EnterpriseSecurity https://www.webpronews.com/technology/enterprisesecurity/ Breaking News in Tech, Search, Social, & Business Tue, 03 Sep 2024 11:25:57 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 https://i0.wp.com/www.webpronews.com/wp-content/uploads/2020/03/cropped-wpn_siteidentity-7.png?fit=32%2C32&ssl=1 EnterpriseSecurity https://www.webpronews.com/technology/enterprisesecurity/ 32 32 138578674 Revolutionizing IT: How AI-Driven SASE is Shaping the Future of Enterprise Technology https://www.webpronews.com/revolutionizing-it-how-ai-driven-sase-is-shaping-the-future-of-enterprise-technology/ Tue, 03 Sep 2024 11:25:57 +0000 https://www.webpronews.com/?p=607333 As organizations navigate the complexities of a digital-first world, the integration of artificial intelligence (AI) with Secure Access Service Edge (SASE) technology is rapidly transforming IT landscapes. SASE, a framework that converges networking and security into a single cloud-based service model, has been increasingly recognized as the future of enterprise IT management. With AI now playing a central role in this transformation, businesses are finding new ways to streamline operations, enhance security, and optimize the end-user experience.

At the forefront of this revolution is Palo Alto Networks, whose upcoming virtual event, SASE Converge 2024, promises to showcase the latest advancements in AI-powered SASE technology. The event will bring together industry leaders, technologists, and decision-makers to explore how AI can further elevate the capabilities of SASE, making it a cornerstone of modern IT infrastructure.

The Evolution of SASE: From Concept to Cornerstone

Secure Access Service Edge, or SASE, has been a buzzword in the IT industry for several years, but its adoption has accelerated in response to the growing demands of a hybrid workforce. According to Anand Oswal, Senior Vice President and General Manager of Network Security at Palo Alto Networks, “SASE is no longer just a concept; it’s now an essential strategy for enterprises looking to secure their networks while providing seamless access to a distributed workforce.”

The integration of AI into SASE has further amplified its potential, allowing organizations to automate complex security tasks and deliver faster, more reliable network performance. “AI-powered SASE is about more than just combining networking and security,” Oswal explains. “It’s about using AI to predict and prevent threats in real-time, optimize application performance, and provide a seamless experience for users, regardless of where they are.”

The AI Advantage: Enhancing Security and Efficiency

One of the key benefits of integrating AI with SASE is the ability to enhance security through automation and real-time threat detection. As cybersecurity threats become more sophisticated, traditional security measures are often inadequate. AI can analyze vast amounts of data in real-time, identifying patterns that could indicate a security breach before it occurs. This proactive approach is critical in an era where cyberattacks are increasingly common and costly.

Mignona Cote, Senior Vice President and Chief Security Officer at NetApp, emphasizes the importance of AI in modern cybersecurity strategies. “AI allows us to stay ahead of the curve by automating threat detection and response. In the context of SASE, AI not only improves security but also reduces the time and resources required to manage security operations,” she says.

Palo Alto Networks’ AI-powered SASE platform, Prisma SASE, exemplifies this approach. The platform offers a 50% reduction in data breach risk, a 107% average return on investment, and a 75% improvement in operational efficiency. These metrics underscore the transformative impact that AI can have on IT security and operations.

Transforming the IT Experience: From User to Administrator

AI-powered SASE is also revolutionizing the IT experience for both end-users and administrators. For end-users, the technology ensures a seamless and secure connection to applications, regardless of their location or device. This is particularly important in a hybrid work environment, where employees need to access corporate resources from various locations and devices.

“One of the most significant challenges in today’s IT environment is managing the myriad of devices that employees use,” explains Unnikrishnan KP, Chief Marketing Officer at Palo Alto Networks. “AI-powered SASE makes it easier to manage BYOD (Bring Your Own Device) policies and ensures that unmanaged devices do not become a security liability.”

For IT administrators, AI-powered SASE simplifies the management of complex networks and security policies. The technology enables centralized management, where policies can be applied consistently across all users and devices, reducing the potential for human error. Additionally, AI can automate routine tasks such as software updates and security patches, freeing up IT staff to focus on more strategic initiatives.

Anupam Upadhyaya, Vice President of Product Management at Palo Alto Networks, highlights the operational benefits of AI in SASE. “With AI, we’re able to automate many of the repetitive tasks that bog down IT teams. This not only improves efficiency but also reduces the risk of errors that can lead to security vulnerabilities,” he notes.

Real-World Applications: Customer Success Stories

The true value of AI-powered SASE becomes evident when examining real-world use cases. During SASE Converge 2024, Palo Alto Networks will present several customer success stories that demonstrate how organizations are leveraging the technology to enhance their IT and security operations.

One notable example is a global financial services firm that implemented Prisma SASE to manage its distributed workforce. The firm faced challenges with securing sensitive financial data while providing employees with fast, reliable access to applications. By adopting AI-powered SASE, the company was able to reduce its data breach risk by 60%, improve application performance, and achieve a 120% return on investment within the first year.

Another case study involves a multinational manufacturing company that used AI-powered SASE to streamline its IT operations. The company’s IT infrastructure was complex, with multiple legacy systems and a large number of remote workers. By implementing AI-powered SASE, the company was able to reduce its operational costs by 30% and significantly improve the user experience for its employees.

These examples illustrate how AI-powered SASE is not just a theoretical concept but a practical solution that delivers measurable benefits. As more organizations adopt this technology, its impact on the IT landscape is expected to grow.

The Future of SASE: What Lies Ahead

As SASE continues to evolve, the integration of AI will play an increasingly important role in shaping its future. Ofer Ben Noon, SASE Chief Technology Officer and Vice President of Prisma Access Browser GTM at Palo Alto Networks, envisions a future where AI-powered SASE becomes the standard for enterprise IT infrastructure. “We’re only scratching the surface of what’s possible with AI and SASE. As AI technology advances, we’ll see even more sophisticated use cases, from predictive analytics to fully autonomous networks,” he predicts.

Looking ahead, the convergence of AI, networking, and security within the SASE framework will likely lead to new innovations that further enhance the capabilities of IT organizations. These advancements will be crucial as businesses continue to navigate the challenges of digital transformation and the growing demands of a hybrid workforce.

Embracing the AI-Powered SASE Revolution

The integration of AI with SASE represents a significant shift in how organizations approach IT and security. By combining the strengths of AI with the flexibility of SASE, businesses can achieve a level of security, efficiency, and user experience that was previously unattainable.

As organizations prepare for the future, the adoption of AI-powered SASE will become increasingly essential. “The time to embrace AI-powered SASE is now,” says Swapna Bapat, Vice President of Product Management at Palo Alto Networks. “Those who do will be well-positioned to lead in the digital age, while those who don’t risk falling behind.”

SASE Converge 2024 will provide attendees with the knowledge and insights they need to harness the full potential of AI-powered SASE. From understanding the latest innovations to exploring real-world applications, the event promises to be a valuable resource for anyone involved in IT and security. As the industry moves forward, one thing is clear: AI-powered SASE is not just transforming IT—it’s redefining the future of enterprise technology.

]]>
607333
How AI is Transforming Enterprise Networking and Security https://www.webpronews.com/how-ai-is-transforming-enterprise-networking-and-security/ Mon, 02 Sep 2024 20:29:13 +0000 https://www.webpronews.com/?p=607289 Integrating Artificial Intelligence (AI) into enterprise networking and security is not just an option—it’s becoming necessary. The advent of AI, particularly in generative AI, has sparked what some experts call a “seminal transformational event” for enterprises worldwide. This transformation isn’t just about adopting new technologies; it’s about rethinking the foundations of how businesses operate, secure, and scale their networks.

The Evolution of AI in Enterprises: From Operations to Business Innovation

Shailesh Shukla, CEO of Aryaka, offers a comprehensive view of AI’s journey within the enterprise. He outlines a three-phase model of AI adoption that enterprises typically follow:

  1. Operational Efficiency: In the initial phase, enterprises leverage AI to automate repetitive tasks, driving operational efficiency across the board. AI tools streamline processes, reduce human error, and improve the organization’s overall productivity.
  2. Infrastructure Enhancement: The second phase involves integrating AI with large language models (LLMs) and linking them to domain-specific information within the company. This stage marks the rise of Retrieval-Augmented Generation (RAG), where AI not only accesses vast amounts of global information but also tailors it to meet the enterprise’s specific needs.
  3. Business Transformation: The real magic happens in the final phase—new business models emerge powered by AI. This phase is characterized by the development of innovative products and services that were previously unimaginable, thanks to the combined power of AI, RAG, and global infrastructure.

Shukla emphasizes that Aryaka, as a leader in networking and security, plays a critical role in each of these phases. “Networking and security have a very significant role to play in both the evolution and adoption of AI, as well as in using AI within the industry itself,” he explains.

AI and Enterprise Networking: A Symbiotic Relationship

One key area where AI is making a profound impact is enterprise networking. As organizations increasingly rely on AI-driven applications, a robust, scalable, and secure network infrastructure becomes paramount. Aryaka’s offerings, such as AI Perform, AI Secure, and AI Observe, are designed to address these challenges head-on.

Global Access and Performance: AI-driven applications require seamless global access, particularly those that rely on GPU-as-a-service or AI-as-a-service. Aryaka focuses on providing this access with high performance and resilience, ensuring that enterprise users can connect to AI services anywhere in the world without compromising on speed or security.

Security and Threat Detection: Security is another area where AI is making significant strides. Traditional security measures are no longer sufficient to combat the sophisticated threats posed by modern cybercriminals. AI enhances security by improving threat detection capabilities, enabling organizations to identify and neutralize threats before they can cause harm. As Shukla notes, “With the ability to look at a large number of variables and determine where there might be a threat, AI enables advanced threat hunting and detection.”

Knowledge Loss Prevention: Shukla introduced a novel concept, “knowledge loss prevention.” In an era where AI systems have access to vast amounts of enterprise data, protecting this knowledge from being leaked or misused is crucial. Aryaka is developing solutions to safeguard sensitive information, particularly against emerging threats like prompt injection attacks, which exploit vulnerabilities in AI systems to extract confidential data.

AI in Security: Beyond Traditional Measures

The traditional approach to security in enterprises has been reactive, relying heavily on predefined rules and manual monitoring. AI, however, is shifting this paradigm towards a more proactive and predictive model.

AI-Driven Access Control: One significant advancement in security is AI-driven access control. Integrating AI with legacy systems like Cloud Access Security Brokers (CASBs), Aryaka enhances user authentication and access management, ensuring that only authorized personnel can access sensitive AI applications. This approach not only strengthens security but also simplifies user permissions management across the enterprise.

