October 08, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
In a microservices architecture, each service operates independently, allowing updates, maintenance and modifications without disrupting others. This isolation should extend across infrastructure layers, including databases, ensuring no service can access another’s data. Full isolation prevents attackers from moving laterally within the system. ... Sensitive data, such as passwords or personal information, should never be exposed in plain text or storage. Users and automated systems can easily access this information making it vulnerable to threats. Businesses should always remove or mask this information before storing it in any records. Practices like TLS/HTTPS or encrypting logs are not enough, since one caters to securing data in transit while the other secures data at rest. Hence, the best way is to stop storing sensitive information altogether. ...?Zero trust security works on the idea that no user or device should be trusted by default, whether inside or outside the network. By using the zero trust model, businesses can make sure every user and device is constantly authenticated and authorized, no matter where they are. In microservices, this means checking every interaction between services, enforcing strict access controls and logging all actions.?
When Industry 5.0 emerges, we can expect to see the convergence of all that work and collected data. The next industrial revolution will be steeped in bridging the physical and the digital realms. Effectively this goes back to that human versus machine argument, but optimizing both human and machine to enhance their capabilities. AI and cloud computing will reach a harmony where workers can produce their best results, which can be replicated in processes throughout the supply chain. Industrial AI powers our lives in the back end. Industrial AI capabilities will enable power decision-making, and won't be a force for contention despite speculation. ... From the regulatory complexities of data collection and storage to varying levels of AI adoption within businesses, a successful transition into Industry 5.0 requires expert support. Costs of AI investments can snowball, so you must be strategic and targeted at improving specific areas of your business. Generic, off-the-shelf AI tools trained on irrelevant data won’t help here. To remain competitive at a global scale, companies need to invest in this technology and work with proven partners.
Selective forgetting, something that humans are all too good at, turns out to be exceptionally difficult to recreate in machine learning models. That’s especially true for a class of AI models known as foundation models that may have picked up personal, copyrighted, or toxic information buried in their training data. ... “True unlearning tries to remove all vestiges of the unwanted information, so that when the model gets a problematic question, it simply doesn’t have the answer,” she added. “A model that has ‘unlearned’ insulting behavior no longer knows how to be toxic.” Ideally, unlearning also comes with a mathematical guarantee that the unwanted data’s influence on the model has been erased. Achieving that gold standard, however, typically involves retraining the model, which for LLMs can be prohibitively expensive. One option for unlearning without guarantees is to fine-tune the model on the unwanted data using an optimization technique known as gradient ascent to forget connections between data points. “Using gradient ascent to update the model’s weights is like running the model’s training in reverse,” said Swanand Ravindra Kadhe, a senior research scientist at IBM Research focused on unlearning.?
领英推荐
The year is 2024 though, and the internet still runs on IPv4. So where did it all go wrong? IPv6 has been in migration hell for decades, with every kind of possible initiative to improve IPv6 adoption falling flat, from an official World IPv6 Day in 2011, the World IPv6 'launch' in 2012, and several US Federal government action plans in 2005, 2010, and 2020 (including mandating IPv6 readiness for government networks - a deadline initially set at 2012 and now extended to 2025). There have been numerous incentives for schools and businesses, promotional campaigns from registries and ISPs, conferences, and education campaigns. ... Another serious problem that's faced IPv6 adoption is NAT. NAT is a technology which was designed in 1994 to reduce the number of global IPv4 addresses needed. It allows devices on a private network to share a single IP address, and is present in almost all home routers (and has been for decades). NAT is the reason why your computer has an 'internal' IP address, and needs port forwarding to be accessible directly from the internet (firewall aside). NAT has allowed us to continue to grow the number of devices online well past the exhaustion point of IPv4 to a whopping 30 billion devices.
Despite CISOs overseeing cybersecurity and the controls meant to blunt cyber risk, they have not historically been the executives who decide whether their organization buys cyber insurance. Instead, CFOs or chief risk officers typically make the call and determine what levels of protection to buy. However, CISOs are taking on larger roles — as they should — in those discussions and the decision-making process because they’re well-positioned to understand the threat landscape, the types of threats that could impact them, and how each one could impact the organization, says Paul Caron, Head of Cybersecurity, Americas at S-RM, a global corporate intelligence and cyber security consultancy. Generally speaking, CISOs are also best positioned to share the organization’s cybersecurity strategy and details of its security controls with insurance brokers or carriers, Caron says. “CISOs are the ones who can best tell their story.” And CISOs are best positioned to review the resources that a selected insurance company would possess to respond to an event and whether those resources would be the best choices.?
Many C-suite executives want the IT team to both keep the systems running and drive strategic innovation, he says, a challenging balance act. “Organizations perceive IT as struggling to meet these demands, particularly in deploying new technologies like AI, which have raised expectations among business leaders,” he says. “Challenges in managing legacy systems and ongoing talent shortages further exacerbate this issue.” In many cases, the traditional IT team has been separated from the R&D team, with the IT teams tasked with keeping the lights on, some tech leaders say. With IT and business strategies getting more intertwined, and the hard truths involved in that, the value traditionally driven by IT has shifted to product engineering and business units, says Martin Mao, CEO and co-founder of Chronosphere, a cloud observability platform. “The value is not seen in keeping the wheels on the bus,” he says. “IT is stuck in a negative spiral of cost cutting and defense mode versus innovation. There is a huge talent drain occurring from IT to the product engineering side of the house.” IT teams are often burdened with maintaining legacy systems while simultaneously asked to support new technologies such as AI, infrastructure as code, containerization, and cloud services, adds Kenny Van Alstyne