April 28, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
"Data is on a logarithmic curve; for every amount of data that I have next year, it's probably 2.5 times more than the amount of data I had this year," he says. "We're data hoarders, for lack of a better term; no one wants to get rid of people's information who have signed up to websites and forums and everything else, so we have this enormous data sprawl. That, in turn, leaves behind security blind spots." Further adding to the challenge is the fact that some data is of course more sensitive than other information, and some information doesn't need protecting at all, Rushing points out. And there's dynamism in terms of defining appropriate security levels as data ages. He uses a product launch to illustrate his point. "With a product release, we start off with a situation where no one knows about it, everything's embargoed, and you're protecting this important intellectual property," he explains. "And the next thing you know, it's released for public consumption. And it's suddenly not top secret anymore, in fact, you want the whole world to know about it."
Data clean rooms as we know them today represent the first phase in leveraging “clean data.” User privacy is protected, while advertisers retain access to the necessary information. This model is now being extended and expanded upon in the enterprise. It is no longer about just protecting personal data. Companies need to act fast on data-derived insights, and therefore cannot compromise efficiency and collaborative abilities. They need truly comprehensive and dynamic data-sharing capabilities that can be quickly configured with little code and setup. ... As one of the key reasons for data clean rooms is the expanding IoT, businesses increasingly find themselves needing to demonstrate the provenance and veracity of their IoT data for business transactions or regulatory requirements. A data clean room must provide a single pane of glass for the trust and protection of IoT devices, the data they transmit and their data operations. This will require the need to authenticate IoT devices, protect the data as it travels from the device to the cloud and back to the device, and provide additional data points for audits.
For years, Apache Cassandra has been solving big data challenges such as horizontal scaling and geolocation for some of the most demanding use cases. But one area, distributed transactions, has proven particularly challenging for a variety of reasons. It’s an issue that the Cassandra community has been hard at work to solve, and the solution is finally here. With the release of Apache Cassandra version 5.0, which is expected later in 2023, Cassandra will offer ACID transactions. ACID transactions will be a big help for developers, who have been calling for more SQL-like functionality in Cassandra. This means that developers can avoid a bunch of complex code that they used for applying changes to multiple rows in the past. ... The advantage of ACID transactions is that multiple operations can be grouped together and essentially treated as a single operation. For instance, if you’re updating several points of data that depend on a specific event or action, you don’t want to risk some of those points being updated while others aren’t. ACID transactions enable you to do that.
领英推荐
The report also found that general misunderstandings in common cyber risk terminology could be a deterrent in developing effective strategies and communicating risk to company leadership. Cyberattacks have been increasing for several years now and resulting data breaches cost businesses an average of $4.35 million in 2022, according to an IBM report. Given the financial and reputational consequences of cyberattacks, corporate board rooms are putting pressure on CISOs to identify and mitigate cyber/IT risk. Yet, despite the new emphasis on risk management, business leaders still don’t have a firm grasp on how cyber risk can impact different business initiatives—or that it could be used as a strategic asset and core business differentiator. To better understand the current cybersecurity and IT risk challenges companies are facing, as well as steps executives are taking to combat risk, RiskOptics fielded a survey of 261 U.S. InfoSec and GRC leaders. Respondents varied in job level from manager to the C-Suite and worked across various industries.
The Spotify model is just the autonomous scaling of agile, as hinted at in the paper’s name. It’s based on agile principles and unique features specific to Spotify’s organizational structure. This framework became wildly popular and was dubbed the “Spotify model,” with Henrik Kniberg credited as the inventor. ... Every other company wanted to adopt this framework for themselves. Spotify enjoyed a reputation for being innovative, and people assumed that if this framework worked so well for Spotify, it must also work great for them. Companies began to feel as if this framework was perfect, but nothing is perfect Spotify has changed its practices and ways of working over time — adapting its strategies and methodologies to changes in the market, user preferences, and more. The Spotify model itself was built with the company’s culture, values, and organizational structure in mind, with the ultimate goal of promoting cross-collaboration and innovation. As a result, it’s not a one-size-fits-all — the Spotify model was built around a foundation the company had already laid out.
Knowing that credentials are a key target for malicious actors, utilizing techniques such as identity federation and single sign-on can mitigate the potential for identity sprawl, local accounts, and a lack of identity governance. This may involve extending SSO across internal systems and also externally to other systems and business partners. SSO also brings the benefit of reducing the cognitive load and burden on users by allowing them to use a single set of credentials across systems in the enterprise, rather than needing to create and remember disparate credentials. Failing to implement identity federation and SSO inevitably leads to credential sprawl with disparate local credentials that generally aren’t maintained or governed and represent ripe targets for bad actors. SSO is generally facilitated by protocols such as SAML or Open ID Connect (OIDC). These protocols help exchange authentication and autorization data between entities such as Identity Providers (IdP)’s and service providers.?
Thanks for Sharing! ?? Kannan Subbiah
Realtor Associate @ Next Trend Realty LLC | HAR REALTOR, IRS Tax Preparer
1 年Thanks for Sharing.