• Time to audit your MDM setup? Heres how to get it right
    www.computerworld.com
    Audits are never fun whether youre talking about a tax audit, energy audit, or industry compliance audits. But theyre necessary. And when it comes to mobile device management (MDM) deployments, theyre extra important, because mobile devices are endpoints that can expose your company to the security dangers and risk letting corporate data leak out.Heres what to consider as you plan an MDM audit and what to include.What do you need to achieve with an MDM auditAuditing something as broad as your MDM environment with its mix of identity products, federated cloud services, MDM solutions themselves, policies and groups, app inventories and the devices themselves can get, well, complicated.This means your first step is to determine what an MDM audit should cover.If youre confident in auditing other aspects of your IT stack, or your entire stack is from one vendor say youre a fully Microsoft shop with a stack built around Entra and Azure, both of which you already have audit programs for then you might just need to focus on Intune and your mobile device policies and configurations.But if you mix and match cloud services from multiple companies and your MDM solution is from a different vendor than everything else, youll need to look at your MDM links to everything else (and possibly how all your other systems link to each other). Auditing systems individually wont give you a holistic understanding of how they work together.If your company is subject to various compliance regimes (such as GDPR or HIPAA, for example), some subjects might be defined for you. Either way, set the scope of the audit so it can capture the systems, policies, user groups, device types, apps, user experiences and even the backend tools used in your environment.As with any audit, standard procedures need to be considered. Ideally, these basic processes will follow the model of other audit procedures already in place. There will always be some variation different systems have different functions and require measuring different metrics. But there should be some connective thread that runs through how you capture audit data, process it, report your findings and list corrective steps that need to be taken based on the results. An MDM audit will obviously focus on different things than a server or network security audit, but all three should come from the same basic template.As you consider the scope of an audit and its processes, make notes of the specific questions you need to answer and the data points you need to answer them. If this is your first MDM audit, brainstorming areas of importance and looking to outside resources such as your MDM (and related service) vendor can help define exactly what you need to ask. Be sure to consider each idea carefully to see whether its really significant or simply mission creep.If youve performed MDM audits in the past, youll want to review whether they captured the relevant information or let things fall between the cracks. And even if past audits went well, remember the mobile landscape and threat environment changes quickly. So youll need to account for any major changes such as the recent proliferation of generative AI since your last audit and decide whether your previous scope needs to be adjusted.The logisticsmatterHow the audit is done from a logistical perspective also matters. Some can be carried out simply by examining and testing back-end systems and have no real or direct user-facing components. MDM audits might require some fieldwork, virtual or in-person, to gather accurate data. And if various teams or groups of employees or managers need to be consulted or might be impacted during the audit, youll want to establish that up front for both the audit team and anyone affected.Who is the auditor(s)?The next step is determining who will conduct the audit. With something as broad as MDM, which touches several different domains network access, app licensing, user and group management, device and procurement from multiple vendors, endpoint security, user experience, general and mobile-specific policy requirements and so on it can be difficult to establish exactly whos ultimately responsible.This means MDM audits are often best done by a team where various stakeholders are represented.Should you consider a pre-audit?In some cases, you might know going into the process that there are areas that are problematic. These could include policies youve been meaning to update; the criteria on which you authorize user access to resources; how you manage or group users and devices; and significant updates mobile OS and app versions, backend systems that you have yet to get around to doing.Dealing with these known issues before the full audit occurs can make the entire process easier and shorten your departmental to-do list.The items you want to captureEvery audit will vary based on your needs and environment. The following isnt an exhaustive list, but these areas should be part of any MDM audit:Logs: Application and system logs from the MDM itself, and logs involving MDM interactions with devices and other services.Policies: Auditing MDM policies include the policies themselves (are they appropriate to your environment, security and user needs) and whether or not they are enforced as intended. As MDM provides a wealth of policy configurations and restrictions, this will be one of the major focus areas for an audit and it should be done across every major device/user demographic across an organizationDevice and network security: Broadly speaking, you need to ensure that information being transferred between devices and your network is secure, visible and functions appropriately regardless of how devices are connecting (corporate Wi-Fi, home or public W-Fi and cellular) as well as device integrity/malware checking.Device and data controls: One crucial feature of any MDM system is the ability to separate work and personal apps, settings and content. Rules related to this functionality should be clearly established and tested