The savings metric every FinOps team needs to know: effective savings rate
Rate optimization is a cloud saving approach that involves paying the lowest rate possible for a given unit (hour, GB, etc.) of cloud usage via strategic use of commitment-based discounts, such as AWS Savings Plans/Reserved Instances and Google Cloud Platform Committed Use Discounts. To measure return on investment (ROI) from these discounts, organizations must understand and benchmark their Effective Savings Rate (ESR). ESR is the "North Star" rate optimization metric which incorporates utilization, coverage, and discount rates into a single, comprehensible figure that can be compared against industry peers.
According to the 2024 Effective Savings Rate Benchmarks and Insights Report by ProsperOps, the current Effective Savings Rate (ESR) results are generally poor. The median ESR for AWS compute services (Lambda, EC2, and Fargate) is 0 percent, indicating that many organizations are not leveraging commitment-based discounts and are paying on-demand rates. Even at the 75th percentile, the ESR is only 23 percent, suggesting significant room for improvement. These insights indicate that many organizations are not fully leveraging rate optimization as an approach to optimize cloud spend.
AI's impact on emerging risk management trends
AI is exploding, particularly as large language models (LLMs) have infiltrated everyday life. Almost every new mainstream product seems to promote some usage of AI, and industry after industry is being transformed by its capabilities. But despite AI’s potential, some sectors have been slow to adopt it. Risk management is one of them. Fortunately, that is starting to change.
According to a 2023 Deloitte study, only 1.33 percent of insurance companies had invested in AI. Data from this year indicates a shift is underway. In Conning’s 2024 survey, 77 percent of respondents indicated that they are in some stage of adopting AI somewhere within their value chain. This may sound a bit nebulous -- some stage, somewhere -- but it represents a sizable jump from the 61 percent of respondents the prior year. Additionally, 67 percent of insurance companies disclosed they are currently piloting LLMs.
The CISO's guide to effective OT security: Overcoming challenges and fostering collaboration
Operational technology (OT) systems have long been common in industries such as manufacturing, utilities, and healthcare. However, as these systems now increasingly integrate with IT networks, they are becoming the responsibility of the Chief Information Security Officer (CISO). As a result, CISOs in these sectors need to secure OT systems alongside traditional IT systems. This added responsibility has significantly increased the demands on security leaders.
Now, to safeguard both IT and OT systems, CISOs must possess the right knowledge and resources. Understanding the complexities of OT systems is necessary for the protection of vital operations and infrastructures, however it can be difficult to separate genuine expertise from sales hype.
How to build a stronger identity security posture with ITDR strategies
In today’s cybersecurity landscape, identity has emerged as the prime target for threat actors, with compromised credentials involved in 49 percent of breaches. Attackers exploit misconfigurations, use generative AI for social engineering, and purchase stolen credentials, highlighting the need for robust identity security. While Identity and Access Management (IAM) has been crucial, evolving threats demand a more proactive and multifaceted approach that integrates threat intelligence tools and processes to protect identity systems effectively.
Implementing a robust Identity Threat Detection and Response (ITDR) strategy may be the solution. ITDR merges continuous monitoring and response with proactive measures, ensuring a resilient and adaptable security posture. A robust ITDR strategy not only prevents and detects threats but also investigates and coordinates responses to restore integrity after identity infractions.
The world's software is eroding
It’s not just you. The world’s software is feeling a little unstable lately. If it wasn’t the Crowdstrike outage that tipped you off, it was probably the many other outages this year, stopping burgers from being served, stranding passengers at Heathrow Airport, and delaying fresh food at the UK borders.
Did all those outages happen for the exact same reason? No, that wouldn’t be a fair assessment, but if there’s anything these outages tell us, it’s that something’s amiss in how our industry maintains software. You’d be forgiven if the headlines have you believing not enough maintenance goes into software. It’s actually the opposite. In an average developer work week of 41.1 hours, 42 percent of that time is dumped on maintenance, and over a third goes to dealing with technical debt.
