November 28, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
One of the more intense aspects of the audit was the testing of our incident response plan. We had to provide records of past incidents, how they were handled, and the lessons learned. Moreover, the auditors conducted tabletop exercises to assess our preparedness for potential future security events. After weeks of evaluation, the auditors presented their findings. We excelled in some areas, such as in our encryption of sensitive data and our robust user authentication systems. However, they also identified areas for improvement, like the need for more granular access controls and enhanced monitoring of system configurations. Post-audit, we were given a roadmap of sorts--a list of recommendations to address the identified deficiencies. This phase was dedicated to remediation, where we worked diligently to implement the auditors’ suggestions and improve our systems. Reflecting on the transformative impact of SOC 2 certification, L+R has discerned a profound shift in the dynamics of client engagement and internal processes. SOC 2 certification transcends the realm of compliance, fostering enriched dialogues, bolstering trust, and catalyzing decision-making at the executive level.
The first of these is a management take on something that's already becoming visible in a broader way: absorbing the network into something else. Companies have said for years that the data center network, the LAN, is really driven by data center hardware/software planning and not by network planning. They're now finding that a broader use of hybrid cloud, where the cloud becomes the front-end technology for application access, is pulling the WAN inside the cloud. The network, then, is becoming less visible, and thus explicit network management is becoming less important. ... The second development gaining attention is being proposed by a number of vendors, the largest being Nokia. It envisions using "digital twin" technology, something most commonly associated with IoT and industrial metaverse applications, to construct a software model of the network based on digital twins of network devices. With this approach, the network becomes in effect an industrial system, and potentially could then be monitored and controlled by tools designed for industrial IoT and industrial metaverse deployments.?
The Business Architect, just like the Solution Architect, is a business technology strategist. The delivery of technology driven business value is core to their professional capability and career. So for that purpose they share a set of skills/competencies, language, professional goals, and experiences with each other. Any other method of architecture has been shown to fail. Without the shared capabilities and focus the team quickly begins to cannibalise its own value proposition to the enterprise and argue about baseline definitions, purpose and ownership. The level of team synergy and shared community is one of the most important first steps to a mature architecture practice. With that in place the Business and Solution Architects work very well together and in alignment with the EA from strategy through execution to measured value. Business Architects must focus on program level outcomes, those that are scoped at the business capability and/or department or region level. These levels are where real business goals and measurements occur and stand closest to the customer while retaining executive authority.
领英推荐
One of the most appealing aspects of underwater data centers is their proximity to large population centers. Around half of the world’s population lives within 125 miles of a coastal area. Situating data centers near coastal population centers would allow for lower latency and more efficient handling of data. This would increase speeds for various digital services. Perhaps counterintuitively, the servers themselves might also benefit from being dropped in the drink. The inert gases and liquids used to fill underwater data centers are less corrosive than ambient air, leading to longer lifespans for the equipment. The servers are also protected from possible human damage incurred by everyday movement -- people banging into them, dropping them, or accidentally unplugging them. Placing a data center pod or retrieving it for maintenance is fairly simple, according to Subsea Cloud’s Williams. “Let's say the water is 100 meters deep. It's just an hour an hour job. If it’s 3,000 meters deep, it will probably take five or six hours to get the pod down.”
Contributing to the general lack of data about data is complexity. There are many places in the enterprise where data spend happens. Individual business units buy data from third parties, for example. Taking enterprise-wide inventory of all the data feeds being purchased and getting an accurate picture of how all that purchased data is being put to use would be a good first step. The reality is that a significant portion of the data sloshing about modern enterprises is replicated in multiple locations, poorly classified, idiosyncratically defined, locked in closed platforms, and trapped in local business processes. Data needs to be made more liquid in the way of an asset portfolio — that is, transformed to ease data asset reuse and recombination. ... Traditionally business schools have avoided data as a topic, pumping out business leaders who erroneously feel that data is someone else’s job. I recall the mean-spirited dig at early career Harvard Business School alums expecting their assistants to bring in the day’s work arrayed as a case study — that is, a crisp 20-page synopsis of all the relevant issues.
Look inward and optimize. Companies need to understand what inside their networks and data is most attractive and most vulnerable to attackers. Get visibility into what you have, calculate the value of your tools, and use the information to move forward. Understanding risk by gaining full visibility into what you already have can allow companies to communicate better with investors and the public in the case of an attack or breach. For example, they will be able to give clear information about the impact (or lack of impact) on the business when an attack occurs and lay out clear steps for remediation, not having to guess the next best course of action. ... It is important to remember that the goal is not to buy more tools to chase the growing number of vulnerabilities that experts find every day, but to protect the assets that are most relevant to overall vital business operations and limit the fallout of inevitable cyber incidents. By attaching a dollar value to the cyber risks the organization is up against, you will be in a much better position to discuss your security plan and budgetary needs.