October 19, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
While it is important and becoming invaluable, it’s difficult to know how well open-source code has been maintained, Faus noted. A developer might incorporate third-party code and inadvertently introduce a vulnerability. DevSecOps allows security teams to flag that vulnerability and work with the development team to identify whether the code should be written differently or if the vulnerability is even dangerous. Ultimately, all parties can assure that they did everything they could to produce the most secure code possible. In both DevOps and DevSecOps, “the two primary principles are collaboration and transparency,” Faus said. Another core tenet is automation, which creates repeatability and reuse. If a developer knows how to resolve a specific vulnerability, they can reuse it across every other project with that same vulnerability. ... One of the biggest challenges in implementing security throughout the development cycle is the legacy mindset in how security is treated, Faus pointed out. Organizations must be willing to embrace cultural change and be open, transparent, and collaborative about fixing security issues. Another challenge lies in building in the right type of automation. “One of the first things is to make security a requirement for every new project,” Faus said.
Vector search—especially implementing a RAG approach utilizing vector data stores—is a stark alternative. Instead of relying on a traditional search engine approach, vector search uses the numerical embeddings of vectors to resolve queries. Therefore, searches examine a limited data set of more contextually relevant data. The results include improved performance, earned by efficiently utilizing massive data sets, and greatly decreased risk of AI hallucinations. At the same time, the more accurate answers that AI applications provide when backed by vector search enhance the outcomes and value delivered by those solutions. Combining both vector and traditional search methods into hybrid queries will give you the best of both worlds. Hybrid search ensures you cover all semantically related context, and traditional search can provide the specificity required for critical components ... Several open source technologies offer an easy on-ramp to building vector search capabilities and a path free from proprietary expenses, inflexibility, and vendor lock-in risks. To offer specific examples, Apache Cassandra 5.0, PostgreSQL (with pgvector), and OpenSearch are all open source data technologies that now offer enterprise-ready vector search capabilities and underlying data infrastructure well-suited for AI projects at scale.
First, there are proactive controls, which prevent deployment of non-compliant resources by instilling best practices from the get-go. Second, detective controls, which identify violations that are already deployed, and then provide remediation steps. It’s important to recognize these controls must not be static. They need to evolve over time, just as your organization, processes, and production environments evolve. Think of them as checks that place more responsibility on developers to meet high standards, and also make it far easier for them to do so. Going further, a key -- and often overlooked -- part of any governance approach is its notification and supporting messaging system. As your policies mature over time, it is vitally important to have a sense of lineage. If we’re pushing for developers to take on more responsibility, and we’ve established that the controls are constantly evolving and changing, notifications cannot feel arbitrary or unsupported. Developers need to be able to understand the source of the standard driving the control and the symptoms of what they’re observing.
领英推荐
If we do something and the behaviour of our users changes in a negative way, if they start doing things slower, less efficiently, then we're not delivering value to the market. We're actually damaging the value we're delivering to the market. We're disrupting our users' flows. So a really good way to think about whether we are creating value or not is how is the behavior of our users, of our stakeholders or our customers changing as a result of us shipping things out? And this kind of behavior change is interesting because it is a measurement to whether we are solving the problem, not whether we're delivering a solution. And from that perspective, I can then offer five different solutions for the same behavior change. I can say, "Well, if that's the behavior change we want to create, this thing you proposed is going to cost five men millennia to make, but I can do it with a shell script and it's going to be done tomorrow. Or we can do it with an Excel export or we can do it with a PDF or we can do it through a mobile website not building a completely new app". And all of these things can address the same behavior change.
The main priorities for DevSecOps in terms of security testing were the sensitivity of the information being handled, industry best practice, and easing the complexity of testing configuration through automation, all cited by around a third. Most survey respondents (85%) said they had at least some measures in place to address the challenges posed by AI-generated code, such as potential IP, copyright, and license issues that an AI tool may introduce into proprietary software. However, fewer than a quarter said they were ‘very confident' in their policies and processes for testing this code. ... The big conflict here appears to be security versus speed considerations, with around six-in-ten reporting that security testing significantly slows development. Half of respondents also said that most projects are still being added manually. Another major hurdle for teams is the dizzying number of security tools in use, the study noted. More than eight-in-ten organizations said they're using between six and 20 different security testing tools. This growing array of tools makes it harder to integrate and correlate results across platforms and pipelines, respondents noted, and is making it harder to distinguish between genuine issues and false positives.
Despite the promise of digital twins, Bhonsle acknowledges that there are challenges to adoption. “Creating and maintaining a digital twin requires substantial investments in infrastructure, including sensors, IoT devices, and AI capabilities,” he points out. Security is another concern, particularly in industries like healthcare and energy, where compromised data streams could lead to life-threatening consequences. However, Bhonsle emphasises that the rewards far outweigh the risks. “As digital twin technology matures, it will become more accessible, even to smaller organisations, offering them a competitive edge through optimised operations and data-driven decisions.” ... Digital twins are transforming how businesses operate by providing real-time insights that drive smarter decisions. From manufacturing floors to operating rooms, and from energy grids to smart cities, this technology is reshaping industries in unprecedented ways. As Bhonsle aptly puts it, “The rise of digital twins signals a new era of efficiency and agility—an era where decisions are no longer based on assumptions but driven by data in real time.” As organisations embrace this evolving technology, they unlock new opportunities to optimise performance and stay ahead in a fast-changing world.
??J'aide à tripler le chiffre d'affaires des entreprises tech avec mon expertise dans l'IA, discutons-en | Marketeur IA ?? | Enseignant en IA marketing au Sawi ??
1 个月Aligning the content of the post with your expertise reveals significant overlap, particularly in AI and tech, which are core to your digital management agency. Given this 30% alignment, I recommend proceeding to the comment generation: "AI in banking is shaking things up quite a bit, especially with security challenges, but it's fascinating how digital twins help in making decisions faster.