SD Times April 2023

Page 1

APRIL 2023 • VOL 2, ISSUE 070 • $9 95 • www sdtimes com

Instantly Search Terabytes

www.sdtimes.com

EDITORIAL

EDITOR-IN-CHIEF

David Rubinstein drubinstein@d2emerge.com

NEWS EDITOR

Jenna Sargent Barron jsargent@d2emerge com

MULTIMEDIA EDITOR

Jakub Lewkowicz jlewkowicz@d2emerge.com

SOCIAL MEDIA AND ONLINE EDITOR

Katie Dee kdee@d2emerge.com

ART DIRECTOR

Mara Leonardi mleonardi@d2emerge com

CONTRIBUTING WRITERS

Jacqueline Emigh, Elliot Luber, Caryn Eve Murray, George Tillmann

CONTRIBUTING ANALYSTS

Enderle Group, Gartner, IDC, Intellyx

CUSTOMER SERVICE

SUBSCRIPTIONS subscriptions@d2emerge com

ADVERTISING TRAFFIC

Mara Leonardi mleonardi@d2emerge com

LIST SERVICES

Jessica Carroll jcarroll@d2emerge com

REPRINTS reprints@d2emerge com

ACCOUNTING accounting@d2emerge.com

ADVERTISING SALES

PUBLISHER

David Lyman 978-465-2351 dlyman@d2emerge com

MARKETING AND DIGITAL MEDIA SPECIALIST

Andrew Rockefeller arockefeller@d2emerge com

PRESIDENT & CEO

David Lyman

CHIEF OPERATING OFFICER

David Rubinstein

dtSearch.com 1-800-IT-FINDS The Smart Choice for Text Retrieval® since 1991 dtSearch’s document filters support: popular file types emails with multilevel attachments a wide variety of databases web data Developers: and recent .NET (through .NET 6) Visit dtSearch.com for developer evaluations efficient multithreaded search forensics options like credit card search
®
D2 EMERGE LLC www d2emerge com
NEWS 4 News Watch 11 Java 20 includes 7 enhancement proposals 11 Report: 72% of tech leaders plan to increase investment in tech skills development 13 Armory announces plugins for Spinnaker 13 Scaled Agile rolls out two flagship products Contents Software Development Times (ISSN 1528-1965) is published 12 times per year by D2 Emerge LLC, 2 Roberts Lane, Newburyport, MA 01950 Periodicals postage paid at Newburyport, MA, and additional offices SD Times is a registered trademark of D2 Emerge LLC All contents © 2023 D2 Emerge LLC All rights reserved The price of a one-year subscription is US$179 for subscribers in the U S , $189 in Canada, $229 elsewhere POSTMASTER: Send address changes to SD Times, 2 Roberts Lane, Newburyport, MA 01950 SD Times subscriber services may be reached at subscriptions@d2emerge com FEATURES Despite advancements in authentication technology, MFA adoption lags page 14 page 6 page 8 How does blockchain fit into today’s enterprise? VOLUME 2, ISSUE 70 • APRIL 2023 COLUMNS 20 GUEST VIEW by Marc Linster Beware of fake open source 21 ANALYST VIEW by Rob Enderle Getting ready for the generative AI wave How tech professionals can survive amidst the looming threat of layoffs

Microsoft introduces AI copilot in Power Apps

The new AI copilot enables users to build an application by describing what they need through several steps of conversation

According to the company, this release is a way to move to the next evolution of code abstraction, transitioning from custom code to low-code to natural language authoring where humans and machines can work side by side to build apps

After the initial natural language prompt, users can have a conversation with Copilot to make necessary adjustments to the app, such as adding columns to data tables

Fu r t h e r m o re, Co p i l o t i n Powe r A p p s offe rs u se rs p ro a c t i ve re co m m e n d a t i o n s fo r h ow t h ey ca n i m p rove their applications if they feel stuck on where to go next

TypeScript 5.0 adds decorators standard

Decorators enable developers to customize classes and their members so that they can be easily reused. TypeScript had for a long time supported an experimental version of decorators which are now conside re d l e g a c y te c h n o l o g y, though Microsoft intends to continue supporting them for a while still. They required you to use an opt-in compiler flag in order to make use of them, whereas the new decorators can be used without.

Also new in TypeScript 5.0 is that developers can add a “co n st” m o d i fi e r to a ty p e p a ra m e te r d e c l a ra t i o n . Th e “const” modifier makes a varia b l e co n sta n t, w h e re a s by default TypeScript will infer

A new plan for U.S. cybersecurity

The White House hopes to “reimagine cyberspace as a tool to achieve our goals in a way that reflects our values: economic security and prosperity; respect for human rights and fundamental freedoms; trust in our democracy and democratic institutions; and an equitable and diverse society.”

Achieving this will require shifts from how we currently view cybersecurity. The Biden-Harris Administration plans to rebalance the responsibility of security from individuals and small businesses and onto organizations that are best positioned to reduce risk for all. They also plan to rebalance the need to defend security risks today with positioning us to plan for future threats.

This National Cybersecurity Strategy builds on other initiatives that the Administration has already released, such as the Executive Order on Improving the Nation’s Cybersecurity, National Security Strategy, and M-22-09 (Moving the U.S. Government Toward Zero-Trust Cybersecurity Principles).

It includes five pillars: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships.

a n d c h o ose a ty p e t h a t i s meant to be general

D eve l o p e rs w i l l n ow b e able to more easily support m u l t i p l e co nf i g u ra t i o n f i l es u s i n g t h e “ex te n d s” f i e l d , w h i c h co p i es f i e l d s f ro m “compilerOptions ” TypeScript 5 0 enables “extends” to take multiple fields

Google announces Ser vice Weaver app framework

Service Weaver is an opensource framework that allows users to write apps as a modular monolith and deploy them as a set of microservices

Service Weaver is made up of two core pieces The first is a set of programming libraries w h i c h a l l ow c u sto m e rs to

write an app as a single modular binary with native data structures and method calls The second is a set of deployers which assist in configuring the runtime topology of an application and deploy it as a set of microservices, either locally or on the cloud

“Most people believe, by d e fa u l t, t h e i r a p p l i ca t i o n should just be built as a collection of microservices I think the challenge with that is that people end up creating way too many services, introducing things like latency and network boundaries way too early in the process and they end up building distributed monoliths,” said Kelsey Hightower, G o o g l e C l o u d ’s p r i n c i p a l developer advocate, during a Twitter Spaces live

Google stated in a blog post

that this open-source release came about to solve the challenge of reducing the overhead that comes with maintaining multiple different microservice binaries, which can slow development significantly, as well as make it easier to make crossbinary changes.

With Service Weaver, users can write a single binary with o n l y l a n g u a g e - n a t i ve d a ta structures and method calls, then organize the binary as a set of modules native to their programming language called components.

LaunchDarkly updates tie objects, business

The team at the SaaS platfo r m L a u n c h D a r k l y h a s released a roundup of product u p d a tes i n te n d e d to h e l p users deliver software more q u i c k l y a n d w i t h l ess r i s k through feature management

First, custom contexts are now generally available for all L a u n c h D a r k l y c u sto m e rs With this, organizations are enabled to create several target objects which can map to a business’s use case

This provides users with the ability to deliver targeting h ow t h ey wa n t a s we l l a s offers improved control and business alignment for how features are delivered

The release of custom contexts also allows for multiple new use cases for LaunchDarkly Experimentation customers, such as the ability to create rules and build experimentation audiences based on different context types

In addition, the possibility to randomize experiments on known variables such as device type, browser type, and more, has been expanded According

4
N E W S WATC H N E W S WATC H SD Times April 2023 www.sdtimes.com

to LaunchDarkly, this keeps the experiment stable as well as eliminates randomization discrepancies that result from traditional user targeting.

