COMMENTARY In the evolving landscape of software development, the integration of DevSecOps has emerged as a critical paradigm, promising a harmonious blend of development, security, and operations to streamline feature delivery while ensuring security. However, the path to achieving this seamless integration is fraught with hurdles — ranging from the lack of security training among developers to the complexity of security tools, the scarcity of dedicated security personnel, and the generation of non-actionable security alerts.   Historically, there has been a palpable tension between members of development teams, who prioritize rapid feature deployment, and security professionals, who focus on risk mitigation. This discrepancy often results in a “the inmates are running the asylum” scenario, where developers, driven by delivery deadlines, may inadvertently sideline security, leading to frustration among security teams. However, the essence of DevSecOps lies in reconciling these differences by embedding security into the development life cycle, thereby enabling faster, more secure releases without compromising productivity. Let’s explore strategies for embedding security into the development process in a harmonious manner, thereby enhancing productivity without compromising on security.  The DevSecOps Imperative The adoption of DevSecOps marks a significant shift in how organizations approach software development and security. By weaving security practices into the development and operations processes from the outset, DevSecOps seeks to ensure that security is not an afterthought but a fundamental component of product development. This approach not only accelerates the deployment of features but also significantly reduces the organizational risk associated with security vulnerabilities. Yet, achieving this delicate balance between rapid development and stringent security measures requires overcoming substantial obstacles.  Understanding Your Risk Portfolio The foundation of effective DevSecOps implementation lies in gaining a comprehensive understanding of the organization’s risk portfolio. This involves a thorough assessment of all software resources, including the codebase of applications and any open source or third-party dependencies. By integrating these assets into a centralized system, security teams can monitor security and compliance, ensuring that risks are identified and addressed promptly.  Automating Security Testing Automating security testing represents another cornerstone of effective DevSecOps. By embedding risk management policies directly into DevOps pipelines, organizations can shift the responsibility of initial security assessments away from developers, allowing them to focus on their core tasks while still ensuring that security is not compromised. This automation not only streamlines the security testing process but also ensures that vulnerabilities are promptly flagged to the security teams for further action.  Continuous Monitoring for Proactive Security Continuous monitoring is a critical component of DevSecOps, enabling organizations to maintain a vigilant watch over their repositories. By automatically triggering security tests upon any change in the codebase, this approach minimizes the need for developer intervention, ensuring that security checks are an integral, ongoing part of the development life cycle.  Simplifying the Developer Experience To truly integrate security into the development process, it is imperative to simplify the developer experience. This can be achieved by enabling developers to access information about security vulnerabilities within their familiar working environments, such as the integrated development environment (IDE) or bug-tracking tools. By making security an intrinsic aspect of their daily tasks, developers are more likely to embrace these practices, reducing the friction associated with external security mandates.  Conclusion The journey toward a successful DevSecOps implementation is complex, requiring a strategic approach to overcome the myriad challenges it presents. By fostering a culture of collaboration, automating security processes, and integrating security into the fabric of development workflows, organizations can mitigate risks without sacrificing speed or innovation. The goal of DevSecOps is not to hinder development with security but to empower developers with the tools and processes needed to build secure, high-quality software efficiently. By adopting these principles, companies can move beyond the “inmates running the asylum” paradigm to a more balanced, productive, and secure software development life cycle. The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of his employer. source

