October 03, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Multiple teams often wait for their turn to test features in staging. This creates bottlenecks. The pressure on teams to share resources can severely delay releases, as they fight for access to the staging environment. Developers who attempt to spin up the entire stack on their local machines for testing run into similar issues. As distributed systems engineer Cindy Sridharan notes, “I now believe trying to spin up the full stack on developer laptops is fundamentally the wrong mindset to begin with, be it at startups or at bigger companies.” The complexities of microservices make it impractical to replicate entire environments locally, just as it’s difficult to maintain shared staging environments at scale. ... From a release process perspective, the delays caused by a fragile staging environment lead to slower shipping of features and patches. When teams spend more time fixing staging issues than building new features, product development slows down. In fast-moving industries, this can be a major competitive disadvantage. If your release process is painful, you ship less often, and the cost of mistakes in production is higher.?
Financial institutions require legions of skilled security personnel in order to overcome the many challenges facing their industry. Developers are an especially important part of that elite cadre of defenders for a variety of reasons. First and foremost, security-aware developers can write secure code for new applications, which can thwart attackers by denying them a foothold in the first place. If there are no vulnerabilities to exploit, an attacker won't be able to operate, at least not very easily. Developers with the right training can also help to support both modern and legacy applications by examining the existing code that makes up some of the primary vectors used to attack financial institutions. That includes cloud misconfigurations, lax API security, and the many legacy bugs found in applications written in COBOL and other aging computer languages. However, the task of nurturing and maintaining security-aware developers in the financial sector won’t happen on its own. It requires precise, immersive training programs that are highly customizable and matched to the specific complex environment that a financial services institution is using.
The first is a series of processes — collecting, filtering, and categorizing data — that may take several months for KM or RAG models. Structured data is relatively easy, but the unstructured data, while much more difficult to categorize, is the most valuable. “You need to know what the data is, because it’s only after you define it and put it in a taxonomy that you can do anything with it,” says Shannon. ...? “We started with generic AI usage guidelines, just to make sure we had some guardrails around our experiments,” she says. “We’ve been doing data governance for a long time, but when you start talking about automated data pipelines, it quickly becomes clear you need to rethink the older models of data governance that were built more around structured data.” Compliance is another important area of focus. As a global enterprise thinking about scaling some of their AI projects, Harvard keeps an eye on evolving regulatory environments in different parts of the world. It has an active working group dedicated to following and understanding the EU AI Act, and before their use cases go into production, they run through a process to make sure all compliance obligations are satisfied.
领英推荐
Data preparation is intended to improve the quality of the information that ML and other information systems use as the foundation of their analyses and predictions. Higher-quality data leads to greater accuracy in the analyses the systems generate in support of business decision-makers. This is the textbook explanation of the link between data preparation and business outcomes, but in practice, the connection is less linear. ... Careful data preparation adds value to the data itself, as well as to the information systems that rely on the data. It goes beyond checking for accuracy and relevance and removing errors and extraneous elements. The data-prep stage gives organizations the opportunity to supplement the information by adding geolocation, sentiment analysis, topic modeling, and other aspects. Building an effective data preparation pipeline begins long before any data has been collected. As with most projects, the preparation starts at the end: identifying the organization’s goals and objectives, and determining the data and tools required to achieve those goals. ... Appropriate data preparation is the key to the successful development and implementation of AI systems in large part because AI amplifies existing data quality problems.?
Security tool sprawl happens for many different reasons. Adding new tools and new vendors as new problems arise without evaluating the tools already in place is often how sprawl starts. The sheer glut of tools available in the market can make it easy for security teams to embrace the latest and greatest solutions. “[CISOs] look for the newest, the latest and the greatest. They're the first adopter type,” says Reiter. A lack of communication between departments and teams in an enterprise can also contribute. “There's the challenge of teams not necessarily knowing their day-to-day functions of other team,” says Mar-Tang. Security leaders can start to wrap their heads around the problem of sprawl by running an audit of the security tools in place. Which teams use which tools? How often are the tools used? How many vendors supply those tools? What are the lengths of the vendor contracts? Breaking down communication barriers within an enterprise will be a necessary part of answering questions like these. “Talk to the … security and IT risk side of your house, the people who clean up the mess. You have an advocate and a partner to be able to find out where you have holes and where you have sprawl,” Kris Bondi, CEO and co-founder at endpoint security company Mimoto, recommends.
The journey from human automation tester to AI test automation engineer is transformative. Traditionally, transitioning to test automation required significant time and resources, including learning to code and understanding automation frameworks. AI removes these barriers and accelerates development cycles, dramatically reducing time-to-market and improving accuracy, all while decreasing the level of admin tasks for software testers.?AI-powered tools can interpret test scenarios written in plain language, automatically generate the necessary code for test automation, and execute tests across various platforms and languages. This dramatically reduces the enablement time, allowing QA professionals to focus on strategic tasks instead of coding complexities. ... As GenAI becomes increasingly integrated into software development life cycles, understanding its capabilities and limitations is paramount. By effectively managing these dynamics, development teams can leverage GenAI’s potential to enhance their testing practices while ensuring the integrity of their software products.