AWS’ low code app builder enables prototyping

The now generally available AWS Application Composer is a visual builder that enables users to compose and configu re se r ve r l ess a p p l i ca t i o n s from AWS services backed by deployment-ready infrastructure as code (IaC)

AWS Application Composer allows for building prototypes of serverless applications and co l l a b o ra t i ve l y rev i ew i n g them, generating diagrams for documentation or Wikis, and onboarding new team members to a project, according to Amazon

“Developers that never used serverless before, how do they know where to star t? Which services do they need? How do they work together? We really wanted to make this easier AWS Application Composer simplifies and accelerates the architecting, configuring, and building of serverless applications,” Dr Werner Vogels, CTO of Amazon com said at the re:Invent 2022 keynote, where the application was first previewed

Android 14 preview 2 enhances privacy

This is the final developer preview before the new version enters beta

This preview includes a number of updates related to privacy and security For example, Photo Picker, which provides an interface that shows a users’ media library, is recom-

mended for all apps, but for apps that cannot use it for some reason, there is a new dialog that will enable users to choose between three different permission levels: allowing access to all media, allowing access to selected media, and blocking access.

Credential Manager is now available as a platform API in Android 14 to make the sign-in process easier. The API supports passkeys as well as passwo rd s. Key u p d a tes i n t h i s developer preview include UI improvements for the account selector and API changes.

Other security updates in A n d ro i d 1 4 i n c l u d e s a fe r i m p l i c i t i n te n t s a n d g i v i n g foreground apps more control of the ability for other apps to start background activities.

OpenAI’s GPT-4 test run ‘stable’

OpenAI, in collaboration with Microsoft Azure, over the last two years has rebuilt its AI training track from the ground up, and GPT-3 5 was the first test run of that new system Since that release the company has found bugs and fixed them, and stated that the test run of GPT-4 was “unprecedentedly stable ”

In addition, the company has also applied lessons from i t s a d ve rs a r i a l test i n g p rogram and ChatGPT

A n exa m p l e of t h e improvements is that GPT-4 passes a simulated bar exam with a score that is in the top 10% of those who took the test, while GPT-3 5 was in the bottom 10% of scores when it took the test

GPT-4 can accept images as well as text as input An example OpenAI shared is a user giving a photo of a phone with a VGA cable plugged into

it instead of a normal charging cable and asking what is funny with the photo.

The response: “A smar tphone with a VGA connector (a large, blue, 15-pin connector typically used for computer m o n i to rs) p l u g g e d i n to i t s charging port… The humor in this image comes from the absurdity of plugging a large, outdated VGA connector into a small, modern smartphone charging port.”

New Relic creates code-level metrics

Its new CodeStream code-level metrics and service-level telemetry offers users deeper insights into software performance down to the code level

This allows developers to find issues quickly before they make it into production

According to the company, p rov i d i n g d eve l o p e rs w i t h telemetry data right where t h ey b u i l d a n d f l ow a l l ows them to access the data that

People on the move

they need without leaving the I D E , re l y i n g o n o p e ra t i o n s teams, or waiting on customer feedback on issues.

This release also supports a l l of t h e co re l a n g u a g es, i n c l u d i n g . N E T, J ava , P H P, Python, Ruby, Go, and Node.js.

GitLab 15.9 features approvals process

In GitLab 15.9, administrators will now be able to specify files, file types, or directories that need specific types of a p p rova l Th ey ca n se t approval as optional, required a p p rova l by o n e u se r, o r required approval by multiple users

Approval by multiple users is a new feature itself Previously if you did have that requirement you would have to create an approval rule and now it is handled by the Code Owners file Approval rules apply to entire branches, but Code Owners rules can be applied to specific parts of code z

n Asanka Abeysinghe has been promoted to chief technology officer of WSO2 after serving as the company’s chief technology evangelist for the past three years. In his new role he will focus on company vision, drive external technical architecture strategy, and optimize the company’s platform for customer satisfaction

n John Kindervag, creator of the zero trust security methodology, has been brought on as an advisor to Traceable AI He will be “deeply involved” in the product strategy for Traceable’s API security platform He’s currently SVP of cybersecurity strategy and global fellow at ON2IT and also serves as an advisor to companies like Cerby, Cloud Security Alliance, and NightDragon. Prior to that he was fielt CTO at Palo Alto Networks and spent eight years as an analyst at Forrester

n Nintex has appointed Amit Mathradas as its new CEO, taking over from Eric Johnson, who served as CEO for the past five years Mathradas comes from Avalara where he was president and COO, and has also held senior leadership positions at PayPal, Web com, and Dell

5
www.sdtimes.com April 2023 SD Times

In the aftermath of the COVID-19 pandemic, it seems that no one is safe from the strain of inflation, economic downturn, and a loss of job security. The instability of the current economy has become a proverbial dark c l o u d h a n g i n g o v e r b u s i n e s s e s a n d employees alike.

Most prominently, the technology industry has felt this tension as it finds itself on the other side of the massive i n f l u x o f h i r i n g t h a t t h e p a n d e m i c encouraged

Now with the sheer magnitude of tech layoffs making headlines, technology professionals are left to scramble and fight to find new opportunities in the field

Jake Cooper, CEO and co-founder o f t h e t e c h - e n a b l e d m e n t a l h e a l t h provider Grow Therapy, explained that these layoffs are an unforeseen consequence of the rapid growth that the tech sector experienced at the beginning of the pandemic.

“The most obvious change that was precipitated was the transition of services from in-person to virtual, and we also saw the transformation of advertisements from subway ads to digital ads,” said Cooper “That really gave

temporary tailwinds to many tech companies that these companies assumed would be more permanent in nature ”

This led to mass hiring by tech companies in order to meet the heightened demand for virtual services. However, now that things are settling into a more normal state, these companies can no longer sustain this hiring acceleration.

Slowing demand led to layoffs

Kalani Leifer, founder and CEO of the n o n p r o f i t h i r i n g c o m p a n y C O O P C a r e e r s , e m p h a s i z e d t h i s p o i n t , explaining that in the first year of the p a n d e m i c , t e c h c o m p a n i e s b e c a m e overzealous because they believed that this spike in demand would be a longterm state for the industry

“Unfortunately the thing about capitalism and publicly traded companies is when push comes to shove, they’re going to lay off who they have to or who they believe they have to,” Leifer said “It’s striking that a lot of people went towards tech because tech could pay so much more, but tech was not committed to them in any meaningful way. So, once that intense consumer demand started to level off… they let them go. ”

Cooper also cited a transition in the way employers are looking at their teams and considering the current tra-

jectory of the market He said that he believes this has had an even bigger impact as the massive correction in the capital markets has led to a total mindset shift for the tech industry

He explained, “For companies that are high growth and now losing money, their valuations in the public markets have declined 70-80%.” He expanded on this, saying that this has caused organizations to reassess their cost base significantly

In the presence of a less forgiving market, the mindset of tech companies has flipped from the desire to add more talent to encourage further growth, to the reverse of that, leading to organizations laying off team members that they view as non-essential

“The reality is, much like everyone rushed to hire when the going was g o o d , t h e y a r e n o w q u i c k t o f i r e because the going is not as good,” said Eric Riz, founder and CEO of the data analytics firm Verified

According to Riz, the way that governments were quick to hand out loans through the pandemic along with the misspending and mismanagement of those loans have also played a hand in the current state of the tech industry.

He explained that, while these loans had good intentions, they also led to a

SD Times April 2023 www sdtimes com 6
H o w t e c h p r o
c a n s u r v i v e a m i d s t t h e l o o m i n g t h r e a t o f l a y o f f s
f e s s i o n a l s

fair amount of fraud and mishandling of the money

“Businesses were doing great because it is a circular relationship and when consumers have money, they’re spending money and now that cash just isn’t there and because of that circular relationship it comes back around to the companies and the employees,” Riz said.

The misconception around hiring Cooper continued,

saying that another reason behind these layoffs is the misconception that hiring more people automatically equals faster growth and

heighted development

He explained that organizations are now realizing that there is not only a diminished marginal utility for each new hire, but also that they could harm productivity if they are not integrated properly into the existing team

“If you don’t position them well to succeed, if you over hire, if you don’t have properly skilled jobs, there is a negative impact on your ability to actually get things done,” Cooper said

With more employees comes heighte n e d c o g n i t i v e o v e r h e a d , i n c r e a s e d c o m m u n i c a t i o n c h a l l e n g e s , a n d a decrease in defined ownership over dif-

ferent problem areas Therefore, Coope r e x p l a i n e d t h a t w h e n a d d i t i o n a l employees start to cause more trouble than they are worth, companies are quick to lay them off

Finding new opportunities

As far as where tech folks can go to find jobs, Riz cited health care and insura n c e a s s p a c e s w h e r e h e h a s s e e n opportunities arise in recent months. Additionally, he said that seeking out new startups looking to hire will most likely yield positive results.

