Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Daily Tech Digest - April 03, 2023

Daily Tech Digest - April 03, 2023

From CDO to CTIO – what tech leader job titles really mean, and who calls the shots

Like CDOs, Chief Technology Officers are very much on the rise. Particularly in technology companies themselves and in start-ups, you are likely to find a CTO at the head of the ship rather than a CIO, and this is also the case in many legacy businesses who are aiming to transform themselves into technology-led organisations: the emphasis on technology in the title better reflects the wider brief of today’s digital leader. So, the CTO role is very much ‘of our times’. There again, the CTO could also be a number two to the CIO who leads all of technology, architecture and/or software engineering. ... Hybrid roles have been very much on the rise recently, especially at the top end. Instead of having ‘just’ a CIO or CDO or CTO, Chief Technology & Information Officers are becoming more common. It’s a role that combines accountability for IT with technology/product delivery. The CTIO will act as an internal advisor to the Board on information strategy, infrastructure and systems as well as being the leader in new product development with an eye to the future and a horizon-scanning mindset.

CIOs must evolve to stave off existential threat to their role

Already under pressure to accelerate digital transformation, CIOs now often find their voices drowned out by LOB executives who are heavily involved in making technology decisions, according to the report. This trend could leave CIOs vulnerable to decreased influence over the corporate technical agenda, or pushed into a secondary C-suite role. ... To ward off LOB heads from their turf, Linus Lai, chief analyst and digital business research lead at IDC A/NZ, says CIOs must be able to demonstrate to other members of the C-suite how their actions and decisions directly boost the bottom and top lines. CIOs should also build stakeholder relationships within LOBs and leverage business relationship managers to better serve customer-facing organizations. “CIOs will have to ensure effective joint business outcomes from IT and LOBs by delivering strategic digital business advice and enabling effective upwards communication. They must initiate a critical review of sourcing practices to manage the supplier ecosystem to maintain architectural goals and spending targets ...

These Experts Are Racing To Protect AI From Hackers

Concerns about attacks on AI are far from new but there is now a growing understanding of how deep-learning algorithms can be tricked by making slight -- but imperceptible -- changes, leading to a misclassification of what the algorithm is examining. ... "Data poisoning can be one of the most powerful threats and something that we should care a lot more about. At present, it doesn't require a sophisticated adversary to pull it off. If you can poison these models, and then they're used widely downstream, you multiply the impact -- and poisoning is very hard to detect and deal with once it's in the model," says Slater. If that algorithm is being trained in a closed environment, it should -- in theory -- be reasonably well protected from poisoning unless hackers can break in. But a bigger problem emerges when an AI is being trained on a dataset that is being drawn from the public domain, especially if people know this is the case. Because there are people out there -- either through a desire to cause damage, or just to cause trouble -- who will try to poison the algorithm.

5 strategies to manage cybersecurity risks in mergers and acquisitions

In tech deals where technology is the target’s product or an important part of it, cybersecurity is a particular focus, said Philip Odence, general manager of Black Duck Audit Business at Synopsys, who specializes in due diligence in M&A transactions. As such, the acquiring company must determine if the target company has designed security into its software. If not, the acquiring company is buying into a bunch of unplanned future remediation work to address, he says. “As excessive problems will mean a heightened chance of getting breached, the buyer might want some portion of funds to be escrowed against such an eventuality,” Odence says. “It’s also not highly unusual for valuation to be negotiated if software is significantly not up to industry norms.” Buyers don’t expect perfection, but if there are more than an expected number of issues to address, the buyer’s perspective on the deal might change, Odence says. It’s rare for due diligence discoveries to kill a deal, but they could impact deal terms, timing, or valuation.

The Anatomy of a Comprehensive Penetration Test

The goal of a penetration test should be to deliver a blueprint for achieving an improved security posture so these organizations can be set up for success. This means including best practices for fixing any issues where specific implementation details are not known by the pentester. It doesn’t stop with just a list of diagnoses for vulnerabilities. A complete inventory of all assets should also be included, with detail on the asset type, IP address, and geolocation information. This will provide visibility into how large an organization’s attack surface is and allow teams to understand which issues should take priority when multiple are found. No asset or resource should be considered “out of scope” when conducting a penetration test. This includes not only the web application itself, but also any external resources that it relies on, including API servers and third-party integrations. Developers may claim that since they didn’t create those resources they shouldn’t be on the hook to secure them, but the organization still needs to be accountable because it is using them. 

