July 15, 2021

July 15, 2021

Why Developers Should Learn Kubernetes

Along with DevOps and SRE adoption, there is also a lot of discussion about “shifting left” in the software development world. At its core, shifting left means focusing on moving problem detection and prevention earlier in the software development lifecycle (SDLC) to improve overall quality. More robust, automated continuous integration/continuous delivery (CI/CD) pipelines and testing practices are prime examples of how this works. Shifting left applies to operational best practices as well. Once upon a time, developers would code their applications and then hand them off to operations to deploy into production. Things have changed dramatically since that time, and old models don’t work the way they once did. Knowing about the platform that the application lives on is critical. Successful engineering organizations work hard to ensure development and operations teams avoid working in silos. Instead, they aim to collaborate earlier in the software development lifecycle so that coding, building, testing and deployments are all well understood by all teams involved in the process.


Top 5 Programming Languages for Automation Testing

JavaScript focuses strongly on test automation and performs well when it comes to rebranding the client-side expectations through front-end development. Unavoidably, there are many web applications like Instagram, Accenture, Slack, and Airbnb which support libraries written through JavaScript automation, such as instauto, ATOM (Accenture Test Automation Open source Modular Libraries), Botkit, and Mavericks. Besides, there are various testing frameworks like Zest, Jasmine, and Nightwatch JS which refine multiple processes of unit testing as well as end-to-end testing. The reason for using them is that programmers or developers may build strong web applications primarily focusing on the core logic of businesses and quickly resolving security-related issues that may occur anywhere and anytime. With such advantages, teams working for automation testing won’t feel pressured because the debugging time and other code glitches are reduced and the productivity is promisingly increased with the shift-left testing approach. 


Trickbot Malware Rebounds with Virtual-Desktop Espionage Module

The latest version of the spy module makes use of virtual network computing (VNC): hence its name, vncDll. It essentially sets up a virtual desktop that mirrors the desktop of a victim machine and sets about using it to steal information. It’s been circulating since late May, researchers said. When first installed, vncDll uses a custom communications protocol to transmit information to and from one of the up to nine C2 servers that are defined in its configuration file. The module will use the first one to which it can connect. “The port used to communicate with the servers is 443, to avoid arousing the suspicion of anyone observing the traffic,” according to the Bitdefender analysis. “Although traffic on this port normally uses SSL or TLS, the data is sent unencrypted.” The first order of business is to announce to the C2 server that it’s been installed, and it then waits to receive a set of commands. The C2 connects to an attacker-controlled client, which is a software application that the attackers use to interact with the victims through the C2 servers. 


Four common biases in boardroom culture

Boards can be effective only if they can come to a consensus. Let’s say a company is considering the launch of a significant new product, but five of the 12 directors have concerns going into a meeting on the topic. Some have discussed the issue among themselves before the meeting. Many are worried about how the full board discussion will go. In the meeting, one director starts to share his concerns, but the CEO quickly moves on. Over the course of the meeting, more and more heads start to nod along. No parts of the strategy for this new product have changed. But now the entire board appears supportive, including the director whose concerns were dismissed. Though consensus-building is important, boards may be too inclined to seek harmony or conformity. This can lead to groupthink, a much-written-about challenge facing companies in which dissenting views are not welcomed or even entertained. In fact, though most boards work to solicit a range of views and come to a consensus on key issues, the 2020 edition of PwC’s Annual Corporate Directors Survey found that 36% of directors have difficulty voicing a dissenting view on at least one topic in the boardroom. 


Moving Data is Expensive

Data created at the edge must be accessed and processed by the applications in the datacenter. The necessity to move data to the application incurs a productivity penalty. Take media and entertainment: editors, colorists, and special effects artists in multiple locations may sit idle waiting for data to become accessible. A 30 minute delay across 200 animators may result in ~$400K unintended cost. Data may have to be moved multiple times, each time incurring the productivity penalty. Every time data is moved or copied, storage resources must be made available to store it. Whether it is persistent storage or a caching device, disk drives are deployed to catch data being sent. Moving 10TB requires 10TB of storage to be available in every location requiring data access. The cost of storage varies from $120/TB/yr for archiving tier to $720/TB/yr for high-performance tier. Every copy created incurs an added storage cost. These estimates are marginally accurate; procuring small amounts of storage may be even more costly since economies of scale kick in at over 40TB. 


How to Best Assess Your Security Posture

Risk assessment can help an organization figure out what assets it has, the ownership of those assets and everything down to patch management. It involves figuring out what you want to measure risk around because there are a bunch of different frameworks out there [such as] NIST and the Cyber Security Maturity Model, (C2M2)" said Bill Lawrence, CISO at risk management platform provider SecurityGate.io. "Then, in an iterative fashion, you want to take that initial baseline or snapshot to figure out how well or how poorly they're measuring up to certain criteria so you can make incremental or sometimes large improvements to systems to reduce risk. ... Looking at your own scorecard is a good way to get started and thinking about assessments because ultimately you're going to be assigning the same types of weights and risk factors to your vendors," said Mike Wilkes, CISO at cybersecurity ratings company SecurityScorecard. "We need to get beyond thinking that you're going to send out an Excel spreadsheet [questionnaire] once a year to your core vendors.

Read more here ...

To view or add a comment, sign in

More articles by Kannan Subbiah

  • December 21, 2024

    December 21, 2024

    The New Paradigm – The Rise of the Virtual Architect We’re on the brink of a new paradigm in Enterprise…

  • December 20, 2024

    December 20, 2024

    The Top 25 Security Predictions for 2025 “Malicious actors will go full throttle in mining the potential of AI in…

  • December 19, 2024

    December 19, 2024

    How AI-Empowered ‘Citizen Developers’ Help Drive Digital Transformation To compete in the future, companies know they…

  • December 18, 2024

    December 18, 2024

    The AI-Powered IoT Revolution: Are You Ready? AI not only reduces the cost and latency of these operations but also…

  • December 17, 2024

    December 17, 2024

    Together For Good: How Humans And AI Can Close The Health Gap While the potential is immense, AI’s effectiveness in…

  • December 16, 2024

    December 16, 2024

    What IT hiring looks like heading into 2025 AI isn’t replacing jobs so much as it is reshaping the nature of work, said…

  • December 15, 2024

    December 15, 2024

    Navigating the Future: Cloud Migration Journeys and Data Security To meet the requirements of DORA and future…

  • December 14, 2024

    December 14, 2024

    How Conscious Unbossing Is Reshaping Leadership And Career Growth Conscious unbossing presents both challenges and…

  • December 13, 2024

    December 13, 2024

    The fintech revolution: How digital disruption is reshaping the future of banking Several pivotal trends have converged…

  • December 12, 2024

    December 12, 2024

    The future of AI regulation is up in the air: What’s your next move? The problem is, Jones says, is that lack of…

Insights from the community

Others also viewed

Explore topics