How to Future-Proof Your IT Organization
Effective future-proofing begins with strong leadership support and investments in essential technologies, such as the cloud and artificial intelligence (AI). Leaders should encourage an agile mindset across all business segments to improve processes and embrace potentially useful new technologies, says Bess Healy ... Important technology advancements frequently emerge from various expert ecosystems, utilizing the knowledge possessed by academic, entrepreneurial, and business startup organizations, Velasquez observes. “Successful IT leaders encourage team members to operate as active participants in these ecosystems, helping reveal where the business value really is while learning how new technology could play a role in their enterprises.” It’s important to educate both yourself and your teams on how technologies are evolving, says Chip Kleinheksel, a principal at business consultancy Deloitte. “Educating your organization about transformational changes while simultaneously upskilling for AI and other relevant technical skillsets, will arm team members with the correct resources and knowledge ahead of inevitable change.”How one CSO secured his environment from generative AI risks
"We always try to stay ahead of things at Navan; it’s just the nature of our business. When the company decided to adopt this technology, as a security team we had to do a holistic risk assessment.... So I sat down with my leadership team to do that. The way my leadership team is structured is, I have a leader who runs product platform security, which is on the engineering side; then we have SecOps, which is a combination of enterprise security, DLP – detection and response; then there’s a governance, risk and compliance and trust function, and that’s responsible for risk management, compliance and all of that. "So, we sat down and did a risk assessment for every avenue of the application of this technology. ... "The way we do DLP here is it’s based on context. We don’t do blanket blocking. We always catch things and we run in it like an incident. It could be insider risk or external, then we involve legal and HR counterparts. This is part and parcel with running a security team. We’re here to identify threats and build protections against them."Governor at Fed Cautiously Optimistic About Generative AI
The adverse impact of AI on jobs will only be borne by a small set of people, in contrast to the many workers throughout the economy who will benefit from it, she said. "When the world switched from horse-drawn transport to motor vehicles, jobs for stable hands disappeared, but jobs for auto mechanics took their place." And it goes beyond just creating and eliminating positions. Economists encourage a perception of work in terms of tasks, not jobs, Cook said. This will require humans to obtain skills to adapt themselves to the new world. "As firms rethink their product lines and how they produce their goods and services in response to technical change, the composition of the tasks that need to be performed changes. Here, the portfolio of skills that workers have to offer is crucial." AI's benefits to society will depend on how workers adapt their skills to the changing requirements, how well their companies retrain or redeploy them, and how policymakers support those that are hardest hit by these changes, she said.6 IT rules worth breaking — and how to get away with it
Automation, particularly when incorporating artificial intelligence, presents many benefits, including enhanced productivity, efficiency, and cost savings. It should be, and usually is, a top IT priority. That is, unless an organization is dealing with a complex or novel task that requires a nuanced human touch, says Hamza Farooq, a startup founder and an adjunct professor at UCLA and Stanford. Breaking a blanket commitment to automation prioritization can be justified when tasks involve creative problem-solving, ethical considerations, or situations in which AI’s understanding of a particular activity or process may be limited. “For instance, handling delicate customer complaints that demand empathy and emotional intelligence might be better suited for human interaction,” Farooq says. While sidelining automation may, in some situations, lead to more ethical outcomes and improved customer satisfaction, there’s also a risk of hampering a key organization process. “Overreliance on manual intervention could impact scalability and efficiency in routine tasks,” Farooq warns, noting that it’s important to establish clear guidelines for identifying cases in which an automation process should be bypassed.Introduction to Azure Infrastructure as Code
One of the core benefits of IaC is that it allows you to check infrastructure code files to source control, just like you would with software code. This means that you can version and manage your infrastructure code just like any other codebase, which is important for ensuring consistency and enabling collaboration among team members. In early project work, IaC allows for quick iteration on potential configuration options through automated deployments instead of a manual "hunt and peck" approach. Templates can be parameterized to reuse code assets, making deploying repeatable environments such as dev, test and production easy. During the lifecycle of a system, IaC serves as an effective change-control mechanism. All changes to the infrastructure are first reflected in the code, which is then checked in as files in source control. The changes are then applied to each environment based on current CI/CD processes and pipelines, ensuring consistency and reducing the risk of human error.National Cybersecurity Strategy: What Businesses Need to Know
