India’s digital transformation could be a game-changer for economic development
India currently has a data-fiduciary-centric model. Individuals or small
businesses must go to the original keeper of data to access their data. This
inhibits the use of data for the financial empowerment of individuals. The
current method of storing financial data across institutions and companies is
also inefficient, resulting in the use of notarized hard copies, PDFs, screen
scraping, password sharing, etc., all of which pose a threat to individual
privacy. Accessing and sharing information can be difficult because of the
varied formats. This forces individuals and institutions to rely on patchwork
solutions. ... AAs can be thought of as traffic police between Financial
Information Users (FIUs) and Financial Information Providers (FIPs), with users
having complete control over the flow of information. The introduction of AA
architecture could revolutionize how financial data is shared, similar to the
impact UPI has had on money transfers. The AA ecosystem is cross-sectoral, with
customers at the center. AAs provide a secure interface that allows users to
consent to share private and sensitive data. This democratizes data use and
sharing, enabling FIUs to request users' financial information.
8 ways to detect (and reject) terrible IT consulting advice
Recommendations are great, but they don’t automatically turn into solutions.
“Most of the consultant’s dialogue should be repeating back to you the problem
they’re solving,” advises Bill Carslay, senior vice president and general
manager of professional services at IT support services firm Rimini Street. “The
resulting solution should be directly related to the problem as it’s defined in
your terms, and should follow the steps and phases your organization is willing
to take.” When a consultant grabs onto a common IT challenge and quickly
describes how they will solve it, it’s likely the solution won’t fully address
the very specific problem an organization may be facing. “Keep in mind that one
size doesn’t fit all, and be on the lookout for recommendations that fit or
augment the parameters you’ve set,” Carslay suggests. ... When advice lacks
logical reasoning, contradicts data, or fails to consider long-term
consequences, it’s likely terrible. “A critical mind and rigorous evaluation
will help you distinguish the good from the bad,” says Edward Kring, vice
president of engineering at software development company Invozone.com.
Three Data Removal Myths That Provide a False Sense of Security
There are many ways to attempt to remove a file -- such as data deletion,
wiping, factory reset, reformatting, and file shredding -- but without proper
context, these solutions independently can be incomplete. For example, deleting
a file and emptying the recycle bin can remove pointers to files containing data
but not the data itself. The data is easily recoverable until the data is
overwritten. A factory reset removes all used data as it restores a device to
factory settings, but not all methodologies used in resets lead to complete
erasure, and there’s no way to validate that all data is gone. Data wiping is
the process of overwriting data without verification. File shredding destroys
data on individual files by overwriting the space with a random pattern of 1s
and 0s. Because neither method provides verification that the process was
completed successfully across all sectors of the device, they are considered
incomplete. Finally, reformatting, which is performed on a working disk drive to
eradicate its contents, is another method where most of the data can be
recovered with forensics tools available online.
Measuring engineering velocity misses all the value
Story point velocity has become the dominant driver of agile software
development lifecycles (SDLCs) with the rise of scrum. How many story points did
the team complete this week? How can we get them to deliver more points while
still meeting the acceptance criteria? Speed is treated as synonymous with
success, and acceleration is hailed as the primary focus of any successful
engineering enterprise. Deliver more story points and you’re clearly “doing the
thing.” The impulse is not without some logic. From the C-suite perspective, a
perfect product that misses its moment on the market isn’t worth much. Sure, it
may be full of engineering genius, but if it generates little to no business
value, it quickly becomes more “museum relic” than “industry game-changer.” It
pays to be first. In fact, one study found that accelerating time to market by
just 5% could increase ROI by almost 13%. However, I believe that a simplistic
obsession with speed misses several factors critical to optimizing the actual
impact of any software solution.
Developers’ Role in Protecting Privacy
Although sharing data has become commonplace in exchange for benefits and value,
consumers are becoming more aware of privacy issues. Take the EU’s General Data
Protection Regulations (GDPR) as an example. Over the past five years, awareness
has more than doubled in notable European markets such as the UK, Spain,
Germany, the Netherlands and France. Meanwhile, there is also commercial
pressure, as employers rely on developers to innovate to remain profitable. At
the same time, customers expect brands to be responsible with their data, and
failure to do so at the expense of trying to commercialize a new application
could be detrimental. Indeed, while the pandemic may have ushered in significant
changes and altered consumers’ attitudes toward data privacy, end users remain
unwavering about the importance of security. Maintaining this balancing act is
becoming increasingly complex to achieve. However, the question of data privacy
is becoming a key business priority, and that means developers have a big
opportunity to show their commercial value to their organizations.