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Puzzle, a San Francisco-based fintech startup, has launched an AI-powered accounting platform designed to automate up to 90% of routine tasks, allowing accountants to focus on more strategic work. In an exclusive interview with VentureBeat, Puzzle CEO Sasha Orloff outlined how the company’s new general ledger software integrates complex accounting policies directly into the platform, aiming to eliminate the need for manual spreadsheet processes. “What we’re launching now is effectively taking the general ledger, the backbone of accounting, and bringing complicated accounting logic from spreadsheets into the core accounting software,” Orloff said. The platform supports both cash and accrual accounting, offering a solution for businesses of all sizes. Orloff emphasized that the system is designed to provide real-time, accurate accounting tailored to the increasing demands of today’s fast-paced business environment, especially as the accounting industry faces a shortage of talent and growing workloads. Automating complex accounting tasks with Puzzle’s AI general ledger Puzzle’s platform addresses the challenges of manual accounting by automating processes like revenue recognition, asset depreciation, and prepaid expenses. Traditionally, these tasks require spreadsheets, which must then be reconciled with accounting software such as QuickBooks. “In QuickBooks, you typically have to calculate things like revenue recognition, fixed assets, and prepaid expenses manually in spreadsheets,” Orloff explained. “You’ll have QuickBooks open on one half of the screen and a spreadsheet on the other. With Puzzle, all of that logic and calculation is handled inside the software.” Puzzle allows users to set up accounting rules—referred to as “software-driven accounting policies”—for different types of transactions, such as SaaS subscriptions or prepaid contracts. “You save it, and then it just gets applied when an invoice or a bill comes in,” Orloff said. This automation reduces the risk of errors and eliminates much of the manual, time-consuming work accountants typically face. Ensuring accuracy with human-in-the-loop AI A key concern with AI-driven automation is ensuring accuracy, particularly in fields like accounting where precision is critical. Puzzle addresses this issue by allowing accountants to control the level of automation they use. Orloff described this flexibility, saying, “You can create a rule in our system that says, ‘Let the system take its best guess, and I’ll review it later,’ or ‘I want to do it manually.’ The accountant is always in control.” Puzzle tags each transaction with information about how it was processed, providing transparency. “Everything is tagged, so you know whether something was drafted by AI or if it’s a high-confidence transaction the system has handled before,” Orloff said. This feature allows accountants to trace transactions and verify their accuracy. By maintaining human oversight, Puzzle mitigates the risk of AI errors, or “hallucinations,” as Orloff called them. “AI can hallucinate, but humans make mistakes too,” Orloff said. “That’s why we designed a system where AI suggests things, but the accountant can verify and control everything.” Addressing the talent shortage in accounting with AI Puzzle’s launch comes at a critical time for the accounting profession. The industry is facing a severe talent shortage, with 75% of accountants nearing retirement, 300,000 having left the workforce, and CPA applications are down nearly 30%. Burnout rates are also high, with 99% of accountants reporting feeling overworked due to the repetitive nature of their jobs. Orloff sees Puzzle as a way to alleviate some of these pressures. “We’re seeing a massive transformation in accounting with the introduction of AI,” he said. Unlike competitors such as QuickBooks, which recently ran a campaign encouraging businesses to “fire your accountant,” Puzzle’s approach is to support rather than replace accountants. “We’re here to take accountants and accounting firms and make them the heroes of their companies,” Orloff said. He envisions AI-driven tools like Puzzle enabling accountants to play more strategic roles in businesses. “If we can move accountants from the back office to a seat at the table for the most important financial decisions, that’s a win for everyone,” Orloff said. “The role of an accountant will become higher paid and more impactful, with a focus on big-picture decisions instead of routine tasks.” Rapid Growth for Puzzle as AI Transforms Accounting Since Puzzle’s public launch less than a year ago, the platform has processed more than $30 billion in transactions for over 3,000 businesses, ranging from startups to small businesses using tools like Stripe, Gusto, and Brex. According to Orloff, Puzzle’s growth has been largely driven by word of mouth, with the company experiencing 15-20% month-over-month growth, 70% of which has been organic. While Puzzle initially gained traction with startups, demand from small businesses and accounting firms has grown significantly. “We started working with startup communities because they use modern tools and were eager to adopt new accounting solutions,” Orloff said. “But we began to see inbound interest from small businesses like doctors’ offices, law firms, and retail stores.” Accounting firms, in particular, are turning to Puzzle to manage more clients without increasing staff. “There’s been a shortage of accountants, and accounting firms are turning away clients,” Orloff explained. “With our automation, they can handle more business at higher margins, with greater customer satisfaction.” AI as a strategic