Threat Hunting and Anomaly Detection: AI analyzes vast datasets in real time, making it an invaluable tool for threat hunting. By continuously monitoring network traffic and user behavior, AI can detect anomalies that might indicate a security breach. This capability allows enterprises to respond to threats more quickly and effectively.

The Future of AI in Enterprise Networking and Security

As AI evolves, its role in enterprise networking and security will grow more critical. Aryaka’s vision for the future includes expanding its AI offerings to cover all aspects of networking and security, from performance optimization to advanced threat detection and knowledge protection.

“Over time, just as we have unified networking and security into a comprehensive service with our SASE [Secure Access Service Edge] offerings, we aim to do the same for AI on a global scale,” Shukla explains. Aryaka’s AI Perform, AI Secure, and AI Observe are just beginning this journey, promising to deliver a new level of efficiency, security, and innovation to enterprises worldwide.

AI is not just another tool in the enterprise toolkit—it’s a transformative force reshaping how organizations approach networking and security. Companies that successfully integrate AI into their operations, infrastructure, and business models will generate a higher percentage of positive security outcomes as they focus on new security challenges.

]]>
607289
Delta CEO Blasts Tech Giants: $500 Million Lost in CrowdStrike-Microsoft Outage Chaos https://www.webpronews.com/delta-ceo-blasts-tech-giants-500-million-lost-in-crowdstrike-microsoft-outage-chaos/ Thu, 01 Aug 2024 16:20:49 +0000 https://www.webpronews.com/?p=606105 In an exclusive interview with CNBC’s ‘Squawk Box,’ Delta Air Lines CEO Ed Bastian revealed the significant fallout from the CrowdStrike-Microsoft outage earlier this month, which cost the airline industry leader half a billion dollars in just five days. The extensive disruption led to thousands of flight cancellations and operational chaos, particularly affecting Delta as the official airline for Team USA during the Olympic Games in Paris.

A Challenging Recovery

“Everything, except for Joe’s ability to enter the app, is back working, and we have been up for over a week,” Bastian said. He acknowledged the unprecedented nature of the outage, emphasizing, “Over the last seven days, we had less than 100 cancellations in aggregate. We brought so many of the production crews and the athletes over, and it was just a really, really tough situation.”

Reflecting on the immediate response, Bastian noted, “We did everything we could to take care of our customers over that time frame. We provided compensation, arranged hotels, and ensured that our passengers were as comfortable as possible despite the circumstances.”

Lessons Learned

Bastian was candid about the lessons learned from the incident. “People wonder how this could happen if we have redundancies. We built hundreds of millions of dollars in redundancies. The issue is with Microsoft and CrowdStrike, and we are heavily invested in both,” he explained. “We got hit the hardest in terms of recovery capability.”

He elaborated on the challenges of relying on leading tech competitors who don’t always align their systems effectively. “Microsoft and CrowdStrike are the top two competitors in cybersecurity. They don’t necessarily partner at the level we need them to,” Bastian said. “This is a call to the industry. Everyone talks about making sure big tech is responsible. Well, guys, this cost us half a billion dollars.”

Legal Repercussions

Bastian confirmed that Delta is considering its options when asked about potential legal actions. “We have no choice,” he stated. “Over five days, between lost revenue and the tens of millions of dollars per day in compensation and hotels, we did everything we could to take care of our customers. We have to protect our shareholders, our customers, and our employees from the damage.”

Regarding possible lawsuits, Bastian expressed frustration with the tech companies’ response. “Do you really want to know what they offered us? Nothing. Free consulting advice to help us. Exactly,” he said. “We have to ensure that this doesn’t happen again and that our stakeholders are compensated for the losses.”

Reassessing Technology Partnerships

The outage has prompted Delta to reconsider its technology partnerships. “It has been a wake-up call for me,” Bastian admitted. “We thought we had the best setup between Microsoft and CrowdStrike, but they are integrated, which caused a lot of the slowdown. We had 40,000 servers that we had to touch and reset, and it didn’t all come back on the way they left.”

He pointed out the broader issue within the tech industry, where companies often prioritize growth over exceptional service. “The question is, is the priority growing the business or delivering exceptional service to their existing customer base? They have not delivered exceptional service,” Bastian emphasized. “It’s not just CrowdStrike and Microsoft. It’s other names as well.”

Bastian also hinted at potential changes in their IT strategy. “We have to rethink how we fortify our systems. We may need to decouple some of these integrated solutions and look for more reliable alternatives,” he said. “Microsoft has our business, but they need to fortify their current offerings while building the future.”

Industry-Wide Implications

The incident has broader implications for the airline industry and its reliance on technology. “This outage is a wake-up call not just for Delta but for the entire industry. We need to ensure that our tech partners are held accountable and that their systems are resilient,” Bastian stated.

He also highlighted the need for better collaboration between tech companies. “We need these tech giants to work together more effectively. Our operations are mission-critical, and we can’t afford these kinds of disruptions,” he said.

Enhancing Customer Experience

Despite the setback, Delta remains committed to enhancing its customer experience. “The challenges in our industry have historically been seen as a commodity,” Bastian said. “Delta has looked to differentiate its people, its service, and the quality of what we deliver. The only way we can do that is by leading with our front foot on premium and having a higher-end opportunity for people to buy up.”

Discussing Delta’s premium offerings, Bastian said, “Our Delta One experience, which I had the opportunity to go through at JFK, is an example of how we aim to provide a superior experience. It’s not just about what’s on the plane but also the services and amenities we offer at every touchpoint.”

Seeking Fair Compensation

As Delta navigates the aftermath of the CrowdStrike-Microsoft outage, its leadership is focused on learning from the incident and strengthening its technological resilience. The experience underscores the critical importance of robust, reliable IT systems in maintaining seamless operations and customer trust in the aviation industry.

Bastian concluded, “We’re not looking to wipe out these companies, but we are looking for fair compensation and assurances that this won’t happen again. Our commitment is to our passengers, our employees, and our stakeholders. We will continue to push for the highest standards in all aspects of our operations.”

In a rapidly evolving digital landscape, Delta’s response to this crisis may set a precedent for how airlines and other industries approach cybersecurity and technology partnerships in the future.

]]>
606105
One-Third of Organizations Struggle With Data Loss Prevention Systems https://www.webpronews.com/one-third-of-organizations-struggle-with-data-loss-prevention-systems-2/ Tue, 02 Jul 2024 01:58:08 +0000 https://www.webpronews.com/?p=522427 The Cloud Security Alliance (CSA) has bad news for the industry, saying that nearly one-third of organizations struggle with data loss prevention (DLP) systems.

The CSA is an organization dedicated to helping secure cloud computing. A survey the organization conducted with Netskope found that DLP solutions are a critical component used in cloud security.

Unfortunately, that’s where the good news ends. While companies are relying on DLP systems, nearly a third struggle to use them effectively.

Among the top challenges cited by organizations are management difficulties (29%), too many false positives (19%), the need for manual version upgrades (18%), and deployment complexity (15%).

“DLP solutions are an integral part of organizations’ data security strategy, but leaders are still struggling with this strategy and the implementation of solutions, especially for how complicated legacy and on-prem based solutions are to manage and maintain,” said Naveen Palavalli, Vice President of Products, Netskope. “These findings highlight the need for a comprehensive and easy-to-use cloud delivered data protection solution that integrates into their existing security controls and is a key tenant of their Zero Trust security strategy.”

Cloud security is increasingly in the spotlight as more and more organizations experience data breaches at a time when the cloud is becoming integral to more companies and industries.

The Biden administration has signaled it is preparing to regulate cloud security in an effort to better protect organizations. If the CSA’s findings are any indication, it looks like the industry could use the help.

]]>
588612
Quantum Cyber Threats Loom: IBM Exec Warns Financial Sector! https://www.webpronews.com/quantum-cyber-threats-loom-ibm-exec-warns-financial-sector/ Fri, 07 Jun 2024 17:34:53 +0000 https://www.webpronews.com/?p=605105 At the 2024 Cyber Security in Financial Services Summit held in London, Zygmunt Lozinski, the Global Lead of Quantum Safe Networks at IBM, shared his insights on the evolving cybersecurity landscape. Speaking with the gravitas befitting a leader in the field, Lozinski discussed the impact of artificial intelligence (AI) and quantum computing on cybersecurity, highlighting their opportunities and challenges.

The Rise of AI in Cyber Attacks

Artificial intelligence and machine learning are becoming increasingly prevalent in cyber attacks, particularly phishing. “If we look at the data from IBM’s X-Force, our proactive security operation, we see the biggest increase in attacks related to identity theft and information stealing,” Lozinski noted. “However, the use of generative AI by cybercriminals has not yet been deployed at scale.” Despite this, Lozinski warned that the potential for AI-driven cyber-attacks is substantial. “Cybercrime is a business like any other. While people are experimenting with generative AI, it hasn’t been widely used. But once it is, it will drastically reduce the time needed to craft phishing attacks from hours to mere minutes.”

Lozinski emphasized the importance of proactive monitoring to anticipate these future threats. “Enterprises should be monitoring for the adoption of generative AI by cybercriminals. Understanding the risk landscape and staying ahead of these developments is crucial,” he said. To aid this effort, IBM and other cybersecurity companies publish annual reports detailing emerging threats and best practices. “Our annual reports provide a comprehensive view of the evolving threat landscape, helping organizations to prepare and respond effectively,” he added.

One of the most alarming prospects of AI in cyber attacks is the ability to create highly convincing deepfakes. Lozinski recounted a case from Hong Kong where deepfake technology was used to deceive an employee into transferring 200 million HKD to a fraudulent account. “This incident shows how sophisticated and dangerous AI-driven attacks can be,” he explained. “Deepfakes and other AI-generated content can be incredibly convincing, making it difficult for individuals to distinguish between legitimate and fraudulent communications.”

The economic efficiency of AI-driven attacks is another concern. “Once cybercriminals master the technology, they will be able to generate phishing attacks much more economically than they can now,” Lozinski stated. “The reduced effort and cost will likely lead to an increase in the frequency and scale of attacks.” This shift necessitates a proactive and informed approach to cybersecurity. “Organizations must invest in advanced monitoring and detection systems to identify and mitigate AI-driven threats before they can cause significant damage,” he advised.

