December 28, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
The overall complexity and size of the digital payments industry make it extremely difficult to detect fraud. In this context, merchants and payment companies can introduce fraud monitoring and anti-fraud mechanisms that verify every transaction in real-time. The AI-based systems can take into account different aspects such as suspicious transactions, for example, amount, unique bank card token, user’s digital fingerprint, the IP address of the payer, etc., to evaluate the authenticity. Today, OTPs are synonymous with two-factor authentication and are thought to augment existing passwords with an extra layer of security. Yet, fraudsters manage to circumvent it every day. With Out-of-Band Authentication solutions in combination with real-time Fraud Risk management solutions, the service provider can choose one of many multi-factor authentication options available during adaptive authentication, depending on their preference and risk profile Just like 3D Secure, this is another internationally-accepted compliance mechanism that ensures that all the intermediaries involved in the payments system must take special care of the sensitive client information.?
There is no doubt that CI/CD pipelines have become a vital part of the modern development ecosystem that allows teams to get fast feedback on the quality of the code before it gets deployed. At least that is the idea in principle. The sad truth is that too often companies fail to fully utilize the fantastic opportunity that a CI/CD pipeline offers in being able to provide rapid test feedback and good quality control by failing to implement effective quality gates into their respective pipelines. A quality gate is an enforced measure built into your pipeline that the software needs to meet before it can proceed to the next step. This measure enforces certain rules and best practices that the code needs to adhere to prevent poor quality from creeping into the code. It can also drive the adoption of test automation, as it requires testing to be executed in an automated manner across the pipeline. This has a knock-on effect of reducing the need for manual regression testing in the development cycle driving rapid delivery across the project.
Of the different forms of technical debt, security and organizational debt are the ones most often overlooked and excluded in the definition. These are also the ones that often have the largest impact. It is important to recognize that security vulnerabilities that remain unmitigated are technical debt just as much as unfixed software defects. The question becomes more interesting when we look at emerging vulnerabilities or low-priority vulnerabilities. While most will agree that known, unaddressed vulnerabilities are a type of technical debt, it is questionable if a newly discovered vulnerability is also technical debt. The key here is whether the security risk needs to be addressed and, for that answer, we can look at an organization’s service level agreements (SLAs) for vulnerability management. If an organization sets an SLA that requires all high-level vulnerabilities be addressed within one day, then we can say that high vulnerabilities older than that day are debt. This is not to say that vulnerabilities that do not exceed the SLA do not need to be addressed; only that vulnerabilities within the SLA represent new work and only become debt when they have exceeded the SLA.
Security automation is the concept of automating security processes and tasks to ensure that your applications and systems remain secure and free from malicious threats. In the context of CI/CD, security automation ensures that your code is tested for vulnerabilities and other security issues before it gets deployed to production. In addition, by deploying security automation in your CI/CD pipeline, you can ensure that only code that has passed all security checks is released to the public/customers. This helps to reduce the risk of vulnerabilities and other security issues in your applications and systems. The goal of security automation in CI/CD is to create a secure pipeline that allows you to quickly and efficiently deploy code without compromising security. Since manual testing might take a lot of time and developers' time, many organizations are integrating security automation in their CI/CD pipeline today. ... Also, the introduction of AI/ML in the software development lifecycle (SDLC) is getting attention as the models are trained to detect irregularities in the code and give suggestions to enhance or rewrite it.
When comparing friction for customers with security accounts and practical security needs, one of the main challenges is convincing the revenue side of a business of the need for best practice from a security standpoint. Cybersecurity teams must demonstrate that the financial risks of not putting security in place - i.e., fraud, account takeover, reputation loss, regulatory fines, lawsuits, etc. - overwhelm the loss of revenue and abandonment of transactions on the other side. There are always costs associated with security systems, but comparing the costs associated with fraud to those of implementing new security measures will justify the purchase. There is a fine balance between having effective security and operating a business. Customers quickly become frustrated by jumping through hoops to log in, and the password route is unsustainable. It’s time to look at the relationship between security and authentication and develop solutions for both. Taking authentication to the next level requires thinking outside the box. If you want to implement an authentication strategy that doesn’t drive away customers, you need to make customer experience the focal point.
The speedy, colorful ghosts zooming their way around the maze greeted me as I stared at the screen of a Pac-Man machine, a part of the 'Never Alone: Video Games and Other Interactive Design' exhibit of the Museum of Modern Art in New York City. Using the tiniest amount of RAM and code, each ghost is programmed with its own specific behaviors, which combine to create the masterpiece work, according to Paul Galloway, collection specialist for the Architecture and Design Department. This was the first time I'd seen video games inside a museum, and I had come to this exhibit to see if I could glean some insight into technology through the lens of art. It's an exhibit that is more timely now more than ever, as technology has been absorbed into nearly?every facet of our lives both at work and at home -- and what I learnt is that our empathy with technology is leading to new kinds of relationships between ourselves and our robot friends. ... According to Galloway, the Never Alone exhibit is linked to an I?upiaq video game included in the exhibit called Never Alone (Kisima Ingitchuna).?