Daily Tech Digest - December 27, 2019

Exposed databases are as bad as data breaches, and they're not going anywhere


If your data is exposed in an unsecured database, experts say you have to treat the situation the same way you would if the data had been stolen. "You need to engage proactively in minimizing your risk," said Eva Velasquez, president of the Identity Theft Resource Center. Medical service provider Tu Ora Compass Health said the same thing to nearly 1 million patients when it revealed that its poorly configured website had exposed patient health insurance data. Patients should "assume the worst" and act as though hackers had accessed the data, the company said. What's the worst that can happen? Stolen information makes it easier for identity thieves to pretend to be you. When combined with what you share on social media, for example, your medical record number could allow someone else to use your health insurance. The Identity Theft Resource Center hosts a service called Breach Clarity that helps you decide what steps to take after your data is compromised. The advice depends on what kind of information was involved. If your log-in credentials are exposed, you'll want to reset your passwords. If it's your Social Security number, you'll want to watch your credit report for signs that someone's opening up new lines of credit in your name.



Introduction to ELENA Programming Language

Methods in ELENA are similar to methods in C# and C++, where they are called "member functions". Methods may take arguments and always return a result (if no result provided "self" reference is returned). The method body is a sequence of executable statements. Methods are invoked from expression, just as in other languages. There is an important distinction between "methods" and "messages". A method is a body of code while a message is something that is sent. A method is similar to a function. in this analogy, sending a message is similar to calling a function. An expression which invokes a method is called a "message sending expression". ELENA terminology makes a clear distinction between "message" and "method". A message-sending expression will send a message to the object. How the object responds to the message depends on the class of the object. Objects of differents classes will respond to the same message differently, since they will invoke different methods. Generic methods may accept any message with the specified signature.


Amazon now allows developers to combine tools such as Amazon QuickSight, Aurora, and Athena with SQL queries and thus access machine learning models more easily. In other words, developers can now access a wider variety of underlying data without any additional coding, which makes the development process faster and easier. Amazon’s Aurora is a MySQL-compatible database that automatically pulls the data into the application to run any machine learning model the developer assigns it. Then, developers can use the company’s serverless system known as Athena to obtain additional sets of data more easily. Finally, the last piece of the puzzle is QuickSight, Amazon’s tool used for creating visualizations based on available data. The combination of these three tools will provide a far more efficient approach to the development of machine learning models. During the announcement, Wood also mentioned a lead-scoring model that developers can use to pick the most likely sales targets to convert.


istock-802780432.jpg
Ranking the obstacles involved in firewall management, 67% of those surveyed pointed to the initial deployment and tuning measures, 67% cited the process of implementing changes, and 61% referred to the procedure for verifying changes. Cost is another hurdle with firewalls. Depending on the size of the organization and the type of firewall, a single unit can cost anywhere from hundreds to thousands to tens of thousands of dollars and up. Some 68% of the respondents said they have a hard time receiving the necessary initial budget to purchase firewalls, while 66% bump into difficulty getting the funding to operate and maintain them. Tweaking the rules on a firewall is yet another taxing task. Changes to code, applications, and processes can occur fast and furiously, requiring frequent updates to firewall rules. But a single firewall update can take one to two weeks, according to the survey. And such changes can sometimes be trial and error. More than two-thirds of the respondents cited the difficulty of testing changes to firewall rules before deploying them. The lack of a proper testing platform can lead to misconfigured rules that break applications.


Hugh Owen, Executive Vice President, Worldwide Education at MicroStrategy asserts "Enterprise organizations will need to focus their attention not just on recruiting efforts for top analytics talent, but also on education, reskilling, and upskilling for current employees as the need for data-driven decision making increases—and the shortage of talent grows." Skills shortages show up everywhere, especially in AI. John LaRocca, Managing Director for Europe/NA Operations at Fractal Analytics, comments that "The demand for AI solutions will continue to outpace the availability of AI talent, and businesses will adapt by enabling more applications to be developed by non-AI professionals, resulting in the socialization of the process."  In that same vein, noted industry expert Marcus Borba, at Borba Consulting, remarks, in a report from MicroStrategy, that "the demand for development in machine learning has increased exponentially. This rapid growth of machine learning solutions has created a demand for ready-to-use machine learning models that can be used easily and without expert knowledge."


