Daily Tech Digest - April 30, 2021

Tech to the aid of justice delivery

Obsolete statutes which trigger unnecessary litigation need to be eliminated as they are being done currently with over 1,500 statutes being removed in the last few years. Furthermore, for any new legislation, a sunset review clause should be made a mandatory intervention, such that after every few years, it is reviewed for its relevance in the society. A corollary to this is scaling decriminalisation of minor offences after determining as shown by Kadish SH in his seminal paper ‘The Crisis of Overcriminalization’, whether the total public and private costs of criminalisation outweigh the benefits? Non-compliance with certain legal provisions which don’t involve mala fide intent can be addressed through monetary compensation rather than prison time, which inevitably instigates litigation. Finally, among the plethora of ongoing litigations in the Indian court system, a substantial number are those that don’t require interpretation of the law by a judge, but simply adjudication on facts. These can take the route of ODR, which has the potential for dispute avoidance by promoting legal education and inducing informed choices for initiating litigation and also containment by making use of mediation, conciliation or arbitration, and resolving disputes outside the court system.

Leading future-ready organizationsTo break through these barriers to Agile, companies need a restart. 

They need to continue to expand on the initial progress they’ve made but focus on implementing a wider, more holistic approach to Agile. Every aspect of the organization must be engaged in an ongoing cyclical process of “discover and evaluate, prioritize, build and operate, analyze…and repeat.” ... Organizations that leverage digital decoupling are able to get on independent release cycles and unlock new ways of working with legacy systems. Based on our work with clients, we’ve seen that this can result in up to 30% reduction in cost of change, reduced coordination overhead, and increased speed of planning and pace of delivery. ... In our work with clients, we see firsthand how cross-functional teams and automation of application delivery and operations contributes to increased pace of delivery, improved employee productivity, and up to 30% reduction in deployment time. Additionally, scaling DevOps enables fast and reliable releases of new features to production within short iterations and includes optimizing processes and upskilling people, which is the starting point for a collaborative and liquid enterprise. .... Moving talent and partners into a non-hierarchal and blended talent sourcing and management model can result in 10-20% increase in capacity.

F5 Big-IP Vulnerable to Security-Bypass Bug

The vulnerability specifically exists in one of the core software components of the appliance: The Access Policy Manager (APM). It manages and enforces access policies, i.e., making sure all users are authenticated and authorized to use a given application. Silverfort researchers noted that APM is sometimes used to protect access to the Big-IP admin console too. APM implements Kerberos as an authentication protocol for authentication required by an APM policy, they explained. “When a user accesses an application through Big-IP, they may be presented with a captive portal and required to enter a username and password,” researchers said, in a blog posting issued on Thursday. “The username and password are verified against Active Directory with the Kerberos protocol to ensure the user is who they claim they are.” During this process, the user essentially authenticates to the server, which in turn authenticates to the client. To work properly, KDC must also authenticate to the server. KDC is a network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain.

4 Business Benefits of an Event-Driven Architecture (EDA)

Using an event-driven architecture can significantly improve developmental efficiency in terms of both speed and cost. This is because all events are passed through a central event bus, which new services can easily connect with. Not only can services listen for specific events, triggering new code where appropriate, but they can also push events of their own to the event bus, indirectly connecting to existing services. ... If you want to increase the retention and lifetime value of customers, improving your application’s user experience is a must. An event-driven architecture can be incredibly beneficial to user experience (albeit indirectly) since it encourages you to think about and build around… events! ... Using an event-driven architecture can also reduce the running costs of your application. Since events are pushed to services as they happen, there’s no need for services to poll each other for state changes continuously. This leads to significantly fewer calls being made, which reduces bandwidth consumption and CPU usage, ultimately translating to lower operating costs. Additionally, those using a third-party API gateway or proxy will pay less if they are billed per-call.

Gartner says low-code, RPA, and AI driving growth in ‘hyperautomation’

Gartner said process-agnostic tools such as RPA, LCAP, and AI will drive the hyperautomation trend because organizations can use them across multiple use cases. Even though they constitute a small part of the overall market, their impact will be significant, with Gartner projecting 54% growth in these process-agnostic tools. Through 2024, the drive toward hyperautomation will lead organizations to adopt at least three out of the 20 process-agonistic types of software that enable hyperautomation, Gartner said. The demand for low-code tools is already high as skills-strapped IT organizations look for ways to move simple development projects over to business users. Last year, Gartner forecast that three-quarters of large enterprises would use at least four low-code development tools by 2024 and that low-code would make up more than 65% of application development activity. Software automating specific tasks, such as enterprise resource planning (ERP), supply chain management, and customer relationship management (CRM), will also contribute to the market’s growth, Gartner said.