Cooper also said that the health care s p a c e i s o n e f u l l o f o p p o r t u n i t i e s because there has been no decrease in the demand for quality care; if anything, it has only increased

“For certain sectors like ours, we have seen no decline in the amount of clients looking for a high-quality and affordable mental health provider and we have seen an increase in demand for providers looking for more meaningful professional opportunities,” Cooper explained “And because of that, our growth and hiring plans have really not been impacted ”

A c c o r d i n g t o L e i f e r, f i n a n c e i s another area that tech professionals c o u l

opportunities

He explained that if you take away the industry and just read the job descriptions, many jobs in the finance sector resemble tech jobs in a lot of ways

“And I think that it is really exciting for people who want to build careers in tech that they can take their skills and their curiosity and their ambition really into any field and any application, and I think that finance is a big one, ” Leifer said.

Riz also stressed the importance of seizing the opportunities that are in front of you Technology is a constantly evolving field, lending itself to frequently finding new problems to solve, and with that, new positions open up Cooper agreed, saying that while tech layoffs are a very real thing, assuming there are no jobs left in the industry is a mistake

“I think it is underappreciated how many companies are still hiring Maybe not at the euphoric pace they were during COVID, but there are many tech companies who are still hiring,” Cooper said “We have seen a fair amount of tech workers find new opportunities within a two- to three-month period at other tech companies.” z

How diverse, low-income, and first-generation grads could be affected

While layoffs pose a pretty equal threat to tech professionals across the board, Kalani Leifer, founder and CEO of COOP Careers, believes that the playing field for finding new opportunities after the fact may not be as even

He explained that because so much of finding a new job comes down to who you know rather than what you know, the starting line can often be much further back for diverse, low-income, and first-generation college graduates

“I think it is deeply dependent on huge socioeconomic forces It doesn't matter what you know if you don’t know someone who can get your resume on the top of the pile or give you a referral or get you an informational interview or even tell you that an opportunity exists,” Leifer said

He continued, saying that because of this, first-generation college grads who come from a lower-income family may be feeling a disproportionate impact from these layoffs

According to Leifer, most of these cases involve people who attended public colleges, worked while in school, and opted to commute over on-campus boarding With that comes a reduced

n etwo r k of f r i e n d s a n d p e e rs w i t h i n d u st r y co n n e c t i o n s w h o ca n h e l p them out when it comes to finding their next role

“I think the ability to bounce back is entirely dependent on social capital, which is really unevenly distributed in the United States,” Leifer said

Because of this, he touted peer connections and interpersonal communication as key skills for tech professionals to foster when trying to bounce back from a layoff He explained that, particularly for underserved communities, seeking out peer groups to learn new skills and grow with could be immensely helpful

Once these connections are made, Leifer said there is a very good chance that jobs will be found through that person or their connections

“Doing this journey together, even if it is organized around skill building, is in fact a relationship-building endeavor,” he said “So, when you focus on personal growth in partnership with others you get the skills, you get the relationships, and you get their connections without really doing any artificial networking ”

www sdtimes com April 2023 SD Times 7
d e x p l o r e t o f i n d e x c i t i n g n e w

Despite advancements in authentication technology, MFA adoption lags

In today’s digital age, ensuring secure authentication at your organization is more crucial than ever. With the increasing prevalence of cyber attacks, data breaches, and identity theft, it is imperative for businesses to implement robust security measures to protect their sensitive information and assets.

Passwords are still the leading cause of security breaches, and we’ll continue to see this be the case as long as passwords are still the primary form of authentication used by businesses and a p p l i c a t i o n s , a c c o r d i n g t o R e e d McGinley-Stempel, the co-founder and CEO at Stytch, a platform for authentication and security requirements

I n f a c t , Ve r i z o n f o u n d t h a t 8 0 % o f h a c k i n g - r e l a t e d b r e a c h e s a r e l i n k e d t o p a s s w o r d s i n s o m e w a y A b i g c a u s e , a c c o r d i n g t o C h r i s N i g g e l , r e g i o n a l c h i e f s e c u r i t y o f f i c e r o f t h e A m e r i c a s a t i d e n t i t y m a n a g e m e n t p l a t f o r m p r o v i d e r O k t a , i s t h a t t h e a d o p t i o n o f m u l t i f a c t o r a u t h e n t i c a t i o n ( M FA ) i s s t i l l v e r y l o w A r e c e n t M i c r o s o f t s t u d y s h o w e d t h a t o n l y 2 2 % o f A z u r e A c t i v e D i r e c t o r y h a d s t r o n g a u t h e n t i c a t i o n t u r n e d o n

“Employees aren’t compensated on security, they’re compensated on productivity, and MFA traditionally impeded that productivity and organizations were very reluctant to roll that out,” Niggel said. “Now, where we are today with the zero-trust security models, we

can actually deploy MFA in ways that don’t negatively impact productivity.”

To account for this, some organizations are starting to require MFA Starting in March and through the end of 2023, GitHub will gradually begin to require all users who contribute code on GitHub com to enable one or more f o r m s o f t w o - f a c t o r a u t h e n t i c a t i o n (2FA)

In addition to enforcement, there have been many advancements in the field as of late to secure organizations One that stands out is the commitment by Apple, Google, and Microsoft to expand support for the FIDO standard and accelerate the availability of passwordless sign-ins in mid-2022

Here FIDO

T h i s a l l o w s u s e r s t o a u t o m a t i c a l l y access their FIDO sign-in credentials also referred to as a passkey on many of their devices without having to re-enroll every account. It also enables them to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regard-

less of the OS platform or browser they’re in

“This is the first time we ’ ve had cross-device biometrics at our fingertips, which is crucial for improving the appeal and adoption of biometrics as a primary authentication method,” said Stytch’s McGinley-Stempel.

A c c o r d i n g t o M c G i n l e y - S t e m p e l , passkeys are an evolution built upon an existing passwordless technology called Web Authentication API or “WebAuthn,” and to understand the promise of passkeys, it’s important to understand where the initial capabilities of WebAuthn technology have fallen short of consumer expectations The major limitation there was that it couldn’t carry biometrics across devices such as the phone and desktops and that no apps were comfortable offering it outside of a 2FA option

To m a k e t h i s t a n g i b l e , i m a g i n e you ’ re a user signing up for an account with HomeDepot in order to buy paint You start your search for paint on your mobile device and find a few colors y o u ’ r e e x c i t e d a b o u t Yo u c r e a t e a Home Depot account in order to complete the order You see a FaceID icon and think “Great! No password needed

I can just use a biometric to sign up, ” McGinley-Stempel said.

“A day later, you see the shipping confirmation while checking your email on your laptop, and you realize you ’ re out of paintbrushes. You go to Home-

SD Times April 2023 www sdtimes com 8

Depot com to order a few brushes as well When it asks you to log in, you click on the same biometric icon you saw in the mobile apps. However, laptops do not support FaceID, so HomeDepot asks you to go through the TouchID flow on your Mac. You enroll your fingerprint, and you receive an error telling you that an account doesn’t exist,” he continued. “You know that’s not right, but you ’ re not sure what’s gone wrong and you ’ re also in a hurry You decide to create a password, enter all of the same information you provided yesterday such as an address, credit card info, etc , and make the purchase with this same account You’ve now experienced the biggest shortcoming with WebAuthn today it doesn’t hand l e c r o s s - d e v i c e o r c r o s s - p l a t f o r m authentication well ”

This led the potential buyer to duplicate work while also creating multiple user accounts for HomeDepot to manage on their side

L u c k i l y, t h i s n e w i t e r a t i o n o f passkeys can overcome these user challenges and make them a major contender as a preferred primary authentication factor By enabling biometric authentication to work across all major devices and browsers, passkeys are likel y t o b e a g a m e c h a n g e r f o r B 2 C We b A u t h n a d o p t i o n , a c c o r d i n g t o McGinley-Stempel.

A lot of the best practices surrounding authentication are built around the

(Fast Identity Online) FIDO 2 standard, according to Ant Allan, vice president analyst at Gartner. This was built by a consortium of companies including Google, Microsoft, and Intel, with the aim of reducing the reliance on passwords and improving the security of online authentication

FIDO 2 is based on public-key cryptography and uses a combination of h a r d w a r e s e c u r i t y k e y s , b i o m e t r i c authentication and passwordless methods to provide secure and easy-to-use authentication solutions

Building on top of those best practices is a conditional access policy

“This takes account of device identity, location, and network, and if you see that everything is in line with expectations, you can make the decision to skip the additional factor,” Allan said “So you log in normally with a password, and only if you ’ re on an external network, or you ’ re on a strange machine are you prompted for the additional factor. This has become very popular.”

