April 30, 2021
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Tech to the aid of justice delivery
Obsolete statutes which trigger unnecessary litigation need to be eliminated as they are being done currently with over 1,500 statutes being removed in the last few years. Furthermore, for any new legislation, a sunset review clause should be made a mandatory intervention, such that after every few years, it is reviewed for its relevance in the society. A corollary to this is scaling decriminalisation of minor offences after determining as shown by Kadish SH in his seminal paper ‘The Crisis of Overcriminalization’, whether the total public and private costs of criminalisation outweigh the benefits? Non-compliance with certain legal provisions which don’t involve mala fide intent can be addressed through monetary compensation rather than prison time, which inevitably instigates litigation. Finally, among the plethora of ongoing litigations in the Indian court system, a substantial number are those that don’t require interpretation of the law by a judge, but simply adjudication on facts. These can take the route of ODR, which has the potential for dispute avoidance by promoting legal education and inducing informed choices for initiating litigation and also containment by making use of mediation, conciliation or arbitration, and resolving disputes outside the court system.
Leading future-ready organizationsTo break through these barriers to Agile, companies need a restart.
They need to continue to expand on the initial progress they’ve made but focus on implementing a wider, more holistic approach to Agile. Every aspect of the organization must be engaged in an ongoing cyclical process of “discover and evaluate, prioritize, build and operate, analyze…and repeat.” ... Organizations that leverage digital decoupling are able to get on independent release cycles and unlock new ways of working with legacy systems. Based on our work with clients, we’ve seen that this can result in up to 30% reduction in cost of change, reduced coordination overhead, and increased speed of planning and pace of delivery. ... In our work with clients, we see firsthand how cross-functional teams and automation of application delivery and operations contributes to increased pace of delivery, improved employee productivity, and up to 30% reduction in deployment time. Additionally, scaling DevOps enables fast and reliable releases of new features to production within short iterations and includes optimizing processes and upskilling people, which is the starting point for a collaborative and liquid enterprise. .... Moving talent and partners into a non-hierarchal and blended talent sourcing and management model can result in 10-20% increase in capacity.
F5 Big-IP Vulnerable to Security-Bypass Bug
The vulnerability specifically exists in one of the core software components of the appliance: The Access Policy Manager (APM). It manages and enforces access policies, i.e., making sure all users are authenticated and authorized to use a given application. Silverfort researchers noted that APM is sometimes used to protect access to the Big-IP admin console too. APM implements Kerberos as an authentication protocol for authentication required by an APM policy, they explained. “When a user accesses an application through Big-IP, they may be presented with a captive portal and required to enter a username and password,” researchers said, in a blog posting issued on Thursday. “The username and password are verified against Active Directory with the Kerberos protocol to ensure the user is who they claim they are.” During this process, the user essentially authenticates to the server, which in turn authenticates to the client. To work properly, KDC must also authenticate to the server. KDC is a network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain.
4 Business Benefits of an Event-Driven Architecture (EDA)
Using an event-driven architecture can significantly improve developmental efficiency in terms of both speed and cost. This is because all events are passed through a central event bus, which new services can easily connect with. Not only can services listen for specific events, triggering new code where appropriate, but they can also push events of their own to the event bus, indirectly connecting to existing services. ... If you want to increase the retention and lifetime value of customers, improving your application’s user experience is a must. An event-driven architecture can be incredibly beneficial to user experience (albeit indirectly) since it encourages you to think about and build around… events! ... Using an event-driven architecture can also reduce the running costs of your application. Since events are pushed to services as they happen, there’s no need for services to poll each other for state changes continuously. This leads to significantly fewer calls being made, which reduces bandwidth consumption and CPU usage, ultimately translating to lower operating costs. Additionally, those using a third-party API gateway or proxy will pay less if they are billed per-call.
Gartner says low-code, RPA, and AI driving growth in ‘hyperautomation’
Gartner said process-agnostic tools such as RPA, LCAP, and AI will drive the hyperautomation trend because organizations can use them across multiple use cases. Even though they constitute a small part of the overall market, their impact will be significant, with Gartner projecting 54% growth in these process-agnostic tools. Through 2024, the drive toward hyperautomation will lead organizations to adopt at least three out of the 20 process-agonistic types of software that enable hyperautomation, Gartner said. The demand for low-code tools is already high as skills-strapped IT organizations look for ways to move simple development projects over to business users. Last year, Gartner forecast that three-quarters of large enterprises would use at least four low-code development tools by 2024 and that low-code would make up more than 65% of application development activity. Software automating specific tasks, such as enterprise resource planning (ERP), supply chain management, and customer relationship management (CRM), will also contribute to the market’s growth, Gartner said.
When cryptography attacks – how TLS helps malware hide in plain sight
Lots of things that we rely on, and that are generally regarded as bringing value, convenience and benefit to our lives…can be used for harm as well as good. Even the proverbial double-edged sword, which theoretically gave ancient warriors twice as much fighting power by having twice as much attack surface, turned out to be, well, a double-edged sword. With no “safe edge” at the rear, a double-edged sword that was mishandled, or driven back by an assailant’s counter-attack, became a direct threat to the person wielding it instead of to their opponent. ... The crooks have fallen in love with TLS as well. By using TLS to conceal their malware machinations inside an encrypted layer, cybercriminals can make it harder for us to figure out what they’re up to. That’s because one stream of encrypted data looks much the same as any other. Given a file that contains properly-encrypted data, you have no way of telling whether the original input was the complete text of the Holy Bible, or the compiled code of the world’s most dangerous ransomware. After they’re encrypted, you simply can’t tell them apart – indeed, a well-designed encryption algorithm should convert any input plaintext into an output ciphertext that is indistinguishable from the sort of data you get by repeatedly rolling a die.
Read more here ...