When cryptography attacks – how TLS helps malware hide in plain sight

Lots of things that we rely on, and that are generally regarded as bringing value, convenience and benefit to our lives…can be used for harm as well as good. Even the proverbial double-edged sword, which theoretically gave ancient warriors twice as much fighting power by having twice as much attack surface, turned out to be, well, a double-edged sword. With no “safe edge” at the rear, a double-edged sword that was mishandled, or driven back by an assailant’s counter-attack, became a direct threat to the person wielding it instead of to their opponent. ... The crooks have fallen in love with TLS as well. By using TLS to conceal their malware machinations inside an encrypted layer, cybercriminals can make it harder for us to figure out what they’re up to. That’s because one stream of encrypted data looks much the same as any other. Given a file that contains properly-encrypted data, you have no way of telling whether the original input was the complete text of the Holy Bible, or the compiled code of the world’s most dangerous ransomware. After they’re encrypted, you simply can’t tell them apart – indeed, a well-designed encryption algorithm should convert any input plaintext into an output ciphertext that is indistinguishable from the sort of data you get by repeatedly rolling a die.

Decoupling Software-Hardware Dependency In Deep Learning

Working with distributed systems, data processing such as Apache Spark, Distributed TensorFlow or TensorFlowOnSpark, adds complexity. The cost of associated hardware and software go up too. Traditional software engineering typically assumes that hardware is at best a non-issue and at worst a static entity. In the context of machine learning, hardware performance directly translates to reduced training time. So, there is a great incentive for the software to follow the hardware development in lockstep. Deep learning often scales directly with model size and data amount. As training times can be very long, there is a powerful motivation to maximise performance using the latest software and hardware. Changing the hardware and software may cause issues in maintaining reproducible results and run up significant engineering costs while keeping software and hardware up to date. Building production-ready systems with deep learning components pose many challenges, especially if the company does not have a large research group and a highly developed supporting infrastructure. However, recently, a new breed of startups have surfaced to address the software-hardware disconnect.

4 tips for launching a successful data strategy

Your business partners know that data can be powerful, and they know that they want it, but they do not always know, specifically, what data they need and how to use it. The IT organization knows how to collect, structure, secure, and serve up the data, but they are not typically responsible for defining how best to leverage the data. This gap between serving up the data and using the data can be as wide as the Ancient Mariner’s ocean (sorry), over which the CIO needs to build a bridge. ... But how do we attract those brilliant data scientists who can build the data dashboard straw man? To counter the challenge of a really tight market for these rare birds, Nick Daffan, CIO of Verisk Analytics, suggests giving data scientists what we all want: interesting work that creates an impact. “Data scientists want to get their hands on data that has both depth and breadth, and they want to work with the most advanced tools and methods," Daffan says. "They also want to see their models implemented, which means being able to help their business partners and customers use the data in a productive way.”

How to boost internal cyber security training

A big part of maintaining engagement among staff when it comes to cyber security is explaining how the consequences of insufficient protection could affect employees in particular. “Unless individuals feel personally invested, they tend not to concern themselves with the impact of a breach,” said James Spiteri, principal security specialist at Elastic. “Provide training that moves beyond theory and shows the risks and implications through actual practice to help engage the individual. For example, simulating an attack to show how an insecure password or bad security hygiene on personal accounts can lead to unwanted access of people’s personal information such as photos or payment details could be very effective in changing behaviours. “Teams need to find relatable tools to help break down the complexities of cyber security. Showcasing cyber security problems through relatable items like phones, and everyday situations such as connecting to public Wi-fi, can help spread awareness of employees’ digital footprint and how easy it is to spread information without being aware of it.”

Shedding light on the threat posed by shadow admins

Threat actors seek shadow admin accounts because of their privilege and the stealthiness they can bestow upon attackers. These accounts are not part of a group of privileged users, meaning their activities can go unnoticed. If an account is part of an Active Directory (AD) group, AD admins can monitor it, and unusual behaviour is therefore relatively straightforward to pinpoint. However, shadow admins are not members of a group since they gain a particular privilege by a direct assignment. If a threat actor seizes control of one of these accounts, they immediately have a degree of privileged access. This access allows them to advance their attack subtly and craftily seek further privileges and permissions while escaping defender scrutiny. Leaving shadow admin accounts on an organization’s AD is a considerable risk that’s best compared to handing over the keys to one’s kingdom to do a particular task and then forgetting to track who has the keys and when to ask for it back. It pays to know who exactly has privileged access, which is where AD admin groups help. Conversely, the presence of shadow admin accounts could be a sign that an attack is underway.