This has also grown in popularity with organizations that are using Azure AD or similar systems for access to S a a S a p p l i c a t i o n s , w h i c h w i l l l e t employees log into things if they’re on the corporate network in the first place However, if they’re coming in remotely a greater consideration nowadays it’s going to ask for a second factor as well although this can be adjusted to just once a week or so

Using a phone for MFA can be a challenge

Whether it’s SMS-based login, push notifications, or generated codes, there a r e s o m e c o n s t r a i n t s t o r e q u i r i n g employees to use a phone for authentication purposes

In one of the more robust phonebased authentication methods, organizations can require employees to have an app for their phone, and if they’re not providing a corporate phone, some fraction of the employees are going to be reluctant to that app on their personal device, according to Allan.

“For good or bad reasons they might misunderstand what it can do,” Allan said. “They’re scared it can track their location or they just object on principle,

that this is my device not for work.”

So most organizations will choose the phone-based method by default but typically have a need to support people who can’t or won’t use phones by providing a hardware token Others just figure it’s more economical to pay a stipend to people to use their phones rather than having to buy tokens and manage the logistics around them

“Most will use the hardware tokens as an alternative But in some organizat i o n s t h a t c a n b e c o m e p a r t i c u l a r l y expensive, particularly if you ’ re looking at blue-collar workers, you ’ re speaking to manufacturing firms and such, there tends to be much higher resistance, and particularly if an organization is unionized than the union might just say, ‘No, you ’ re not going to do this ’ There the hardware token use would be much higher,” Allan explained

Bringing FIDO 2 to legacy apps isn’t easy

The integration of legacy products into FIDO 2 is something that isn’t going to be easily solved, according to Allan.

For example, Windows Hello for consumers is FIDO-certified, but since Windows Hello for Business adds a lot of bits that will make it work in legacy Active Directory environments, it’s not a FIDO-certified product anymore

“When you ’ ve got legacy infrastructure, which still has compatibility with NTLM, it’s those kinds of things which, which mess it up, ” Allan said “On the plus side, you also get more control over how you use it You get more control over how you use it, more control over enrollment and what you force people to use to log in in the first place and we ’ re seeing a lot of organizations make use of that just to improve user experience ”

H o w e v e r, t h i s l e a v e s a n A c t i v e Directory password available in the background which is still a source of weakness that the attacker can exploit

Moving to the cloud can hugely simplify how authentication is managed and that is something that newer and s m a l l e r c o m p a n i e s h a v e e m b r a c e d since they were early adopters of cloud applications, according to Allan.

continued on page 10 >

www.sdtimes.com April 2023 SD Times 9

Zero-trust initiatives are spreading

Four years ago, just 16% of companies surveyed said they either have a zerotrust initiative in place or would have o n e i n p l a c e i n t h e c o m i n g 1 2 – 1 8 months Today, that number is 97%, according to The State of Zero-Trust Security 2022 from Okta It also found that zero-trust initiatives are not limited by company size, geographic location, or industry verticals

For the fourth annual State of Zero Trust report, Okta surveyed 700 security leaders across the globe more than ever before to assess where they are on the journey toward a complete zerotrust security posture

Passwordless solutions support a zero-trust model because they offer more secure factors for verifying someone ’ s identity, independent of whether or not they have already gained access to certain resources, according to McGinley-Stempel. A zero-trust security posture has many overlapping interests with modern authentication, but they remain slightly different focus areas.

The Okta report found that there is a growing consensus for integrating

ChatGPT can help your hacker

identity and access management (IAM) with other critical security solutions, a powerful central control point for intelligently governing access among users, devices, data, and networks can be created through an identity-first approach to zero trust

It found that 80% of all organizations say identity is important to their overall zero-trust security strategy, and an additional 19% go so far as to call identity business critical That’s a full 99% of organizations naming identity as a major factor in their zero trust strategy

Zero trust is also met with a more tech-savvy workforce

Due to the numerous breaches and s e c u r i t y i n c i d e n t s w e r e g u l a r l y encounter, people are typically more aware of security today, according to McGinley-Stempel Even though many are proactively attempting to address s e c u r i t y t h r e a t s a n d v u l n e r a b i l i t i e s , many do not prioritize authentication and security until there is an imminent risk or an actual incident.

The use of biometrics has gone up to 24% from 21% last year and the category has grown 46% year over year.

“I think a lot of that has to do with just the fact that it’s easy Now, we ’ re all

A new alarming phenomenon is the role that AI tools are playing in increasing the sophistication of authentication attacks

“Emerging AI tools are enabling more sophisticated phishing attacks and making more advanced unphishable MFA more important than ever,” Reed McGinley-Stempel, the co-founder and CEO at Stytch said “New AI-powered chatbots like ChatGPT, which saw over 100 million users within two months of launching, are empowering hackers to be bolder and more prolific ”

Darktrace, a cybersecurity firm, recently released a warning saying it believes that criminals are increasingly using ChatGPT to create more sophisticated scams

Historically, hackers have used obvious typos in phishing emails to filter for respondents that are more gullible and thus more likely to unwittingly fall victim to a phishing attempt That’s because phishing is a predominantly manual method that requires hackers to interact live with their victims,” McGinley-Stempel said “If conversations can be delegated to a convincing AI chatbot, hackers can target more sophisticated users with little to no human cost, allowing them to widen their net and increase the volume and scope of their attacks through automation ”

He added that as phishing gets more sophisticated, it’s on companies to adopt unphishable MFA practices that render these more sophisticated fraud attempts a moot point z

used to using things like Touch ID, Face ID, and Windows Hello,” McGinleyStempel said “So those capabilities are built into the hardware we ’ re using, whereas a few years ago, that was really nascent ”

Security professionals should also keep up-to-date on current security threats by going to conferences like AuthenticateCon and Identiverse where they can absorb a lot of the latest trends They should also find a trusted authentication provider they can rely on

Security is edging out usability

While at the start of the pandemic, organizations had to lean harder toward usability since their workforce had to get comfortable with working remotely to drive business results, 2022 shifted the priority to security when it comes to authentication, the Okta report found This shift was pronounced in APAC and North America, with the EMEA region reporting a more balanced prioritization between usability and security.

T h i s m a y b e d u e t o c o m p a n i e s a l r e a d y l e v e r a g i n g p a n d e m i c - e r a investments in usability and now them having to catch up on security debt. Others recognize that by prioritizing stronger security measures, they may gain improved usability at the same time, according to the report

“This was highlighted by the White House memo last year which talked a b o u t p h i s h i n g - r e s i s t a n t M FA a n d w e ’ v e s e e n s o m e r e s p o n s e s f r o m M i c r o s o f t , G o o g l e , a n d o t h e r s t h a t added features to these methods to try to mitigate some of those risks sometimes at the expense of user experience, ” Gartner’s Allan said

If you moved from hardware tokens to mobile push on your phone as a way of lowering costs and improving user experience, then you have to implement something else on top of that to mitigate this new MFA fatigue which may erode some of the benefits, Allan added

However, there is a broader context of tools that have additional intelligence and analytics of different signals to try and block some of the risks and fatigue since MFA shouldn’t be used as the only authentication method. z

SD Times April 2023 www sdtimes com 10
< continued from page 9

Java 20 includes 7 enhancement proposals

Oracle has announced the release of Java 20, which includes seven JDK Enhancement Proposals (JEPs)

According to Oracle, many of the new features are follow-ups to previous features, adding new functionality or making improvements, and all are either preview or incubating features

Two language updates in Java 20 are the ability to nest record patterns and use pattern matching for switch expressions

There are also three features that came from Project Loom, which is a project that explores ways to improve the Java Virtual Machine (JVM) A new incubating feature, scoped values, will enable sharing of immutable data within and across threads. Virtual threads are in their second preview, and these threads will significantly reduce effort associated with writing, maintaining,

and observing high-throughput concurrent applications And finally structured concurrency treats multiple threads as a single unit, which will help streamline error handling and cancellation