Lozinski also discussed the role of AI in defensive measures. “AI can be a double-edged sword,” he said. “While it poses significant risks, it also offers powerful tools for enhancing cybersecurity defenses.” By leveraging AI for threat detection and response, organizations can improve their ability to identify and neutralize threats quickly. “AI-driven security solutions can analyze vast amounts of data in real-time, identifying patterns and anomalies that may indicate a cyber attack,” he noted.

The rise of AI in cyber attacks represents a significant challenge for the cybersecurity community. As cyber criminals increasingly adopt AI technologies, the need for advanced, AI-driven defense mechanisms becomes more critical. “The threat landscape is evolving rapidly, and we must evolve with it,” Lozinski emphasized. By staying informed and leveraging the power of AI, we can protect our systems and data from the next generation of cyber threats.”

Best Practices for AI-Driven Cybersecurity

Lozinski highlighted several examples of best practices in cybersecurity, particularly within the financial services sector. “Companies that provide cybersecurity platforms and services are embedding AI technology into their products to enhance security,” he explained. This includes using AI for incident monitoring and user behavior monitoring. “AI can help classify millions of daily events such as uninteresting or anomalous, making it easier to identify potential threats.”

One practical application is user anomaly detection. “For instance, if someone logs in from an unexpected location, like Madagascar or Baghdad, AI can flag this as suspicious activity,” Lozinski explained. “Embedding AI into security solutions helps secure operational technology, customer handling systems, and personal information, ensuring these systems are not exploited.”

Lozinski further emphasized integrating AI into security protocols to handle vast data. “In today’s cybersecurity landscape, the volume of data generated is overwhelming. Manual analysis is no longer feasible,” he said. “AI-driven tools can sift through this data at incredible speeds, identifying potential threats that might be missed by human analysts.” This capability enhances detection and improves response times, enabling quicker mitigation of threats.

Another key area AI significantly impacts is the automation of routine security tasks. “By automating tasks such as log analysis and threat intelligence gathering, AI frees up valuable human resources to focus on more complex and strategic issues,” Lozinski noted. This shift makes security teams more proactive and less reactive, enhancing overall security posture. “Automation powered by AI is essential for modern cybersecurity operations, allowing organizations to stay ahead of threats,” he added.

Lozinski also discussed the importance of continuous learning and adaptation in AI-driven cybersecurity systems. “AI models must be regularly updated with new data to remain effective against evolving threats,” he stated. “Continuous learning ensures that AI systems can adapt to new attack patterns and techniques, providing robust protection.” He advised organizations to invest in systems that support ongoing learning and improvement. “Your AI tools should evolve alongside the threat landscape, ensuring they remain relevant and effective,” he emphasized.

In addition to technical measures, Lozinski highlighted the need for a strong cybersecurity culture within organizations. “Technology alone cannot solve all cybersecurity challenges,” he said. “It is crucial to cultivate a culture of security awareness and vigilance among employees.” Training and educating staff about potential threats and best practices can significantly reduce the risk of breaches. “Employees are often the first line of defense, and their awareness and actions are critical in preventing cyber incidents,” he noted.

Lozinski also underscored the importance of collaboration and information sharing among organizations. “Cybersecurity is a collective effort. No single entity can combat these threats alone,” he explained. Sharing threat intelligence and best practices can enhance the security posture of the entire industry. “Collaboration between companies, industries, and governments is essential for creating a resilient cybersecurity ecosystem,” he concluded.

In summary, integrating AI into cybersecurity practices offers significant advantages in detecting, responding to, and mitigating threats. By leveraging AI technologies, automating routine tasks, fostering a culture of security awareness, and encouraging collaboration, organizations can enhance their defenses against the ever-evolving cyber threat landscape. “The future of cybersecurity lies in the intelligent application of AI and the collective efforts of the global cybersecurity community,” Lozinski affirmed.

Preparing for Quantum Computing

Turning to his area of expertise, Lozinski discussed the implications of quantum computing on cybersecurity. “Quantum computing poses a significant risk to current cryptographic methods,” he said. “With a powerful enough quantum computer, it would be possible to break the encryption that secures our identity management, private data, and software integrity.” This potential threat necessitates a proactive approach to updating cryptographic standards and practices.

To mitigate this risk, a global effort led by the National Institute of Standards and Technology (NIST) is underway to develop new cryptographic algorithms that are secure against both classical and quantum computers. “We have the task of updating the cryptography used in core banking systems, payment terminals, and other critical infrastructure to be quantum safe,” Lozinski explained. “This process has already started, with new standards being developed and tested to ensure they can withstand the power of quantum computing.”

Lozinski emphasized the importance of early adoption and planning. “The federal government in the U.S. has set a timeline for updating cryptographic systems by 2035, and it’s essential that organizations start preparing now,” he said. “Updating cryptographic infrastructure is a multi-year task that involves overhauling everything from network protocols to software applications.” He urged organizations to transition as soon as possible to avoid future vulnerabilities. “Starting early allows for a smoother transition and ensures that all systems are updated before quantum computing becomes a widespread reality,” he added.

The financial sector, in particular, is taking significant steps to prepare for the quantum era. “The Bank of International Settlements has conducted pilots to secure interbank payments, and other central banks are following suit,” Lozinski noted. “These initiatives are crucial for ensuring that financial transactions remain secure as quantum computing advances.” He also mentioned that the Financial Conduct Authority and other regulatory bodies are guiding to help institutions navigate this complex transition. “Regulatory support is key in driving industry-wide adoption of quantum-safe technologies,” he stated.

In addition to updating cryptographic algorithms, Lozinski highlighted the need for a holistic approach to quantum safety. “It’s not just about changing the algorithms; it’s about ensuring the entire ecosystem is quantum resilient,” he said. This includes securing data in transit, at rest, and during processing. “Organizations must consider all aspects of their IT infrastructure and how quantum computing could compromise their security,” he emphasized.

Lozinski also addressed the timeline for quantum computing’s impact on cybersecurity. “While we are confident that useful quantum computing for applications like chemistry and material science will arrive before cryptographically relevant quantum computers, the latter is still a significant concern,” he said. “Planning and preparing now is the best course of action.” He reassured that the roadmap laid out by IBM and other industry leaders is designed to keep pace with the development of quantum technology. “We are closely monitoring advancements and continuously updating our strategies to ensure we stay ahead of the curve,” he added.

In conclusion, preparing for the advent of quantum computing requires a comprehensive and proactive approach. By updating cryptographic standards, engaging in industry-wide collaborations, and adopting a holistic view of quantum safety, organizations can safeguard their systems against future threats. “Quantum computing will revolutionize many fields, but it also poses new challenges for cybersecurity,” Lozinski concluded. “By starting now and planning meticulously, we can ensure that our systems remain secure in the quantum era.” This forward-thinking approach will be critical in maintaining the integrity and security of digital infrastructures worldwide.

]]>
605105
Rubrik’s Potential IPO: A Look at the Moves and Market Expectations https://www.webpronews.com/rubriks-potential-ipo-a-look-at-the-moves-and-market-expectations/ Mon, 01 Apr 2024 19:18:36 +0000 https://www.webpronews.com/?p=602549 As the landscape of initial public offerings (IPOs) continues to evolve amidst shifting market conditions, all eyes are on Rubrik, a cloud data security company, as it gears up for a potential listing. With speculation swirling and anticipation building, analysts and investors alike are eager to glean insights into the company’s trajectory and the broader implications for the IPO market.

According to Bloomberg, recent discussions surrounding Rubrik’s IPO have sparked considerable interest, with analysts dissecting the company’s moves and market expectations. In a recent conversation, industry experts delved into the nuances of Rubrik’s impending debut and the factors shaping investor sentiment.

Amidst fluctuating market dynamics, Rubrik’s IPO plans have been subject to speculation and scrutiny. “We reported last September that the company was planning to raise around $700 million,” noted one industry insider. However, the evolving market landscape has prompted a reevaluation of these projections, with recent developments such as Estara and Reddit’s IPOs serving as litmus tests for investor appetite.

Notably, Rubrik’s unique profile sets it apart from recent IPO darlings. It offers a glimpse into the intersection of cloud data security and market demand. Backed by industry giants like Microsoft, Rubrik occupies a pivotal position within the burgeoning cybersecurity sector, poised to capitalize on growing demand for cloud-based solutions.

Yet, amidst mounting anticipation, questions about Rubrik’s valuation and investor sentiment linger. “Valuation is a little bit up in the air right now,” remarked an industry expert. While past investments provide insight into Rubrik’s potential worth, market conditions and investor appetite remain fluid, shaping the company’s trajectory leading up to its IPO.

Moreover, Rubrik’s listing represents a pivotal moment for employees and investors, offering a long-awaited liquidity event for those involved in the company’s journey. With prominent backers like Bain Capital Ventures and Coastal Ventures, Rubrik’s IPO has far-reaching implications for the venture capital community and signals a potential windfall for early investors.

As the countdown to Rubrik’s IPO continues, industry observers remain vigilant, parsing through market trends and company disclosures for clues about the company’s future trajectory. Against recent IPO successes, Rubrik’s debut promises to be a bellwether for the broader IPO market, offering insights into investor sentiment and appetite for high-growth tech companies.

In the weeks ahead, all eyes will be on Rubrik as it navigates the IPO process, offering a glimpse into the intersection of technology, finance, and market dynamics. As the company prepares to enter the spotlight, the stakes are high, with implications extending far beyond its corporate borders.

]]>
602549
Securing Unmanaged Devices: The Next Frontier in Cybersecurity https://www.webpronews.com/securing-unmanaged-devices-the-next-frontier-in-cybersecurity/ Sat, 16 Mar 2024 16:51:12 +0000 https://www.webpronews.com/?p=601654 In an exclusive interview from CXOTalk, Michael Krigsman spoke with Anand Oswal, the visionary leader of Palo Alto Networks’ network security business,  who delved into the critical importance of securing unmanaged devices in today’s digital landscape.

“Palo Alto Networks is dedicated to making every day more secure than the last,” Oswal emphasized. “My role is to ensure that users, applications, and data remain consistently protected across all control points.”

Oswal highlighted the pressing need to address the security risks posed by personal laptops and phones accessing corporate applications and data. “Over 50% of devices accessing corporate resources are unmanaged,” Oswal revealed. “And the consequences are dire, with about 90% of successful malware originating from such devices.”

Oswal recalled a chilling incident: “Attackers infiltrated a company’s network through a site reliability engineer’s personal laptop, leading to a data breach facilitated by unmanaged device access.”

“To address this growing problem,” Oswal introduced the concept of enterprise browsers, a revolutionary solution identified by Gartner as a crucial emerging category. “By 2030, enterprise browsers will become the primary platform for secure access from unmanaged devices,” he stated.

