July 04, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
The breakneck pace of adoption has also resulted in a shortage of security experts who understand the overlapping, yet unique needs of the two industries. The cybersecurity sector has faced a shortage of skilled security professionals for most of its existence. Cloud solutions help mitigate this, because security can be integrated into the infrastructure and managed in a centralized place, Betz said. "Even then, financial institutions are still expected to conduct due diligence and oversight of third parties. This ability to evaluate security in a complex environment requires a high level of skill, which will continue to be highly sought-after, she said. Hiring and retraining existing staff to meet the volume of needed workers is a challenge too, in addition to the regulatory landscape wanting to force multi-cloud infrastructure for resiliency, Leach said. This means that a financial institution may be required to support multiple cloud service providers that operate differently and have different approaches to security assets.?
The process behind these benefits is also noteworthy. Most importantly, the notion of data decentralization is deceptively simple, and potentially revolutionary. Think of how IT consumerization has upended traditional technology implementation: Where IT specialists once made all the decisions on which tools to buy for business professionals and dictated how all that hardware and software was to be used, those end users now call the shots. They freely buy the devices they want and download the apps they like, then wait for IT to catch up. This provides enormous benefits. With data mesh we’re seeing similar movement toward data democratization. When line-of-business teams and other constituencies within the enterprise gain unprecedented access, and even ownership, of business data that was previously guarded, it accelerates collaboration and enables custom strategies to solve specific business problems. Data access also becomes simpler when interfaces and navigation are not just user-friendly but attuned to the priorities of specific functions, rather than having a more generic or enterprise-wide approach.
It’s important to avoid speaking technical jargon, but sometimes you’re asked to define a technical term or explain a technology. One approach both Puglisi and I recommend is to answer technical questions with analogies from your industry. We both worked in the construction industry, so, for example, we might help these executives understand Scrum in software development by comparing it to design-build and agile construction project methodologies. ... Sometimes you need a spark to create a sense of urgency, but don’t take this approach too far. I once heard a CISO say, “If you can’t convince the board, then scare them,” which might get a CISO a yes to an investment, but lose credibility over time. CISOs who are natural presenters and storytellers can connect with the board using these skills, but only if given sufficient time to use this approach. If presenting isn’t your best skill, or you only have a few minutes to present, storytelling may confuse directors, says Tony Pietrocola, president and co-founder of AgileBlue.?
领英推荐
Developers don’t want to write their code multiple times to run on different serverside runtimes, which they have to do today. It slows down development, increases the maintenance load and may put developers off supporting more platforms like Workers, Snell noted. Library and framework creators in particular are unhappy with that extra work. “They don’t want to go through all that trouble and deal with these different development life cycles on these different runtimes with different schedules and having to maintain these different modules.” That’s a disadvantage for the runtimes and platforms as well as for individual developers wanting to use tools like database drivers that are specifically written for one runtime or another, he pointed out. “We talk to developers who are creating Postgres drivers or MongoDB drivers and they don’t want to rewrite their code to fit our specific API. It would be great if it was an API that worked on all the different platforms.” WinterCG is trying to coordinate what Ehrenberg calls “a version of fetch that makes sense on servers” as well as supporting Web APIs like text encoder and the set timeout APIs in a compatible way across runtimes.
Article 6(1)(b) of the GDPR establishes that practice could only be justified on condition that if the data is not processed, the contract between the user and the service operator can’t be fulfilled. This contractual necessity for data processing is usually understood rather more narrowly. For example, it enables an online retailer to provide a customer’s address to a courier, which is clearly necessary data processing under the terms of the contract between the store and the customer. Meta had relied on Article 6(1)(b) as its main justification for data processing for targeted advertising by claiming that targeted advertising was part of the service it contractually owes its users – a clause it introduced as part of a change to its terms of service (ToS) made at the stroke of midnight on 25 May 2018, which is the precise second the GDPR first came into force. Max Schrems, founder of Austria-based data protection campaign group NOYB, argued that Meta seemed to have taken the view that it could just “add random elements” to the contract, i.e. its ToS, covering personalised advertising, to avoid offering users a yes or no consent option.
What AI is going to allow cloud to do is really kind of predict those changes that are needed. So instead of reacting to slowdowns because you’re running out of memory, you’re running out of processing power -- it could predict when those things are going to happen based on analyzing historical data and then it can allocate the resources dynamically. For a small organization or a small environment, it may not sound like a big task but as you’re thinking about these larger enterprises that might be running hundreds or thousands of servers that are all running different programs and they interact, if one thing goes down it can affect the rest of the ecosystem. It really is a very important aspect in being able to help make sure that everything is up and can be maintained. From a maintenance standpoint as well, it really tends to a very significant benefit. Right now, maintenance in general, in IT and cloud-based infrastructure, is largely reactive. There’s a problem, the user reports the problem, and someone from the IT department will then investigate the problem.
Realtor Associate @ Next Trend Realty LLC | HAR REALTOR, IRS Tax Preparer
1 年Well said.