The final grouping of updates comes from Project Panama, which is an initiative to improve connectivity between the JVM and native code. The foreign function and memory API will allow Java applications to call native libraries and process data without using the Java

And the new Vector API is used to express vector computations that will compile at runtime

“For more than 25 years, Java has empowered developers to design and build the next generation of robust, scalable, and secure applications,” said Georges Saab, senior vice president of development, Java Platform and chair, OpenJDK Governing Board, Oracle “The innovative new enhancements in Java 20 reflect the vision and invaluable efforts the global

With the support provided by Oracle’s ongoing Java technology leadership and community stewardship, Java has never been more relevant as a contemporary language and platform that helps developers improve productivity.” z

Repor t: 72% of tech leaders plan to increase investment in tech skills development

D e s p i t e 6 5 % o f t e c h t e a m l e a d e r s being asked to cut down on costs, 72% stated that they still plan to enhance their investment in technology skills development in 2023 according to technology workforce development company Pluralsight’s 2023 State of Upskilling Report

Furthermore, 97% of learning and development and HR directors said that they are opting for fostering internal talent rather than outside hiring for open positions because upskilling talent is more cost-effective for an organization

The report also found that, with the prevalence of layoffs in the tech industry and the uncertainty of the economy, sixty five percent of executives are being asked to seek out cost efficiencies.

“This year ’ s research findings underscore the importance of maximizing e m p l o y e e p o t e n t i a l a n d o p t i m i z i n g

learning investments to drive business ROI,” said Gary Eimerman, chief product officer at Pluralsight “Organizations and individuals alike are being asked to do more with less in the face of reduced workforces and larger economic pressures For future-focused companies, an emphasis on continuous upskilling will help sharpen their competitive edge ”

Teams have also been taking on more tasks, as 67% of respondents stated that workforce reductions in their companies spanning software, IT, and data have led to an evolution of responsibilities

With this, almost half (47%) of technologists agreed that they have had to perform additional duties outside of their primary job function.

In response to this expansion of tasks, 52% of respondents said that it is crucial to be learning new technology skills in

times of economic turbulence That same 52% also agreed that upskilling has become a critical aspect of both individual and organizational success

It was also revealed that the top three areas technologists are prioritizing are cybersecurity, data, and cloud skills

The study found that only 17% of respondents stated that they felt confident in their cybersecurity skills while 21% are not confident, 25% are confident in their data skills while 8% are not, and 21% are confident in their cloud skills while 17% are not

In terms of challenges that organizations face when trying to upskill, a lack of time and budget have consistently remained the biggest barriers over the past two years. For organizations who had the time and budget, 30% said they do not know where to focus their skills development and 25% said they are not sure which resources to utilize. z

www.sdtimes.com April 2023 SD Times 11
Native Interface, contributing to i n c r e a s e d e a s e - o f - u s e , p e r f o r mance, and safety
J a v a c o m m u n i t y h a s c o n t r i b u t e d throughout Java’s existence

April 12, 2023

A one-day virtual event

Organizations requiring a faster digital transformation are turning to low-code development solutions, empowering IT and non-IT personnel to use drag-and-drop tooling to quickly create necessary business applications.

Join us for the second Low-Code/No-Code Developer Day. This online event is designed to help organizations understand the use of low-code and no-code tools, where they are appropriate to use, and what they can deliver

Register for Free!

2022 Sessions

l Friends in low-code places by Cindy Van Epps

l Demystifying low code: Where to start? by Jason English

l Maximizing the value of hybrid dev teams in remote environments by Adam Morehead

l From ‘Hello World’ to the World at Large by Dawie Botes

l Crossing the Low-Code and Pro-Code chasm: A platform approach by Asanka Abeysinghe

l Designing a developer-led culture by Ricardo Miguel Silva

l How Medtronics created its LC/NC program by Lori Breitbarth

l Why now is the time for low-code CX by Stephen Ehikian

l Low-Code capabilities of digital product design platforms by Jason Beres

l Dispelling preconceived notions of DIY task complexity by Michiel de Bruin

433 people attended last year from these companies:

A Event Returning in April!

Armory announces plugins for Spinnaker

Aim is to offer faster and more secure continuous deployment

The continuous deployment company Armory unveiled multiple plugins for Spinnaker, the open-source and multi-cloud continuous deployment tool, that are intended to offer Spinnaker users more speed and security

According to Armory, these plugins work to solve the technical and cost challenges that the Spinnaker platform presents when managing the number of accounts, configurat i o n s , c r e d e n t i a l s , r e s o u r c e s , a n d i n f r a s t r u c t u r e o v e r h e a d n e e d e d t o deploy at scale.

“The Armory crew believes in the power of community and is committed to enabling continuous deployment for everyone, at any scale,” said Adam Frank, VP of product and marketing at Armory. “Creating new deployment,

security and observability capabilities for users of open source Spinnaker was an easy decision for us. ”

The first of the new plugins is Scale Agent, which allows teams to manage all Kubernetes deployments while also reducing infrastructure overhead and costs. This plugin is available now for

all Armory Essentials and above packages

Next, Policy Engine functions to reduce operational risk, increase stability, and improve the adoption of modern DevSecOps practices It i s a l s o a v a i l a b l e f o r a l l A r m o r y Essentials and above packages

Pipelines-as-code is an anticipated plugin that is coming soon and enables development teams to link c o n t i n u o u s d e p l o y m e n t p i p e l i n e s w i t h a p p l i c a t i o n d e v e l o p m e n t i n order to interact, configure, and automate pipeline definitions as code. L a s t l y, S e c r e t s M a n a g e r o f f e r s n a t i v e i n t e g r a t i o n w i t h H a s h i C o r p Vault, Google Cloud Storage, and AWS Secrets Manager. This is also coming soon and is geared at enhancing Spinnaker Secrets Manager experience. z

Scaled Agile rolls out two flagship products

SAFe 6.0, SAFe Studio Platform designed for business agility

Scaled Agile Inc , provider of business agility system SAFe, today announced the release of two new flagship products: SAFe 6 0 and SAFe Studio

SAFe 6 0 offers users the latest version of the Scaled Agile Framework, c o u r s e s , c e r t i f i c a t i o n s , t o o l k i t s , a n d online learning and SAFe Studio is a platform where SAFe professionals can learn, practice, and manage SAFe

With the newest version of the Scaled Agile Framework, value flow for teams, Agile Release Trains (ARTs), Solution Trains, and portfolios has been improved with eight new flow accelerators.

SAFe 6.0 also brings enterprises the business and technology patterns necessary for expanding SAFe across the organization with guidance for Agile

“SAFe has become the world standard for enterprises to achieve business agility at scale We take this responsibility seriously, continually investing in evolving SAFe to support and enable the latest technology and business trends

These new releases represent a significant advance in how enterprises integrate SAFe practices in day-to-day work, make the change stick, and achieve the benefits of true business agility,” said Scaled Agile’s CEO, Chris James

Next, SAFe Studio is an evolution of the subscription-based platform that a l l o w s S A F e p r o f e s s i o n a l s t o l e a r n , practice, and manage SAFe. According t o t h e c o m p a n y, t h i s r e l e a s e w a s d e s i g n e d t o m a n a g e o r g a n i z

change and translate SAFe guidance into execution

SAFe Studio is geared at supporting trainers and coaches, teams, individuals, and Scaled Agile Partners with multiple SAFe learning and practices, including:

• O n - d e m a n d l e a r n i n g o p t i o n s w i t h s e l f - g u i d e d l e a r n i n g m o d u l e s a n d practical takeaways

• Curated tools and content playlists b a s e d o n e m p l o y e e i n t e r e s t s a n d roles

• Enterprise-centric tools to manage and improve SAFe practices

• Growth recommendation integration to help keep track of progress

• C o n t e n t l o c a l i z a t i o n f o r a g l o b a l workforce

• Improved partner finder to select from over 500 global Scaled Agile Partners z

www.sdtimes.com April 2023 SD Times 13 D E V O P S WATC H D E V O P S WATC H
e x e c u t i v e t e a m s , b u s i n e s s - e n a b l e d ARTs, and Agile business functions
n a l
a t i o

Web3 Cryptocurrency. Non-fungible tokens. Those are the words many think of when they hear the word blockchain.

