Day: August 2, 2019

BrandPost: Battling Fraud and Cybercrime with Machine Learning

Source: CIO Magazine On:

Read On

As a global payment processor with more than 2 billion cards in use around the world, Mastercard engages in a constant fight against fraud. The company processes around 165 million transactions per hour, and every one of those transactions must be examined in real time for signs of fraud.1

To accomplish this mind-boggling task, Mastercard relies on the power of high performance computing (HPC) systems driving machine learning algorithms. These algorithms apply 1.9 million rules to each transaction in a matter of milliseconds. These rules examine things like the cardholders’ buying habits, geographic locations and travel patterns, along with real-time data on card usage — such as what they are trying to buy and where they are trying to buy it.1

To read this article in full, please click here

BrandPost: Deep Learning Places New Demands on Data Center Architectures

Source: CIO Magazine On:

Read On

Machine and deep learning applications bring new workflows and challenges to enterprise data center architectures. One of the key challenges revolves around data and the storage solutions needed to store, manage, and deliver up to AI’s demands. Today’s intelligent applications require infrastructure that is very different from traditional analytics workloads, and an organization’s data architecture decisions will have a big impact on the success of its AI projects.

These are among the key takeaways from a new white paper by the research firm Moor Insights & Strategy.

“While discussions of machine learning and deep learning naturally gravitate towards compute, it’s clear that these solutions force new ways of thinking about data,” the firm notes in its “Enterprise Machine & Deep Learning with Intelligent Storage” paper. “Deep learning requires thinking differently about how data is managed, analyzed and stored.”

To read this article in full, please click here

IDG Contributor Network: Set goals to live by – and make them HARD

Source: CIO Magazine On:

Read On

As children, we wanted to please our parents. As we aged and became adults, we continued to follow patterns established in childhood.  But the world has changed since we were children and we need to take a step back and recalibrate and determine are we living life to the fullest?

When I started to work, it was realistic to work at a single corporation for your entire career and retire with a pension and medical coverage. Today, college graduates can expect to have on 12 to 15 jobs in their lifetime. There are many theories about what causes the churn, but the reality is that workers will be changing jobs approximately every two years. The labor market has changed, and to succeed, we need to establish realistic goals.  Whether you aspire to rise up the corporate ladder or increase your earning potential, each of us has internal measures of success. We know what good looks like for us.  The most direct path to achieving results is having a plan and setting goals.

To read this article in full, please click here

IDG Contributor Network: What is the CCPA and why should you care?

Source: CSO Magazine On:

Read On

California is a big state. It’s so huge in fact, that if it was a country, with its nearly 40 million residents, it would have the fifth largest economy in the world, only behind the United States, China, Japan and Germany. With that much power, what happens in California affects the world.

On January 1, 2020, many businesses will start feeling the aftershocks of what will emanate from the Golden State, when the earthquake known as the California Consumer Privacy Act (CCPA) goes into effect.

If you are familiar with the General Data Protection Regulation (GDPR) from the European Union, then the CCPA will be elementary. Here’s a handy CCPA and GDPR comparison guide from the Future of Privacy Forum. But simply put, CCPA will be the toughest data privacy law in the United States. Let that sink in.

What the CCPA attempts to do is provide enhanced privacy rights and consumer protection for California residents. It gives California residents significant rights around their data. Some of the new rights they have include:

  1. Business must disclose the persona data collected, sold, or disclosed for a business purpose about a consumer. And also inform consumers the categories of personal data collected and the purposes for which their personal data will be used.
  2. Not to discriminate against a consumer who exercises their CCPA rights. That runs the gamut from pricing, quality, service levels and more.
  3. Provide the consumer with access to their data.
  4. Upon request, delete personal data of the consumer. If you have shared that personal data with a 3rd-party, they must also delete that data.
  5. Provide the consumer with the ability to opt-out. You must give them the right to opt out of the sale of their personal data. Part of this includes easy to use links to do that from your web site.

The CCPA may apply to you if you are a business that collects the personal data of California consumers and does business in California. To that, there are a huge number of businesses that are now in scope. If you are one of those businesses, then each of those 5 items listed means you have a lot of work to do.

And even if you don’t directly deal with California consumers, you may be a third-party who does, or be part of a subsidiary or affiliate who is. The firm you service may be in scope for CCPA, which may create downstream requirements such that you will have to deal with CCPA.

Newton’s Third Law of motion states that for every action, there is an equal and opposite reaction. When it comes to CCPA – for every consumer right, there is an equal and opposite set of complex processes and actions that you need to have in place to be compliant. And there’s a lot of rights in CCPA.

Just what is personal data under CCPA?