“The adoption of enterprise browsers is driven by the need to balance security with productivity,” Oswal explained. “Enterprise browsers offer a seamless and cost-effective solution, providing robust security without compromising user experience.”

The acquisition of Talon, a leading enterprise browser company, further strengthens Palo Alto Networks’ position in the cybersecurity landscape. “Talon’s technology brings additional layers of security to browser workspaces, protecting against advanced threats like phishing and keylogging,” Oswal emphasized.

“Educating organizations about the risks associated with unmanaged devices is paramount,” Oswal emphasized. “Awareness and proactive measures are essential to mitigate the majority of data breaches occurring through applications and email accessed via browsers.”

“In conclusion,” Oswal stressed, “Holistic security across all devices, managed and unmanaged alike, is crucial. By adopting enterprise browsers and leveraging cutting-edge technologies, organizations can fortify their defenses and stay ahead of evolving cyber threats.”

As cybersecurity threats continue to evolve, the conversation with Anand Oswal serves as a timely reminder of the urgent need to secure unmanaged devices and safeguard critical assets in an increasingly digital world.

]]>
601654
Cisco Simplifies Legacy System Connectivity with New Docker-Based Solutions https://www.webpronews.com/cisco-simplifies-legacy-system-connectivity-with-new-docker-based-solutions/ Sun, 10 Mar 2024 12:05:30 +0000 https://www.webpronews.com/?p=601189 In a bid to streamline connectivity for legacy systems, Cisco has unveiled innovative solutions aimed at easing the installation process of secure device connectors (SDCs) and secure events connectors (SECs) on Ubuntu systems. Aaron Hackney, Product Owner for Cisco Defense Orchestrator, demonstrated the simplicity of the process in a recent video.

Legacy systems like the ASA and iOS devices often struggle with cloud connectivity or integration with Cisco Defense Orchestrator (CDO). Traditionally, users would download a VMware image to install SDCs and SECs. However, recognizing the need for flexibility, Cisco has introduced Docker-based solutions that can be deployed on Ubuntu systems, whether bare-metal or virtual.

Hackney emphasized that the SDC and SEC are essentially Docker containers, making the VMware image merely a vehicle to bring Docker to the table. The provided scripts simplify the deployment process, particularly for Ubuntu 20.04 and 22.04 distributions, catering to both virtual and physical systems.

The installation process involves cloning the CDO deploy SDC repository from GitHub and executing the provided scripts. The “install Docker” script ensures the installation of the recommended Docker Community Edition, seamlessly handling the necessary dependencies and user permissions.

Once Docker is installed, deploying an SDC is a matter of executing the “deploy SDC” script with the bootstrap data provided during SDC creation in CDO. The script automates the retrieval and setup of Docker images tailored to the user’s CDO tenant, ensuring a smooth onboarding process.

Similarly, deploying an SEC is a breeze with the provided Docker container. Users can simply copy the SEC bootstrap data from CDO, execute the “SEC Dosh” script, and follow the prompts to initiate the onboarding process. The SEC container is up and running within minutes, ready to handle syslog and NetFlow data from ASA devices.

Hackney concluded the demonstration by highlighting the process’s simplicity and efficiency, empowering users to connect legacy systems easily. By leveraging Docker containers and streamlined deployment scripts, Cisco is ushering in a new era of connectivity for Ubuntu users, virtual or physical.

With these user-friendly solutions, Cisco is poised to enhance the accessibility and effectiveness of its defense orchestrator platform, paving the way for seamless integration and management of diverse network environments.

]]>
601189
Google Cloud Fixes Kubernetes Security Flaw https://www.webpronews.com/google-cloud-fixes-kubernetes-security-flaw/ Tue, 05 Mar 2024 00:46:16 +0000 https://www.webpronews.com/?p=600276 Google Cloud has fixed a flaw impacting Kubernetes that could allow an attacker to escalate their privileges.

According to TheHackerNews, Palo Alto Networks Unit 42 discovered the flaw and reported it via Google’s Vulnerability Reward Program. Google detailed the issue in a security bulletin:

An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to escalate privileges in the cluster. The issues with Fluent Bit and Anthos Service Mesh have been mitigated and fixes are now available. These vulnerabilities are not exploitable on their own in GKE and require an initial compromise. We are not aware of any instances of exploitation of these vulnerabilities.

Google recommends manually upgrading GKE to ensure customers are running the patched version:

The following versions of GKE have been updated with code to fix these vulnerabilities in Fluent Bit and for users of managed Anthos Service Mesh. For security purposes, even if you have node auto-upgrade enabled, we recommend that you manually upgrade your cluster and node pools to one of the following GKE versions or later:

  • 1.25.16-gke.1020000
  • 1.26.10-gke.1235000
  • 1.27.7-gke.1293000
  • 1.28.4-gke.1083000
]]>
600276
The Growing Importance of Supply Chain Visibility (SCV) in Ecommerce https://www.webpronews.com/supply-chain-visibility-2/ Mon, 04 Mar 2024 13:49:45 +0000 https://www.webpronews.com/?p=521176 Supply chain visibility (SCV) is the ability to track and monitor a product or shipment from its origin to its destination. This allows businesses to stay informed on their shipments’ progress, anticipate delays, and make adjustments if needed.

With eCommerce growth continuing at an exponential rate, supply chain visibility has become increasingly important for companies looking to remain competitive in today’s digital marketplace. Not only do businesses need to meet customer demands for fast delivery times, but they also need to manage costs, minimize losses, and ensure security. 

Be that as it may, only 65% of companies are able to report full visibility across their supply chains, and 43% of small businesses are not tracking inventory levels at all. With economic uncertainty on the horizon and customer expectations at an all-time high, now is the time to invest in supply chain visibility so you don’t find yourself falling behind while your competition sails away with their loyal customers.

Benefits of Supply Chain Visibility for Ecommerce Businesses

There are a multitude of benefits to be realized through the implementation of supply chain visibility in eCommerce. These include:

Improved customer satisfaction and loyalty

The more visibility you have into your own supply chain, the better equipped you are to anticipate customer needs and deliver products in a timely manner. With improved visibility, eCommerce businesses can increase customer satisfaction by reducing their response times, improving delivery accuracy, and providing customers with real-time updates about the status of their orders. This helps foster greater loyalty from customers, which in turn increases the likelihood of repeat business.

Reduced costs associated with inventory management

“Knowing inventory costs is extremely important because they affect the majority of decisions one makes as a retailer,” explains Abir Syed, co-founder of UpCounting, an eCommerce accounting firm.

Unsurprisingly, inventory management is the single largest expense for eCommerce businesses. For every dollar a US retailer generates through revenue, they have $1.35 tied up in inventory. As such, being able to accurately track and monitor inventory levels is essential for minimizing losses and maximizing efficiency.

By leveraging supply chain visibility technology, businesses can reduce the amount of inventory they need to keep in stock and their associated costs. This can be achieved through better forecasting and planning, more precise order fulfillment processes, and improved inventory accuracy.

Increased efficiency and speed of delivery

Knowing where products are throughout their journey allows businesses to better plan and adjust for delays, ensuring customers get their items as quickly as possible. Supply chain visibility also facilitates increased collaboration between all parties involved in the delivery process, allowing for a transparent and overall more efficient supply chain.

Enhanced flexibility and scalability in supply chains

As the demands of customers and markets shift, businesses need to be able to quickly adjust their supply chains accordingly. With supply chain visibility, businesses can quickly adapt to changing conditions, such as unexpected spikes in demand or supply disruptions. This increased flexibility and scalability of the supply chain is essential for businesses to remain competitive and responsive. This scalability also benefits businesses as they grow and expand into new markets. 

Increased control over returns management 

Returns are an unavoidable part of eCommerce and managing them can be difficult. Supply chain visibility gives businesses the ability to track a returned item as it moves through the supply chain and make adjustments to minimize losses. This includes tracking returned items on their journey back to the supplier, identifying potential issues and quickly resolving any discrepancies.

Challenges of Implementing Supply Chain Visibility

While the benefits of supply chain visibility are clear, there are still some challenges associated with its implementation. These include:

Establishing and maintaining relationships with suppliers

Before any supply chain visibility technology can be deployed, businesses need to build relationships with their suppliers. This requires open communication and collaboration between all parties involved, as well as a certain level of trust.

“When it comes to choosing partners, it’s wise to do some research to ensure the best deal possible while emphasizing transparency and flexibility. This is invaluable during times of frequent supply chain disruption,” explains Roei Yellin, Co-Founder & Chief Revenue Officer of 8fig, a planning and funding platform for eCommerce companies. 

“Sellers shouldn’t be afraid to negotiate for a better deal and they should make sure that communication is open and honest. This is true of suppliers, 3PLs (third-party logistics providers) and any other partners brought in to help manage the supply chain,” concludes Yellin.

Complexity of the supply chain and data formats

Securing buy-in from all parties and managing the data exchange between different organizations is challenging. Not only do various supply chain participants have differing needs and processes, they also use different systems. Unifying these systems and ensuring harmonious data exchange can be difficult.

To overcome this, businesses need to create a single source of truth that all supply chain participants can work from. This means creating common protocols and standards that all parties are comfortable with and can adhere to, and potentially leveraging a third-party solution to manage the data exchange.

Costs associated with technology and infrastructure

The technology and infrastructure required for supply chain visibility can be costly. Businesses need to invest in the right hardware, software, and people to ensure that the system is secure and effective.

Fortunately, there are solutions to this issue. RFID and code-based tracking solutions, in particular, are relatively inexpensive and easy to implement. Companies such as Scurri allow you to easily create a single bar code for all carriers, as well as a reporting dashboard that gives you full control over your operations with actionable insights. 

Cybersecurity concerns

Data is the lifeblood of supply chain visibility and ensuring its security is paramount. However, supply chains are coming under increasing attack from hackers and malicious actors, making them vulnerable to data theft and manipulation.

In fact, 97% of organizations say they have experienced the negative consequences of a supply chain cyber breach within their operations, demonstrating just how prevalent these attacks have become.

As such, businesses need to ensure that they have the appropriate protocols in place to protect their data from cyber-attacks. This includes using secure networks and encryption, as well as regularly auditing system access and usage. Multichannel cyber security solutions, such as VMware, can also be of great help in mitigating cyber risks.

Conclusion

Supply chain visibility is becoming increasingly important in today’s volatile and highly competitive marketplace. However, if businesses are to reap the full benefits of a visible supply chain, they must first overcome the various challenges associated with implementation.