Quote for the day:

"Leaders are more powerful role models when they learn than when they teach." -- Rosabeth Moss Kantor

Daily Tech Digest - April 29, 2021

Why the Age of IIoT Demands a New Security Paradigm

Perhaps the most dangerous and potentially prolific security threats are employees, experts contend. “We fear Russia in terms of cybersecurity breaches, but the good-hearted employee is the most dangerous,” says Greg Baker, vice president and general manager for the Cyber Digital Transformation organization at Optiv, a security systems integrator. “The employee that tries to stretch their responsibilities by updating a Windows XP workstation to Windows 10 and shuts the factory down—they’re the most dangerous threat actor.” Historically, security of OT environments has been addressed by preventing connectivity to outside sources or walling off as much as possible from the internet using a strategy many refer to as an “air gap.” With the latter approach, firewalls are the focal point of the security architecture, locking down an automation environment, perhaps in a specific building, to prevent external access as opposed to a strategy predicated on securing individual endpoints on the industrial network such as HMIs or PLCs. “We used to live in a world that was protected—you didn’t need to put a lock on your jewelry drawer because you had a huge fence around the property and no one was getting in,” explains John Livingston

9 unexpected skills you need for today's tech team

Pekelman said that being adaptable is also crucial. "More than ever, teams need to be agile and flexible—as we've learned, things can truly change in a very short period of time," he said. Nathalie Carruthers, executive vice president and chief HR officer at Blue Yonder, agreed that change, innovation and transformation are the only constants in the tech world. "We look for candidates who can adapt to this constant change and who have a passion for learning," she said. In addition to working well with others, IT professionals have to be able to set priorities for their daily and weekly to-do lists without extensive guidance from the boss. Jon Knisley, principal of automation and process excellence at FortressIQ, said employees also should be able to think critically and act. "With more agile and collaborative work styles, employees need to execute with less guidance from management," he said. "The ability to conduct objective analysis and evaluate an issue in order to form a judgement is paramount in today's environment." Carruthers said technical skills and prior experience are good, but transferable skills are ideal. "Transferable skills showcase problem-solving ability, versatility and adaptability—common traits in successful leaders and essential elements for career development," she said.

4 Innovative Ways Cyberattackers Hunt for Security Bugs

A more time-consuming and less satisfying tactic to find bugs is fuzzing. I was once tasked with breaking into a company, so I started at a relatively simple place — its employee login page. I began blindly prodding, entering ‘a’ as the username, and getting my access denied. I typed two a’s… access denied again. Then I tried typing 1000 a’s, and the portal stopped talking to me. A minute later, the system came back online and I immediately tried again. As soon as the login portal went offline, I knew I found a bug. Fuzzing may seem like an easy path to finding every exploit on a network, but for attackers, it’s a tactic that rarely works on its own. And if an attacker fuzzes against a live system, they’ll almost certainly tip off a system admin. I prefer what I call spear-fuzzing: Supplementing the process with a human research element. Using real-world knowledge to narrow the attack surface and identify where to dig saves a good deal of time. Defenders are constantly focused on making intrusion more difficult for attackers, but hackers simply don’t think like defenders. Hackers are bound to the personal cost of time and effort, but not to corporate policy or tooling.

7 Things Great Leaders Do Every Day

A leader needs to inspire takeaways, which will bring value to-and-for the team. Consistency in success relies on having all able hands on deck, working together and with mutual understanding, to make for the steadiest ship. If you're trying to build better structure within mid-sized or larger organizations, the Leader should consider delegating the sharing of information amongst department/division heads and allow for them to disseminate the state of things to their reports. Choosing one-on-ones, senior staff huddles, and/or both (depending on what needs to be accomplished) are good ways to ensure this process smoothly moves forward. These should not substitute for any regularly scheduled staff meetings, which should be conducted at the frequency and manner that most makes sense for your organizational environment, sector, and company size. In turn, communicating the state of things to your department/division heads will task and empower them to take progressive roles in having ownership of communications relevant to their department/division while being “in the know” on the overall macro level.

Rearchitecting for MicroServices: Featuring Windows & Linux Containers

First, let’s recap the definition of what a container is – a container is not a real thing. It’s not. It’s an application delivery mechanism with process isolation. In fact, in other videos I have made on YouTube, I compare how a container is similar to a waffle, or even a glass of whiskey. If you’re new to containers, I highly recommend checking out my “Getting Started with Docker” video series available here. Second, let’s simplify what a Dockerfile actually is – the TL;DR is it’s an instruction manual for the steps you need to either simply run, or build and run your application. That’s it. At its most basic level, it’s just a set of instructions for your app to run, which can include the ports it needs, the environment variables it can consume, the build arguments you can pass, and the working directories you will need. Now, since a container’s sole goal is to deliver your application with only the processes your application needs to run, we can take that information and begin to think about our existing application architecture. In the case of Mercury Health, and many similar customers who are planning their migration path from on-prem to the cloud, we have a legacy application that is not currently architected for cross platform support – I.E. it only runs on Windows.