Why CISOs should be concerned about space-based attacks
Making matters worse is the tendency for many satellites to be ‘dual use’
carriers, in that they provide services that are used by both commercial and
military clients. As such, “US commercial satellites may be seen as legitimate
targets in case they are used in the conflict in Ukraine,” reported the Russian
state-owned news agency TASS on October 27, 2022. Speaking before the UN General
Assembly’s First Committee, Russian Foreign Ministry official Konstantin
Vorontsov threatened that, “Quasi-civil infrastructure may be a legitimate
target for a retaliation strike.” This has certainly been true for SpaceX’s
Starlink satellite broadband service in Ukraine. "Some Starlink terminals near
conflict areas were being jammed for several hours at a time,” SpaceX CEO Elon
Musk said in a Twitter message posted on March 5, 2022. “Our latest software
update bypasses the jamming. Am curious to see what’s next!” Such threats and
actions come as no surprise to Laurent Franck, a satellite consultant and ground
systems expert with the Euroconsult Group. Whenever a commercial satellite “can
be used on a battlefield and used in a war context, it becomes a target,” he
says.
Who Is Responsible for Identity Threat Detection and Response?
For organizations just starting to develop an ITDR program, Jones recommends
they start by conducting a thorough risk assessment to identify critical assets
and potential threats. “Assign a dedicated ITDR owner or team responsible for
coordinating prevention, detection, and response efforts, and develop a
comprehensive ITDR plan that outlines roles, responsibilities, and processes for
each stage of the ITDR lifecycle,” he says. He adds it’s important to regularly
test and update the ITDR plan, incorporating lessons learned from past incidents
and staying informed about the latest threats and technologies. Craig Debban,
CISO for QuSecure, explains for a lot of organizations, there is a dependence on
a disparate set of systems that are on-prem, in the cloud, or both -- and they
are not always well integrated. "User identities are then decentralized since
they are replicated in multiple places,” he says. “This diversity leads to gaps
in functionality for the end user, negatively impacts operational efficiency,
and is often overcome by oversubscribing permissions which impacts overall
security and risk across the business.”
You can’t be an averagely talented programmer
In some ways, the level of engineering capability which people need is only
going to become higher in terms of writing these AI systems and being able to
engineer them. That said, this only applies to the very best programmers. You
can’t be an averagely talented programmer anymore. With some of our large
operations it’s clear by the way they are adopting automation that we won’t need
a large number of developers. We will start having fewer people of that kind.
People who actually understand engineering are going to become more in demand,
and the people who just operate the technology will be less valuable. ... Right
now, the technology industry needs a lot of people. But I see a lot of people
who don’t really understand the technology or worse, they are afraid of
technology. A lot of people who do not come from a computer science background
can be working for tech companies but really are afraid of the technology.
That’s not sustainable. Having a genuine interest in technology is, I would say,
an important condition to reaching or exceeding your potential in a tech firm.
Understand what’s happening in technology and do not be afraid of it.
How to Choose the Right Identity Resolution System
A best-in-class approach to identity resolution enables you to match many
identifiers to the same person and then set the priority of matching to control
how profiles are stitched together. ... While deterministic identity resolution
might seem overly rigorous, it’s actually highly beneficial for personalization.
Personalization use cases (sending an email, delivering a recommendation, and so
on) require 100% confidence that a user is who you think they are. The only way
to guarantee that confidence is through a deterministic identity algorithm. The
alternative is simply guesswork and increases the likelihood that your
personalization (or lack thereof) will have a detrimental impact on your
customer relationships. A deterministic identity resolution solution enables
100% reliable profile unification, honoring the exact first-party data a
customer provides to a brand. More importantly, embracing a deterministic
approach as the core of your identity strategy will allow you to build
high-quality customer profiles that power the personalized experiences customers
have come to expect.
How to Become a Business Intelligence Analyst
As much as business intelligence can be about interpersonal action, much of an
analyst’s duties are solitary ones, chief among these authoring procedures for
data processing and collection. From there on, expect reporting and more
reporting, including analytical reports that can be personalized for the needs
of stakeholders, highlighting the most departmentally relevant findings. A
business intelligence analyst also needs to maintain an active role in the
various life cycles of data as it moves throughout the organization. After all,
data reports are built upon regularly monitoring the way data is collected,
looking at field reports, product summaries from third parties, and even through
public record. As a function of this, a BIA may want to continually track
burgeoning trends in tech or emerging markets that could potentially offer
efficiency or value within the industry and their specific enterprise. Working
in concert with specialists in data governance and stewardship, a BIA must
oversee the integrity, security, and location of data storage.
Quote for the day:
"A coach is someone who can give
correction without causing resentment." -- John Wooden