as widely as possible across your device fleet and user community. This can include encryption at rest and in transit andprocedures for handling things such as remote lock and remote wipe.Device enrollment and lifecycle processes.Mobile OS and app updates: Make sure these are consistent throughout your fleet and environment.Suspicious activity monitoring and reaction: What counts as suspicious activity can vary greatly, as can the intended reactions.After the auditAfter youve completed the audit, take time to sift through the results. Its also good to have multiple sets of eyes and perspectives on the data; an audit should be more than just a list of boxes to check. Seeing which criteria have been met or unmet is critical, but the question ofwhythe results are what they are is equally important. If there are devices or apps that are out of compliance, youll need to know that and understand why if youre going to remedy the issues. Your ultimate report should include this background and potential challenges during remediation.Remember, an audit isnt just about seeing where you miss the mark. Sometimes youll discover areas where your organization beats expectations, shows improvement from an earlier audit or helps you see your baseline compared to your overall industry. If something works well, you want to understand why. It might be something you can incorporate more broadly throughout your organization.The last major step is to create an action or remediation plan. (This is especially important if youre in an industry subject to regulation such as financial services or healthcare.) What this plan will look like can vary significantly from company to company and even from audit to audit.The most important thing is that this plan be actionable. Each item should be specific, have metrics that allow you to ensure it is being addressed and have a timetable for resolution. The main reason for an audit in the first place is to identify issues and make serious improvements. Performing an audit and then letting the results sit in a drawer is nothing more than audit theater you go through the motions, but dont act on the results.
    0 Comentários ·0 Compartilhamentos ·3 Visualizações
  • Whats next for nuclear power
    www.technologyreview.com
    MIT Technology Reviews Whats Next series looks across industries, trends, and technologies to give you a first look at the future. You can read the rest of themhere.While nuclear reactors have been generating power around the world for over 70 years, the current moment is one of potentially radical transformation for the technology.As electricity demand rises around the world for everything from electric vehicles to data centers, theres renewed interest in building new nuclear capacity, as well as extending the lifetime of existing plants and even reopening facilities that have been shut down. Efforts are also growing to rethink reactor designs, and 2025 marks a major test for so-called advanced reactors as they begin to move from ideas on paper into the construction phase.Thats significant because nuclear power promises a steady source of electricity as climate change pushes global temperatures to new heights and energy demand surges around the world. Heres what to expect next for the industry.A global patchworkThe past two years have seen a new commitment to nuclear power around the globe, including an agreement at the UN climate talks that 31 countries pledged to triple global nuclear energy capacity by 2050. However, the prospects for the nuclear industry differ depending on where you look.The US is currently home to the highest number of operational nuclear reactors in the world. If its specific capacity were to triple, that would mean adding a somewhat staggering 200 gigawatts of new nuclear energy capacity to the current total of roughly 100 gigawatts. And thats in addition to replacing any expected retirements from a relatively old fleet. But the country has come to something of a stall. A new reactor at the Vogtle plant in Georgia came online last year (following significant delays and cost overruns), but there are no major conventional reactors under construction or in review by regulators in the US now.This year also brings an uncertain atmosphere for nuclear power in the US as the incoming Trump administration takes office. While the technology tends to have wide political support, its possible that policies like tariffs could affect the industry by increasing the cost of building materials like steel, says Jessica Lovering, cofounder at the Good Energy Collective, a policy research organization that advocates for the use of nuclear energy.Globally, most reactors under construction or in planning phases are in Asia, and growth in China is particularly impressive. The countrys first nuclear power plant connected to the grid in 1991, and in just a few decades it has built the third-largest fleet in the world, after only France and the US. China has four large reactors likely to come online this year, and another handful are scheduled for commissioning in 2026.This year will see both Bangladesh and Turkey start up their first nuclear reactors. Egypt also has its first nuclear plant under construction, though its not expected to undergo commissioning for several years.Advancing alongCommercial nuclear reactors on the grid today, and most of those currently under construction, generally follow a similar blueprint: The fuel that powers the reactor is low-enriched uranium, and water is used as a coolant to control the temperature inside.But newer, advanced reactors are inching closer to commercial use. A wide range of these so-called Generation IV reactors are in development around the world, all deviating from the current blueprint in one way or another in an attempt to improve safety, efficiency, or both. Some use molten salt or a metal like lead as a coolant, while others use a more enriched version of uranium as a fuel. Often, theres a mix-and-match approach with variations on the fuel type and cooling methods.The next couple of years will be crucial for