How to Change Gender Disparity Among Data Science Roles

There are times that I see job reqs and I’ll see recruiters come back saying they’re not finding that type of candidate -- that it doesn’t exist. I’m pretty convinced that the way the job requisitions are written they are inherently attracting individuals that may feel more confident. There’s a ton of data around the idea that individuals that identify as female are far less likely to apply to a role if they don’t tick every single box whereas their male counterparts, if they check a third or less, will be bold and apply. I think we need to do a better job at writing job descriptions that are inclusive. If there’s roles that you foresee your organization is going to need filled in AI, robotics, or edge computing -- some of the things that are tip of the spear -- the whole market is stripped out irrespective of what gender or background you may have. That is a leading indicator that an investment needs to be made. Whether that’s investing in junior practitioners, or creating alliances and relationships with local colleges and universities, or being more creative about how you curate your class of interns so they have time to ramp up, you’ve got to handle both sides of it.

Cyber attackers rarely get caught – businesses must be resilient

Hackers are increasingly targeting SMBs as, to them, it’s easy money: the smaller the business is, the less likely it is to have adequate cyber defences. Even larger SMBs typically don’t have the budgets or resources for dedicated security teams or state-of-the-art threat prevention or protection. Ransomware, for instance, is one of the biggest threats companies are facing today. While we saw the volume of ransomware attacks decline last year, this was only because ransomware has become more targeted, better implemented, and much more ruthless, with criminals specifically targeting higher value and weaker targets. One of the most interesting – and concerning – findings from our report, “The Hidden Cost of Malware”, was that the businesses had become preferred targets because they can and will pay more to get their data back. About of quarter of companies in our survey were asked to pay between $11,000 and $50,000, and almost 35% were asked to pay between $51,000 and $100,000. In fact, ransomware has become so lucrative and popular that it’s now available as a “starter kit” on the dark web. This now means that novice cyber criminals can build automated campaigns to target businesses of any size.

How to Secure Employees' Home Wi-Fi Networks

A major security risk associated with remote work is wardriving: stealing Wi-Fi credentials from unsecured networks while driving past people's homes and offices. Once the hacker steals the Wi-Fi password, they move on to spoofing the network's Address Resolution Protocol (ARP). Next, the network's traffic is sent to the hacker, and that person is fully equipped to access corporate data and wreak havoc. A typical home-office router is set up with WPA2-PSK (Wi-Fi Protected Access 2 Pre-Shared Key), a type of network protected with a single password shared between all users and devices. Unfortunately, WPA2-PSK is by far the most common authentication mechanism used in homes, which puts employees at risk for over-the-air credential theft. WPA2-PSK does have a saving grace, which is that the passwords must be decrypted once stolen. Password encryption can prevent hackers from stealing passwords once they have them, but only if they are unique, complex, and of adequate length. Avast conducted a study of 2,000 households that found 79% of homes employed weak Wi-Fi passwords. 

Solve evolving enterprise issues with GRC technology

The key challenges organizations face in fulfilling regulator requests is keeping business data up to date. Organizations of all sizes are working to reduce the delay between distributing a risk assessment, receiving responses, understanding their risk insights, and making risk-based decisions. The insights an organization receives from this work can lose value over time if the data isn’t kept up-to-date and monitored for compliance. By leveraging data classification methods and risk formulas, organizations can reduce lag time, gain real time risk insights and standardize risk at scale. OneTrust GRC provides workflows to find, collect, document and classify data in real-time to gain meaningful risk insights and support compliance. ... What sets our GRC solution apart is that it is integrated into the entire OneTrust platform of trust. Trust differentiates as a business outcome, not simply a compliance exercise. Companies nowneed to mature beyond the tactical governance tools of the past and into a modern platform with centralized workflows that bring together all the elements of trust: privacy, data governance, ethics and compliance, GRC, third-party risk, and ESG. OneTrust does just that.

Indestructible Storage in the Cloud with Apache Bookkeeper

After researching what open source had to offer, we settled upon two finalists: Ceph and Apache BookKeeper. With the requirement that the system be available to our customers, scale to massive levels and also be consistent as a source of truth, we needed to ensure that the system can satisfy aspects of the CAP Theorem for our use case. Let’s take a bird’s-eye view of where BookKeeper and Ceph stand in regard to the CAP Theorem (Consistency, Availability and Partition Tolerance) and our unique requirements. While Ceph provided Consistency and Partition Tolerance, the read path can provide Availability and Partition Tolerance with unreliable reads. There’s still a lot of work required to make the write path provide Availability and Partition Tolerance. We also had to keep in mind the immutable data requirement for our deployments. We determined Apache BookKeeper to be the clear choice for our use case. It’s close to being the CAP system we require because of its append only/immutable data store design and a highly replicated distributed log.