Transforming quality assurance in healthcare using GenAI
The global MedTech software market is projected to reach $598.90Bn by 2024 growing 5.3 percent annually due to increased R&D investments. As the market shifts towards tech-first patient care, MedTech software must meet quality and regulatory standards to ensure effective care and patient safety, making Quality Assurance (QA) critical throughout the Software Development Life Cycle (SDLC). QA ensures reliability, functionality, and adherence to industry standards with MedTech companies dedicating 31 percent of their software budget to QA and testing.
Artificial Intelligence (AI) tools have enhanced healthcare QA efficiency -- GenAI is notably reducing manual testing, improving software usability, and enhancing code quality. AI adoption is expected to make software testing more autonomous, boosting QA productivity by nearly 20 percent, with GenAI tools projected to write 70 percent of software tests by 2028.
Four ways relentless hybrid attackers are targeting their prey
One way to understand the mind of hybrid attackers is to compare their behavior to the animal kingdom. They are predators using a relentless arsenal of tactics to hunt their prey across a large domain. Threat actors are the honey badger. A snake bite or a few bee stings might delay their attack for a moment, but they’ll find a way to take down the entire hive and satisfy their appetite.
But what is a hybrid attack? Today, all cyberattacks are hybrid. Every enterprise uses a mix of on-premises and cloud services, and the number of services used is rising. In fact, employees now use an average of 20 cloud and SaaS apps every month. Despite enterprises having every preventative measure in place, attackers are using this widening attack surface to their advantage. They can start with anyone or anything they can access, no matter how small, before moving at speed to extend their access and disrupt business operations at scale. Some of the most common traits that make stopping hybrid attacks difficult are how they bypass prevention, compromise identities, elevate and hide in privileges to move laterally across domains -- often at high speed.
Securing the unknown: Future-proof cyber security
A recent article from Harvard Business Review explores the mindset of today’s cyber hackers and explains why effective cybersecurity has become so challenging by outlining the three traits shared by every successful hacker: creativity, speed, and resourcefulness. Hackers who can successfully leverage these traits are able to assault a company’s defenses with an ever-evolving barrage of novel and impactful attacks.
Thus, to remain secure, companies must be prepared for the unknown. Today’s threat landscape includes tried-and-true attacks -- phishing, social engineering, and DoS attacks -- as well as innovative strategies driven by creativity, speed, and resourcefulness. The latter are designed to exploit weaknesses before companies discover they exist. The following approaches to cybersecurity can help companies develop a future-proof framework that anticipates and addresses hidden threats.
Encrypted privacy for the public's safety
One of the many challenges government and local authorities constantly face is that of keeping up with changes and innovations coming from the outside: conflicts and emergencies, environmental factors, inputs from industries and productions and, of course, evolving technologies. Whether these are developed in the private or public sector, or the academic community, it is unquestionable that tech innovations are tightly woven into everyday life.
These innovations frequently move forward at a speedy pace, spreading across different fields and inevitably reaching a level of integration that can no longer be left to the sole responsibility of the individuals. Thankfully, governments and organizations are increasingly wisening up when it comes to new and emerging technologies, whether this means creating ad hoc policies and regulations (the UK AI bill, the European AI act, the American Privacy Rights Act, or Chat Control) or taking targeted actions towards specific platforms or providers compromising users’ privacy like the TikTok ban for federal and state employees in the USA.
How to optimize AI at the edge and retain data sovereignty
Artificial intelligence (AI) is fundamentally transforming the way businesses operate and the value they can deliver to customers. Industry body techUK cites estimates that the UK’s GDP could be up to 10 percent higher by 2030 thanks to AI adoption. But first there are major cost, efficiency and data governance challenges to solve. This is where edge computing comes into its own -- offering a fast, resilient and cost-effective way to run transformative AI applications. Even better, it can help organizations to meet requirements around sustainability and data sovereignty.
