artificial intelligence (AI), and cybersecurity
are being leveraged to address such challenges in a transparent and
productive way. Cloud technology, which enabled the seamless transition to
remote work, will be critical in addressing the challenges of the gig
economy.
Cyber Resilience More Than A Software Problem
From our unique position in the BIOS of millions of active devices, we can
see security applications from the world’s leading security companies,
running in some of the most sophisticated security environments by some of
the strongest cyber teams and still be operating at 60 to 70 per cent
resiliency — meaning they are only installed, running and healthy across 60
to 70 per cent of the devices where they are required for compliance.
Another way to think about that is $0.30 to $0.40 of every dollar spent
could be wasted if those controls are not healthy and working to protect the
user. That complexity is what we need to tackle for certain. And
understanding that the end result will never be zero risk — resiliency in
spite of complexity is what Absolute Resilience does that no one else can
do. We leverage our unique Persistence technology, already in the device
itself, to self-heal these applications automatically — to restore, repair,
or even reinstall an application and help to close that seemingly
insurmountable gap.
Enterprise Architecture Vs Solution Architecture – Let the Comparison Begin
Enterprise architecture (EA) in an organization is often defined as the
organizing logic for business processes and infrastructure. The primary
purpose of creating enterprise architecture is to ensure that business
strategy and IT are aligned. Enterprise architecture should make it possible
for an organization to achieve traceability from the business strategy down
to the technology used to implement that strategy. Enterprise Architecture
is a journey which acts as a collaboration force among:Business planning
(strategic) such as goals, visions, strategies, capabilities and governance
principles. ... Solution architecture is a process of architecting,
designing, and managing the technical and operational architecture of a
solution to meet specific business needs of a business unit of an
organization. ... The characteristics of Solution Architecture are:Modular
Design – Architecture should always follow a modular component-based designs
rather than monolithic blocks of system for easier management and change
How banks can use seven levers to modernize their core systems
To simplify the CBS, banks can explore three options focused on the removal
and carve-out of unused or unneeded modules. Rationalize customizations or
modules: Banks should analyze unused modules within the CBS code base,
screen components, and evaluate other business logic and remove if
necessary. This analysis includes the identification of unwanted
customizations of an off-the-shelf platform. McKinsey analysis shows that
only 10 percent of existing core-banking-system customizations are
regulatory driven or business critical. Carve out master-data components: In
most cases, customer data is stored within the core banking system. However,
requests directed to core banking for basic products, customer data, and
pricing data create significant workloads and costs. To simplify, banks can
carve out such functionalities and data, allocating them to dedicated master
databases and thus reducing the overall load of the CBS.
Quote for the day:
"Good leadership consists of
showing average people how to do the work of superior people." --
John D. Rockefeller