Ultimately, with careful planning, a comprehensive approach to risk management, and the right technology in place, businesses can ensure that their supply chain visibility efforts are successful and that they remain agile and competitive in the long run. 

]]>
588692
7 Key Software Trends Shaping the Future of Technology https://www.webpronews.com/software-trends-future-of-technolog/ Mon, 19 Feb 2024 16:41:23 +0000 https://www.webpronews.com/?p=600197 Capitalizing on new technologies is crucial to remaining competitive as a business. In today’s digital world, that means staying current on the latest software trends, as these shape much of the most impactful modern tech.

Software development, like most tech sectors, is rapidly evolving. To help keep up with the growing pace of innovation, here are seven key trends business owners and tech leaders must know.

1. AI-Assisted Programming

Generative AI — made famous by tools like ChatGPT — was undoubtedly the defining technology of the past year. It’ll also be one of the most significant in the years to come.

While generative AI’s natural language and image-producing capabilities often take the spotlight, its coding ability is more practical in software development. As these tools improve, more devs will likely use them to automate repetitive programming tasks like writing basic scripts or checking code.

AI-assisted programming can free hours in devs’ schedules and reduce errors for more polished final products. As tech talent gaps grow more severe, businesses can’t afford to overlook that potential. Tech teams should consider how they can integrate generative AI into their workflows — and, more importantly, learn to check its results to use it effectively and ethically.

2. Growing Cybersecurity Concerns

The growing need for better cybersecurity is an older but still relevant software trend. While businesses have become more aware of cybersecurity concerns, cybercrime hasn’t gone away, so improved protections are imperative.

Dev teams must embrace security early in the design phase instead of applying it as an afterthought. Cybercriminals are also starting to leverage AI, so businesses must respond with AI-guided protections and testing against these more sophisticated attacks.

Security throughout the software supply chain is also coming into focus. With third-party breaches rising and merger activity tripling in some industries, addressing partner vulnerabilities is more important than ever. Businesses must perform thorough due diligence and limit other parties’ access privileges across the software supply chain.

3. Low-Code and No-Code Development

Today, virtually every company is a tech business to some extent. This shift has created skyrocketing demand for tech talent across all sectors, leaving many organizations with IT worker shortages. In response, the industry is leaning toward low-code and no-code development processes.

Plug-and-play development interfaces — especially for websites and mobile apps — have become increasingly common. Capitalizing on these tools is essential in remaining productive despite a competitive programming labor landscape.

Businesses with plenty of coding talent have a unique opportunity amid this trend. If these teams can develop low-code and no-code technologies for other organizations, they could profit heavily from this growing market.

4. DevSecOps

Another key software trend is a shift toward DevSecOps development cycles. This practice builds on the rapid, highly collaborative DevOps philosophy by adding security teams into the mix from the first stages.

DevSecOps addresses two significant concerns in modern software. First, it enables continuous improvement and higher functionality by emphasizing teamwork and ongoing reviews to create the best product possible quickly. Secondly, it ensures security by design by involving cybersecurity experts throughout the entire dev process.

Because DevSecOps is so rapid and intensive, learning to use it will require adjustment. Teams must experiment with it now to become confident in the practice for future projects. Failing to implement DevSecOps in the coming years will give more agile competitors an advantage.

5. Microservices Architecture

In the pursuit of more functional apps, software development is also trending toward microservices architecture. Conventional, monolithic architecture groups all features in a single service, but microservices break them into smaller, independently running modules.

The primary advantage of this new method is that you can change one feature without affecting the entire program. That segmentation leads to fewer errors and faster update timelines. It also improves scalability and flexibility, which is increasingly crucial as software trends shift more frequently.

Like with DevSecOps, switching to microservices architecture will entail initial disruption. This method may increase organizational complexity, so dev teams must learn to distribute specialized duties while communicating closely. Off-the-shelf containerization tools can also help.

6. Emphasis on UX

As the public uses more digital apps and websites, their expectations about these services are rising. Consequently, user experience (UX) is an increasingly central pursuit for software development teams.

A dedicated app or website is no longer enough to stand out as a business. These services must be highly functional and convenient, or they risk turning users away. Increasing loading times from just one to five seconds increases bounce rates by 90%, so everything must be as responsive as possible.

Good UX starts with optimizing apps and websites to run quickly, even on minimal hardware — and especially on mobile. Apart from these technical considerations, devs must pay close attention to user trends to see what kinds of formats and features they prefer. Ongoing feedback and adjustments are necessary to keep UX optimal amid changing demands.

7. Sustainable Software

Sustainability is a growing trend in many industries, and software is no exception. As the world relies more heavily on software, data centers’ energy consumption has come into the spotlight. Power-hungry innovations like AI and blockchain will make balancing performance and sustainability more challenging yet important.

If dev teams can create more sustainable digital solutions, they’ll stand out from the energy-intensive crowd. As that trend grows, those who don’t adapt may stand apart for the wrong reasons.

Sustainable software relies heavily on designing resource-efficient architectures. The less power an app needs to deliver the same performance, the better. Using renewable-powered data centers to support these services is also important.

Today’s software trends will define the technology of tomorrow. Businesses must stay on top of these developments to adapt to shifting markets. That adaptation will mean some disruption in the near term, but if organizations can tackle it sooner rather than later, they can get ahead of the curve and ensure long-term success.

]]>
600197
Exploring the Latest Trends in Custom Software Development https://www.webpronews.com/trends-in-custom-software-development/ Thu, 15 Feb 2024 14:00:59 +0000 https://www.webpronews.com/?p=600109 The landscape of software technology in 2023 is a vibrant and evolving space, marked by several key trends that are shaping the industry. 

While the United States remains the chief world leader in this field, there are signs that both China and India may soon overtake Uncle Sam in this strategic area. Both countries are sending thousands of students abroad to learn the latest developments in software. And then having them return home to bolster national research and development.

Custom software development, which ranges from advancements in artificial intelligence and machine learning to the growing importance of cybersecurity, are not just influencing how software is developed and deployed, but also how it’s integrating into every aspect of our lives.

The overview

1. Artificial Intelligence and Machine Learning: AI and ML continue to be at the forefront of software technology trends. In 2023, we are seeing these technologies becoming more sophisticated, with increased capabilities in natural language processing, predictive analytics, and automated decision-making. AI is being integrated into a variety of applications, from customer service chatbots to advanced data analytics tools, making processes more efficient and offering new insights.

2. Increased Focus on Cybersecurity: As the digital landscape expands, so does the need for robust cybersecurity measures. In 2023, there’s a heightened emphasis on developing software that’s secure by design. This includes the integration of advanced encryption techniques, regular security updates, and the use of AI for threat detection. Companies are also focusing on educating their employees about cybersecurity to mitigate risks.

3. Cloud Computing and Edge Computing: Cloud computing continues to dominate, but there’s a growing trend towards edge computing. Edge computing involves processing data closer to where it’s generated rather than in a centralized data-processing warehouse, which reduces latency and improves speed. This is particularly important for IoT devices and applications that require real-time processing.

4. The Rise of Quantum Computing: Quantum computing, although still in its nascent stages, is starting to make more substantial strides in 2023. With its potential to process vast amounts of data at unprecedented speeds, it promises to revolutionize areas such as cryptography, materials science, and complex system modeling.

5. Sustainable and Green Software Development: With increasing awareness of environmental issues, there’s a growing trend in developing sustainable and green software. This involves optimizing software for energy efficiency, reducing resource consumption, and considering the environmental impact of development and deployment processes.

6. The Expansion of Blockchain Technology: Beyond cryptocurrencies, blockchain technology is finding applications in various sectors including finance, supply chain management, and healthcare. Its ability to offer secure, transparent, and tamper-proof record-keeping is being leveraged to improve processes and create new business models.

The results 

7. Remote Work and Collaboration Tools: The shift to remote work, accelerated by the COVID-19 pandemic, continues to influence software development in 2023. There’s an increasing demand for collaboration tools that facilitate efficient remote work, including project management software, real-time communication platforms, and virtual workspace solutions.

8. Increased Use of Low-Code and No-Code Platforms: Low-code and no-code platforms are democratizing software development, allowing individuals without extensive programming knowledge to create applications. This trend is empowering more people to develop software, leading to innovation and rapid prototyping.

9. Advancements in Virtual Reality (VR) and Augmented Reality (AR): VR and AR technologies are becoming more sophisticated and accessible, finding applications in training, education, entertainment, and retail. These technologies are not only enhancing user experiences but also creating new avenues for interaction and engagement.

10. Focus on User Experience (UX) Design: There’s a continued emphasis on UX design in software development, with a focus on creating intuitive, user-friendly interfaces. Good UX design is increasingly seen as a critical factor in the success of a software product.

11. Growth of Internet of Things (IoT): IoT technology is expanding rapidly, with more devices being connected to the internet. This trend is leading to the generation of large amounts of data and the need for sophisticated software to analyze and utilize this data effectively.

12. Software for Social Good: There’s a growing trend of developing software aimed at addressing social and global challenges, such as healthcare accessibility, education, and environmental sustainability. This reflects a broader shift towards socially responsible technology development.

Conclusion 

In conclusion, the software technology trends of 2023 reflect a dynamic and rapidly evolving industry. From the integration of AI and ML in various applications to the focus on cybersecurity and sustainable development, these trends are not only shaping the way software is developed but also how it’s transforming businesses and impacting society at large. As we move forward, these trends will likely continue to evolve, offering new challenges and opportunities in the world of software technology.

]]>
600109
Microsoft: ‘Financially Motivated Threat Actors’ Distributing Malware via App Installer https://www.webpronews.com/microsoft-financially-motivated-threat-actors-distributing-malware-via-app-installer/ Fri, 09 Feb 2024 20:39:51 +0000 https://www.webpronews.com/?p=600274 Microsoft is warning that bad actors, including those financially motivated, are using App Installer to distribute malware.

Microsoft Threat Intelligence says bad actors have been using the ms-appinstaller URI scheme (App Installer) to distribute malware since at least mid-November 2023. Microsoft has disabled the protocol handler in an effort to combat its abuse.

The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution. Multiple cybercriminals are also selling a malware kit as a service that abuses the MSIX file format and ms-appinstaller protocol handler. These threat actors distribute signed malicious MSIX application packages using websites accessed through malicious advertisements for legitimate popular software. A second vector of phishing through Microsoft Teams is also in use by Storm-1674.

Threat actors have likely chosen the ms-appinstaller protocol handler vector because it can bypass mechanisms designed to help keep users safe from malware, such as Microsoft Defender SmartScreen and built-in browser warnings for downloads of executable file formats.