These are the areas where this emerging technology has garnered the most popularity over the years, but blockchain as a technical concept can be applied in many different ways, and it has uses in the enterprise, particularly when it comes to supply chain management

“ T h e r e ’ s l e s s s o n o w I t h i n k a c o n f l a t i o n o f B i t c o i n a n d c r y p t o c u rr e n c i e s a n d b l o c k c h a i n t h a t ’ s b e c o mi n g b e t t e r o v e r t h e y e a r s t h a t I ’ v e b e e n e n g a g i n g i n i t , ” s a i d C i n d y Ve s t e r g a a r d , V P o f s p e c i a l p r o j e c t s a n d e x t e r n a l r e l a t i o n s a t b l o c k h a i n A P I c o m p a n y R K V S T “ W h a t i s l e s s k n o w n i s t h a t a c t u a l l y a c o u p l e o f m o n t h s b e f o r e t h e B i t c o i n w h i t e p a p e r w a s t h a t E s t o n i a w a s a l r e a d y l o o k i n g a t d i s t r i b u t e d l e d g e r t e c h n o l o g y ( D LT ) f o r s e c u r i n g s e r v i c e s a m o n g i t s c i t i z e n s a n d p r o t e c t i n g i t s c i t i z e n s ’

14 SD Times April 2023 www.sdtimes.com

d a t a S o w h i l e B i t c o i n g e t s a l l t h e p o pu l a r i t y, i t ’ s a c t u a l l y t h e e n t e r p r i s e , i f y o u w i l l , o r t h e p e r m i s s i o n e d D LT p l a t f o r m s t h a t w e r e a l r e a d y s t a r t i n g t o m o v e a t t h a t t i m e , a n d t h e n o b v i o u s l y, i n p a r a l l e l a s w e l l ”

She also noted that blockchain is just one type of DLT, but it has become so a s s o c i a t e d w i t h c r y p t o c u r r e n c y t h a t many people have this association in their head. But there are many types of DLT other than what is used in cryptocurrency.

According to Martha Bennett, VP,

principal analyst at Forrester, there are two major types of blockchain: permissioned and permissionless Permissionless, or public, blockchain is the type that cryptocurrencies run on Permissioned blockchains are what people are talking about when they talk about enterprise blockchain

Bennett said that even NFTs have their place in the enterprise, at least as a technical concept. In essence, all an NFT is is a representation of an asset, which makes it really great when it comes to supply chains.

“[Blockchain] can be useful in any situation where you ’ ve got multiple parties involved and where it’s important that everybody has the same version of the data, and that there is a reasonable guarantee that nobody has messed with that data, falsified the data,” she said

Of course, this can also be accomplished without needing a blockchain, she noted. A reason one might want to use a blockchain, however, would be if you want a different governance model besides the one in which a single party

continued on page 16 >

15
www.sdtimes.com April 2023 SD Times

is in charge, or if you want to make use of smart contracts, which are essentially automated business rules

An example of this data verification that Vestergaard shared is determining whether photos are authentic and original

“Let’s say, I take a snapshot of you right now, Jenna, but I removed your

glasses. In another picture, I tried to superimpose that and it won’t let me do it Because it’s not the original, and it doesn’t have that original hash ”

She explained that this can also be used for files “It could be used for anything that has data that follows it wherever it goes and needs to be immutable, secured and shared,” Vestergaard said

However, according to Bennett, it’s a

misconception that blockchains are by d e f i n i t i o n m o r e s e c u r e . “ T h e blockchain will only preserve the data that’s fed into it,” she said “If the data is fraudulent, all the goods associated with the data have been tampered with No blockchain can help with that ”

For example, this has been something that has come up in the luxury goods industry “If the goods are actual-

Blockchain and the promise of better

medical records have been breached since 2005, according to Privacyrights org Now, more than ever, with advancing cyberattacks and fraud, it’s vital to begin implementing a secure system that can protect patient data

Benefits of the blockchain for patients

Perhaps no one benefits more from using a blockchain in health care than patients themselves. Below are some of the many advantages patients can experience when using the blockchain for their EHRs.

Increased efficiency. Blockchain increases accuracy while reducing costs associated with manual record-keeping How does the blockchain manage to do this? Smart contracts

Electronic health records are vital for the health care industry, as they e n a b l e b e t t e r p a t i e n t c a r e a n d improved outcomes However, current methods of storing and sharing this data are not secure or effective

Enter blockchain technology a distributed, decentralized digital ledger system able to securely store and share data in near real-time Unlike current systems, which are prone to hacking or other forms of cybertheft, a blockchainbased system can better protect patient information and ensure that only those who need it have access. In addition,

blockchain’s distributed architecture makes data more reliable to access, while its transparency and auditing capabilities provide an extra layer of security

By encrypting patient data and storing it on a secure blockchain network, electronic health records (EHRs) can remain private, yet shareable across different health care providers and stakeholders By using blockchain, health c a r e p r o v i d e r s c a n e n s u r e t h a t a l l records remain secure and authenticated reducing the risk of fraud and ensuring accuracy

Unfortunately, over 11,500,000,000

These work by automatically executing certain actions when specific conditions are met So for instance, a smart contract could be used to automatically transfer funds between a health care provider and an insurer without requiring any manual input or verification Or, once a patient receives a diagnosis, this can automatically be time stamped on the blockchain, allowing health care providers to quickly access this information for further care

Improved data access. Unfortunately, distributed computing in the world of health care is much more difficult than it needs to be Patients are often forced to wait for days or even weeks just to receive their medical records from different providers. The blockchain helps solve this problem by allowing providers, insurers and other stakeholders to securely share data in

SD Times April 2023 www sdtimes com 16
BY V I N I C I U S S O L A N O M O R A E S D E C A RVA L H O
< continued from page 15
Vinicius Solano Moraes De Carvalho is a software developer, architect, and engineer with more than 15 years of experience leading software solutions design, development, testing, and launch

ly fake at the point they enter the supply chain, or if the fake bags are made by the same factory as your real bags, then how do you tell a fake from the real goods?”

Is blockchain overhyped?

According to Bennett, outside of the financial services sector, “ we are still not at the point where we can confi-

dently say that blockchain really is delivering the business value that people are looking for, simply because it is incredibly difficult to actually set up a blockchain network that at the end of t h e d a y r e a l l y n e e d s a l l t h o s e blockchain features,” she said Stack Overflow recently conducted a survey to find out what new technologies made it past what Gartner refers to

electronic health records

real time This means that patients have instant access to their records without having to wait for them to be processed

Enhanced security. Because blockchain utilizes strong encryption protocols and consensus mechanisms, it makes sure that all data is accurate and up-to-date while keeping hackers out of sensitive information. This improved security helps protect patient’s confidential medical records from cyberattacks or fraudulent activities. For instance, if a hacker were to try to access a patient’s medical records, the blockchain would recognize the unauthorized access attempt and deny it This makes it much harder for criminals to steal patient data or manipulate records Sadly, clinics such as Planned Parenthood have been victims of cyberattacks and data breaches in the past, but with blockchain technology, such attacks can become much harder to pull off

Improved Data Integrity. Data integrity is paramount when it comes to health care records, as inaccurate or outdated data can have serious consequences By using blockchain, patients can make sure their data is secure and a c c u r a t e a t a l l t i m e s t h a n k s t o immutability, consensus, and the use of proof of authority Proof of authority is a consensus algorithm that allows specific nodes (or users) to be identified as trustworthy and thus allowed to write data on the blockchain. This ensures that only verified health care providers can access and modify patient records.

These verified health care providers are known as validators, and play a key role in helping reduce as many as 51% of

attacks to medical records The reason being that any malicious changes to a record would need to be verified by all validators, making it virtually impossible for attackers to gain control of the data

Benefits of blockchain for providers

By using the technology to store patient records, providers can reduce their administrative burden and cost of opera t i o n s , r e d u c e f a t a l m e d i c a l e r r o r s , improve interoperability, and so much more.