Quote for the day:

"Ninety percent of leadership is the ability to communicate something people want." -- Dianne Feinstein

Daily Tech Digest - April 28, 2021

The Rise of Cognitive AI

There is a strong push for AI to reach into the realm of human-like understanding. Leaning on the paradigm defined by Daniel Kahneman in his book, Thinking, Fast and Slow, Yoshua Bengio equates the capabilities of contemporary DL to what he characterizes as “System 1” — intuitive, fast, unconscious, habitual, and largely resolved. In contrast, he stipulates that the next challenge for AI systems lies in implementing the capabilities of “System 2” — slow, logical, sequential, conscious, and algorithmic, such as the capabilities needed in planning and reasoning. In a similar fashion, Francois Chollet describes an emergent new phase in the progression of AI capabilities based on broad generalization (“Flexible AI”), capable of adaptation to unknown unknowns within a broad domain. Both these characterizations align with DARPA’s Third Wave of AI, characterized by contextual adaptation, abstraction, reasoning, and explainability, with systems constructing contextual explanatory models for classes of real-world phenomena. These competencies cannot be addressed just by playing back past experiences. One possible path to achieve these competencies is through the integration of DL with symbolic reasoning and deep knowledge.

Singapore puts budget focus on transformation, innovation

Plans are also underway to enhance the Open Innovation Platform with new features to link up companies and government agencies with relevant technology providers to resolve their business challenges. A cloud-based digital bench, for instance, would help facilitate virtual prototyping and testing, Heng said. The Open Innovation Platform also offers co-funding support for prototyping and deployment, he added. The Building and Construction Authority, for example, was matched with three technology providers -- TraceSafe, TagBox, and Nervotec -- to develop tools to enable the safe reopening of worksites. These include real-time systems that have enabled construction site owners to conduct COVID-19 contact tracing and health monitoring of their employees. Enhancements would alsobe made for the Global Innovation Alliance, which was introduced in 2017 to facilitate cross-border partnerships between Singapore and global innovation hubs. Since its launch, more than 650 students and 780 Singapore businesses had participated in innovation launchpads overseas, of which 40% were in Southeast Asia, according to Heng.

Machine learning security vulnerabilities are a growing threat to the web, report highlights

Most machine learning algorithms require large sets of labeled data to train models. In many cases, instead of going through the effort of creating their own datasets, machine learning developers search and download datasets published on GitHub, Kaggle, or other web platforms. Eugene Neelou, co-founder and CTO of Adversa, warned about potential vulnerabilities in these datasets that can lead to data poisoning attacks. “Poisoning data with maliciously crafted data samples may make AI models learn those data entries during training, thus learning malicious triggers,” Neelou told The Daily Swig. “The model will behave as intended in normal conditions, but malicious actors may call those hidden triggers during attacks.” Neelou also warned about trojan attacks, where adversaries distribute contaminated models on web platforms. “Instead of poisoning data, attackers have control over the AI model internal parameters,” Neelou said. “They could train/customize and distribute their infected models via GitHub or model platforms/marketplaces.”

Demystifying the Transition to Microservices

The very first step you should be taking is to embrace container technology. The biggest difference between a service-oriented architecture and a microservice-oriented architecture is that in the second one, the deployment is so complex, there are so many pieces with independent lifecycles, and each piece needs to have some custom configuration that it can no longer be managed manually. In a service-oriented architecture, with a handful of monolithic applications, the infrastructure team can still treat each of them as a separate application and manage them individually in terms of the release process, monitoring, health check, configuration, etc. With microservices, this is not possible with a reasonable cost. There will eventually be hundreds of different 'applications,' each of them with its own release cycle, health check, configuration, etc., so their lifecycle has to be managed automatically. There may be other technologies to do so, but microservices have become almost a synonym of containers. Not only Docker containers manually started, but you will also need an orchestrator. Kubernetes or Docker Swarm are the most popular ones.

Ransomware: don’t expect a full recovery, however much you pay

Remember also that an additional “promise” you are paying for in many contemporary ransomware attacks is that the criminals will permanently and irrevocably delete any and all of the files they stole from your network while the attack was underway. You’re not only paying for a positive, namely that the crooks will restore your files, but also for a negative, namely that the crooks won’t leak them to anyone else. And unlike the “how much did you get back” figure, which can be measured objectively simply by running the decryption program offline and seeing which files get recovered, you have absolutely no way of measuring how properly your already-stolen data has been deleted, if indeed the criminals have deleted it at all. Indeed, many ransomware gangs handle the data stealing side of their attacks by running a series of upload scripts that copy your precious files to an online file-locker service, using an account that they created for the purpose. Even if they insist that they deleted the account after receiving your money, how can you ever tell who else acquired the password to that file locker account while your files were up there?