advantage for the Future of Accounting Orloff believes that Puzzle’s platform represents the next step in the evolution of accounting. “When Excel came out, 1 million bookkeeping jobs were eliminated, but 1.2 million higher-paying advisory roles were created,” he said. “We’re going to see a similar shift today. The boring, repetitive work will be automated, and accountants will spend more time helping businesses devise tax strategies and improve their financial health.” Orloff sees Puzzle as a tool that not only benefits accountants but also the businesses they serve. “We’re building a system that makes accounting easier and more enjoyable, and that strengthens the relationship between the accountant and the business owner,” he said. “It’s a win-win.” As more businesses adopt Puzzle, the platform’s automation capabilities will continue to improve, creating a self-reinforcing cycle of efficiency and

Tech leaders are being asked to do more with fewer resources available, which makes cultivating the right skills in the workforce essential. The implementation of generative AI (genAI) potentially brings productivity gains but is also a point of concern, with employees experiencing what one chief product officer at a tech workforce development company calls an “AI skill threat.” To make matters worse, the longevity of skills is decreasing as the rate of technological change accelerates. How can you ensure that your teams are equipped to support your current business needs while accounting for future shifts both internally and throughout the broader industry? A skills-based talent approach helps tech leaders pin down these moving skill targets and is dramatically more effective than traditional methods such as recruiting for specific job titles or academic credentials. Instead, identify the skills that are most important for achieving your technology organization’s current and future goals. Assess current employees’ skills to understand their strengths and any gaps that need filling. It’s also key to not just focus on skills but make sure that you align organizational needs with career paths that support employees’ desired goals. Internal skilling and mobility efforts may turn out to be a viable and cost-effective alternative to hiring and training from scratch. Implementing skills-based talent practices encourages resiliency and adaptivity in a tech org, as you will know what is needed to pivot if the current skills of the day fall out of favor with new technologies. With skills-based practices, you can adapt at greater speed and more easily size up whether existing resources are sufficient for unexpected priority shifts. My report, Skills-Based Talent Practices, provides recommendations for tech leaders looking to implement this approach in their organization. If you are a Forrester client and want to discuss further, set up a conversation with me here. source

australia-opportunity-new-ai-economy-microsoft LinkedIn Email Facebook Twitter WhatsApp The post 行业报告：澳大利亚新人工智能经济中的机遇 appeared first on VeriMedia. source

digital-norway-of-the-future LinkedIn Email Facebook Twitter WhatsApp The post 行业报告：挪威国家数字化战略 2024-2030 appeared first on VeriMedia. source

For businesses using Interactive Voice Response (IVR) systems, a well-designed call flow is essential to streamline customer journeys and optimize self-service options. When crafted strategically, IVR call flows empower customers to resolve common issues independently, ensuring that human agents can focus on complex or high-priority cases. Optimizing IVR call flow is an ongoing process, as customer needs and company capabilities evolve. By staying on top of IVR call flows within your system, you can maximize containment rate, decrease hold times, and even avoid many of the causes of call center burnout. This guide will cover the best practices for designing IVR call flows, common challenges, and how to spot problems in your existing system. 1 RingCentral Office Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Medium (250-999 Employees), Enterprise (5,000+ Employees), Large (1,000-4,999 Employees) Medium, Enterprise, Large Features Hosted PBX, Managed PBX, Remote User Ability, and more IVR call flow basics IVR is a standard feature for business phone services and call center software. It provides a simple way to accept calls and encourage callers to exhaust their self-service options before talking to a human agent or receptionist. When a customer calls in, the automated system greets them immediately by presenting them with a menu of options. These can include transfers to a specific department or agent, accessing recorded information like a business address, or looking up personal account details. Each menu option corresponds to a number on the caller’s touch-tone keypad. A common example is to “press 0 for the operator.” With this method, callers can easily select the best-fit option or category that suits their needs by pressing the appropriate number. The customized menu selections and automated checkpoints you create for your IVR system make up your IVR call flow, which is the series of steps that a caller will take from one option to the next until they reach their desired destination. A single call center IVR system can have dozens or hundreds of potential call flows. The trick is making it as easy as possible for a customer to complete the specific series of steps. A high-performing IVR call flow should feel simple and intuitive, with options that match exactly what customers are looking for without unnecessary steps. When illustrated in an IVR call flow diagram, it will resemble a phone tree that branches out at each decision point, depicting the customer’s options throughout their journey as a caller. SEE: Discover the latest IVR upgrades and snag eight free phone tree templates to get started on the right foot.  