advanced nuclear technology as proposals and designs move toward the building process. Were watching paper reactors turn into real reactors, says Patrick White, research director at the Nuclear Innovation Alliance, a nonprofit think tank.Much of the funding and industrial activity in advanced reactors is centered in the US, where several companies are close to demonstrating their technology.Kairos Power is building reactors cooled by molten salt, specifically a fluorine-containing material called Flibe. The company received a construction permit from the US Nuclear Regulatory Commission (NRC) for its first demonstration reactor in late 2023, and a second permit for another plant in late 2024. Construction will take place on both facilities over the next few years, and the plan is to complete the first demonstration facility in 2027.TerraPower is another US-based company working on Gen IV reactors, though the design for its Natrium reactor uses liquid sodium as a coolant. The company is taking a slightly different approach to construction, too: by separating the nuclear and non-nuclear portions of the facility, it was able to break ground on part of its site in June of 2024. Its still waiting for construction approval from the NRC to begin work on the nuclear side, which the company expects to do by 2026.A US Department of Defense project could be the first in-progress Gen IV reactor to generate electricity, though itll be at a very small scale. Project Pele is a transportable microreactor being manufactured by BWXT Advanced Technologies. Assembly is set to begin early this year, with transportation to the final site at Idaho National Lab expected in 2026.Advanced reactors certainly arent limited to the US. Even as China is quickly building conventional reactors, the country is starting to make waves in a range of advanced technologies as well. Much of the focus is on high-temperature gas-cooled reactors, says Lorenzo Vergari, an assistant professor at the University of Illinois Urbana-Champaign. These reactors use helium gas as a coolant and reach temperatures over 1,500 C, much higher than other designs.Chinas first commercial demonstration reactor of this type came online in late 2023, and a handful of larger reactors that employ the technology are currently in planning phases or under construction.Squeezing capacityIt will take years, or even decades, for even the farthest-along advanced reactor projects to truly pay off with large amounts of electricity on the grid. So amid growing global electricity demand around the world, theres renewed interest in getting as much power out of existing nuclear plants as possible.One trend thats taken off in countries with relatively old nuclear fleets is license extension. While many plants built in the 20th century were originally licensed to run for 40 years, theres no reason many of them cant run for longer if theyre properly maintained and some equipment is replaced.Regulators in the US have granted 20-year extensions to much of the fleet, bringing the expected lifetime of many to 60 years. A handful of reactors have seen their licenses extended even beyond that, to 80 years. Countries including France and Spain have also recently extended licenses of operating reactors beyond their 40-year initial lifetimes. Such extensions are likely to continue, and the next few years could see more reactors in the US relicensed for up to 80-year lifetimes.In addition, theres interest in reopening shuttered plants, particularly those that have shut down recently for economic reasons. Palisades Nuclear Plant in Michigan is the target of one such effort, and the project secured a $1.52 billion loan from the US Department of Energy to help with the costs of reviving it. Holtec, the plants owner and operator, is aiming to have the facility back online in 2025.However, the NRC has reported possible damage to some of the equipment at the plant, specifically the steam generators. Depending on the extent of the repairs needed, the additional cost could potentially make reopening uneconomical, White says.A reactor at the former Three Mile Island Nuclear Facility is another target. The sites owner says the reactor could be running again by 2028, though battles over connecting the plant to the grid could play out in the coming year or so. Finally, the owners of the Duane Arnold Energy Center in Iowa are reportedly considering reopening the nuclear plant, which shut down in 2020.Big Techs big appetiteOne of the factors driving the rising appetite for nuclear power is the stunning growth of AI, which relies on data centers requiring a huge amount of energy. Last year brought new interest from tech giants looking to nuclear as a potential solution to the AI power crunch.Microsoft had a major hand in plans to reopen the reactor at Three Mile Islandthe company signed a deal in 2024 to purchase power from the facility if its able to reopen. And thats just the beginning.Google signed a deal with Kairos Power in October 2024 that would see the startup build up to 500 megawatts worth of power plants by 2035, with Google purchasing the energy. Amazon went one step further than these deals, investing directly in X-energy, a company building small modular reactors. The money will directly fund the development, licensing, and construction of a project in Washington.Funding from big tech companies could be a major help in keeping existing reactors running and getting advanced projects off the ground, but many of these commitments so far are vague, says Good Energy Collectives Lovering. Major milestones to watch for include big financial commitments, contracts signed, and applications submitted to regulators, she says.Nuclear had an incredible 2024, probably the most exciting year for nuclear in many decades, says Staffan Qvist, a nuclear engineer and CEO of Quantified Carbon, an international consultancy focused on decarbonizing energy and industry. Deploying it at the scale required will be a big challenge, but interest is ratcheting up. As he puts it, Theres a big world out there hungry for power.
