Is privacy being traded away in the name of innovation and security?
The adage is that if you collect it, you must protect it. Every CISO knows this,
and every instance where information is collected should have in place a means
to protect that information. With this thought in mind, John A. Smith, founder
and CSO of Conversant, proffered some thoughts which are easily
embraceable:Adhere to regulations and compliance requirements. Understand that
compliance isn’t enough. Measure your secure controls against current threat
actor behaviors. Change your paradigms. Remember that most breaches follow the
same high-level pattern. Smith’s comment about changing paradigms piqued my
interest and his expansion is worthy of taking on board, as a different way of
thinking. “Systems are generally open by default and closed by exception,” he
tells CSO. “You should consider hardening systems by default and only opening
access by exception. This paradigm change is particularly true in the context of
data stores, such as practice management, electronic medical records,
e-discovery, HRMS, and document management systems.” “How data is protected,
access controls are managed, and identity is orchestrated are critically
important to the security of these systems. ...”
Is 2024 the Year of Cloud Repatriation?
Security is one of them. At the same time that multi-cloud deployments are
showing signs of decline, concerns about security threats are on the rise. The
inability to achieve consistent security policies across multi-clouds topped the
list as a problem or extreme problem for 56% of the organizations surveyed in
2023 compared to just 26% in 2022. And security mistakes are costly. According
to the survey, downtime due to a successful application DDoS attack costs
organizations an average of $6,130 per minute. Other security areas respondents
ranked as problems or extreme problems included protection between platforms
(61% in 2023 vs. 38% in 2022), unified visibility (58% in 2023 vs. 41% in 2022)
and centralized management (46% in 2023 vs. 34% in 2022). Security is not,
however, the only factor causing companies to rethink their security strategies
and move applications and data back on-premise. Other considerations include:
Cost management: While the cloud’s pay-as-you-go model can be cost-effective for
variable workloads, it can lead to unexpected expenses when usage spikes. Where
predictable workloads are concerned, it can be more cost-efficient to invest in
on-premise infrastructure over the long term, rather than paying ongoing cloud
service fees.
Data Mesh 101: What It Is and Why You Should Care
With the disaggregation of the data stack and profusion of tools and data
available, data engineering teams are often left to duct-tape the pieces
together to build their end-to-end solutions. The idea of the data mesh, first
promulgated by Zhamak Dehghani a few years back, is an emerging concept in the
data world. It proposes a technological, architectural, and organizational
approach to solving data management problems by breaking up the monolithic data
platform and de-centralizing data management across different domain teams and
services. In a centralized architecture, data is copied from source systems into
a data lake or data warehouse to create a single source of truth serving
analytics use cases. This quickly becomes difficult to scale with data discovery
and data version issues, schema evolution, tight coupling, and a lack of
semantic metadata. The ultimate goal of the data mesh is to change the way data
projects are managed within organizations. This enables organizations to empower
teams across different business units to build data products autonomously with
unified governance principles. It is a mindset shift from centralized to
decentralized ownership, with the idea of creating an ecosystem of data products
built by cross-functional domain data teams.
The Impact of Open-Source Software on Public Finance Management
The most obvious benefit of OSS is that it’s often free or at least low-cost.
Software is the fastest-growing government IT spending category, so switching to
a more affordable platform could yield significant savings. Government saving
aside, open public finance solutions could reduce the financial burden on
consumers. Consider how many U.S. citizens spend hundreds of dollars a year on
tax preparation services, which typically use proprietary software. A free or
low-cost open-source alternative could dramatically reduce this spending, making
tax filing more affordable. ... Public finance agencies also introduce more
transparency by embracing OSS. The Consumer Financial Protection Bureau (CFPB) —
an early leader in government OSS in the U.S. — cites this visibility as the key
driver of its open-source philosophy. The Bureau even runs a public GitHub page
to provide developers with OSS tools and show consumers how their platforms
work. Accountability is essential for government financial agencies like the
CFPB. Consumers can only trust the office enforces regulations fairly and is
truly open about its comparisons and advice when they understand how it
approaches these issues.
9 traits of great IT leaders
Although it’s true that leading, which is about visioning, is not synonymous
with managing, aka accomplishing tasks, true IT leaders are indeed “great at the
business of IT,” says Eric Bloom, executive director of the IT Management and
Leadership Institute and part of the Society for Information Management (SIM)
Leadership Institute. In other words, they excel at managing IT budgets,
projects, staffing needs, and so on. They have some, although not deep,
understanding of the various technologies within their IT portfolios. And they
understand how IT interrelates with cybersecurity and the other functional areas
of their organizations. ... Furthermore, CIOs now must engage a wider spectrum
of stakeholders, from their own IT teams to business project owners to their
C-suite peers, the CEO, board members, and sometimes even outside customers and
partners. And they are expected to brief each group on their technical roadmap
and vision in ways that each and every one of those groups can understand and
embrace. All that, Bloom says, requires the CIO to formulate much more
intentional and deliberate interactions because “you could come up with the best
vision for IT, but if you can’t articulate it to those you want to motivate, it
will fall on deaf ears.”