Linux Kernel Bug Opens Door to Wider Cyberattacks

Proc is a special, pseudo-filesystem in Unix-like operating systems that is used for dynamically accessing process data held in the kernel. It presents information about processes and other system information in a hierarchical file-like structure. For instance, it contains /proc/[pid] subdirectories, each of which contains files and subdirectories exposing information about specific processes, readable by using the corresponding process ID. In the case of the “syscall” file, it’s a legitimate Linux operating system file that contains logs of system calls used by the kernel. An attacker could exploit the vulnerability by reading /proc/<pid>/syscall. “We can see the output on any given Linux system whose kernel was configured with CONFIG_HAVE_ARCH_TRACEHOOK,” according to Cisco’s bug report, publicly disclosed on Tuesday.. “This file exposes the system call number and argument registers for the system call currently being executed by the process, followed by the values of the stack pointer and program counter registers,” explained the firm. “The values of all six argument registers are exposed, although most system call use fewer registers.”

Process Mining – A New Stream Of Data Science Empowering Businesses

It is needless to emphasise that Data is the new Oil, as Data has shown us time on time that, without it, businesses cannot run now. We need to embrace not just the importance but sheer need of Data these days. Every business runs the onset of processes designed and defined to make everything function smoothly, which is achieved through – Business Processes Management. Each Business Process has three main pillars – Business Steps, Goals and Stakeholders, where series of Steps are performed by certain Stakeholders to achieve a concrete goal. And, as we move into the future where the entire businesses are driven by Data Value Chain which supports the Decision Systems, we cannot ignore the usefulness of Data Science combined with Business Process Management. And this new stream of data science is called Process Mining. As quoted by Celonis, a world-leading Process Mining Platform provider, that; “Process mining is an analytical discipline for discovering, monitoring, and improving processes as they actually are (not as you think they might be), by extracting knowledge from event logs readily available in today’s information systems.

Alexandria in Microsoft Viva Topics: from big data to big knowledge

Project Alexandria is a research project within Microsoft Research Cambridge dedicated to discovering entities, or topics of information, and their associated properties from unstructured documents. This research lab has studied knowledge mining research for over a decade, using the probabilistic programming framework Infer.NET. Project Alexandria was established seven years ago to build on Infer.NET and retrieve facts, schemas, and entities from unstructured data sources while adhering to Microsoft’s robust privacy standards. The goal of the project is to construct a full knowledge base from a set of documents, entirely automatically. The Alexandria research team is uniquely positioned to make direct contributions to new Microsoft products. Alexandria technology plays a central role in the recently announced Microsoft Viva Topics, an AI product that automatically organizes large amounts of content and expertise, making it easier for people to find information and act on it. Specifically, the Alexandria team is responsible for identifying topics and rich metadata, and combining other innovative Microsoft knowledge mining technologies to enhance the end user experience.

How Vodafone Greece Built 80 Java Microservices in Quarkus

The company now has 80 Quarkus microservices running in production with another 50-60 Spring microservices remaining in maintenance mode and awaiting a business motive to update. Vodafone Greece’s success wasn’t just because of Sotiriou’s technology choices — he also cited organizational transitions the company made to encourage collaboration. “There is also a very human aspect in this. It was a risk, and we knew it was a risk. There was a lot of trust required for the team, and such a big amount of trust percolated into organizing a small team around the infrastructure that would later become the shared libraries or common libraries. When we decided to do the migration, the most important thing was not to break the business continuity. The second most important thing was that if we wanted to be efficient long term, we’d have to invest in development and research. We wouldn’t be able to do that if we didn’t follow a code to invest part of our time into expanding our server infrastructure,” said Sotiriou. That was extra important for a team that scaled from two to 40 in just under three years.

The next big thing in cloud computing? Shh… It’s confidential

The confidential cloud employs these technologies to establish a secure and impenetrable cryptographic perimeter that seamlessly extends from a hardware root of trust to protect data in use, at rest, and in motion. Unlike the traditional layered security approaches that place barriers between data and bad actors or standalone encryption for storage or communication, the confidential cloud delivers strong data protection that is inseparable from the data itself. This in turn eliminates the need for traditional perimeter security layers, while putting data owners in exclusive control wherever their data is stored, transmitted, or used. The resulting confidential cloud is similar in concept to network micro-segmentation and resource virtualization. But instead of isolating and controlling only network communications, the confidential cloud extends data encryption and resource isolation across all of the fundamental elements of IT, compute, storage, and communications. The confidential cloud brings together everything needed to confidentially run any workload in a trusted environment isolated from CloudOps insiders, malicious software, or would-be attackers.

