Daily Tech Digest - August 05, 2020

Data privacy and data security are not the same

"Data privacy is, in essence, a subset of an organization's data security," Ewing said. "The distinction is important because, although the tools used to maintain data privacy and to ensure data security may overlap, the two are generally addressed differently by different teams using different tools." This overlap can cause confusion, leaving companies who focus just on data security with the false impression that, by default, data privacy also is protected. This is not the case. Unlike data security, which focuses on protecting all of an organization's data from theft or corruption (like during a ransomware attack), data privacy is more granular. To ensure data privacy, organizations must understand, track, and control things like who is authorized to access the data and where the data is stored -- in a Health Insurance Portability and Accountability Act (HIPAA)-compliant cloud, for example. A good example of differences between data privacy and data security was the harvesting of 87 million Facebook user profiles by the now-defunct political consulting firm Cambridge Analytica during the 2016-17 US presidential election, said Joshua Kail, a communications consultant who ran agency-side PR for Cambridge Analytica until it shut down in May 2018. 


State of the Art in Automated Machine Learning

Through the years of development of the machine learning domain, we have seen that a large number of tasks around data manipulation, feature engineering, feature selection, model evaluation, hyperparameter tuning can be defined as an optimization problem and, with enough computing power, efficiently automated. We can see numerous proofs for that not only in research but also in the software industry as platform offerings or open-source libraries. All these tools use predefined methods for data processing, model training, and evaluation. The creative approach to framing problems and applying new techniques to existing problems is the one that is not likely to be replicated by machine automation, due to a large number of possible permutations, complex context, and expertise the machine lacks. As an example, look at the design of neural net architectures and their applications, a problem where the search space is so ample, where the progress is still mostly human-driven. ... In theory, the entire ML process is computationally hard. From fitting data to, say, a neural network, to hyperparameter selection, to neural architecture search (NAS), these are all hard problems in the general case. However, all of these components have been automated with varying degrees of success for specific problems thanks to a combination of algorithmic advances, computational power, and patience.


How AI is Becoming Essential to Cyber-Strategy

The problem with machine learning is that the AI is limited to the features that it has been taught to expect. Fooling a machine learning security system is as simple as adding an unexpected/ unprogrammed feature into the exploit. Imagine a card trick such as “find the lady” where the machine learning software is expecting the dealer to operate inside the given parameters (the dealer is only moving around these three cards), but the dealer is cheating by having a fourth card. Because the concept of the fourth card is outside the expected features, the program can be defeated. What artificial neural networks can do is allow an AI to self-determine what features it uses to reach a conclusion. An artificial neural network still requires some degree of human input to confirm if a conclusion is incorrect, but it effectively self-organizes how it reviews and manages the data it has access to. As an example, an AI looking for new types of viruses can sense everything happening in a computer and then identify based on everything whether a program or even an activity in the memory are doing something unwelcome. It does not need to have seen the behavior before, it only has to recognize the outcome, or potential outcome.


ICML 2020 highlights: A Transformer-based RL agent, causal ML for increased privacy, and more

Microsoft researchers are in full summer swing when it comes to advancing machine learning in accessibility, privacy, healthcare, and other areas. As Microsoft Partner Research Manager and ICML President John Langford puts it, “ICML is a very broad conference, so its specialty is in some sense ‘all of the above.’” But Langford goes on to add that one of the topics that ICML has a long track record on is currently trending: reinforcement learning. A brief glance through the sessions and workshops presented by Microsoft researchers shows the wide influence reinforcement learning has in our world today, from natural language to robotics to infrastructure considerations like transportation. Beyond the research contributions, Microsoft was also a sponsor of and recruiter at the conference. Additionally, the company sponsored two events co-located with the conference, the first Women in Machine Learning Un-Workshop and the fourth Queer in AI Workshop. The impact of the conference—now and in the future—is multifaceted, according to Langford. “ICML is ‘the’ summer machine learning conference. As such, it’s critically important to the academic discovery, review, and dissemination process, a great way to meet fellow researchers, and a natural recruiting point for the field,” he says.


An open source solution for continuous testing at scale

With recent and ongoing updates, organizations can leverage Cerberus' features from development to operations. It expands digital experience test coverage by executing tests on a variety of browsers, devices, and apps. Its native connectors for APIs (including SOAP and REST), desktop applications, and Apache Kafka enable testing legacy apps, APIs, event-driven microservices, streaming services, business intelligence, data science applications, and other use cases. During the software development lifecycle, Cerberus supports fast iterations in test management, execution, and reporting. Users can create test specifications in plain English, compose tests using a library, execute in parallel on various devices, and do advanced reporting. Native integration with CI/CD solutions, such as Jenkins, Bitbucket, and others, combined with one-click ticket creation in Jira and other tools, makes bug resolution faster and easier. Cerberus can also monitor customer experience and business operations. Tests can be functional and technical, allowing organizations to test complex scenarios. For example, France's leading TV channel, TF1, uses it for quality assurance on its streaming platform.