Ask a Data Ethicist: Can We Trust Unexplainable AI?
Similar to the term AI, ethics also covers a whole range of issues and depending
on the particular situation, certain ethical concerns can become more or less
prominent. To use an extreme example, most people will care less about their
privacy in a life and death situation. In a missing person situation, the
primary concern is locating that person. This might involve using every means
possible to find them, including divulging a lot of personal information to the
media. However, when the missing person is located, all of the publicity about
the situation should be removed. The ethical question now centers on ensuring
the story doesn’t follow the victim throughout their life, introducing possible
stigma. ... In order for a person to exercise their agency and to be held
accountable as a moral agent, it’s important to have some level of understanding
about a situation. For example, if a bank denies a loan, they should provide the
applicant with an explanation as to how that decision was made. This ensures it
wasn’t based on irrelevant factors (you wore blue socks) or factors outside a
person’s control (race, age, gender, etc.) that could prove
discriminatory.
Digital experience becomes new boardroom metric
“In our survey, we learned that 94% of the respondents in their own experience
have experienced really poorly performing applications. And then out of that,
70% of respondents said that they are more likely to proactively keep using
digital services that don’t perform, so the tolerance is very low for
experiences that are not world-class, seamless and immediate.” Chintan Patel,
Cisco UK and Ireland chief technology officer, said the new experience economy
was definitely something hugely top of mind to firms in terms of how they
deliver services to their customers and employees. “We have genuinely moved,
especially since the pandemic, from this bricks-to-clicks type of motion, and
our attention span has changed as well as consumers’. CEOs are absolutely aware
of this intimately, how they’re building services, because what they’re seeing
is that people have a far greater propensity to change applications, change
providers, if the service isn’t met. I think the survey underlines that in terms
of 54% of people having deleted more apps in the past year than they’ve
installed, and partly because of the type of service or experience they’ve
received or not received.
Integrating cybersecurity into vehicle design and manufacturing
The first challenge is in the supply chain, not just in terms of who provides
the software; the issue penetrates each layer. Automakers need to understand
this from a risk management perspective to pinpoint the onset and location of
each specific risk. Suppliers must be involved in this process and continue to
follow guidelines put in place by the automaker. The second challenge involves
software updating. As technology continues to evolve and more features are
added, cybercriminals find new ways to exploit flaws and gaps in systems that we
may not have been aware of because of the newness of the technology. Regular
software updates must be administered to products to patch holes in systems,
improve existing vulnerabilities and improve product performance. In order to
address these challenges, automakers need to conduct an initial risk assessment
to understand what kind of threats and the type of threat actors are active
within each layer of the product and supply chain in the automotive industry.
From the experience gained from the initial risk assessment, a procedure must be
put in place to ensure each internal and external employee and supplier knows
their role in maintaining security at the company.
Startups pursue GPU alternatives for AI
The pitch the GPU-alternative vendors are making is that they have built a
better mousetrap. “You will find that the GPU does a good job as far as general
training for a broad range of things, and you can learn how to deploy them very,
very quickly,” said Rodrigo Liang, co-founder and CEO of SambaNova Systems. “As
you get into these really, really large models, you start to see some
deficiencies. When you get to the size of GPT, you’re needing to run thousands
of these chips. And ultimately, those chips are not running at great
efficiency.” James Wang, senior product marketing manager at Cerebras Systems,
echoes the legacy design sentiment and says that the GPU chip is simply too
small. Its chip, the Wafer-Scale Engine-2 (WSE-2), is the size of an album
cover. Whereas the Hopper GPU has a few thousand cores, WSE-2 has 850,000 cores,
and the company claims 9,800 times the memory bandwidth of the GPU. “The amount
of memory determines what how large-scale of a model you can train,” said Wang.
“So if your starting point is a GPU, the maximum you can have is geared toward
the size of the GPU and the accompanying memory. If you want to go larger, that
problem becomes much more difficult. And you basically have to program around
all the weak points of the GPU.”
It's time to break free from Corporate Agile
To get an indication of the price we pay to do Corporate Agile, let’s review the
time spent to perform a typical process. I’ll take a Scrum team as an example,
making a few simplifications to make measures easy to follow. Our hypothetical
team consists of 7 Developers doing 1-week sprints. They have four team meetings
each sprint: Refinement, Planning, Retrospective and Review. We’ll assume each
meeting takes one hour, totalling four hours a week per person. That's 28
person-hours spent each week “doing Scrum” instead of doing work that directly
benefits customers, and we’re not even counting the Daily. Now add the overhead
of a professional scrum master, dedicated product owner, and layers of
management between the team and its real stakeholders. ... What did they gain?
In my experience, efforts toward backlog grooming, task refinement, and sprint
planning rarely yield noticeable benefits except to make work fit in a box. ...
For those currently in Scrum teams, ask yourself which would make your products
more awesome: These meetings? Another engineer, designer, artist or domain
expert? Budget for tools, services or runway? A few hours to relax and
recharge?
Quote for the day:
"You may only succeed if you desire
succeeding; you may only fail if you do not mind failing." --
Philippos