How IVR call flow impacts containment rate Containment rate is a key metric in call centers that compares the percentage of calls resolved by the IVR with the total number of calls routed through the IVR. A 50% containment rate indicates that half of all calls are handled successfully by the IVR and the other half require a live agent. A high containment rate indicates that your IVR call flow is optimized: callers are finding what they need via the IVR system rather than having to speak to an agent. If you notice containment rate slipping, something is most likely wrong with one or more IVR call flows. Now there isn’t an industry standard for containment rate that all call centers try to hit. The nature of customer calls varies too much from place to place. You’ll have to look at past data and set your own baseline. To calculate containment rate, divide the number of calls that were resolved solely using IVR technology by the total amount of incoming calls. Both of these data points should be easy to find in the analytics dashboard of any modern call center software. Customers often report a better overall call experience when they are empowered to find answers without an agent’s help. Many times, they can resolve an issue faster this way and prefer it to being stuck in an endless call center queue. SEE: Uncover the most common reasons for high queue wait times.  Similarly, agents tend to be happier and work more effectively when your containment rate is high. It means they are wasting less time on easily resolvable issues and spending more time managing complex problems. As the containment rate goes up, agents face a lower call volume — that means less stress and fewer customers that are irritated from waiting on hold. IVR call flow tips to improve containment rate Here are some ways to ensure that you are setting up IVR call flows to maximize the containment rate: Simplify the menu options: Keep your IVR menu concise and intuitive. Too many options or complicated menus can overwhelm callers and push them to choose agent assistance. A straightforward, clear flow encourages self-service and boosts containment. Increase self-service options: Focus on common customer queries and tasks that can be handled without an agent, such as checking account balances, making payments, or resetting passwords. Providing useful self-service options will increase the likelihood of customers solving their issues within the IVR. Include clear confirmation prompts: Use confirmation prompts to ensure that customers are on the right track before they proceed. For example, asking “Is this the information you’re looking for?” can reduce confusion and help guide the customer through the IVR without needing an agent. Optimize call flow based on data: Regularly review metrics like abandonment rate and task completion rate to identify and fix areas where customers drop off. If certain steps have high abandonment, consider simplifying them or providing clearer options. Provide clear exit paths for escalation: While the goal is containment, it’s important to allow a smooth path to agent assistance if needed. Avoid frustrating customers by giving them a clear, easy option to reach an agent when necessary, but don’t make this the first choice. Regularly update and test the flow: Continuously adapt the call flow to address emerging customer needs or feedback. Testing new scripts and features ensures your IVR remains effective and continues to meet

project-epic-tokenized-finance-jpmorgan LinkedIn Email Facebook Twitter WhatsApp The post 行业报告：摩根大通 – 利用链上企业隐私、身份和可组合性推动代币化金融 appeared first on VeriMedia. source

Over a million NHS employee records — including email addresses, phone numbers, and home addresses — were exposed online due to a misconfiguration of the low-code website builder Microsoft Power Pages. In September, researchers with the software-as-a-service security platform AppOmni identified a large shared business service provider for the NHS that was allowing unauthorised access to sensitive data through insecure permission settings on Power Pages. Specifically, the permissions on some tables and columns in Power Pages Web API were too broad, inadvertently granting access to “Anonymous” users or those who aren’t logged in. The misconfiguration has since been disclosed to the NHS and resolved. However, AppOmni’s authorised testing also uncovered several million other records belonging to organisations and government entities which were exposed because of the same misconfigurations. Data included internal company files and information, as