    0 Comentários ·0 Compartilhamentos ·33 Visualizações
  • Snhettas Busan Opera House is taking shape in South Korea
    archinect.com
    Snhetta has offered an update on construction progress at the Busan Opera House in Busan, South Korea. The Norway-based firm won the competition for the schemes design back in 2012, proposing a new opera house along the citys northern seaport.Over a decade later, new photographs show construction advancing at the site, with the facade structure being installed. The distinctive roofline of the scheme is now visible, following Snhettas design for a geometry of two opposing curves. While the lower arching curve bridges the site and anchors the project to the ground, the upper curve embraces the sky, with the opera space formed by the interplay of the two surfaces. https://www.w3.org/1999/xlink"...
    0 Comentários ·0 Compartilhamentos ·3 Visualizações
  • Dynasty Warriors: Origins Will Feature Gameplay Mechanics from CancelledSequel
    gamingbolt.com
    Developer Omega Force has revealed that work on the upcoming Dynasty Warriors: Origins started as recently as 2021. In an interview with Japanese publication 4Gamer, producer Tomohiko Sho, director Mitsuhiro Oshima and programmer Masamichi Oba spoke about the development of Dynasty Warriors: Origins.In the interview, Sho revealed that work on the game started at around the same time as work on Dynasty Warriors 9: Empires was coming to an end. Part of the design decisions made for the upcoming game revolved around bringing the franchise back to its roots with a back to basics approach.Interestingly, the studio also revealed that Dynasty Warriors: Origins was the latest in a number of games that were in development. Oba stated that he worked with Oshima on a new numbered entry in the Dynasty Warriors franchise.Among other things, the now-cancelled project would have had similar features as Dynasty Warriors 7, including a big roster of playable characters. Some of the ideas from these games made it into Dynasty Warriors: Origins, however, including a more approachable story that still manages to keep its depth, as well as its world map.It was a little disappointing to stop development, but it doesnt mean that the ideas we had at that time were completely wasted, said Oba, according to a DeepL translation. For example, the direction of making people who are not familiar with [Romance of the Three Kingdoms] understand the story and delving deeper into the story were carried over to ORIGINS, and the continental map, an overall map that the main character can move around freely, was something we had in mind when we were working on the [the working title].Dynasty Warriors: Origins was originally announced back in 2024, and has been developed to be the perfect entry point to the franchise and its overarching storyline for new players. The game also got a demo back in November allowing players to get some hands-on experience with its gameplay.Dynasty Warriors: Origins is coming to PC, PS5 and Xbox Series X/S on January 17. For more details, check out our review. And here is everything you should know about the game.
    0 Comentários ·0 Compartilhamentos ·33 Visualizações
  • The U.S. unicorns most likely to go public in 2025 | NVCA/PitchBook
    venturebeat.com
    Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn MoreThere are a raft of U.S. unicorns those valued at $1 billion or more that are likely to go public in 2025, according to the PitchBook/NVCA Venture Monitor for the fourth quarter of 2024.The folks at PitchBook have a VC exit predictor, a tool that leverages machine learning and PitchBooks database of companies, financing rounds and investors to objectively assess a startups likelihood of having a successful exit. On the PitchBook platform, VC-backed companies are scored with a percentage on the probability that they will be acquired, go public, not exit due to failure, or become self-sustaining. To present a clearer picture of the true exit value of the VC market, the researchers have added a proprietary extrapolation methodology currently used for undisclosed M&A transactions in our PE and Global M&A reports. Nizar Tarhuni, EVP of research and market intelligence at PitchBook, said in a statement, While 2024 saw a steady uptick in completed financings and the aggregate number of dollars invested the proliferation of early-stage AI-focused