AI washing: Silicon Valley’s big new lie
The cumulative effect of AI washing is that it leads both the public and the technology industry astray. It fuels the delusion that AI can do things it cannot do. It makes people think AI is some kind of all-purpose solution to every problem — or a slippery slope into dystopia, depending on one’s worldview. AI washing incentivizes inferior solutions, focusing on “magic” rather than quality. Claims that your dog-washing hose is “powered by AI” doesn’t mean you end up with a cleaner dog. It just means you have an overpriced hose. AI washing warps funding. Silicon Valley investment nowadays is totally captured by both actual AI and AI-washing solutions. Even savvy investors may overlook AI-washing exaggeration and lies knowing that the AI story will sell in the marketplace thanks to buyer naiveté. The biggest problem, however, is not delusional selling by the industry, but self-delusion. Purveyors of AI solutions believe that human help is a badge of shame, when in fact I think human involvement would be received with relief. People actually want humans involved in their shopping and driving experience.
Healing cyber wounds in global healthcare
Since AI technology has advanced and medical device security lags, the ease of attack and the potential reward for doing so have made healthcare institutions too tempting to ignore. The Office of Civil Rights (OCR) at Health and Human Services (HHS) is investigating the Change Healthcare attack to understand how it happened. The investigation will address whether Change Healthcare followed HIPAA rules. ... The financial impact of cyberattacks on healthcare providers can be devastating. The Change Healthcare breach led to significant cash flow disruptions, with providers losing millions daily. In response to this crisis, industry leaders and political figures have called for federal funding to support healthcare providers and ensure the continuity of essential services. The Senate majority leader and the American Hospital Association (AHA) have urged the federal government to provide financial assistance to mitigate the impact of the cyberattack, including accelerated and advanced payments to hospitals, pharmacies, and other affected entities. This federal funding can help healthcare providers adopt advanced security measures and recover from the financial impact of cyberattacks.
The next 10 years for cloud computing
The anticipated productivity gains and cost savings have not materialized, for the most part. The promised efficiencies did not translate into significant improvements in operational productivity for many organizations, and cloud platforms cost at least twice as much as traditional systems. The sharp decline in the costs of on-premises computing and storage servers during the past decade exacerbated the situation for public cloud providers. This threw a monkey wrench into the savings that the cloud promised over traditional on-premises systems. ... Cloud providers are now faced with “cloud exit” issues while focusing on AI growth. Their market continues to stagnate as enterprises find that a mix of on-premises and cloud platforms is perhaps more cost-effective, considering the operational costs of AI. In other words, AI is delaying the reality they would otherwise likely face in the short term. ... The days of enterprises buying cloud systems in haste left too many to repent at leisure. Vendors must better understand what enterprises should pay to find value and thus reduce the exodus to colocation providers, managed service providers, and enterprise data centers.
State of play: cloud in financial services
Banks are fully aware of the need for digital transformation and shifting legacy applications to the cloud in order to remain competitive, but enacting it across the entire banking value chain in a unified manner is not a simple task. Omdia’s 2024 IT Enterprise Insights Survey, for instance, shows that most retail banks have made some inroads into digital transformation, with respondents most likely to have made progress in adopting cloud services, but just 29% state that they have made significant progress. Many banks have taken a phased approach to digital transformation, often working with multiple product vendors. But there is a growing recognition that this approach brings its own challenges in terms of managing numerous vendors and roadmaps. ... Modernising the core banking system can be costly, time-consuming, and complex. However, anecdotal evidence suggests that banks are spending 85% on maintaining their existing core banking tech and the remainder on launching new products, which can be flipped once they have fully modernised their core, providing them with enormous scope to innovate.
What is dark fiber and is it right for your business?
The type of dark fiber available varies between locations. So-called metro dark
fiber, typically found in built-up urban areas, tends to comprise larger cables
with a higher fiber count, which means they offer more flexibility and different
types of connection, such as point-to-multipoint, where a cable can service
multiple destinations. Long-haul dark fiber, in contrast, is often constructed
using single-mode fiber which has a smaller glass core, and as such is likely to
only offer more simple, point-to-point, connections. However, there are no
significant distance limitations on dark fiber, meaning it can be used to
connect sites in locations many miles apart. Dark fiber can be an alluring
solution for businesses with rapidly evolving or highly variable networking
needs. Users can choose when and how to scale up bandwidth to meet the demands
of their organization without having to wait for their ISP to carry out this
process. It also avoids the limitations of a contract with an ISP, which will
likely dictate the available data transfer rates and impose fees for network
upgrades.
Examining the Risks of IT Hero Culture
In an IT hero culture, individual accomplishments are celebrated over
teamwork, with a high value placed on swift responses and constant
availability. This type of workplace includes a small group of individuals who
bear a disproportionate responsibility for critical tasks and decision making.