The attacks are especially dangerous for Teams users, since the bad actors are spoofing legitimate Microsoft pages.

Since the beginning of December 2023, Microsoft identified instances where Storm-1674 delivered fake landing pages through messages delivered using Teams. The landing pages spoof Microsoft services like OneDrive and SharePoint, as well as other companies. Tenants created by the threat actor are used to create meetings and send chat messages to potential victims using the meeting’s chat functionality.

More information can be found here, including detailed analysis of the attack. In the meantime, Microsoft says organizations should educate Teams users to be able to identify and protect themselves from this exploit.

Educate Microsoft Teams users to verify ‘External’ tagging on communication attempts from external entities, be cautious about what they share, and never share their account information or authorize sign-in requests over chat.

]]>
600274
How To Overcome Data Compliance Issues in Enterprise Environments https://www.webpronews.com/data-compliance-issues/ https://www.webpronews.com/data-compliance-issues/#comments Fri, 09 Feb 2024 19:05:52 +0000 https://www.webpronews.com/?p=599575 All enterprises now know the power that lies in data-driven decision-making. The ability to accurately predict future trends, understand historical data, and act based on pure statistics rather than a hunch has empowered businesses to act smarter, faster, and with more precision. It’s no wonder that, with all these benefits, data has become a resource that all businesses work to capture, process, and extrapolate for their own benefits.

The global big data and analytics market is expanding every year, currently sitting just below $300 billion USD. Yet, just having access to the data architecture that enables you to collect and process data doesn’t mean that a business does so in an efficient or compliant way. Data compliance is one of the leading issues in modern business, with the fast scaling required by some businesses leading them to bad data management habits.

In order to store and utilize huge quantities of data, businesses need to take an active and proactive approach to data compliance. In this article, we’ll dive into the core issues that businesses encounter with compliance and point toward leading strategies to fix them. 

Let’s dive right in.

What Is Data Compliance?

Data compliance is an intersectional field that balances between operational data use and legal requirements. When using data, especially for analytics or business operations, it’s important to establish clear guidelines about how you are using that data and how you protect it. Data privacy, availability, and integrity are all considerations in data compliance.

Another pillar of compliance that is important to recognize is that, depending on the region that your business operates from, you may also have regulatory compliance issues to overcome. For example, Europe has strict privacy laws when it comes to handling customer data, which you must comply with or face fines.

Data compliance protects both your company and your customers, keeping all of your data, your customer data, and your private records safe. As the rising cyber threat continues to focus on the enterprise sector, expert control of data compliance and privacy is more needed than ever before.

How To Streamline Data Compliance

Data compliance may seem staggeringly complex at first glance, but is really only a representation of the very best laws, ideas, and data protection strategies to keep your business safe. As a deeply methodical process, it’s a good idea to get started with data compliance from day one.

There are a number of ways you can streamline data compliance in your organization.

Establish a Workflow

The single biggest factor that will lead to breaches in data compliance is your own employees. If they don’t know how to stay on the side of compliance, you’ve probably not made your processes obvious enough for them.

Be sure to establish a comprehensive workflow of how you should handle data when it enters your business. Create detailed guides about the use and distribution of data that you then teach to all new employees during their onboarding.

Every staff member should understand the importance of data compliance, what it means, and how to use data in a compliant manner.

Audit, Audit, Audit

Even for businesses that already have comprehensive data compliance workflows and frameworks set out, it’s a good idea to audit your business frequently. Not only does a regular audit ensure that all of your processes are being upheld and followed to the correct standard, but it also helps to create a permanent record of your work.

Audit Trails are required by many regulatory bodies, with proof of your regular system audits and the systems logged in the process acting as evidence in this regard. Depending on your geographical location, the specific audit laws you have to work to may vary. Some states in the USA are much more strict than others.

To air on the side of caution, we recommend that you audit your internal processes at least once a year. However, if you’ve experienced a data breach or are incorporating new data technologies, then you should conduct an audit much more frequently. 

Automate Where Possible

Once you have a data governance scheme in place, you’re now in a position to automate much of the initial contact points with data. There are numerous data compliance automation tools and strategies that you can put to use. Not only do these save tremendous amounts of time, especially those that focus on granular data monitoring, but they will also save your business capital in the long run.

There are several areas where you can use automation to streamline the data compliance process:

  • Incident Management – Around 40% of all businesses will experience a data disaster event at least once a year. This staggeringly high figure reminds us that creating an incident management system will allow you to respond to any events much more rapidly.
  • Recovery and Backup – One core area that you can optimize with automation is any recovery and backup processes. When creating a catalog of historical data, it’s always a good idea to create failsafe backup systems. If needed, you can use these backups to resort to an earlier version of your data systems before a compliance breach occured.
  • Schema and Management – Once you have a specific schema of data that you want to collect, you can then create safeguards that flag any data that does not strictly follow this format. Any breaches or inconsistencies will alert a developer, allowing them to take a look at any strange data instead of monitoring every single dataset that you ingest.

The ability to successfully automate aspects of data compliance will only grow in the coming years. With advancements in AI, ML, and other emerging technologies, we’ll be able to spend more time focusing on the mission-critical aspects of compliance and less on the day-to-day monotonous tasks.

Final Thoughts

The importance of the use of data cannot be overstated. As a leading tool that guides us toward better strategies, more effective use of resources, and more precise future planning, data is essential in modern business. Yet, without a comprehensive understanding of data compliance, businesses are unable to make the most of the data they have at their disposal.

By investigating your current data practices, including how you store and interact with data in your cloud data warehouse, businesses will be ready to take a more effective position on data compliance. By utilizing the strategies, examples, and systems we’ve suggested in this article, you’ll be able to construct a rigorous compliance program that secures your data while passing regulations.

]]>
https://www.webpronews.com/data-compliance-issues/feed/ 2 599575
Pioneering Secure Access Service Edge (SASE): A Transformative Frontier in Network Security https://www.webpronews.com/sase-network-security/ https://www.webpronews.com/sase-network-security/#comments Wed, 07 Feb 2024 13:54:28 +0000 https://www.webpronews.com/?p=599375 The ever-evolving digital landscape demands novel and effective solutions to safeguard networks and data. One of the most revolutionary concepts to emerge in recent years is Secure Access Service Edge (SASE). SASE marks a paradigm shift in network security, offering a holistic and adaptable approach to secure remote access, edge computing and data fortification. This article will take an in-depth look at SASE, touching on its fundamental components, its many advantages and its great potential to reshape the future of cybersecurity.

The Essence of SASE

Secure Access Service Edge, affectionately dubbed “SASE,” was introduced by Gartner in 2019 as a forward-thinking concept. This visionary approach heralds a new era in cybersecurity by elegantly harmonizing network security and Wide-Area Networking (WAN) capabilities within a unified cloud-based service. 

The fundamental idea underpinning SASE is the seamless and fortified accessibility of applications and data, transcending device and geographical constraints, all while empowering organizations to navigate the ever-expanding digital frontier with unparalleled confidence.

Key Components of SASE

  1. Cloud-Native Elegance: SASE is ingeniously constructed on a cloud-native architecture, which leverages cloud-based services and infrastructure, thereby facilitating scalability and flexibility. This fluidity empowers organizations to swiftly adapt to changing operational demands.
  2. Software-Defined Wide Area Networking (SD-WAN): SD-WAN is the backbone of SASE, orchestrating network performance optimization by intelligently routing traffic and prioritizing mission-critical applications. This ensures an uninterrupted user experience.
  3. The Zero Trust Citadel: SASE is an ardent adherent of the Zero Trust security model, a radical departure from traditional perimeter security. It mandates continuous user and device identity verification, meticulously assessing their trustworthiness prior to granting access. This model is nothing short of a fortress against unauthorized access.
  4. Holistic Security Synergy: SASE integrates an assortment of security services, including firewalls, secure web gateways, data loss prevention and threat detection into a unified platform. This amalgamation simplifies management and does away with security silos, resulting in a more robust defense posture.

SASE’s Assured Advantages

  • Fortified Security Bastion: SASE heralds a new era of security by ingraining the Zero Trust model, assuring that network access is consistently scrutinized and regulated. As the landscape tilts towards remote work, this approach becomes exceedingly pertinent.
  • Supernal Performance Elevation: The SD-WAN technology within SASE elevates network performance, eradicating latency and ensuring the unhindered operation of critical applications. This is of paramount importance to businesses reliant on real-time data and seamless communication.
  • Infinite Scalability and Unrivaled Flexibility: The cloud-native architecture empowers organizations, irrespective of their size, to dynamically scale network and security resources. SASE is inherently designed to be an adaptable security vanguard.
  • Austerity and Operational Efficacy: SASE shatters the shackles of on-premises hardware costs, streamlining the convoluted task of managing multiple security solutions. The frugality that SASE brings is a great benefit.
  • Streamlined Management: SASE’s integrated security services and cloud-based orientation simplify the complex chore of network and security management. This liberation grants IT teams the freedom to allocate their energies toward strategic, forward-thinking objectives.
  • Anticipatory Security Fortifications: The adaptability of SASE to response appropriately to evolving threats is of profound significance. The incorporation of new security services and updates is nimbly executed, thereby assuring an enduring shield against emerging threats.

The Path Forward for Cybersecurity

SASE is destined to fundamentally reshape the cyber defense landscape in many ways:

  1. The Ebbing of Perimeter Security: With SASE the traditional security perimeter has become antiquated in a world marked by remote work and the proliferation of cloud services. It underscores identity-based security, a paradigm where users and devices are meticulously authenticated and authorized, regardless of their physical location.
  2. Resilience Beyond Measure: The cloud-native architecture within SASE provides a safety net through built-in redundancy. High availability and resilience are assured even in the face of network disruptions or malicious attacks.
  3. Emphasizing Data Custodianship: Integrated security services within SASE, including data loss prevention, encrypting sensitive data and ensuring organizations are poised to meet regulatory compliance standards and shield their invaluable data assets.
  4. Compliance without Complexity: SASE’s unified platform streamlines the arduous task of adhering to regulatory compliance standards. This is a boon for organizations grappling with an intricate web of regulations.
  5. Global Network Reach: With the ability to tap into SASE services from any corner of the world, organizations can expand their operational boundaries without trading security or performance for global reach.

