September 22, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Agarwal said: ‘Nobody is running a cloud business as a charity.’ When businesses reach a size where it is economically viable, constructing their own infrastructure can save significant costs while eliminating the ‘cloud middleman’ and associated expenses. That said, the cloud is certainly not “Just someone else’s computer,” as the joke goes. It has added immense value to those who adapted to it. But like artificial intelligence (AI), it has been mythologized and exaggerated as the ultimate tool for efficiency — romanticized to the point where pervasive myths about cost-effectiveness, reliability, and security are enough for businesses to dive headfirst into adoption. These myths are frequently discussed in high-profile forums, shaping perceptions that may not always align with reality, leading many to commit without fully considering potential drawbacks and real-world challenges. ... Avoidable charges and cloud waste were another noteworthy issue revealed in the 2023 State of Cloud Strategy Survey by Hashicorp. 94% of respondents in this survey reported incurring unnecessary expenses because of the underutilization of cloud resources. These costs often result from maintaining idle resources that do not cater to any of the company’s actual operational needs.?
Before tackling the specifics of upgrading a data center, it is important to conduct a thorough assessment to identify the specific needs and areas for improvement. This assessment should examine the data center's existing infrastructure, including server capacity, storage solutions, and energy consumption. It is also important to evaluate how these elements stack up against current power standards, grid connection requirements, efficiency benchmarks, and environmental and permit regulations. By benchmarking against newer facilities, operators can identify key areas where technological and infrastructural enhancements are needed. ... While integrating the latest server technologies might seem obvious, these systems demand different support from existing infrastructure. The increased computational loads should not compromise system reliability. Therefore, transitioning to newer generations of processors can result in updates of your data center support infrastructure. This includes upgrading power distribution units (PDUs) to handle higher power densities, enhancing network infrastructure to support faster data transfer rates, and reinforcing structural components to accommodate the increased weight and space requirements of modern equipment.
Although intriguing, the personhood plan has fundamental issues. First, credentials are very easily faked by gen AI systems. Second, customers may be hard-pressed to take the significant time and effort to gather documents and wait in line at a government office to prove that they are human simply to visit public websites or sales call centers. Some argue that the mass creation of humanity cookies would create another pivotal cybersecurity weak spot. “What if I get control of the devices that have the humanity cookie on it?” FaceTec’s Meier asks. “The Chinese might then have a billion humanity cookies at one person’s control.” Brian Levine, a managing director for cybersecurity at Ernst & Young, believes that, while such a system might be helpful in the short run, it likely won’t effectively protect enterprises for long. “It’s the same cat-and-mouse game” that cybersecurity vendors have always played with attackers, Levine says. ... Sandy Carielli, a Forrester principal analyst and lead author of the Forrester bot report, says a critical element of any bot defense program is to not delay good bots, such as legitimate search engine spiders, in the quest to block bad ones.“The crux of any bot management system has to be that it never introduces friction for good bots and certainly not for legitimate customers.?
领英推荐
The effect is clear: an average employee wants to work three days a week in the office, while managers want them there four days. The managers win, of course: today half of all civil servants in Stockholm County work in the office four days a week, a clear increase. There are different conclusions one can draw. Mine are these: Physical workplaces and physical interaction are better than digital workspaces and meetings when it comes to creative tasks and social/cultural togetherness. I think, depending on what you work with, employees and managers are quite in agreement. Leadership in the hybrid work models has not developed in the ways and at the pace required. Managers still have an excessive need for control, with no way to deal with this without trying to return to what was previously comfortable. Employees have probably not managed to convey to their bosses the positive aspects of home work — for the employer. It’s great that your life puzzle is easier and you can take power walks and do laundry, but how does that help the company? It’s no wonder that whispering about sneaky vacations is taking off. And there’s an elephant in the room we should talk about — people really hate open office spaces and activity-based workplaces.
Because SSH keys are functionally different from passwords, traditional PAMs don't manage them very well. Legacy PAMs were built to vault passwords, and they try to do the same with keys. Without going into too much detail about key functionality (like public and private keys), vaulting private keys and handing them out at request simply doesn't work. Keys must be secured at the server side, otherwise keeping them under control is a futile effort. Furthermore, your solution needs to discover keys first to manage them. Most PAMs can't. There are also key configuration files and other key(!) elements involved that traditional PAMs miss. ... Let's come back to the topic of passwords. Even if you have them vaulted, you aren't managing them in the best possible way. Modern, dynamic environments - using in-house or hosted cloud servers, containers, or Kubernetes orchestration - don't work well with vaults or with PAMs that were built 20 years ago. This is why we offer modern ephemeral access where the secrets needed to access a target are granted just-in-time for the session, and they automatically expire once the authentication is done. This leaves no passwords or keys to manage - at all.
Cyberattacks are not just about stealing personal data; they also involve stealing intellectual property and sensitive corporate information. In India, the number of data breaches has surged in recent years. The Indian Computer Emergency Response Team (CERT-IN) reported over 150,000 cyber incidents in 2023 alone, with significant breaches occurring in sectors such as finance, healthcare, and government. ... While there is a global scarcity of competent cybersecurity personnel, India is experiencing an exceptionally severe shortfall. A report conducted by (ISC)2 indicates that there is a 3 million cybersecurity workforce shortage worldwide, with India contributing significantly to this shortfall. This deficiency hinders businesses' capacity to detect and address cyber threats that should be looked after by team members' ignorance and lack of training might lead to human mistakes, which are a common way for cyberattacks to get started. ... Compliance with cybersecurity legislation and standards is critical for data protection and retaining confidence. India's legal landscape is changing, with initiatives like the Information Technology Act and the Personal Data Protection Bill aimed at improving cybersecurity.?