November 02, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Hansson argues that the cloud at one point made sense for his business, but no longer does. “Yet by continuing to operate in the cloud, we're paying an at times almost absurd premium for the possibility that it could (be needed). It's like paying a quarter of your house's value for earthquake insurance when you don't live anywhere near a fault line,” Hansson wrote. “We're paying over half a million dollars per year for database (RDS) and search (ES) services from Amazon. Yes, when you're processing email for many tens of thousands of customers, there's a lot of data to analyze and store, but this still strikes me as rather absurd. Do you know how many insanely beefy servers you could purchase on a budget of half a million dollars per year?” He then addressed the “but you need to pay people to manage those servers” issue. “Anyone who thinks running a major service like HEY or Basecamp in the cloud is simple has clearly never tried," he said. "Some things are simpler, others more complex, but on the whole, I've yet to hear of organizations at our scale being able to materially shrink their operations team just because they moved to the cloud.”
Adopt and Demonstrate a Proactive Mindset - At first, this may seem like an obvious reiteration of an accepted business practice. However, organizations take this lightly far too often. A CEO’s direct involvement with cybersecurity practices must herald noticeable changes. This should be most evident in an organization's mindset towards implementing any proposed transformations. All policies enacted should reflect an active privacy and security governance model that adopts a proactive approach to resolving and mitigating all security challenges rather than relying on a reactive response. ... Conduct Rigorous Assessments -?A critical practice that most organizations often shy away from is implementing a consistent assessment regime that thoroughly evaluates systems and mechanisms to ensure cybersecurity standards are up to par. Yes, it’s a monotonous job, which may be why most organizations often overlook the simple fact that it is not enough just to have sufficient measures and mechanisms in place. It is equally important to ensure that these measures are cross-checked and regularly run through assessments validating their effectiveness.
In the bad old days of on-premises data centers, if you bought a server, you owned it. No matter how generous the discount you negotiated with your hardware vendor, once they sold it to you, it really didn’t matter how little you made the CPU spin—they weren’t going to give you any money back. Fast forward to the days of cloud computing, by contrast, and it’s a fundamental principle that you pay for what you use. Use less, pay less. Does this mean enterprises may elect to use fewer cloud computing resources in a downturn? Of course it does. Is that a good thing? Absolutely. Why? Because it’s a customer-centric view rather than a vendor-centric view. Each of the cloud providers understands this, which is why their executives were united in praising, not lamenting, the ability of customers to spend less when times are hard. Alphabet/Google CEO Sundar Pichai introduced this theme, arguing that “the long-term trends that are driving cloud adoption continue to play an even stronger role during uncertain macroeconomic times.” Namely, cloud yields flexibility for enterprises to scale up or down based on their needs.
领英推荐
In addition to compromising MFA platforms and tricking employees into approving illegitimate access requests, attackers are also using adversary-in-the-middle attacks to bypass MFA authentication, according to a report released by Microsoft’s Threat Intelligence Center this summer. More than 10,000 organizations have been targeted by these attacks over the past year, which work by waiting for a user to successfully log into a system, then hijacking the ongoing session. “The most successful MFA cyber-attacks are based in social engineering, with all types of phishing being the most commonly used,” said Walt Greene, founder and CEO at consulting firm QDEx Labs. “These attacks, when carried out properly, have a fairly high probability of success to the unsuspecting user.” It’s clear that MFA alone is no longer enough and data center cybersecurity managers need to start planning ahead for a post-password security paradigm. Until then, additional security measures should be put in place to strengthen access controls and limit lateral motion through data center environments.
Web3 is all about leveraging assets — tokens or NFTs — to create systems of incentives to deliver products and services in ways that are more automated, trusted, and permission-minimized. You can’t have DeFi, identity solutions, or Decentralized Autonomous Organizations (DAOs) without assets that grant some form of rights or responsibilities when participating in a network. But building an asset in today’s Web3 is the same as setting up your own web infrastructure in the early 2000s; everyone is doing everything themselves. To catalyze Web3 adoption, developers must be able to leverage (and improve upon) the work others have done so far. Due to needing to copy-paste code, developers can’t easily reuse others’ code on-ledger. The result is redundant code clogging networks, leading to increased transaction costs and billions of dollars of security breaches. Then comes the aspect of composability, the feature that allows for interconnected decentralized applications and protocols.?
Microlearning is a verifiable way to pick up new data science skills in less than 10 minutes per day. Developing this habit is a great way to keep you interested in advancing your skills as a data scientist by picking up new technologies or ways of doing things. Medium, Reddit, Substack, and various podcasts (see below) are great sources of information about new advances in data science that may inspire you to try learning something new. The key for adult learners is to keep the learning short and pointed toward a specific, tangible goal. This means keeping the learning to short 10-minute blocks with objectives that are easily achievable within that time. Not only does this keep you motivated to keep moving forward in your studies because of the short time they take to complete but they also ensure that you’re advancing your skills after a study session. Furthermore, it doesn’t seem like a hardship to complete a habit that takes less time than you need for a coffee break. In my experience, taking 10 minutes a day to work on a skill doesn’t provide huge gains immediately, but compounds slowly over time to produce something you can be proud of at the end of a year.