Typically, this culture appears in organizations lacking formal processes,
requiring these so-called heroes to work extensive hours to maintain
operations. ... IT hero culture —despite its immediate benefits—often proves
to be a short-term solution with significant long-term drawbacks. When these
indispensable individuals are absent, organizations face bottlenecks and
inefficiencies. Transitioning to a process-driven culture enhances
organizational effectiveness and efficiency, addressing these challenges. This
transition, usually prompted by external stakeholders such as bankers,
shareholders, and customers, as well as internal forces such as the board and
senior management, moves away from overreliance on individual heroics to a
more sustainable, team-oriented approach.
Will the cost of scaling infrastructure limit AI’s potential?
AI scaling, much like any other type of technology scaling is dependent on
infrastructure. “You can’t do anything else unless you go up from the
infrastructure stack,” Paul Roberts, director of Strategic Account at AWS,
told VentureBeat. Roberts noted that there was a big explosion of gen AI that
got started in late 2022 when ChatGPT first went public. While in 2022 it
might not have been clear where the technology was headed, he said that in
2024 AWS has its hands around the problem very well. AWS in particular has
invested significantly in infrastructure, partnerships and development to help
enable and support AI at scale. ... The resources required to train
increasingly bigger LLMs isn’t the only issue. Bresniker noted that after an
LLM is created, the inference is continuously run on them and when that is
running 24 hours a day, 7 days a week, the energy consumption is massive
“What’s going to kill the polar bears is inference,” Bresniker said. ...
According to Bresniker, one potential way to improve AI scaling is to include
deductive reasoning capabilities, in addition to the current focus on
inductive reasoning.
Smashing Silos With a Vulnerability Operations Center (VOC)
The responsibility for VM typically sits within the security operations center
(SOC). The SOC is, after all, the frontline defense against cyberthreats,
equipped with the tools, resources and processes to identify and mitigate
vulnerabilities. Yet this strategy comes with its pitfalls, as SOC teams are
already navigating a variety of responsibilities, from managing active threats
to threat hunting. Enter VOC, offering an approach that complements the SOC by
prioritizing prevention rather than just responding to incidents. This
collaboration between the two means that if the VOC discovers a log4j
vulnerability, for instance, the SOC team will be promptly notified. Then, the
response team can swoop in if prevention fails. A VOC lets organizations
manage vulnerabilities strategically and coherently, which ensures that the
most serious threats are handled systematically. This specialized entity
within an organization focuses on identifying, assessing and mitigating
vulnerabilities in IT systems and networks. It acts as a central hub for
vulnerability management, leveraging advanced tools and processes to
continuously monitor for security weaknesses and coordinate response
strategies.
Software Engineering, Startup Thinking
The challenge for organizations trying to adopt a more agile approach is that
there are often simply too many silos, not enough skilled people, and a
saturated technology market with too many tools. “Turning around a culture
like this that prohibits scale is time-consuming and takes on average, three
years to achieve,” he says. Given that the end goal of developing a more agile
approach is to generate untrammeled innovation across an organization, getting
the culture right is critical. ... Brial says he recommends fostering an
environment where cross-functional teams bring together individuals from
different departments like development, operations and security, to work
collaboratively toward a common goal. This requires cross-training, where team
members can gather knowledge and skills in areas beyond their core expertise.
Developers learn about infrastructure and operations, while operations
engineers gain insights into software development practices. “This
cross-pollination of skills builds an understanding and sense of empathy
between teams,” he says. Brial says every layer of an IT department should be
moving toward “everything” as code, noting provisioning and deploying any type
of software is costly, time-consuming and complex.
Logic bombs explained: Definition, examples, prevention
A logic bomb is a set of instructions embedded in a software system that, if
specified conditions are met, triggers a malicious payload to take actions
against the operating system, application, or network. The actual code that
does the dirty work, sometimes referred to as slag code, might be a standalone
application or be hidden within a larger program. ... The actual behavior of a
logic bomb can range widely. When it comes to the insider threats that make up
much of the logic bomb landscape, a few types of attack are particularly
common, including file or hard drive deletions, either as a ransom threat or
act of revenge, or data exfiltration, as part of a plan to use privileged
information in future employment. ... The best way to sniff out malicious code
that’s being embedded in your own software, either deliberately by a
disgruntled employee or inadvertently in the form of a third-party library, is
to bake secure coding practices, like those that are part of the DevSecOps
philosophy, into your development pipeline. These practices are meant to
ensure that any code passes security tests before it’s put into production,
and would prevent a lone wolf insider attacker from unilaterally changing code
in an insecure way.
Quote for the day:
"Each day you are leading by example.
Whether you realize it or not or whether it's positive or negative, you are
influencing those around you." -- Rob Liano
