July 23, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | BU Soft Tech | itTrident | Former Sr. VP & CTO of MF Utilities
Streamlining GRC workflows and integrating various components of the technology stack can significantly enhance efficiency. Apache Airflow is an open-source workflow automation tool that orchestrates complex data pipelines and automates GRC processes, leading to substantial efficiency gains. Apache Camel facilitates integration between different system components, ensuring smooth data flow across the technology stack. Additionally, robotic process automation (RPA) can be implemented using open-source platforms like Robot Framework. These platforms automate repetitive tasks within GRC processes, further enhancing operational efficiency and allowing human resources to focus on more strategic activities. By leveraging these open-source tools and techniques, organizations can build a robust infrastructure to support GenAI and RAG in their GRC processes, achieving enhanced efficiency, accuracy, and strategic insights. ... Traditional approaches are labour-intensive and prone to human error, leading to inefficiencies and increased compliance risks. By contrast, GenAI and RAG can streamline processes, reduce the burden on human resources, and provide timely and accurate information for strategic planning.?
AI raises two fundamental transparency concerns that have gained in salience with the spread of generative AI. First, the interaction with AI systems increasingly resembles human interaction. AI is gradually developing the capability of mimicking human output, as evidenced by the flurry of AI-generated content that bears similarities to human-generated content. The “resemblance concern” is thus that humans are left guessing: Is an AI system in use? Second, AI systems are inherently opaque. Humans who interact with AI systems are often in the dark about the factors and processes underlying AI outcomes. The “opacity concern” is thus that humans are left wondering: How does the AI system work? ... Regulatory divergence presents a unique opportunity for governments to learn from each other. Governments can draw from the expertise accumulated by national regulators and other governments that are experimenting to find effective AI rules. For example, governments looking to establish information rights can learn from Brazil’s precise elaboration of information to be disclosed, South Korea’s detailed procedure for requesting information, and the EU’s unique exception mechanisms.
CIOs sitting on mounting technical debt must turn paranoia into action plans that communicate today’s problems and tomorrow’s risks. One approach is to define and seek agreement of non-negotiables with the board and executive committee, outlining criteria of when upgrading legacy systems must be prioritized above other business objectives. ... CIOs should be drivers of change — which can create stress — while taking proactive and ongoing steps to reduce stress in their organization and across the company. The risks of burnout mount because of higher business expectations of delivering new technology capabilities, leading change management activities, and ensuring systems are operational. CIOs should promote ways to disconnect and reduce stress, such as improving communications, simplifying operations, and setting realistic objectives. ... “When considering the growing number of global third parties organizations need to collaborate with, protecting the perimeter with traditional security methods becomes ineffective the moment the data leaves the enterprise,” says Vishal Gupta, CEO & co-founder of Seclore.
领英推荐
A common misconception is that AI infrastructure can just be built to the NVIDIA DGX reference architecture.?But that is the easy bit and is the minimum viable baseline. How far organizations go beyond that is the differentiator. AI cloud providers are building highly differentiated solutions through the application of management and storage networks that can dramatically accelerate the productivity of AI computing. ... Another important difference to note with regards AI architecture versus traditional storage models is the absence of a requirement to cache data. Everything is done by direct request. The GPUs talk directly to the disks across the network, they don't go through the CPUs or the TCP IP stack. The GPUs are directly connected to the network fabric. They bypass most of the network layers and go directly to the storage. It removes network lag. ... Ultimately, organisations should partner with a provider they can rely on. A partner that can offer guidance, provide engineering and support. Businesses using cloud infrastructure are doing so to concentrate on their own core differentiators.?
“If data is in multiple places, that is increasing your cost,” points out Chris Pierson, founder and CEO of cybersecurity company BlackCloak. Enterprises must also consider the cost of maintenance, which could include engineering and program analyst time. Beyond storage and maintenance costs, data also comes with the potential cost of risk. Threat actors constantly look for ways to access and leverage the data safeguarded by enterprises. If they are successful, and many are, enterprises face a cascade of potential costs. ... Once an enterprise is able to wrap its arms around data governance, leaders can start to ask questions about what kind of data can be deleted and when. The simple answer to the question of how much is too much boils down to value versus risk. “Start with the fundamental question: What does the company get from the data? Does it cost more to store and protect that data than the data actually provides to the organization?” says Wall. When it comes to retention, consider why data is being collected and how long it is needed. “If you don't need the data, don't collect it. That should always be the first fundamental rule,” says Pierson.
When your team is ready to add security earlier in the development process, we suggest introducing 'guardrails' into their workflow. Guardrails, unlike wholly new processes, can slide into place unobtrusively, providing warnings about potential security issues only when they are actionable and true positives. Ideally, you want to minimize friction and enable developers to deliver safer, better code that will pass tests down the line. One tool that is almost universal across development and DevOps teams is Git. With over 97% of developers using Git daily, it is a familiar platform that can be leveraged to enhance security. Built directly into Git is an automation platform called Git Hooks, which can trigger just-in-time scanning at specific stages of the Git workflow, such as right before a commit is made. By catching issues before making a commit and providing direct feedback on how to fix them, developers can address security concerns with minimal disruption. This approach is much less expensive and time-consuming than addressing issues later in the development process. This can actually increase the time spent on new code by reducing the amount of maintenance that eventually needs to be done.