transactions at hefty valuations masks a broader venture industry still facing corrective challenges.The latest Venture Monitor looks at unicorns likely to go public in 2025.He said that, ultimately, the VC landscape is lacking meaningful exits, driven by a host of issues including buyer-seller valuation mismatches stemming from inflated rounds in previous vintages and regulatory headwinds impeding deal appetite at the larger part of the market. Our view for 2025 is cautiously optimistic. A more M&A and business friendly presence in Washington, coupled with more time for startups and investors to recalibrate expectations around valuations, deal structures and growth may help entice more capital to come off the sidelines, Tarhuni said. That said, fundraising may remain lukewarm, particularly as other pockets of the market seem to be gaining steam, competing for dollars in allocators alternatives buckets, ultimately favoring larger venture platforms and established managers.And Bobby Franklin, CEO at NVCA, said in a statement that, after a strong quarter with the highest investment levels since mid-2022, theres a sense of cautious optimism for VCs and entrepreneurs heading into 2025. Changes in leadership at the FTC and DOJ could ease some liquidity challenges for portfolio companies, and changes at the SEC could right-size the regulatory burdens at firms, he said. With more VCs stepping into government roles and engaging actively on Capitol Hill, the venture industry has a unique opportunity to highlight the critical role of venture-backed companies in driving economic growth and maintaining American competitiveness.He said the tax bill currently making its way through Congress is especially significant, with potential to incentivize innovation, reinstate the R&D tax credit, and support the broader ecosystem.Among the U.S. tech unicorns ranked by IPO probability, PitchBook predicts that Anduril, an aerospace and defense firm started by Oculus founder Palmer Luckey, as having a 97% chance of going public in 2025.Another with gaming roots is Mythical Games, a Web3 gaming company headed by John Linden. The firm has a 97% chance of going public in 2025.Others include Ayar Labs, Carbon, Databricks, EquipmentShare, Form Energy, GrubMarket, Mainspring, Sila and StockX. Those with a 96% chance of going public include Impossible Foods, Groq and SpaceX.In 2024, the largest category of deal count by size was $1 million to $5 million raised, with 3,153 startups in that category. Thats down from 3,781 in 2023 and 5,310 in the peak year of 2021.Daily insights on business use cases with VB DailyIf you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI.Read our Privacy PolicyThanks for subscribing. Check out more VB newsletters here.An error occured.
    0 Comentários ·0 Compartilhamentos ·3 Visualizações
  • Samsung announces more flexible trade-in program, no purchase required
    www.theverge.com
    Samsung has announced a change to its Galaxy Trade-In program that allows consumers to trade in select Galaxy smartphone models to the company year-round, without the need to make a new purchase at the same time.The new program is set to start today in South Korea and France, with other markets to follow later in 2025. The company says that its aim is to boost the value of Galaxy devices in the long-term by providing amazing savings through the trade-in process.There are two key changes to the program, which will be operated by insurance and repair company Likewize. The main change is the purchase requirement: before this policy shift, trade-ins to the company have required a new purchase from samsung.com or the companys app, with the option to start a trade-in only appearing during the checkout process.The second change is year-round availability. Trade-ins are already available at any time in the US and most other Western markets, but in South Korea theyve previously been locked to specific windows usually just after major new product launches like next weeks S25 reveal, for example.Theres still one big limit to the scheme however: you can only trade in specific Samsung flagship phones. Right now, thats limited to the Galaxy S20 series through to the S23, and foldables from the Z Flip 3 and Z Fold 3 through to the Z Flip 5 and Z Fold 5. Curiously, last years Galaxy S24 and Z Flip/Fold 6 arent included, so you cant sell anything too recent.