Google Publishes Its BeyondProd Cloud-native Security Model

In zero-trust networking, protection of the network at its outer perimeter remains essential. However, going from there to full zero-trust networking requires a number of additional provisions. This is by no means easy, given the lack of standard ways to do it, adds Brunton-Spall: You can understand [it] from people who've done this, custom-built it. If you want to custom build your own, you should follow the same things they do. Go to conferences, learn from people who do it. Filling this gap, Google's white-paper sets a number of fundamental principles which complement the basic idea of no trust between services. Those include running code of known provenance on trusted machines, creating "choke points" to enforce security policies across services, defining a standard way to roll out changes, and isolating workloads. Most importantly, These controls mean that containers and the microservices running inside them can be deployed, communicate with one another, and run next to each other, securely, without burdening individual microservice developers with the security and implementation details of the underlying infra structure.


apples oranges slices mixture puzzle balance opposites fruit  savatore gersace flickr
What if we’re leading change all wrong? The book “Make it Stick: The Science of Successful Learning,” by Peter C. Brown, Henry L. Roediger III and Mark A. McDaniel highlights stories and techniques based on a decade of collaboration among eleven cognitive psychologists. The authors claim that we’re doing it all wrong. For example, we attempt to solve the problem before learning the techniques to do so successfully. Using the right techniques is one of the concepts that the authors suggest makes learning stickier. Rolling out data-management initiatives is complex and usually involves a cross-functional maze of communications, processes, technologies, and players. Our usual approach is to push information onto our business partners. Why? Well, of course, we know best. What if we changed that approach? This would be uncomfortable, but we are talking about getting other people to change, so maybe we should start with ourselves. Business relationship managers stimulate, surface, and shape demand. They’re evangelists for IT and building organizational convergence to deliver greater value. There’s one primary method to accomplish this: collaboration.


Setting Management Expectations in Machine Learning

Business leaders often forget that machine learning algorithms are not a panacea that can be thrust into a given use case and expected to magically deliver value on their own. Algorithms rely on large, accurate, datasets to train and generate predictions. Data science is just the end result of a long process of data collection, cleansing, and tagging that requires significant investment. That’s why it’s important to have a robust Data Governance strategy in place at your business. Unfortunately, management often forgets this. Having failed to make the necessary investments in Data Governance, they nonetheless expect their data scientists to “figure it out.” Even where management has made the necessary investments in Data Governance and you have access to a large, healthy, internal dataset, there are certain functions you will still have difficulty performing. These most prominently include anything that requires you to leverage customer data. The frequency of widespread breaches and scandals involving the misuse of data, along with the accompanying rise in government regulation, has made it more difficult than ever to leverage customer data within businesses’ ML systems.



"As more states follow California's lead and push forward with new privacy laws, we'll likely see increased pressure on the federal government to take a more proactive role in the privacy sphere," said Mary Race, a privacy attorney in California. The Senate Commerce Committee held a hearing in December to discuss two potential frameworks, both of which seek to set a federal standard and designate regulators to enforce the law. Lawmakers expressed bipartisan support for privacy laws though no legislation has moved forward. Still, several key aspects of a prospective law were up for debate at the hearing. The Republican framework, submitted by Sen. Roger Wicker of Mississippi, would preempt state data privacy laws, and would limit enforcement to the FTC. Sen. Maria Cantwell of Washington, who submitted the Democratic bill, has said she's considering letting consumers directly sue companies, and would not supersede state laws. While federal law supersedes state law in general, many federal laws leave room for states to enact tougher requirements on top of the baseline set by US legislators.



How Data Subject Requests are at the heart of protecting privacy

Not only has data proliferated, but it’s also mutated into derivative forms. Customer data is often collected across multiple channels without being linked to a master identifier, and the definition of what is considered PII is continuing to change. The other reason the DSR search process is difficult is that many organizations still rely on questionnaires and spreadsheets for data discovery. These manual processes are inefficient at best, and incredibly inaccurate at worst. Consider that a single bank transaction might be replicated across 100 systems. Successfully fulfilling a DSR for that customer could require multiple people to manually search all those systems, and the accuracy and completeness may be questionable. Not only would the individual’s privacy be compromised, but the bank would also have to defend the results with regulators. In an age of big data and automation, relying on manual processes to fulfill privacy laws seems unbelievably arcane, if not impossible given the sheer volume of data companies have. Fortunately, many organizations are beginning to realize the complexity and importance of the DSR process and are looking to automate it.



Quote for the day:


"People not only notice how you treat them, they also notice how you treat others." -- Gary L. Graybill


No comments:

Post a Comment