The Art Of Letting Go: How Data Minimization Can Improve Cybersecurity And Reduce Cost

One of the biggest challenges organizations face when it comes to implementing data minimization is determining what data is necessary to keep and what can (or should) be disposed of. With the vast amount of data generated and collected every day, it can be overwhelming to know what data you have in the first place, what’s important (or critical or sensitive or regulated) and what data can—or should—be discarded. By reducing the amount of data stored, organizations can decrease their risk of data breaches and improve regulatory compliance. Data minimization can also streamline data management processes, leading to increased efficiency and cost savings. So, how does one begin the process of data minimization? It all starts with knowing your data. Organizations need to have a clear understanding of what data they are collecting, how sensitive it is and how it is being used. This can help identify unnecessary data—often called redundant, obsolete or trivial (ROT) data—that can be safely disposed of.

Five steps to champion a data product strategy

Treating data like a product gives more structure to the ownership, processes, and technology needed to provide the organisation with access to clean, curated, continuously-updated data. So, the data product becomes a consumption-ready set of high-quality, trustworthy, accessible data that can be applied to solve genuine business challenges. In short, it’s the best version of data available to service a defined purpose and achieve a desired outcome for the business. ... The first step once your strategy is signed off is to develop a minimum viable data product (MVDP). Start small so you can release quickly, before iterating and delivering further capabilities. Each release of your data product should offer a little more value. This will help drive adoption, as well as showing returns which will help you secure any additional funding or resources required. Success will of course also depend on your LOB partners understanding how to use the data product as part of their existing working processes. It is rare that adding a new process will be widely and successfully adopted. 

Preventing artificial deception in the age of AI

Managing the concerns without stifling the potential of AI is the key challenge facing regulators across the world. The US has chosen a hands-off approach, encouraging private sector investment and prioritising AI research and development. China has opted for a centralised system focused on economic development and societal governance. The EU has focused more on regulation emphasising transparency, accountability, and protection of human rights. This includes proposed new regulations to establish standards for AI development and deployment, including strict rules for high-risk AI applications and biometric data usage, aiming to build trust in AI through transparency and accountability while ensuring safety and ethical considerations. The UK has adopted what it is calling a pro-innovation approach by enabling current regulators to determine how best to adapt existing regulation to the deluge of AI development and progress using a set of common principles. Whichever approach is adopted, a new regulatory mindset will be required to keep up with the pace of change.

12 ways IT leaders can build business buy-in

Modern CIOs know to speak in business terms and leave the tech jargon behind. But those who are truly intertwined with their business unit colleagues are speaking not only about strategy but key components of it: growth, revenue, profit margin, and so on. As Kande explains, “The business is asking for technology to deliver business outcomes: Are we selling more products and services? Do we have [for example] more visibility into manufacturing or supplies?” ... Another approach Juliano uses to ensure IT and business are in lockstep as they advance organizational objectives is to identify and highlight shared goals. For him, that means in part articulating IT’s piece of initiatives as well as demonstrating IT’s commitment to co-owning success — and, if things don’t go right, co-owning failure, too. “Your IT deliverables should be 100% part of the business’ strategic goals,” he says. “But if you’re making plans and you’re not seeing that there’s a clear IT objective, then you’re reducing your chance of successes and I’d question why you’re not part of that execution. So get your name on those goals so you are seen as a co-deliverer. Make sure your name is primary or secondary owner.”

Digital transformation: How to teach the language of change

While the CIO or CTO is often the first ambassador for a digital transformation, they need close collaboration from their peers to be successful. Those who oversee the processes and the people in the organization must work closely with the CEO to transform all three legs to keep the stool upright. That means the entire C-Suite – chiefs of operations, HR, finance, marketing, communications, and others – must be able to speak the language of digital transformation fluently. It will take some work. The CEO, along with the CTO/CIO, will need to teach their peers what digital transformation is all about and how to make it happen. Then they all need to share a common vision, a shared commitment, and a deep sense of accountability for the success of the digital transformation. ... Anyone who has undergone a digital transformation knows that it is one of the most significant undertakings an organization can face. It reaches into every corner of the business, from operations to customer satisfaction to employee culture. And it sets the tone for the next transformation, whenever that may be.

Quote for the day:

"Not all readers are leaders, but all leaders are readers." -- Harry S. Truman

This post first appeared on Tech Bytes - Daily Digest, please read the originial post: here

Share the post

Daily Tech Digest - April 03, 2023