Conclusion

Secure Access Service Edge is a monumental leap forward in network security. Fusing cloud-native elegance, SD-WAN, the Zero Trust model and integrated security services into one unified platform, SASE doesn’t just bolster security, but also revamps performance, scalability and cost-effectiveness. In an era where remote work and cloud adoption are the norm, SASE is primed to play a pivotal role in the future of cybersecurity, arming organizations with the tools to secure their data and networks in a dynamic and evolving digital landscape. 

Embracing SASE is not merely a technological choice, but a strategic leap toward safeguarding an organization’s digital operations in an uncertain future.

]]>
https://www.webpronews.com/sase-network-security/feed/ 16 599375
IBM and Meta Launch Alliance to Level AI Playing Field https://www.webpronews.com/ibm-and-meta-launch-alliance-to-level-ai-playing-field/ Thu, 01 Feb 2024 16:52:59 +0000 https://www.webpronews.com/?p=600046 IBM and Meta have launched an alliance to level the AI playing field and sponsor “open, safe, responsible AI.”

Microsoft, OpenAI, and Google have jumped to an early lead in the AI wars, sparking fears that other organizations will be left behind. IBM and Meta have launched the AI Alliance with more than 50 founding members. The alliance outlined its goals in its inaugural announcement:

The AI Alliance is focused on fostering an open community and enabling developers and researchers to accelerate responsible innovation in AI while ensuring scientific rigor, trust, safety, security, diversity and economic competitiveness. By bringing together leading developers, scientists, academic institutions, companies, and other innovators, we will pool resources and knowledge to address safety concerns while providing a platform for sharing and developing solutions that fit the needs of researchers, developers, and adopters around the world. 

“The progress we continue to witness in AI is a testament to open innovation and collaboration across communities of creators, scientists, academics and business leaders,” said Arvind Krishna, IBM Chairman and CEO. “This is a pivotal moment in defining the future of AI. IBM is proud to partner with like-minded organizations through the AI Alliance to ensure this open ecosystem drives an innovative AI agenda underpinned by safety, accountability and scientific rigor.”

“We believe it’s better when AI is developed openly – more people can access the benefits, build innovative products and work on safety,” Nick Clegg, President, Global Affairs of Meta. “The AI Alliance brings together researchers, developers and companies to share tools and knowledge that can help us all make progress whether models are shared openly or not. We’re looking forward to working with partners to advance the state-of-the-art in AI and help everyone build responsibly.”

The alliance includes the following founding members:

  • Agency for Science, Technology and Research (A*STAR)
  • Aitomatic
  • AMD
  • Anyscale
  • Cerebras
  • CERN
  • Cleveland Clinic
  • Cornell University
  • Dartmouth
  • Dell Technologies
  • Ecole Polytechnique Federale de Lausanne
  • ETH Zurich
  • Fast.ai
  • Fenrir, Inc.
  • FPT Software
  • Hebrew University of Jerusalem
  • Hugging Face
  • IBM
  • Abdus Salam International Centre for Theoretical Physics (ICTP)
  • Imperial College London
  • Indian Institute of Technology Bombay
  • Institute for Computer Science, Artificial Intelligence
  • Intel
  • Keio University
  • LangChain
  • LlamaIndex
  • Linux Foundation
  • Mass Open Cloud Alliance, operated by Boston University and Harvard
  • Meta
  • Mohamed bin Zayed University of Artificial Intelligence
  • MLCommons
  • National Aeronautics and Space Administration
  • National Science Foundation
  • New York University
  • NumFOCUS
  • OpenTeams
  • Oracle
  • Partnership on AI
  • Quansight
  • Red Hat
  • Rensselaer Polytechnic Institute
  • Roadzen
  • Sakana AI
  • SB Intuitions
  • ServiceNow
  • Silo AI
  • Simons Foundation
  • Sony Group
  • Stability AI
  • Together AI
  • TU Munich
  • UC Berkeley College of Computing, Data Science, and Society
  • University of Illinois Urbana-Champaign
  • The University of Notre Dame
  • The University of Texas at Austin
  • The University of Tokyo
  • Yale University

]]>
600046
Linux Distro Reviews: openSUSE Tumbleweed — Part 2 https://www.webpronews.com/linux-distro-reviews-opensuse-tumbleweed-part-2/ Sun, 14 Jan 2024 13:00:00 +0000 https://www.webpronews.com/?p=522431 openSUSE Tumbleweed is a rolling release Linux distro, one that is something of a two-edged sword in terms of its features and usability.

In Part 1 of this review, we looked at openSUSE’s background, its openQA-provided stability, outstanding installer, choice of desktop environments, and its security. All of these are significant advantages of the distro. Unfortunately, security is also where openSUSE’s disadvantages begin to shine through.

Disclaimer: Some will say the following points are too critical of openSUSE since it’s a more technical distro and not necessarily aimed at desktop users. Nonetheless, openSUSE’s own website says it is: “The makers’ choice for sysadmins, developers and desktop users.” Therefore, my final rating will reflect the distro’s ability to meet the needs of all three of those categories.

Too Much Security?

Security is only a good thing if it’s not so restrictive that people begin disabling features for the sake of convenience, and this is where openSUSE’s disadvantages begin to shine through.

Of all the distros that I have tried to date (Fedora, Manjaro, openSUSE, KDE Neon, Pop!_OS, Kubuntu, and Zorin OS), openSUSE’s security policies are by far the most restrictive. Want to adjust your network settings? You’ll need to enter your password. Want to install a Flatpak app? You’ll need to enter your password. Change your timezone? Enter your password.

What’s more, the default firewall settings are so strict that printer discovery doesn’t work out of the box. To be clear, every single other distro I’ve tried automatically discovers my HP printer on my network and lets me print without installing any additional drivers.

In contrast, openSUSE cannot even discover the printer without changing the firewall profile from the default ‘Public’ to ‘Home,’ or adding the mDNS service to the ‘Public’ profile. Even when making sure mDNS is enabled, openSUSE still requires “hplip” software/driver package installed.

Is it possible to overcome these issues? Yes. But many people, especially less technical users, give up before figuring out how to jump through all these hoops. In fact, a quick look at openSUSE’s Reddit will reveal that two common solutions to printing on openSUSE are a) disable the firewall altogether or b) “don’t print on openSUSE.” Seriously…I have seen that advice multiple times…”don’t print on openSUSE.”

The issues with printing on openSUSE are irritating enough that Linux creator Linus Torvalds famously dumped openSUSE and switched to Fedora because printing was just too hard to bother with. Fans of the distro will point out that it has gotten better since that day…but it’s still not good enough for the average desktop user.

Yast

Yast stands for Yet Another Setup Tool and is one of the defining characteristics of openSUSE. The tool is a throwback to the earlier days of Linux when such setup and configuration tools were more common.

There’s no denying that Yast is a powerful tool, one that is available as both a graphical and command-line package. For system admins, Yast provides a powerful way to administer openSUSE instances. There is almost nothing you can configure via the terminal that can’t be configured via Yast’s GUI, and it’s a tool I miss on other distros.

At the same time, however, like openSUSE’s other hallmark features, Yast is something of a two-edged sword. While it’s undeniably useful — and this is purely subjective — I’m not a fan of how it takes over functions normally handled by a distro’s built-in tools. For example, I run the KDE Plasma desktop, which has excellent built-in tools for printing and firewall management. Yast takes these tasks over, however. Gnome has similarly useful tools as part of the system settings.

As I said, I realize this is very subjective. Some users prefer to have one tool to manage such tasks, regardless of the desktop environment they use. Many users prefer to have one desktop-agnostic tool that never changes. I am not one of those users. I would prefer to use Plasma’s tools when they’re available and fall back to Yast when they’re not.

Btrfs and Snapper

One of openSUSE’s greatest features is its use of the btrfs filesystem and built-in Snapper support. Btrfs is a relatively new filesystem that provides automated system snapshots. This gives users the option to rollback to a previous snapshot from the boot menu in the event something goes wrong.

Tinkering with your system and mess something up? Not a problem, just rollback and it never happened. The same goes for an update that borks something. Just rollback and wait for the issue to be addressed. This is truly a must-have setup for a rolling release distro.

There are two downsides to keep in mind with btrfs (there’s that two-edged sword again):

Btrfs is one of the slower filesystems in use by Linux distros. The excellent DJ Ware, on YouTube, has done extensive benchmarks showing how much slower the filesystem is. While I’ve not done such extensive benchmarks myself, I do have an everyday data point.

When setting up the digiKam photo organizing software for the first time, the app scans your Pictures folder. On any distro using the older ext4 filesystem, it takes digikam anywhere from 4:57 to 5:17 to scan my 49GB of photos. In contrast, digiKam on openSUSE takes more than 7:50 to complete. This result, which I have been able to consistently reproduce, jives with DJ Ware’s benchmarks.

The other potential downside is in regard to data integrity. Given that it’s still a young filesystem, there are still an uncomfortable number of reports about btrfs filesystems becoming hopelessly corrupted. Without a doubt, openSUSE has the most mature implementation of btrfs, but your mileage may vary.

Patterns and Recommendations

One of the things that makes openSUSE so successful at providing stability with a rolling release is its use of Patterns and recommendations.

Patterns are collections of software that are related and share dependencies. For example, there’s a KDE Plasma Pattern, KDE Apps Pattern, Office Suite Pattern, Mobile Pattern, and more.

The power of patterns is that it allows openSUSE developers to update an entire collection of software rather than try to determine what is or is not installed on a machine. Similarly, openSUSE defaults to installing any and all recommended dependencies when installing an application, unlike almost every other distro, in the interest of making sure no app is installed with any missing features.

On paper, both of these seem like good ideas, and, to be clear, they are…to a point. Both of these features contribute greatly to openSUSE Tumbleweed being one of the most stable rolling-release distros.

Unfortunately, Patterns and recommendations also result in some unfortunate side effects. For example, if you delete an application that is included in one of the default Patterns, it will be reinstalled on the next update. You will need to manually block the package, or the entire Pattern, in order to prevent its reinstallation.

Random Papercuts

Slack Issues

In addition to the major things highlighted above, openSUSE running KDE has a bug that makes it almost impossible to add the workspaces I’m subscribed to. I can easily add three of them with no problem, but the fourth one always fails.

The only way I can get it added to the Slack client is to try importing that workspace along with three or four defunct workspaces. After trying this one or three dozen times, the troublesome workspace will finally get imported. From what I’ve been able to tell via research, the workspace string that gets passed from browser to Slack clients gets mangled.

At one point, I thought this was a KDE Plasma bug since it doesn’t happen on Gnome or Xfce. However, this only happens on openSUSE. It doesn’t happen on Manjaro KDE, Kubuntu, or KDE Neon. I have no idea what the problem is but, at least in my experience, it is a uniquely openSUSE issue.