C o s t S a v i n g s . U s i n g b l o c k c h a i n offers real cost savings for both patients and health care providers By reducing manual processes and administrative costs associated with data entry and verification, both parties can save huge amounts of time and money It’s esti-

as the hype cycle. Many new technologies can stir up excitement in the industry, but not all will actually see widespread adoption

They ranked technologies on a scale of experimental to proven and positive to negative impact

On a scale from zero (experimental) to 10 (proven), blockchain technology continued on page 18 >

mated that the average up-front cost of a n i n - o f f i c e E H R i s a p p r o x i m a t e l y $36,000 a year, while a SaaS-based EHR can cost $22,000 a year upfront R e d u c e m e d i c a l m i s t a k e s . According to John Hopkins, the third l e a d i n g c a u s e o f d e a t h i s m e d i c a l errors, which account for an estimated 250,000 deaths per year in the United States alone These errors can be due to a variety of factors such as misdiagn o s e s , i n c o r r e c t p r e s c r i p t i o n s , a n d medical records not being up-to-date.

Blockchain gives providers access to up-to-date and accurate information at all times, which can help reduce the risk of misdiagnosis or incorrect prescriptions. Additionally, with the use of smart contracts, doctors can automate certain processes such as ordering medication or setting up follow-up appointments, further reducing the risk of medical errors z

How to start implementing blockchain in EHR

Unfortunately, many providers report burnout due to the constantly changing field of EHRs, with new regulations and standards being introduced every year Therefore, it is important to have a plan in place when it comes to implementing blockchain technology into an EHR system. Here are some steps that healthcare providers should consider:

l Assess the potential benefits of using blockchain for your EHR system

l Develop a strategy for integrating blockchain into your EHR system

l Ensure that your technology and infrastructure is up-to-date and capable of handling a blockchain system

l Research the various vendors offering blockchain solutions for health care providers

l Create clear policies and procedures for using blockchain in an EHR system

l Train staff on how to use a blockchainbased EHR system, and give adequate support

By taking the time to properly review a n d p l a n yo u r i m p l e m e n ta t i o n of blockchain technology into an EHR system, health care providers can ensure they are getting the most out of the technology while providing the best care possible for their patients. z

www.sdtimes.com April 2023 SD Times 17

< continued from page 17

came in towards the middle at 4.8. And on a scale from zero (negative impact) to 10 (positive impact), it received a score of 5 3

Another survey by Foundry echoes these sentiments It found that 51% of r e s p o n d e n t s w e r e n o t i n t e r e s t e d i n adopting blockchain technology within their organization

Compared to previous years that the survey has been conducted, interest has not really improved In 2020, 39% of respondents said they were researching the technology and in 2021 that had dropped to 34% In this year ’ s survey, o n l y 2 5 % o f r e s p o n d e n t s w e r e researching it

Successful blockchain implementations in the enterprise

Yet, there have been some successes in the technology’s use. For example, Walmart has experimented with blockchain technology to enable food traceability.

According to a case study it published, in 2016 the vice president of food safety asked his team to trace a package of sliced mangoes to their source. They were able to do it, but it took them 6 days and 18 hours to track it down

Then, the company partnered with IBM to create a food traceability system based on the Linux Foundation’s Hyperledger Fabric The result? Now they could trace their mangoes in just 2 2 seconds

They then used that same technology to trace pork in China and now have blockchain partnerships with several big food companies, including Dole, McCormick, Nestlé, Tyson Foods, and Unilever As of 2018, it was possible for the company to trace more than 25 food products from as many as five different suppliers

“The system was so efficient that one could take a jar of a product or a salad box and trace the ingredients back to the farms from where they were harvested,” Walmart claimed.

You may recall that back in 2018 there was an outbreak of E. coli in romaine lettuce from a farm in California that ended up affecting over 17 states. At the time,

many stores pulled all of their romaine lettuce off the shelves out of caution because they weren’t able to quickly identify the source

Before Walmart had implemented some of these new initiatives, it would have taken days to trace the lettuce to the source, but now that they can access that information in a matter of seconds they can ensure that what’s on the shelves is safe

“For public health and safety, this [blockchain program] obviously creates a lot more confidence in the ability to track and locate if there are any disease outbreaks among farms where it came from once it’s been identified,” said Vestergaard

Another example Vestergaard highlighted is the diamond company De Beers One huge problem with the diamond industry is that many diamonds are mined in war zones and then sold to fund military efforts, resulting in the

name “blood diamonds.” Historically, it has been hard to trace the origin of diamonds, so you could never tell if you were getting a blood diamond or one harvested more ethically

In 2022, De Beers introduced its Tr a c r b l o c k c h a i n p l a t f o r m , w h i c h enables tracing of diamonds from their source, as well as all stops in the supply chain

“De Beers discovers diamonds with our partners in Botswana, Canada, Namibia and South Africa and, with our long-term investment in Tracr, we are proud to join with our Sightholders to provide the industry with immutable diamond source assurance at scale,” said Bruce Cleaver, CEO of De Beers Group “Tracr, which will enable the provision of provenance information from source to Sightholder to store on a secure blockchain, will underpin confidence in natural diamonds and represents the first step in a technological transformation

What about Web3?

In addition to supply chain, one of the other use cases for blockchain that gets brought up frequently is Web3, which is an overhaul of the internet that would make it decentralized and blockchain-based

The Web3 Foundation is a non-profit organization aimed at driving this initiative Its goals for Web3 are an internet where:

• Users own their data

•Digital transactions are secure

•Online exchanges of information and value are decentralized

However, the idea is still in its early stages, and if it takes hold, it’ll likely be a while before we’re there

“The current environment is dominated by speculators,” Martha Bennett, VP, principal analyst at Forrester, said in an episode of the research firm’s "What it Means" podcast “Sadly, some of the more worthy endeavors get drowned out or even hijacked by the more scammy elements in the environment ”

Another analyst firm, Gartner, also predicts Web3 won’t overtake Web 2 0 (the current web) by the end of the decade

“Web3 innovations will take the internet into new realms and give rise to applications not previously possible,” said Avivah Litan, distinguished VP analyst at Gartner “But Web 2 0 still has advantages in terms of scale, customer service and customer protections Potential Web3 risks include lack of customer protections, new security threats and a swing back to centralized control, so organizations will want to shore up governance and risk management before replacing Web 2 0 applications ” z

18
SD Times April 2023 www.sdtimes.com

that will enhance standards and raise expectations of what we are capable of providing to our end clients ”

The environmental impact

One of the big criticisms of blockchain technology is the detrimental impact on the environment Particularly during the Bitcoin mining craze, people were running their computers to the max and driving up their electric bills The profit from mining may have paid for the increased electric bill, but what about the environmental impact of that mining?

President Biden even commissioned a report on the environmental impact o f “ c r y p t o - a s s e t s , ” w h i c h a r e a s s e t s based on DLT The report, which was published last year, found that from 2018 to 2022 electricity usage from these crypto-assets grew rapidly and in 2022, the published estimates for energy usage ranged from 120 to 240 kilowatt-hours per year. According to the White House, this is more than the total electricity usage for many companies and makes up about 0.4% to 0.9% of total global electricity usage.

The report clarified that most of the environmental impact does come from consensus mechanisms, which are used in mining and verifying assets The dominant mechanism for energy consumption was Proof of Work (PoW), which at the time of the report was used by both the Bitcoin and Ethereum blockchains

According to the White House, the PoW mechanism uses a lot of electricity by design “The PoW mechanism is designed to require more computing power as more entities attempt to validate transactions for coin rewards, and this feature helps disincentivize malicious actors from attacking the network,” the White House wrote in a statement

However, PoW is just one option, and there are other less energy-intensive DLT technologies and consensus mechanisms out there, such as Proof of Stake. By switching, it is estimated that energy usage could be reduced to less than 1% of today’s current levels.

For example, the Ethereum network

has since begun to migrate to a Proof of Stake blockchain and this has reduced its energy consumption by about 99.95%.

The overpromise of blockchain

B e n n e t t e x p l a i n e d t h a t w h i l e t h e r e have been some very successful implementations, there’s not a lot of examples of follow-on projects

“When I see a project is hugely successful, and everybody talks up the benefits which I do not doubt, by the way, I wouldn’t accuse people of lying about the benefits they’ve achieved

According to Bennett, one of the main reasons TradeLens shut down was because it was in “ an ecosystem that’s dominated by one of the largest shippers in the world around data sharing ”

She continued: “You can see the reluctance of competitors wanting to join that, which reduces the attraction for port operators to join as well And also, it’s back to how do you want that ecosystem to run? Because TradeLens was always meant to be in some way for p r o f i t A n d w h e r e d o e s t h a t c o m e from? How do you charge for transac-

and then nobody else does the same t h

means that they’re being economical with the truth about how much it costs to run, or how much effort was involved in setting it up Or that there are some quite unique circumstances associated with a particular company or a particular ecosystem that just lent itself to putting something on a blockchain ”

There have also been a number of bankruptcies with blockchain companies over the past year For example, the crypto exchange FTX collapsed and the CEO, Sam Bankman-Fried, was arrested on multiple charges, including wire fraud and defrauding investors

“Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here,” said John Ray, who was brought on to replace Bankman-Fried after the arrest

This has been a very public failure, but it’s not the only one. Other companies that went under include BlockFi, 3AC, Marco Polo, We.trade, B3i, and TradeLens, an open and neutral supply chain industry platform solution underpinned by blockchain technology.

tions? What do people want to pay? Nobody has really come up with a workable recipe there yet.”