Defending critical infrastructure, including systems and assets, is vital for national security, public safety, and economic prosperity. The NCS will standardize cybersecurity standards for critical infrastructure—for example, mandatory penetration tests and formal vulnerability scans—and make it easier to report cybersecurity incidents and breaches. ... Once the national infrastructure is protected and secured, the NCS will go bullish in efforts to neutralize threat actors that can compromise the cyber economy. This effort will rely upon global cooperation and intelligence-sharing to deal with rampant cybersecurity campaigns and lend support to businesses by using national resources to tactically disrupt adversaries. ... As the world’s largest economy, the U.S. has sufficient resources to lead the charge in future-proofing cybersecurity and driving confidence and resilience in the software sector. The goal is to make it possible for private firms to trust the ecosystem, build innovative systems, ensure minimal damage, and provide stability to the market during catastrophic events.Preparing for the post-quantum cryptography environment today
"Post-quantum cryptography is about proactively developing and building capabilities to secure critical information and systems from being compromised through the use of quantum computers," Rob Joyce, Director of NSA Cybersecurity, writes in the guide. "The transition to a secured quantum computing era is a long-term intensive community effort that will require extensive collaboration between government and industry. The key is to be on this journey today and not wait until the last minute." This perfectly aligns with Baloo's thinking that now is the time to engage, and not to wait until it becomes an urgent situation. The guide notes how the first set of post-quantum cryptographic (PQC) standards will be released in early 2024 "to protect against future, potentially adversarial, cryptanalytically-relevant quantum computer (CRQC) capabilities. A CRQC would have the potential to break public-key systems (sometimes referred to as asymmetric cryptography) that are used to protect information systems today."Future of payments technology
Embedded finance requires technology to build into products and services the capability to move money in certain circumstances, such as paying a toll on a motorway. The idea is to embed finance into the consumer journey where they don’t have to actually pay but based on a contract or agreement in advance. Consumers pay without consciously having to dig out their debit card. One example is Uber, where we widely use the service without having to make an actual payment upfront. Sometimes referred to “contextual payments” – where the context of the situation allows for payment to be frictionlessly executed. ... Artificial intelligence is already being used in payments to improve the customer journey and also how products are delivered. So far, this has been machine learning. Generative AI, where the AI itself is able to make decisions, will be the next generational jump and have a huge impact on payments, especially when it comes to protection against fraud. The problem is that artificial intelligence could be a positive or a negative, depending on who gets to exploiting it first, for good or will.Hiring revolutionised: Tackling skill demands with agile recruitment
Tech-enabled smart assessment frameworks not only provide scalability and objectivity in talent assessment but also help build a perception of fairness amongst candidates and internal stakeholders. L&T uses virtual assessments at the entry level, and Venkat believes in its tremendous scope for mid-level and leadership assessments too. Apurva shared that when infusing technology, many companies make the mistake of merely making things fancy without actually creating a winning EVP. The key to tech success is balancing personalised training with broader skill requirements. HR must develop a very good funnel by inculcating thought leadership around the quality of employees and must also focus on how these prospective employees absorb the culture of the organisation. This is a huge change exercise that entails identifying the skill gap, restructuring the job responsibilities, mapping specific roles with specific skills, assessing a person’s personality traits, and offering a very personalised onboarding so that people are productive when they join from day one.Designing Databases for Distributed Systems
As the name suggests, this pattern proposes that each microservices manages its own data. This implies that no other microservices can directly access or manipulate the data managed by another microservice. Any exchange or manipulation of data can be done only by using a set of well-defined APIs. The figure below shows an example of a database-per-service pattern. At face value, this pattern seems quite simple. It can be implemented relatively easily when we are starting with a brand-new application. However, when we are migrating an existing monolithic application to a microservices architecture, the demarcation between services is not so clear. ... In the command query responsibility segregation (CQRS) pattern, an application listens to domain events from other microservices and updates a separate database for supporting views and queries. We can then serve complex aggregation queries from this separate database while optimizing the performance and scaling it up as needed.Quote for the day:
"Wisdom equals knowledge plus courage. You have to not only know what to do and when to do it, but you have to also be brave enough to follow through." -- Jarod Kint z