    0 Comentários ·0 Compartilhamentos ·5 Visualizações
  • First US plant to make Apple chips almost ready for mass production Nikkei
    9to5mac.com
    The first US plant to make A-series chips for Apple devices is expected to begin mass production as early as this quarter, says a new report.It implies that test production by TSMC has already begun, with Apple said to be in the final stage of verifying the chips produced in Arizona Made in America Apple chipsApple first announced its plan for Made in America chips back in 2022, with the news hailed as one of the success stories of the US CHIPS Act. This is a government subsidy program intended to free the US from dependence on China for advanced chip supplies and to generate jobs for US workers.The initiative will see a series of TSMC chipmaking plants built in Arizona, with some of the production reserved for Apple chips for older devices.Mass production was originally set to begin in 2024, but the project fell behind schedule, pushing production into this year. Later production of smaller-process 2nm chips has been delayed until 2028.There were claims thatthe first plant would be a paperweight, as output would need to be sent back to Taiwan for whats known as the packaging process of encapsulating different circuit boards into a single chip. Apple later announced thatit would commission another US-based facilityto package the chips.Controversy has surrounded TSMCs hiring for the plants, with many workers brought in from Taiwan instead of recruited in the US. The company initially said this was a temporary measure during the construction phase, but this was called into question whenthe situation remained unchangedlast year. A lawsuit has accused the company of anti-American discrimination.First US plant almost ready for mass productionA brief Nikkei report implies that test production has already been completed, and that mass production will soon begin.Apple is in the final stage of verifying its first made in America cutting edge processor chips from Taiwan Semiconductor Manufacturing Cos plant in Arizona. The first batch of commercial mass-produced chips is expected as early as this quarter, after the quality assurance processes are completed, people briefed on the matter said.Photo: 2910 at Wikimedia/CC 4.0Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel
    0 Comentários ·0 Compartilhamentos ·4 Visualizações
  • 4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
    thehackernews.com
    What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect this sprawling attack surface in 2025.What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third-party risk. And, this growing attack surface, much of which is unknown or unmanaged in most orgs, has become an attractive target for attackers.So, why should you prioritize securing your SaaS attack surface in 2025? Here are 4 reasons. 1. Modern work runs on SaaS.When's the last time you used something other than a cloud-based app to do your work? Can't remember? You're not alone. Outside of a few highly regulated, slow-moving industries, SaaS has taken over as the dominant delivery model for workplace technology. And, this delivery model makes it incredibly easy for knowledge workers to operate as "citizen CIOs", creating new accounts for whatever tool they think will help them work more efficiently, including the latest shiny new GenAI tool.In fact, data from Nudge Security shows that the average employee creates one new SaaS account roughly every two weeks. For an organization with 100 employees, that's 200 new SaaS accounts per month. And, each of these SaaS identities expands the organization's attack surface while creating a new way for sensitive data to leak out of the organization.The only way that IT and security leaders can hope to secure this dynamic attack surface is with a solution that can deliver continuous SaaS discovery along with just-in-time prompts to help those citizen CIOs take appropriate steps to secure their accounts.2. Your SaaS footprint is an attractive target to attackers.The 2024 Verizon DBIR found that web applications (aka SaaS) top the list of asset varieties compromised in incidents, with roughly 50% of incidents in the report involving web applications. And, according to report from Crowdstrike, 80% of breaches today use compromised identities, including cloud and SaaS credentials. Additionally, Gartner's first-ever Magic Quadrant for SaaS Management Platforms highlighted the increased risk organizations face by not taking control of SaaS governance: "Through 2027, organizations that fail to centrally manage SaaS life cycles will remain five times more susceptible to a cyber incident or data loss due to incomplete visibility into SaaS usage and configuration." Surprises are never pleasant in the IT security world. Gaining visibility into your SaaS attack surface makes it possible to proactively secure your accounts and data, mitigating the risk of disruptive surprises in the form of security incidents.Nudge Security provides visibility into externally facing apps and other elements of your SaaS attack surface.3. GenAI governance is SaaS governance.Concern around governance of generative AI use has emerged as a top source of anxiety for security leaders for 2025. And what do virtually all generative AI apps have in common? You guessed it: they are all delivered as SaaS. Since ChatGPT started making waves in early 2023, Nudge Security has discovered almost 850 unique GenAI apps in customer environments, demonstrating the rapid pace of AI adoption. It is simply impossible for IT teams to keep track of this explosion of new tools, much less secure and govern them, without a method of automated discovery that does not require prior knowledge of an app's existence.Nudge Security's approach to AI governance helps you discover and evaluate the security of AI tools in a way that's scalable and sustainable for your organization, so you can embrace the productivity benefits generative AI can offer without taking on excessive risk.AI governance dashboard in Nudge Security4. Weak SaaS security can have legal and regulatory repercussions.As the pace of modern work continues to drive SaaS adoption, organizations are storing more and more data within SaaS appsand regulators are paying attention. Data stored in SaaS apps may fall under data privacy regulations like GDPR and CCPA, security standards such as ISO 27001 and the NIST Cybersecurity Framework, and industry-specific compliance requirements like HIPAA and PCI DSS. Plus, most contractual promises to customers, partners, or vendors regarding data handling and security also extend to data stored within SaaS apps. And, SEC rules published in 2023 require public companies to disclose material cybersecurity incidents within four business days after a registrant determines that a cybersecurity incident is material. Additionally, detailed information regarding their cybersecurity risk management and governance practices must be included in their annual 10-K filings. These rules demonstrate the increased focus on cybersecurity as an indicator of a business's financial stability.Data from Nudge Security shows that 90% of SaaS apps are adopted by individuals outside of IT. So, when a SaaS app experiences a breach, IT may not even be aware that the app is being used by anyone in the org, much less that there was a breach. Nudge Security provides immediate discovery of all SaaS apps, even those IT has never heard of. And, breach alerts notify customers of security breaches impacting their SaaS providers, as well as those in their digital supply chain, helping manage 3rd and 4th party risks.Nudge Security uncovers 3rd and 4th party risks in your SaaS attack surface.Take the next stepImplementing a SaaS security solution can be much faster and easier than you might think, and it can even help you save money by uncovering apps and accounts that are no longer needed. You can deploy Nudge Security in just a few simple steps, and you'll have a full SaaS inventory (including up to two years of SaaS spending history) in minutes. Start a free trial to see for yourself.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.
