Newsletter #1: Ransomware, Automation Fabric, Vertical Integration
Happy Friday, Reader!
Welcome to the first edition of Data Management Newsletter, a weekly light reading fare, where I curate interesting articles related to data, whose content I find easy to read, and which I think might offer concrete takeaways for data practitioners and executives.
Themes for this week are ransomware, automation fabric, and vertical integration. Huge shoutout to the folks at CIO Insight, Forrester, and RedMonk for the content!
Ransomware
Jenna Phipps over at CIO Insight writes about the Four Types of Ransomware You Should Know About.
It’s a quick yet informational read about the various ways in which the broad category of ransomware software infects computer systems and data. Those are:
- Locker ransomware
- Crypto ransomware
- Doxware — has privacy implications for organizations that are required to be GDPR, CCPA, or HIPAA compliant.
- Ransomware-as-a-Service (RaaS) — yep, that’s a thing!!! 🤯
The article also covers ways to mitigate the impact and spread of ransomware in the form of endpoint device management, patch management, remote service access control, and employee training.
Additional reading
- CIO Insight also has a slightly longer article on Techniques for Ransomware Detection that describes a strategy for establishing a baseline of normal activity for critical data files, monitoring for anomalous activity that may provide early signals of the presence of ransomware, and mitigating its spread within the organization.
- If you’re curious to know more about RaaS, CrowdStrike has a great article on RANSOMWARE AS A SERVICE (RAAS) EXPLAINED that explains the business model with the help of examples of a few players in the space. Check it out!
Automation Fabric
Naveen Chhabra from Forrester writes about how to Weave An Automation Fabric For All Technology — Compute And Beyond.
The article brings up an interesting problem faced by large organizations that have dedicated teams for automation of the storage, networking, configuration management, security, and observability functions. Such teams end up as islands of automation within the organization. As a result, developers working on modernizing business applications and iterating on new capabilities, who are dependent on these automation services, face delays due to a lack of connectivity and coordination among the teams.
The proposed solution is to build an automation fabric that connects the islands using an Infrastructure-as-Code (IaC) tool for policy-based execution, such as Terraform or Pulumi. However, just like with Service Mesh and Data Mesh, technology by itself isn’t sufficient to solve this problem. Rather, the organization must also invest in building the right teams, inculcating the right culture, and creating agile and effective business processes.
Additional reading:
- While the above article focusses on developers and application development, a follow-up titled Tech Operations Can’t Stand Without Holistic Automation, focusses on IT operations. Together, they weave a nice narrative on Automation Fabric. Check it out!
Vertical Integration
Stephen O’Grady over at RedMonk talks about The Collision of App Platforms and Database.
Vertical Integration comes from microeconomic theory — specifically, in the context of supply chains, it means a company owns all of the production stages of its supply chain, and thus has complete control over all aspects of production.
The RedMonk article uses vertical integration as an analogy for application stacks comprising an application and a database, which are typically provisioned and managed separately. Combining these into a single abstraction (hence, Vertical Integration) by a Platform-as-a-Service (PaaS) provider eliminates developer overhead of managing them separately.
As the article mentions, there is precedence for this. Heroku is a great example, although not mainstream. More recently, Aptible has taken a similar approach in the security space. MongoDB Realm is another example where this kind of vertical integration can be seen albeit to a much lesser extent.
Practically, though, the biggest challenge for a PaaS provider is determining which database flavor (MySQL, Postgres), or even class (RDBMS, NoSQL, Graph), to adopt. Heroku and Aptible have solved this by choosing Postgres as the only supported database, but more generally, as business use cases become more specialized and data-driven, a one-size-fits-all approach for application stacks will become infeasible. The article is an interesting read nonetheless, so do check it out!
That’s all for this edition of Data Watcher. Hope you enjoy reading the linked content!
Cheers, and have a great weekend!