Retrospectives for Management Teams

Good action points are the ones that propel the team forward and make them productive; I focus on quantity, quality, and the process itself. When it comes to quantity, it’s always wise to limit our commitments in order to maximize our chance of delivering them on time. Sometimes it aches the team to let go of some great ideas and not turn them into action points after a meeting. I believe it’s our duty as facilitators to increase the likelihood of a positive impact, even if it means cutting the number of initiatives we start simultaneously. When it comes to quality, in Radical Candor Kim Scott gives an easy-to-remember recipe for action points. You need to have a one-line answer to who will do what by when? If you do not have an answer on all three aspects, you don’t have an action point after all. If you follow her lead, you get a statement that is easy to act upon, easy to check if it’s being done, and easy to communicate with your stakeholders. Regarding the process, I like to encourage people to write their action items themselves - it helps to frame them in a way they understand and find easy to act upon. It helps to remember them, too.


What is an IT director? Everything you need to know about one of the top jobs in tech

The first IT professionals were employed to help their organisations manage mainframe systems. As computers became more integral to the way we work, so technology leaders – be they IT directors or CIOs – started to be appointed. IT director was the more commonly used term initially. Through the late 1990s and into the new millennium, it became customary for the top executive in a business to take the CIO moniker. While that's still often the case, it's not a hard and fast rule – many organisations still use the IT director title to describe their most senior tech executive, or use closely related titles, such as head of IT, head of technology, vice president of IT, or VP of technology. Apart from the job title, the roles are perceived to have a subtly different focus. Many big organisations now employ a CIO and an IT director. Where both executives are in situ, a split in responsibilities is likely to occur. IT directors are more likely to ensure day-to-day technology operations meet the mark, covering areas such as system uptime, service maintenance and vendor agreements. CIOs, on the other hand, are seen as the outward face of the technology department – CIOs spend less time in the data centre and more time engaging with their business peers in an attempt to understand how technology can be used to help meet their demands.


The Age of Accelerating Strategy Breakthroughs

Leading companies are also prioritizing the need to identify threats and opportunities created by megatrends that can rapidly reshape businesses. The coronavirus pandemic has shown that negative megatrends like epidemics and climate change can no longer be treated as tail risks so extreme that no preparation would make a difference. Companies have to build up resilience to safeguard profits by being prepared to play ferocious defense against other negative megatrends gathering momentum, like public debt crises, at one end of the spectrum. At the other, they must aggressively pursue new prospects created by positive megatrends like digitalization and health and wellness. Macro shifts set off by the pandemic illustrate how quickly megatrends can force companies to reset strategies. Retailers are rerouting investments earmarked for building physical locations into upgrading online commerce features and delivery services. Financial services companies are accelerating many more digital-only offerings, such as contactless payments and risk management products such as health insurance.


How to avoid cloud vendor lock-in and take advantage of multi-vendor sourcing options

Businesses recognise the benefit of utilising different suppliers and over half are now using more than one public cloud provider. According to McQuire, the moves of major cloud providers is reflecting this trend, with the launch of products like Google Cloud’s Anthos and Big Query Omni, as well as Microsoft’s Azure Arc. “Customers and developers want depth in cloud services but don’t want to be locked into a single cloud environment. Above all, they want choice when it comes to spinning up infrastructure for new applications, lift-and shift projects or maintaining consistency across their on premises, public cloud and edge environments,” he comments. McQuire warns, however, that while the market is still very early in its transition to the cloud, “care must be taken in pursuing multi-cloud approaches, so that they are not adding even more complexity to an already highly-complicated cloud computing stack. “Whilst consistency is key in multi-cloud, there will be those that do not want a lowest common denominator approach in order to support this strategy.”


How Ransomware Threats Are Evolving & How to Spot Them

"The cleverness, the creativity, and the intimate knowledge of these very, very miniscule technical details to craft a bypass like that is almost unseen in criminal malware," says Wisniewski. "It's the kind of thing we expect to see in espionage-style attacks, not in criminal attacks." Some attackers bypass technical tools by "living off the land," or using legitimate admin tools to achieve goals. Some use software deployment tools to roll out ransomware instead of delivering patches to Windows machines, Wisniewski says as an example. They may abuse PowerShell, other Microsoft tools, or so-called "gray hat" tools like Metasploit or Cobalt Strike. This behavior isn't new, Wisniewski says. "What is new is that may be the only indication you're going to get that they're in your network." Organizations may notice small, unusual things once in a while, remedy them, and close the ticket without realizing they're part of a larger incident. By the time they do, an attacker has been in their network for weeks. WastedLocker and Maze will "sit there for a month" to figure out the thing that will shut down their enterprise victim.



Quote for the day:

"Entrepreneurs must be willing to be misunderstood for long periods of time." -- Jeff Bezos

No comments:

Post a Comment