Since personal data is what drives everything, it’s crucial to fully understand what CCPA considers personal data. Like GDPR, CCPA takes a far-reaching approach to what it regards as personal data. The specific details of which are in section 1798.140(o)(1) of the bill, where it defines there personal information as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

That section includes the standard identifiers such as name, address, passport number, social security number, driver’s license number, and much more. But it also extends into other information such as biometric data, audio, electronic, visual, thermal, olfactory, or similar information, Internet or other electronic network activity information, geolocation data, and lots more. And I mean lots, lots more. In fact, it might be easier at first to say what’s not personal data, that to define what is.

CCPA is the big Kahuna of privacy laws

Simply put, CCPA is creating a massive amount of work for in scope firms. It’s August 2019 and at this point, your CCPA initiatives should be completed, and testing done. 

For the 95% of the firms that are not there, here’s some of what CCPA means to you (and please note, these are but a few of the very many things that must be done):

  • Data discovery. Do you know all of the ingress and egress points where personal data is within your organization? Do you have a listing of every data store where CCPA personal data is being stored? This aspect alone if a huge endeavor. 20 years ago, the Y2K issue caused similar angina, and that was but for two digits. That change was simple, change the year field from xx to xxxx. But it was the underlying Y2K logistics that was a nightmare. If only CCPA was that simple.
  • Data types. now that you know the countless locations where personal data is stored, do you have a catalog of all the various types of personal data stored? CCPA has a broad definition of what constitutes personal data. There’s the standard stuff, but it also extends to IP addresses, email address, and any other piece of data that can be correlated or related to an association with that person. If you understand big data, then you understand how very broad CCPA personal data entails.
  • Privacy policy. Update your privacy policy to explicitly mention CCPA and include the mandatory privacy disclosure it mandates. CCPA is quite broad and your privacy policy will have to reflect that.
  • Households. While the GDPR dealt with individuals, CCPA creates the notion of a Most articles at this point would define a term and I’d love to do the same for household. But CCPA has of yet, not defined what a household is. I’m not joking, the CCPA makes you do something, but doesn’t tell you what that something is. With some license to Potter Stewart, how will you know a household when you see it? The only advice I can give you at this point is to use the broadest application possible as part of your compliance efforts. Work with your legal counsel to determine that level.
  • Get ready for enforcement. CCPA goes live January 1, but like GDPR, there won’t be any enforcement for 6 months. While that means enforcement is about a year away, that is still a very short amount of time for complex organizations with a lot of consumer data.

Start working on CCPA compliance

For any business of substantial size, it’s highly likely that they are in scope for CCPA. For those that are not, they shouldn’t necessarily sit and do nothing. As goes California, so goes many other states. With that, there are a number of other states that are considering implementing similar consumer privacy claws. Rather than wait until the last minute, be judicious and start planning for the inevitable.

Finally, don’t even think for a minute of trying to play wait and see with CCPA. It’s not going away, and hoping it does is a foolish business decision. The EU recently fined British Airways $230 million for GDPR violations. The State of California will have similar enforcement capabilities. CCPA is not poker and there’s no way to bluff yourself out of it.

CCPA trickles down to other areas

With every new law, regulation or standard, there are the details that one must comply with, in addition to repercussions of those issues. That alone could fill a few articles

One of those areas to consider is if your insurance policies will protect you for CCPA related issues. CCPA has a major effect in that area, and some of the areas you need to get your insurance department involved in, which includes professional liability/E&O, directors & officer’s policies, cyber-insurance, employment practices liability, and other areas.

A part of your CCPA readiness assessment, ensure that all of the areas where CCPA can impact are identified and brought up to compliance.

Like the state, CCPA is huge. Read the details and it’s easy to see that CCPA requires firms to make major infrastructure changes. CCPA mandates a significant amount of new processes around data collection. It requires significant reengineering and rearchitecture how personal data is handled. And like the mountain of the same name in California, CCPA is mammoth.

If you think you are in scope for CCPA, take a few days to read everything you can on the topic. The more educated you are about the act, the better you can deal with it. 

For any large and complex organization, compliance with CCPA is a project measured in years. While consumers can opt-out, CCPA is a law and the only way for a business to opt-out of it is to go out of business. For businesses that want to stay in business, CCPA is just the beginning of things to come.

This article is published as part of the IDG Contributor Network. Want to Join?

IDG Contributor Network: Are CIOs truly prepared for the next economic downturn?

Source: CIO Magazine On:

Read On

Over the past decade we experienced a significant economic decline followed by a period of great prosperity and growth. Leading into this negative period, many enterprises were caught flat-footed and ill-prepared to shift gears in a timely fashion. Companies were stuck with financial commitments based on continued growth.

Watching external economic factors is as important as understanding the core of your own business. The problem is that many have put the past experience far in their rear-view mirror and have not prepared themselves for the next one…which is coming.

Flexibility is key

There is no question that demand for computing resources will increase over the long term. It has for decades. It is those periods of flat or negative demand that lead to problems. This is exactly what happened in 2008-2009.