well as the information of registered site users, like customers. Such an exposure not only violates patient privacy but also opens businesses up to compliance risks, as data privacy laws like GDPR require strict protection of personal health information. SEE: Research Eyes Misconfiguration Issues At Google, Amazon and Microsoft Cloud Aaron Costello, chief of SaaS security research at AppOmni, told TechRepublic by email: “These exposures are significant — Microsoft Power Pages is used by over 250 million users every month, as well as industry-leading organisations and government entities, spanning financial services, healthcare, automotive, and more. “AppOmni’s discovery highlights the significant risks posed by misconfigured access controls in SaaS applications: sensitive information, including personal details, has been exposed here. “It’s clear that organisations need to prioritise security when managing external-facing websites, and balance ease of use with security in SaaS platforms — these are the applications holding the bulk of confidential corporate data today, and attackers are targeting them as a way into enterprise networks.” Must-read security coverage Common Power Pages misconfigurations Within Power Pages, admins specify which users can access different elements of a site’s underlying Dataverse, the Power Platform’s data storage layer. One of the main benefits of using Power Pages over traditional web development is its out-of-the-box role-based access control. However, this convenience can also lead technical teams to become complacent. AppOmni identified the following primary ways that business data was being exposed: Allowing open self-registration: This is the default setting when a site is deployed and allows Anonymous users to register and become “Authenticated,” a user type that typically has more permissions enabled. Even if registration pages are not visible on the platform, users may still be able to register and become Authenticated through associated APIs. Granting tables with “Global Access” for external users: If Anonymous users are given “Global Access” permissions on a certain table, anyone can view the rows. The same is true if Authenticated users have this permission and open self-registration is enabled. Not enabling column security for sensitive columns: Even if the table has some access controls, attackers may find certain columns lack column-level security, allowing data to be viewed without restriction. Column security often isn’t applied consistently, especially in tables where access is configured at a broader level. AppOmni says this could be related to the tedious setup process or the fact that it was not intended to be done by the public. Not replacing sensitive data with masked strings: This is an alternative to applying column-level security that would not hinder site functionality. Exposing excessive columns to the Power Pages Web API: AppOmni often sees organisations allowing all columns of a single table to be retrievable by the Web API, opening up more information than necessary to possible exposure if a bad actor gains unauthorised access. Ensuring your Power Pages site is secure Know the warning signs Microsoft has enabled several warning signs for when it detects a potentially dangerous configuration, including: Banner on Power Platform admin console pages: This warns that if a site is public, any changes made will be visible immediately. Message on Power Page’s table permissions configuration page: This tells admins that data visible to the Anonymous role means that it can be seen by anyone. Warning icon on Power Page’s table permissions configuration page: This is displayed beside any permission granting Global Access to Anonymous users. Audit access controls Power Pages admins must, ideally, avoid giving excessive levels of access to external users by analysing the site settings, table permissions, and column permissions. AppOmni suggests re-evaluating how the following are configured: Site settings: Specifically: Webapi/<object>/enabled Webapi/<object>/fields Authentication/Registration/Enabled Authentication/Registration/OpenRegistrationEnabled Authentication/Registration/ExternalLoginEnabled Authentication/Registration/LocalLoginEnabled Authentication/Registration/LocalLoginDeprecated Table permissions: Any table that has the “Access Type” set to “Global Access” and is associated with external roles. Column permissions: Any columns belonging to tables that are accessible to external users, which do not have column security enabled and an appropriate mask. Column Security Profiles: Any column security profiles that include external roles. If changing these would break site functionality, AppOmni recommends deploying a custom API endpoint to validate user-supplied information. source

By Jared Foretek ( November 13, 2024, 5:13 PM EST) — Verizon is calling on the Federal Communications Commission to exempt wireless providers from new rules making it easier for consumers to back out of telemarketing robocall and text consent, saying that including the providers would lead to consumers opting out of communications they actually need…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source