    0 Comentários ·0 Compartilhamentos ·3 Visualizações
  • AIs on Duty, But Im the One Staying Late
    www.informationweek.com
    Asaff Zamir, VP of Global Customer Success, Solution Architecture, and Business Operations at AI2January 14, 20254 Min ReadBrain light via Alamy StockWorkplace efficiency is a significant challenge in todays fast-paced business environment. With new technologies entering our workplaces daily, employees spend more time upskilling and adapting to new tools than ever before.While these innovations are intended to enhance productivity and efficiency, employees often report the opposite experience. Upwork Study (July 2023) reveals that while 96% of C-suite leaders expect AI to boost worker productivity, 77% of employees report that AI has increased their workload instead. This disconnect suggests a gap between the potential of AI technologies and their current implementation in workplaces.In a survey I conducted earlier this year within a professional community of 5,000 customer success and other go-to-market functions, several clear challenges emerged -- challenges that are echoed in multiple research studies and provide a deeper overlook on these gaps.Adoption of AI Workflows in Enterprise EnvironmentsI believe there are two distinct phases that illustrate the progression of AI adoption in enterprise workflows, starting with the implementation of large language models (LLMs) for specific, high-impact use cases with a clear return on investment (ROI), followed by the adoption of intelligent, proactive personal assistants that will revolutionize the way employees engage with their work.Related:Phase 1: Adoption of LLMs with/without retrieval-augmented generation (RAG) for a specific use case with a clear and easy to achieve ROI.The technology is already here. The primary challenge is not the technology itself but identifying use cases that generate significant value relatively easily, while addressing concerns over data privacy, data structuring, and availability.Hence, use cases like auto-text generation or personalized and grounded chat solutions through LLMs, enhanced by RAG, have an increasing demand and far less resistance from the employees in specific industries where there is a significant amount of time invested on research, and in environments that require a large amount of manual repetitive tasks.Here are a few use cases we have already experienced, and I believe will spearhead this phase:Boosting customer service. Banks, for example, have relied on chatbots for 24/7 customer support, but generic chatbots struggle to provide the personalized and specific answers customers expect. As a result, banks spend too much time on inquiries and too little on customer engagement and experience. By integrating LLMs with a RAG engine, banks can offer personalized, grounded and real-time assistance.Related:According to a study by Salesforce, customer expectations for personalization have increased, with 81% of customers now expecting more personalized experiences than in the past.While implementing a chat + RAG solution with a leading bank, they report a 40% reduction in support tickets post-implementation, unlocking human agents' time for strategic, proactive conversations. This is a win-win for both customer satisfaction and employee fulfillment.Empowering research/medical oriented workflows. We learned that doctors, for example, in several healthcare institutions, often search manually for medical research documentation and guidelines, a tedious and time-consuming process.Oncologists face significant time burdens when searching for and managing medical literature, including time spent navigating electronic health records and managing documentation, rather than engaging directly in patient care.In a field where time equals life, inefficiencies can have serious consequences. By providing a chatbot + RAG system that enables doctors to easily interact with medical guidelines and literature, they can receive accurate answers in real-time, eliminating the need to navigate through multiple articles.Related:Enhancing e-commerce efficiency. The e-commerce sector has seen phenomenal growth in recent years, but many sellers struggle with providing high-quality product information. Incomplete descriptions, missing specifications, and poor-quality images often result in customer dissatisfaction, increased returns, and eroded trust. A Syndigo (2024) report highlighted that 65% of product returns are due to incomplete or inaccurate product descriptions.Additionally, 83% of global respondents stated they would abandon a website if they couldn't find sufficient product information, with 73% of shoppers thinking less of a brand if they find inconsistent or incorrect product details. These issues not only hurt sales but damage brand trust and lead to higher return rates.LLM-powered product description generation can automate the creation of detailed, engaging, and accurate product descriptions, enabling sellers to offer a richer shopping experience at scale.Phase 