To read this article in full, please click here

IDG Contributor Network: Time – and the lack thereof

Source: CSO Magazine On:

Read On

The accelerated execution of cyber attacks and an increased ability to at machine-speed identify vulnerabilities for exploitation compress the time window cybersecurity management has to address the unfolding events. In reality, we assume there will be time to lead, assess, analyze, but that window might be closing. It is time to raise the issue of accelerated cyber engagements.  

Limited time to lead

If there is limited time to lead, how do you ensure that you can execute a defensive strategy? How do we launch counter-measures at speed beyond human ability and comprehension? If you don’t have time to lead, the alternative would be to preauthorize.

In the early days of the “Cold War” war planners and strategists who were used to having days to react to events faced ICBM that forced decisions within minutes. The solution? Preauthorization. The analogy between how the nuclear threat was addressed and cybersecurity works to a degree – but we have to recognize that the number of possible scenarios in cybersecurity could be on the hundreds and we need to prioritize.

The cybersecurity preauthorization process would require an understanding of likely scenarios and the unfolding events to follow these scenarios. The weaknesses in preauthorization are several. First, the limitations of the scenarios that we create because these scenarios are built on how we perceive our system environment. This is exemplified by the old saying: “What gets us into trouble is not what we don’t know. It’s what we know for sure that just ain’t so.”

The creation of scenarios as a foundation for preauthorization will be laden with biases, assumption that some areas are secure that isn’t, and the inability to see attack vectors that an attacker sees. So, the major challenge becomes when to consider preauthorization is to create scenarios that are representative of potential outfalls.

One way is to look at the different attack strategies used earlier. This limits the scenarios to what has already happened to others but could be a base where additional scenarios are added to. The MITRE Att&ck Navigator provides an excellent tool to simulate and create attack scenarios that can be a foundation for preauthorization. As we progress, and artificial intelligence becomes an integrated part of offloading decision making, but we are not there yet. In the near future, artificial intelligence can cover parts of the managerial spectrum, increasing the human ability to act in very brief time windows. 

The second weakness is the preauthorization’s vulnerability against probes and reverse-engineering. Cybersecurity is active 24/7/365 with numerous engagements on an ongoing basis. Over time, and using machine learning, automated attack mechanisms could learn how to avoid triggering preauthorized responses by probing and reverse-engineer solutions that will trespass the preauthorized controls.  

So there is no easy road forward, but instead, a tricky path that requires clear objectives, alignment with risk management and it’s risk appetite, and an acceptance that the final approach to address the increased velocity in the attacks might not be perfect. The alternative – to not address the accelerated execution of attacks is not a viable option. That would hand over the initiative to the attacker and expose the organization for uncontrolled risks.     

Bye-bye, OODA-loop

Repeatedly through the last year, I have read references to the OODA-loop and the utility of the OODA-concept för cybersecurity. The OODA-loop resurface in cybersecurity and information security managerial approaches as a structured way to address unfolding events. The concept of the OODA (Observe, Orient, Decide, Act) loop developed by John Boyd in the 1960s follow the steps of observe, orient, decide, and act. You observe the events unfolding, you orient your assets at hand to address the events, you make up your mind of what is a feasible approach, and you act.

The OODA-loop has become been a central concept in cybersecurity the last decade as it is seen as a vehicle to address what attackers do, when, where, and what should you do and where is it most effective. The term has been“you need to get inside the attacker’s OODA-loop.” The OODA-loop is used as a way to understand the adversary and tailor your own defensive actions.

Retired Army Colonel Tom Cook, former research director for the Army Cyber Institute at West Point, and I wrote 2017 an IEEE article titled “The Unfitness of Traditional Military Thinking in Cyber” questioning the validity of using the OODA-loop in cyber when events are going to unfold faster and faster. Today, in 2019, the validity of the OODA-loop in cybersecurity is on the brink to evaporate due to increased speed in the attacks. The time needed to observe and assess, direct resources, make decisions, and take action will be too long to be able to muster a successful cyber defense.

Attacks occurring at computational speed worsens the inability to assess and act, and the increasingly shortened time frames likely to be found in future cyber conflicts will disallow any significant, timely human deliberation.

Moving forward

I have no intention of being a narrative impossibilist, who present challenges with no solutions, so the current way forward is preauthorizations. In the near future, the human ability to play an active role in rapid engagement will be supported by artificial intelligence decision-making that executes the tactical movements. The human mind is still in charge of the operational decisions for several reasons – control, larger picture, strategic implementation, and intent. For cybersecurity, it is pivotal for the next decade to be able to operate with a decreasing time window to act.

This article is published as part of the IDG Contributor Network. Want to Join?

Renewable Energy: A Growing Industry Welcoming Big Business and Startups Alike

Source: On:

Read On

With the rise in global warming and climate change as a product of burning fossil fuels to power a civilization on the cusp of a technological revolution, governments and their citizens are demanding a change.

The post Renewable Energy: A Growing Industry Welcoming Big Business and Startups Alike appeared first on Innovation Management.