Quote for the day:

"Lead, follow, or get out of the way." -- Laurence J. Peter

Daily Tech Digest - April 27, 2021

Engineering Bias Out of AI

Removing bias from AI is not easy because there’s no one cause for it. It can enter the machine-learning cycle at various points. But the logical and most promising starting point seems to be the data that goes into it, says Ebert. AI systems rely on deep neural networks that parse large training data sets to identify patterns. These deep-learning methods are roughly based on the brain’s structure, with many layers of code linked together like neurons, and weights given to the links changing as the network picks up patterns. The problem is, training data sets may lack enough data from minority groups, reflect historical inequities such as lower salaries for women, or inject societal bias, as in the case of Asian-Americans being labeled foreigners. Models that learn from biased training data will propagate the same biases. But collecting high-quality, inclusive, and balanced data is expensive. So Mostly AI is using AI to create synthetic data sets to train AI. Simply removing sensitive features like race or changing them—say, increasing female salaries to affect approved credit limits—does not work because it interferes with other correlations.

Five types of thinking for a high performing data scientist

System-as-cause thinking - a pattern of thinking that determines what to include within the boundaries of our system (I.e., extensive boundary) and the level of granularity of what is to be included (I.e., intensive boundary). The extensive and intensive boundaries depend on the context in which we are analyzing the system and what is under the control of the decision maker vs what is outside their control. Data scientists typically work with whatever data that has been provided to them. While it is a good starting point, we also need to understand the broader context around how a model will be used and what is it that the decision maker can control or influence. For example, when building a robo-advice tool we could include a number of different aspects ranging from macro-economic indicators, asset class performance, company investment strategies, individual risk appetite, life-stage of the individual, health condition of the investor etc. The breadth and depth of factors to be included depends on whether we are building a tool for an individual consumer, an advisor, a wealth management client, or even a policy maker in the government. 

A software bug let malware bypass macOS’ security defenses

“The malware we uncovered using this technique is an updated version of Shlayer, a family of malware that was first discovered in 2018. Shlayer is known to be one of the most abundant pieces of malware on macOS so we’ve developed a variety of detections for its many variants, and we closely track its evolution,” Bradley told TechCrunch. “One of our detections alerted us to this new variant, and upon closer inspection we discovered its use of this bypass to allow it to be installed without an end user prompt. Further analysis leads us to believe that the developers of the malware discovered the zero-day and adjusted their malware to use it, in early 2021.” Shlayer is an adware that intercepts encrypted web traffic — including HTTPS-enabled sites — and injects its own ads, making fraudulent ad money for the operators. “It’s often installed by tricking users into downloading fake application installers or updaters,” said Bradley. “The version of Shlayer that uses this technique does so to evade built-in malware scanning, and to launch without additional ‘Are you sure’ prompts to the user,” he said.

Top 3 Challenges for Data & Analytics Leaders

First and foremost, basic learning dictates that you can’t use data to drive every action until you give every decision maker access to data and the tools to act on it. In essence, you have to approach data strategically — in a way that makes it available across departments and business users. This will amp up the data literacy and embed fact-based decision making into organizational culture. Secondly, I’ve also been known to have TV screens installed that show the latest dashboards to encourage executive buy-in. Now, executives stand in the hallway to consult them daily; it publicizes how leadership makes decisions and sets an example for the entire enterprise. ... Hard benefits such as new revenue streams, improved operations, improved customer engagement, cost reduction and risk avoidance can be quantified. This can be achieved by using financial models that incorporate cost, benefits and risks to get to the ROI, net present value (NPV), and payback period. However, the causal link between D&A and soft benefits— like productivity gains or continued innovation across the organization from culture change — remains elusive for me.

My Favorite Microservice Design Patterns for Node.js

Getting a microservice-based architecture to work around asynchronous events can give you a lot of flexibility and performance improvements. It’s not easy, since the communication can get a little bit tricky and debugging problems around it even more so. Since now there is no clear data flow from Service 1 to Service 2. A great solution for that is to have an event ID created when the client sends its initial request, and then propagated to every event that stems from it. That way you can filter around the logs using that ID and understand every message generated from the original request. Also, note that my diagram above shows the client directly interacting with the message queue. This can be a great solution if you provide a simple interface or if your client is internal and managed by your dev team. However, if this is a public client that anybody can code, you might want to provide them with an SDK-like library they can use to communicate with you. Abstracting and simplifying the communication will help you secure the workflow and provide a much better developer experience for whoever is trying to use them.

Essential Rules For Autonomous Robots To Drive A Conventional Car

A driving robot could be more readily shared around and used on a widespread basis. A true self-driving car with built-in capabilities is merely one car. A driving robot could drive any conventional car. As such, the driving robot has greater utility, plus the cost of the driving robot can be spread amongst a multitude of users or owners in a more versatile way than could a singular self-driving car. A driving robot might provide additional uses. A true self-driving car has just one purpose, ostensibly it is a car that drives and that is all that it does (though, notably, this is a darned impressive act!). A driving robot might be able to perform other tasks, such as being able to get out of the car and carry a delivery package to the door of a house. Note that this is not a requirement per se and merely identifiable as potential added use that might be devised. There are also various disadvantages of using a driving robot versus aiming to utilize or craft a true self-driving car, which I won’t delineate those shortcomings here. I urge you to take a look at my earlier article on the topic to see the articulated list of downsides or drawbacks.