2: We will witness the rise of personal genius assistants that go beyond expertise in a specific use case and seamlessly integrate into workplace ecosystems. These assistants will not only automate repetitive tasks or answer simple questions, but also proactively suggest relevant context and resources before important milestones. Instead of merely responding to prompts, these assistants will anticipate needs, provide actionable insights, and help employees stay one step ahead.Imagine an assistant that can research complex questions, providing fast, curated information and recommendations. This will allow employees to focus on higher-order, creative tasks while feeling more fulfilled at work. The assistant will act as an intelligent collaborator, enhancing productivity and fostering a sense of accomplishment among employees.The journey toward fulfilling employees real potential lies in leveraging AI to work for us, not the other way around. By adopting technologies like LLMs with RAG and developing personal genius assistants, enterprises can transform workflows, enhance productivity, and, most importantly, allow employees to focus on meaningful, value-generating tasks.About the AuthorAsaff ZamirVP of Global Customer Success, Solution Architecture, and Business Operations at AI2Asaff Zamir is VP of Global Customer Success, Solution Architecture, and Business at AI21. A recognized thought leader in customer success and operations, he was named one of the Top 100 Customer Success Strategists from 2020 to 2023. Eight years ago, Asaff founded the Israel CS community and continues to contribute to its growth. He is also a guest lecturer at several academic institutions and developed Israels first-ever customer success academic course as part of MTA (The Academic College of Tel Aviv-Yaffo) MBA program, which launched in 2022.Previously, Asaff served as COO at Zencity and, before that, he built and led customer success teams at Siemplify (acquired by Google) and Mobilogy (Cellebrite).See more from Asaff ZamirNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports
    0 Comentários ·0 Compartilhamentos ·3 Visualizações
  • TELUS Digital AI Data Solutions: Online Data Analyst
    weworkremotely.com
    Are you a detail-oriented individual with a passion for research and a good understanding of national and local geography? This freelance opportunity allows you to work at your own pace and from the comfort of your own home. A Day in the Life of an Online Data Analyst:In this role, you will be working on a project aimed at enhancing the content and quality of digital maps that are used by millions of people worldwide Completing research and evaluation tasks in a web-based environment such as verifying and comparing data, and determining the relevance and accuracy of information. Join us today and be part of a dynamic and innovative team that is making a difference in the world! TELUS Digital AI CommunityOur global AI Community is a vibrant network of 1 million+ contributors from diverse backgrounds who help our customers collect, enhance, train, translate, and localize content to build better AI models. Become part of our growing community and make an impact supporting the machine learning models of some of the worlds largest brands. Qualification Path:No previous professional experience is required to apply to this role, however, working on this project will require you to pass the basic requirements and go through a standard assessment process. This is a part-time long-term project and your work will be subject to our standard quality assurance checks during the term of this agreement. Basic RequirementsProfessional Proficiency in EnglishBeing a resident in the USA for the last 2 consecutive years and having familiarity with current and historical business, media, sport, news, social media, and cultural affairs in the USAAbility to follow guidelines and conduct online research using search engines, online maps, and website informationFlexibility to work across a diverse set of task types, including maps, news, audio tasks, and relevanceDaily access to a broadband internet connection, computer, and relevant softwareAssessmentIn order to be hired into the program, youll take an open book qualification exam that will determine your suitability for the position and complete ID verification. Our team will provide you with guidelines and learning materials before your qualification exam. You will be required to complete the exam in a specific timeframe but at your convenience. Equal OpportunityAll qualified applicants will receive consideration for a contractual relationship without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. At TELUS Digital AI, we are proud to offer equal opportunities and are committed to creating a diverse and inclusive community. All aspects of selection are based on applicants qualifications, merits, competence, and performance without regard to any characteristic related to diversity.
    0 Comentários ·0 Compartilhamentos ·3 Visualizações