According to Bennett, when hearing about the benefits of any new technology, it’s important to remember that company goals are not really about the technology, it’s about what you want to do If you have a clear vision, you can work backwards from that end goal

She sees that a lot of digitization initiatives are becoming co-mingled with blockchain But a lot of the benefits companies see are from the digitization itself, not putting those digital assets on a blockchain

“Just for digitizing paper, you don’t need a blockchain, but you still need everybody to accept the digital format of what previously was physical,” said Bennett “And then if all you do is digitize a PDF file, and then send that around, you save some time clearly because a PDF file is quicker than the mail between Africa and the United States. But they also have a limit to the benefits from digitization too. My message here would be really think about what it takes to digitize before you think about the technology that you use to do it is.” z

19
i n g , ” s a i d B e n n e t t . “ T h a t e i t h e r
www.sdtimes.com April 2023 SD Times
“The syst em was s o efficient that one could take a jar of a pro duct or a salad b ox and trace the ingre dients back t o the farms from where they were harvest e d.”
A Walmart case study on blackchain use

Beware of fake open source

Open source is at the heart of nearly all software today: A staggering 96 percent of applications contained open-source code and 90 percent of companies leverage open source in some way It’s no surprise that the adoption rate of open source is sky-high It provides companies with incredible perks like greater speed of innovation, agility, and flexibility all at a lower cost Open source empowers companies to innovate on their own terms faster than ever before so they can stay competitive and keep customers happy

But not all open source is created equal There are a number of open source imposters out there, and companies should know how to identify them to avoid getting locked in to restrictive licenses that are masquerading as “ open. ”

What is “fake” open source?

Fake or captive open source can be defined as software that is released under a license that is not truly open. In order to be considered legitimate open source, licenses must be approved under the Open Source Initiative (OSI), which ensures the software can be freely used, modified, and shared

One example of captive open source is Mongo’s move from a GNU Affero General Public License (AGPL) to a Server Side Public License (SSPL), which is not OSI-approved and poses significant disadvantages to the user Similarly, Cockroach moved from a recognized open source license (Apache) to a Business Source License (BSL) which is also not recognized by OSI

These types of software are marketed as open source because the code can be inspected and contributions are possible But the license is held by a single company, and the degree of freedom regarding what can be done with the code is miniscule compared to a true open-source project

When companies opt to use captive opensource software like the examples above, they become locked in to one vendor. This is risky because that vendor can change its license cost at any time, choose which features users get access to (and at what price), and disappear at any time should the company go under.

Another major downside of fake open source? Since these projects are captive to one company, there is little to no community support For an enterprise that has adopted and is betting on that software, it’ll be difficult to find talent because contributors are limited

True open source like Linux or PostgreSQL (also known as Postgres) is a talent magnet because it revolves around a robust community of contributors and is completely open to inspection and influence

How to spot fake open source: A checklist

Recognizing fake open source can be tricky, but by staying vigilant and examining the following items when vetting software, companies can avoid getting locked in to captive projects.

1. Is the software license OSI-certified? One of the easiest ways to determine whether an open-source project is legitimate is to look at its license. If it doesn’t meet OSI standards, reconsider or proceed with caution.

2. Is the project community driven? Choose software that is backed by a robust community versus driven by a single company Do your due diligence here: There are even Postgres look-alikes out there that are years behind Postgres innovation because you guessed it they’re driven by a single company

3. What’s in the project’s release notes? There should be many we ’ re talking dozens of contributing companies mentioned This indicates a vibrant community behind the project Look at which companies and developers are contributing to the project: Do you know of them? If so, do you believe in them? You’d better, because you ’ re betting your company ’ s future on it And when in doubt, always go with the major open-source project

4. What’s the rate of innovation? How often are new releases and features coming out? Regular updates are a good indicator of an innovative project that is constantly improving For example, Postgres releases major versions annually with around 180 features, in addition to quarterly minor releases that contain many small improvements and fixes.

By knowing how to identify captive opensource projects, companies can ensure they’re investing in software that is a safe bet and will propel them forward, not slow them down. z

20
View B Y M A R C L I N S T E R
Guest
Marc Linster is CTO at EnterpriseDB
SD Times April 2023 www.sdtimes.com
Fake — or captive — open source can be defined as software that is released under a license that is not truly open.

Get ready for the generative AI wave

Even as late as December of last year, few were a w a r e o f g e n e r a t i v e A I T h e n C h a t G P T popped up, and Microsoft started putting it in everything including its developer tools Now it’s currently the hottest thing in the market It is also still immature, but it is working well enough that people are finding it surprisingly useful This is very different than what happened with previous M i c r o s o f t p r o d u c t s l i k e A p p l e N e w t o n a n d Microsoft Bob, both of which were released well before the underlying technology cooked enough for the general market

Generative AI is a new way for people to interface with their technology, but it has some shortcomings

Let’s talk about this from a developer’s standpoint, and about why, once generative AI becomes commonplace, we’ll likely have a very different group of companies like we did with the introduction of the Web.

Generative AI’s promise

The promise for generative AI is that you can use your natural spoken language to ask the computer to do something and the computer will automatically do it In Microsoft Office, the initial implementation is very sub-product-centric For instance, you can request Word to create a document to your specifications, but you’ll have to go to PowerPoint or Excel if you want the tool to create a blended document I expect the next generation of this Microsoft offering will bridge those apps and other products to allow you to create more complex documents just by putting in information the AI asks for to strengthen the piece

This is going to make for a difficult evolution for firms that have apps that don’t currently integrate well because the user will want one interface, not multiple AIs that each require different command language or that use different language models

The generative AI problem

While developing your own generative AI may help, long-term integration with the platform’s generative AI will quickly be a differentiator focused on user satisfaction and retention. I point that out because users who get frustrated working with multiple generative AI platforms will likely begin preferring products that interoperate and

integrate with a major generative AI solution so that the user doesn’t have to train and learn multiple generative AI offerings

In short, one of the bigger problems is integrating the app with the generative AI most likely to be found on it Neither Apple nor Google have a cooked generative AI model, and neither company is as good as Microsoft in terms of bringing partners on board to better address their lack of a generative AI solution

Assuring quality

The other big trend in generative AI is putting the technology into development tools that will allow the AI to become a coding accelerator. But with code, errors tend to proliferate. While this initial instance of generative AI is very fast, it’s anything but infallible. If you don’t want a lot of mistakes, the initial focus of any generative AI user needs to be on quali t y o v e r q u a n t i t y. T h e e r r o r checking capability of generative AI is still very young and often m a k e s m i s t a k e s T h a t m e a n s coders who use generative AI need to focus more on quality than they currently do You’ll be training the tool while you use it, and if you train it to make a mistake, that mistake has the potential to proliferate and create additional problems So, when using development tools that make use of generative AI, the massive increase in speed needs to be tempered with an increased focus on quality Otherwise, your quality is likely to degrade badly over time

Wrapping up

The path to success will be to adapt an existing generative AI tool tactically but work to create the hooks to better integrate your app with the platform’s most likely generative AI solution so that you can dictate once and the AI will move between tools to complete the task We’re far from that point now, but that gives you time to figure out how to address it.

In short, we are at the front end of a massive generative AI change. Make your related decisions very carefully because you want to be standing when this AI trend reaches critical mass. z

21 Analyst View B Y R O B E N D E R L E
www.sdtimes.com April 2023 SD Times
While this initial instance of generative AI is very fast, it’s anything but infallible.
Rob Enderle is a principal analyst at the Enderle Group
A Event Media Sponsors Previous Sponsors 5th

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.