The key will be finding a database platform that can seamlessly support both traditional cloud and edge computing environments in this context.
Cyber threats we can expect at the Paris Olympics
Nation state-sponsored threat actors, organized cybercriminal cartels and hacktivists are expected to be active during the upcoming 2024 Paris Summer Olympics and Paralympics, which will be hosted against a fractured geopolitical landscape, including Russia's war in Ukraine and Israel's conflict with Hamas. There will likely be three types:
Nation-state sabotage: Russian nation state-level cyber units will likely attempt to sabotage the 2024 Games, something that we have already observed in previous years during both the 2018 Winter Olympics as well as the 2020 Tokyo Summer Olympics in which Russia’s GRU military intelligence service engaged in cyber reconnaissance, targeting officials and organizations involved in the events. With Russia being suspended from participation as a sanction from the International Olympic Committee for its invasion of Ukraine, operations launched by Moscow-aligned cyber forces, such as Sandworm (a group that attacked previous events with the “Olympic Destroyer” malware), will likely surge in retaliation. Motivation for these efforts would likely include retaliation, damaging the reputation of the Paris Olympics to promote its own 2024 World Friendship Games in September, and to counter French President Emmanuel Macron’s pro-Ukraine position.
Six steps to protecting data in financial services companies
There is no shortage of news headlines about companies falling victim to cyber breaches and the astounding costs associated with them. According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, a 15 percent increase since 2020. For the financial services industry, the cost is even higher at $5.9 million per breach; that is 28 percent above the global average.
In addition to the higher price tag associated with a cyber breach, companies within the financial industry must also adhere to evolving compliance regulations that dictate how they respond to an attack and where they must invest to reduce the total risk.
Migrating to the cloud: The key to business scalability, flexibility and cost-effectiveness
Whenever a new technology hits the business mainstream, key decision makers try to figure out how it can be incorporated into their existing workflows. This is driven by the need to stay on the cutting edge and not lose out to competitors, as well as the goal of constantly improving efficiency and cutting costs. The most obvious current example of this is AI, which is the hot new piece of technology that businesses are trying to utilize. The other main technology that exemplifies this is cloud computing.
There are many reasons organizations are looking to the cloud as a business enabler, with scalability, flexibility, and cost-effectiveness being only a portion of the long list. Any business that is not currently considering incorporating some aspect of cloud technology into their existing systems will fall behind compared to the rest of the industry, due to the many ways in which it can benefit workflows and help drive revenue.
Lessons learned from the Microsoft-CrowdStrike outage
The tech world is still reeling from the recent widespread system outages caused by a CrowdStrike update last week. These outages are a stark reminder of the interconnected nature of our digital ecosystem and how far-reaching the consequences of a single update can be.
Let's address the global impact of the recent incident -- thousands of Windows machines worldwide experienced the dreaded Blue Screen of Death (BSoD). And this wasn't just a minor hiccup; we saw major disruptions across the banking, aviation, broadcasting, and retail sectors. It really drives home how interconnected our digital world has become and how a single update can have far-reaching consequences.
The danger facing critical infrastructure from DDoS attacks targeting telecoms networks
Denied Distribution of Service (DDoS) attacks are an established and now-typical part of the cybersecurity landscape. But, since their first arrival on the scene over 25 years ago, the core of the average DDoS attack hasn’t really changed. Sure, there have been advancements in technology but they still serve the same purpose as they did during that very first attack on a commercial internet provider -- bringing their victims offline.
The way in which an attack can do this using DDoS has changed over time, with a movement towards more targeted attacks, allowing for specific websites or servers to be attacked rather than the entire network having to be taken offline. DDoS attacks have also become wildly more popular and commonplace as they’ve become easier and more accessible to carry out. They’ve even become a market of their own, with some threat actors even offering them as a service online.
© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.