Network Login

On multiple installs of openSUSE, I’ve had issues where I was constantly prompted to enter my root password and network password in order to stay connected. Wake the computer from sleep…enter my passwords. Needless to say, this got old quick.

Conclusion

openSUSE Tumbleweed is one of the most well-engineered distros on the market and offers a tremendous amount of features and abilities. Unfortunately, some of those features are a two-edged sword that cause as many problems as they solve.

openSUSE Tumbleweed is a distro I love to play with and would love to use as my daily driver. Unfortunately, the inconveniences quickly wears on my nerves in daily use, and I end up moving on.

That being said, for the right person, openSUSE is hands-down the best distro available.

Rating

For System Admins: 5 out of 5 stars

The combination of Yast and its enterprise connections makes openSUSE quite possibly the best distro for system admins.

For Developers: 4 out of 5 stars

On the one hand, having the latest and greatest packages can be a big help to developers. On the other hand, the papercuts and irritations may take unnecessary time away from development.

For Desktop Users: 3 out of 5 stars

Before writing about tech, I was a software developer for over a decade. I’ve created software for major universities, companies, and the commercial market. In spite of that high-tech background, openSUSE was just too irritating and difficult for me to use on a daily basis, and I would never recommend it to most everyday users. It would have to be a special breed of desktop user, one that wants to spend as much time managing their computer as using it before I could recommend it to them.

]]>
522431
Google’s Chrome Settlement Is A Warning To Chrome Users https://www.webpronews.com/googles-chrome-settlement-is-a-warning-to-chrome-users/ Fri, 29 Dec 2023 17:27:02 +0000 https://www.webpronews.com/?p=600264 Shortly after signaling that it wanted to settle a lawsuit over Chrome’s Incognito mode, the company has reached a deal with the plaintiffs.

Plaintiffs brought a class-action lawsuit against Google for continuing to track Chrome users even when they had Incognito mode enabled, as well as when similar modes were enabled in other browsers. The company allegedly used a combination of methods, including cookies, apps, and Google Analytics.

According to Reuters, the parties have agreed to a settlement, although the terms of the deal were not disclosed. The outlet reports that attorneys “have agreed to a binding term sheet through mediation,” with the formal offer expected to be presented to the court by February 24, 2024. 

While this particular case may be on the verge of settling, it should serve as a stark warning to Chrome users that it is time to use a different web browser. Chrome may be the most popular web browser in the world, but it is also made by the biggest advertising company in the world. As a result, Chrome will never be as privacy-respecting as many other alternatives. Google’s entire business model depends on knowing what people are doing, looking at, shopping for, and more.

An added concern is that Google’s dominance of web search, web advertising, and the web browser market give it the ability to push technologies and features that benefit its core business at the expense of user privacy. The Electronic Frontier Foundation has repeatedly called the company out for such tactics.

Instead, WPN recommends Firefox or Brave. Firefox has a long history of protecting user privacy and security, and is just as feature-rich as Chrome. Similarly, Brave has strong privacy controls and security built in, but has the added benefit of being built on the same open source browsing engine as Chrome. This gives it near-perfect compatibility with sites that require Chrome.

Relying on Google Chrome and expecting privacy is akin to relying on an alarm system distributed by home burglars and expecting your home and belongings to remain safe. It’s high time for users to move to truly private and secure options.

]]>
600264
Mint Mobile Suffered a Data Breach, Customer Data Exposed https://www.webpronews.com/mint-mobile-suffered-a-data-breach-customer-data-exposed/ Tue, 26 Dec 2023 18:11:03 +0000 https://www.webpronews.com/?p=600216 Mint Mobile says it has suffered a data breach, one that exposed personal data of an undisclosed number of its customers.

According to BleepingComputer, Mint began sending out emails to impacted customers on December 22.

“We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained some limited types of customer information,” reads the email.

“Our investigation indicates that certain information associated with your account was impacted.”

The outlet reports the exposed data includes Name, Telephone Number, Email, SIM serial number, IMEI number, and the service plan the customer is currently on.

Fortunately, no payment information was compromised since Mint does not save credit card numbers. The company also says customer passwords are protected by “strong cryptographic technology,” meaning they were not compromised.

As BleepingComputer points out, T-Mobile previously announced plans to purchase Mint Mobile. It’s unclear if/how the data breach will impact the deal.

]]>
600216
Tech Winners and Losers of 2023 https://www.webpronews.com/tech-winners-and-losers-of-2023/ Tue, 26 Dec 2023 17:55:58 +0000 https://www.webpronews.com/?p=600214 The tech industry saw some major changes and developments throughout 2023, developments that left some companies and individuals far better off than others. Let’s look at the tech industry’s winners and losers from the past year.

Winner: Microsoft

It’s hard to argue that Microsoft pulled off the coup of the decade by beating Google to the punch in AI. By partnering with and investing in OpenAI, Microsoft was able to take Google by surprise and gain a tremendous advantage in mindshare, as well as put a dent in Google’s search.

The company has continued to build on that advantage, incorporating AI across its various platforms. The company has also served as a stabilizing influence on OpenAI, providing some much-needed guidance in the midst of its recent crisis (see below).

Loser: OpenAI Board of Directors

OpenAI launched a public battle to oust co-founder and CEO Sam Altman, sending shockwaves throughout the tech industry. As details emerged, there were reports of growing concern over Altman’s prioritizing the monetization of OpenAI’s work, with some scientists believing a more cautious approach was in order. There were even some reports that OpenAI had made an AI breakthrough that led to the growing concern.

Unfortunately for the board, the way they went about addressing their concerns—including launching a boardroom coup—did little to win supporters to their cause and only served to rally support for Altman. Microsoft offered him a job and extended the same offer to any and all disgruntled OpenAI employees. Salesforce and Nvidia made similar offers to OpenAI staff.

After significant drama, the situation was finally resolved with Altman returning and most of the board departing.

Winner: Nvidia

Few could argue that Nvidia has become the face of the AI revolution—at least when it comes to the hardware powering it. The company’s hardware has been at the heart of AI development, powering some of the most innovative developments in the industry.

It’s no surprise that Nvidia’s value has skyrocketed as a result of the position it enjoys, although the company does face some difficulties ahead. Most notably, ongoing tension between the US and China continues to create challenges for the company, with the US striving to keep advanced semiconductor and AI technology out of China’s hands. Nvidia has worked around these restrictions by making chips that slip below the export thresholds the US sets, but Commerce Secretary Gina Raimondo recently warned Nvidia about continuing to do so.

Loser: Intel

Once the king of the semiconductor market, Intel has long since been eclipsed, both in value and technology. The company has also missed out on being the driving force behind major segments in the industry, with TSMC the preferred semiconductor manufacture for mobile device makers and the aforementioned Nvidia the preferred provider of AI hardware.

Intel has been working hard to reclaim its crown and has certainly made headway under CEO Pat Gelsinger. Nonetheless, those efforts have been blunted by massive losses, including the single worst quarterly loss in company history in 2023. Gelsinger and team clearly have much more to do if Intel has any hopes of recapturing its former glory.

Winner: Linux

“The year of the Linux desktop” has become something of a meme, but there’s no denying that Linux on the desktop made serious headway in 2023. While the open source operating system has yet to truly rival macOS and Windows, Linux crossed the 3% mark in 2023—its highest recorded share of the desktop market.

As we previously wrote, there are a number of major developments in the Linux desktop space poised to make 2024 an even better year. KDE Plasma 6, the release of System 76’s Rust-based Cosmic desktop, and the Linux Mint team working on Wayland adoption are just a few of the projects that could spur further adoption. The single biggest factor, however, could be Microsoft Windows.

Loser: Microsoft Windows

Once the undisputed king of the desktop, with more than 95% of the market in January 2009, Windows is down to a 72% share at the end of 2023. Unfortunately for Microsoft, the problem is likely to get worse.

Microsoft has slated Windows 10 for EOL in October 2025, meaning it will no longer receive updates or security fixes. An estimated 240 million PCs will be rendered obsolete, unable to run Windows 11.

Fortunately for many users and companies, however, Linux runs perfectly on computers that Windows no longer supports, and distributions such as Linux Mint can often serve as near-drop-in replacements for Windows. This alone could help drive a significant number of users to Linux, further lowering Windows’ overall market share.

Winner: Privacy

2023 saw a number of threats to user privacy, although the biggest of those were defeated. The UK was working to pass legislation that would have weakened encryption and forced companies to provide a way to monitor messages. The EU was poised to pass similar legislation.

In both cases, however, changes were made that preserved user privacy. In the case of the UK, the bill was watered down enough to count as a win for privacy advocates, although there is still enough left in the bill to concern many.

In the case of the EU, the bloc completely dropped the provision that would require messaging encryption to be weakened.

Nonetheless, many remain concerned that governments and regulators continue to look for new, less obvious ways to circumvent the very encryption and security the internet relies on.

Loser: Google

It’s hard to argue that 2023 was a bad year for the search giant. As consumer privacy awareness grows, Google increasingly finds itself in the crosshair of privacy-minded users, as well as lawmakers.

The company is also fighting a landmark antitrust case, one that has been damaging to the company’s reputation. The company is also facing antitrust investigations in other counties as well.

Winner: Tim Cook

In a year when CEOs committed faux pas, were fired, caught in scandals, and betrayed employee trust with mass layoffs, Apple CEO Tim Cook remained a steady hand at the helm of the world’s most valuable company.

In addition to his stewardship over the company’s operations, Cook’s tenure has seen Apple develop its Vision Pro, a “revolutionary spatial computer” that may finally take virtual and augmented reality mainstream.

Loser: Elon Musk

There are few high-profile executives who have lost more respect, caused more chaos, or courted more controversy than Elon Musk. In the wake of his purchase of Twitter, Musk presided over a disastrous rebranding to “X,” laid off roughly half of the staff, slashed the moderation teams, and has seen the company’s advertisers flee the platform in droves.

What’s more, Musk’s handling of Twitter has tarnished his reputation as the tech exec who could do no wrong. Tesla, SpaceX, and Starlink have been incredible successes, but Twitter has hung over Musk and his obsession with it has taken a toll on his leadership over those other companies. Tesla investors have slammed the executive’s behavior. To make matters worse, Tesla has faced troubles of its own, including a DOJ investigation into the company’s practices.

Conclusion

Without a doubt, 2023 was an eventful year for the tech industry, with many developments setting the stage setting the stage for an exciting 2024.

]]>
600214