April 11, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
The proliferation of AI technologies is busting datacenter boundaries, as running data close to compute and storage capabilities often offers the best outcomes. No workload embodies this more than GenAI, whose large language models (LLMs) require large amounts of compute processing. While it may make sense to run some GenAI workloads in public clouds – particularly for speedy proof-of – concepts, organizations also recognize that their corporate data is one of the key competitive differentiators. As such, organizations using their corporate IP to fuel and augment their models may opt to keep their data in house – or bring their AI to their data – to maintain control. The on-premises approach may also offer a better hedge against the risks of shadow AI, in which employees’ unintentional gaffes may lead to data leakage that harms their brands’ reputation. Fifty-five percent of organizations feel preventing exposure of sensitive and critical data is a top concern, according to Technalysis Research. With application workloads becoming more distributed to maximize performance it may make sense build, augment, or train models in house and run the resulting application in multiple locations.?
There are a number of specific strengths inherent to deploying zero trust at the load balancer layer via SAML. Implementing zero trust at the load balancer layer allows organizations to enforce a unified access control mechanism for all applications. This ensures consistent security enforcement across diverse technological platforms, and extends to internal nodes policing East-West traffic or externally to cloud native service networking and partner APIs. Certificate management and rotation is a considerable pain point for cloud native applications, let alone for hybrid constellations of applications that might range from a few months old to 30 years old. Load balancers natively manage TLS certificates, offering a centralized point for efficient certificate management that is relatively application agnostic. This centralization not only eases the administrative burden but also enhances security by ensuring timely certificate renewal and efficient handling of encryption/decryption processes. By moving zero trust into an infrastructure point that is already integrated with all other parts of your infrastructure, this approach significantly reduces the complexity associated with modifying each application individually to align with zero trust principles.?
The first area of interest is with Copilot technologies in the context of integrated development environments that the company is already using. “First, we optimize the individual,” he says, using gen AI to make developers more productive. But it’s not about reducing headcount. “My issue isn’t that we have too many developers,” he says. “It’s how we can go faster. I have to compete harder on brain power in a market that’s growing quickly. I’m looking to turn every developer into the single most productive engineer on the team.” And even if the engineers do get dramatically more productive, he says, there’s a big backlog of work the company wants to get done. But just moving faster isn’t enough, he says. Without communication skills and the curiosity needed to find out why things are being done, those productivity benefits can easily go to waste. “I can produce 10 times more useless garbage,” he says. The company has three full-time people who create internal training materials, as well as vet third-party training providers. “We’ve actually made significant investments in learning and development across a variety of domains,” Merkel says. “Core leadership skills is one.”
领英推荐
As organizations weigh the cost of security solutions alongside the rising cost of experienced employees, some are electing to prioritize spending in other areas, forgoing software licenses in favor of third-party partnerships. While moving from an in-house security program to one that relies on outside partners can represent a significant shift in mentality for many organizations, a growing number have found that working with third-party experts can help them secure their systems in a more effective—and scalable—manner. As the threat landscape continues to evolve at a rapid pace, no longer having to track and account for each new development can free up substantial time and resources for organizations. Another factor driving organizations toward external partnerships is the challenge of application onboarding. Enterprises use a massive number of software solutions, cloud services, and other applications, and ensuring those applications are properly configured and protected can be a challenge. As data privacy and security regulations continue to arise in a wide range of jurisdictions, it’s increasingly critical for today’s businesses to clearly demonstrate that they are effectively managing and protecting data within their applications.
Chinese APTs have penetrated networks of companies providing goods and services to the defense sector, a leading equipment provider of 5G network equipment, and entities involved in wireless technology. Those compromised not only permit the pilfering of intellectual property, but China is also able to leverage their acquired knowledge or capability to continue to engage in both internal and external efforts to silence those in dissent of the current government. We have learned of the external effort largely through the various arrests and prosecutions of individuals, both Chinese nationals and those whom they have suborned to do their bidding. This effort has a moniker — Operation Fox Hunt. This operation was ordered created by President Xi Jinping in 2014. China has had varying degrees of success in its intimidation and coercion methodologies. FBI Director Christopher Wray described this operation as “a sweeping bid by Xi to target Chinese nationals who he sees are threats and who live outside of China, across the world. We’re talking about political rivals, dissidents, and critics seeking to expose China’s extensive human rights violations.”
As C-Suite leaders begin to understand GenAI, they are starting to uncover some questions: Which use cases will deliver the most value for my business? And how do we transition from a Proof of Concept (PoC) to full-scale implementation or enterprise-level deployment? A lot of the work currently remains in the PoC stage, though some industries are ahead of the curve, such as chatbots for HR and legal contracts, which have become relatively common. So, now what remains to be seen is how enterprises move toward widespread adoption by integrating GenAI into other business processes. To move from the PoC to the deployment stage, organizations must identify their strategy, as we covered earlier, as well as the use cases with high impact. Prioritizing these use cases based on their impact, cost, data readiness, and resistance to adoption is essential. Becoming familiar with the limitations and capabilities will also be important for decision-makers. A roadmap must be developed, and you must leave room for the possibility of failure. Once this is done, various PoCs and pilots can be launched, based on the problems an organization genuinely wants to solve. Additionally, transparency with your internal stakeholders is key.?