January 04, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
The dynamics of AI-infusing a network organization will, as with many other forms of automation, center on four modes of interaction: offloading, reskilling, deskilling, and displacing. AI offloading means putting AI tools at the command of trained and experienced networking professionals to help them do their work. The idea is to make network pros more effective by allowing them to offload tasks that are repetitive, complex, time sensitive, or require extremely high levels of focused attention, but that are not creative. This is supposed to free these scarce and precious resources to do other, higher-level work instead, while paying minimal and supervisory attention to what the AI is doing. (Human attention is the most precious resource in any IT shop.) The network team doesn’t shrink, and its portfolio of services can even grow without the team also having to grow to make that possible. Reskilling allows network staff to be trained to move into other parts of IT or into entirely different kinds of jobs. It also encompasses the idea of using AI to help train new network staff up to proficiency.
Distributed SQL is the new way to scale relational databases with a sharding-like strategy that's fully automated and transparent to applications. Distributed SQL databases are designed from the ground up to scale almost linearly. ... In simple terms, a distributed SQL database is a relational database with transparent sharding that looks like a single logical database to applications. Distributed SQL databases are implemented as a shared-nothing architecture and a storage engine that scales both reads and writes while maintaining true ACID compliance and high availability. Distributed SQL databases have the scalability features of NoSQL databases—which gained popularity in the 2000s—but don’t sacrifice consistency. They keep the benefits of relational databases and add cloud compatibility with multi-region resilience. A different but related term is NewSQL (coined by Matthew Aslett in 2011). This term also describes scalable and performant relational databases. However, NewSQL databases don’t necessarily include horizontal scalability.
Although layoffs have dominated the conversation during the latter part of the year, evidence shows that the Great Resignation isn’t over yet. Online job site Hired found that attracting, hiring, and retaining top talent has proven to be difficult, citing employee burnout as a key challenge, placing the blame on rapid changes in the employment environment and angst over mass layoffs and hiring freezes. For companies yet to announce job cuts, Laman said that before any decision is made, organizations need to be sure they factor DE&I into decisions around layoffs. ... However, Williams argued that there's a lot of evidence to suggest that we pattern match when we try to spot potential, meaning that one of the really big risks from all these layoffs is that if you disproportionately have just one type of person represented at a leadership level making the decisions about who stays and who goes, they're not going to have understood or realize the potential of some people who look very different or are very different from them. Carver agrees, noting that being a good manager and being a good technologist are not one and the same, meaning people are often promoted despite lacking some necessary management skills.
领英推荐
Rising geopolitical tensions between China, Russia, and NATO allies are responsible for increased cybersecurity threats. This will lead to companies tightening security measures in 2023. With healthcare, financial, defense, and public utility sectors facing new threats from politically motivated bad actors, the organizations with cloud-based IT operations should consider employing “data geofencing” through contractual agreements with their cloud providers -- many of which store data in global data centers -- to ensure data is kept within designated regions due to national security concerns and local legal requirements. Organizations in highly regulated industries must be on high alert to protect data and websites against DDoS attacks and phishing expeditions. Data management and cybersecurity professionals should work together to devise and execute new strategies that “meet the moment” and mitigate the potential for critical customer and corporate data eventually winding up on the Dark Web. One way data teams can support company security policies is by “flipping the script” on data asset management.?
In the latest attack on PyTorch, the attacker used the name of a software package that PyTorch developers would load from the project's private repository, and because the malicious package existed in the PyPI repository, it gained precedence. The PyTorch Foundation removed the dependency in its nightly builds and replaced the PyPI project with a benign package, the advisory stated. ... Fortunately, because the torchtritan dependency was only imported into the nightly builds of the program, the impact of the attack did not propagate to typical users, Paul Ducklin, a principal research scientist at cybersecurity firm Sophos, said in a blog post. "We're guessing that the majority of PyTorch users won't have been affected by this, either because they don't use nightly builds, or weren't working over the vacation period, or both," he wrote. "But if you are a PyTorch enthusiast who does tinker with nightly builds, and if you've been working over the holidays, then even if you can't find any clear evidence that you were compromised, you might nevertheless want to consider generating new SSH key pairs as a precaution, and updating the public keys that you've uploaded to the various servers that you access via SSH."
Every business needs a secure way to collect, manage, and authenticate passwords. Unfortunately, no method is foolproof. Storing passwords in the browser and sending one-time access codes by SMS or authenticator apps can be bypassed by phishing. Password management products are more secure, but they have vulnerabilities as shown by the recent LastPass breach that exposed an encrypted backup of a database of saved passwords. For organizations with high security requirements, that leaves hardware-based login options such as FIDO devices. The FIDO (Fast Identity Online) standard is maintained by the FIDO Alliance and aims to reduce reliance on passwords for security. It does so by complementing or replacing them with strong authentication based on public-key cryptography. FIDO includes specs that take advantage of biometric and other hardware-based security measures, either from specialized hardware security gadgets or the biometric features built into most new smartphones and some PCs. That makes FIDO and other physical key or token methods more phishing resistant and harder for attackers to bypass.?