Reinforcement Learning for Production Scheduling

Given a set of heterogeneous machines and a set of heterogeneous production jobs, compute the processing schedule that minimizes specified metrics. Heterogeneous means that both, the machines and the jobs can have different properties, e.g. different throughput for the machines and different required processing time for the jobs, and many more in practice. Additionally, the real problem is complicated by a set of imposed constraints, e.g. jobs of class A cannot be processed on machines of class B, etc. Theoretically, this problem is a complicated instance of the “Job scheduling” problem which together with the “Capacitated vehicle routing” is considered to be a classic of Combinatorial Optimization (CO). Though this problem is NP-hard (no exact solution in polynomial time), it is rather well-studied by the CO community, which offers a handful of methods to solve its theoretical (simplified) version. However, the majority of the methods cannot cope with real-world problem sizes or additional constraints that I’ve mentioned above. That is why most of the time people in the industry resort to some form of stochastic search combined with domain-specific heuristics.

How to empower your chief information security officer (CISO)

The new remote working environments that have been ushered in as a result of the pandemic has expanded the attack surface, meaning a need for added visibility over the network for the CISO. According to Adam Palmer, chief cyber security strategist at Tenable, clear communication with the organisation’s board about possible risks can go a long way in empowering security leadership. “CISOs will need to be aware, and effectively list the vulnerabilities before they inform the board of directors of what is being done and how to reduce and address them,” said Palmer. “By using a risk-based approach CISOs can profile the distributed risk across the extended enterprise, and explain this in the boardroom in the same business terms other functions use so all can understand and evaluate any controls that need to be implemented to address that risk effectively and cost-efficiently. “It will be tempting for management to purchase additional tools to alleviate the overall risk levels, and it is important to remember that a magic bullet is not the only solution.

IT Meets Finance: How CFOs Drive Digital Success

CFOs are no longer bean counters with a fierce grip on the checkbook. Being a CFO today is about leadership -- understanding the growth levers that drive the business and the investments needed to get there. Right now, that growth driver is digital transformation. CFOs now must have a strong understanding of technology. CFOs are data-driven and are using predictive analytics and machine learning to ensure initiatives are driving real impact. CFOs should ask for data that indicates transformation efforts are maximizing ROI and driving tangible value across the business. They're looking to quantify the success of their digital transformation investments. ... CFOs are central to strategic decisions about transformation. They are focused on helping their companies not only survive the current climate but also come out stronger on the other side. While it can be hard for organizations to overhaul in the midst of uncertainty, it's the CFO's job to really advocate for and invest in projects that will push the business forward. CFOs can ensure investments impact every aspect of the business and drive more engagement and commitment from business leaders, ultimately ensuring better success.

Attackers can teach you to defend your organization against phishing

Should the attacker’s email manage to evade your mail gateway, the goal is to trick an employee into performing an action that executes a malicious payload. This payload is designed to exploit a vulnerability and provide the attacker with access to the environment. Ideally, you’ve got code execution policies in place so only certain types of files can be executed. You can prevent anything that’s delivered by email to be executed, to restrict things as much as you possibly can. The attacker knows this and is constantly trying to work around it, which is why you need to maintain an ability to detect the execution of malicious payloads from phishing emails on employee endpoints. But how? Design and frequently run test cases that simulate malicious payloads being executed on your employee endpoints. Monitor logs and alerts when performing code execution test cases to validate that you have both the necessary coverage and telemetry to recognize indicators of compromise. Where blind spots in telemetry are identified, develop and validate new detection use cases.

Quote for the day:

"Coaching is unlocking a person's potential to maximize their own performance. It is helping them to learn rather than teaching them." -- John Whitmore

Daily Tech Digest - April 26, 2021

Technology, Management or Data? How To Choose Your Career

Dr Sarkar stated, “Given the current job landscape, the methods of pursuing degrees and programs are evolving and getting digitised. Let’s take a look at a couple of examples, such as MTech Programs and MBA Programs. Classically, they are about depth in specific branches. Now, an MTech program or MBA program no longer includes only the core disciplines, rather, it has become a fusion of important disciplines required to solve real-time problems.” “Therefore, even if you are trying to think of yourself as going through the technology route, doing an MTech program, you will probably end up doing a fair amount of business applications using data, given the kinds of projects and courses. Similarly for an MBA program, you will go beyond the core disciplines and you will also use data and technology. The traditional programs are evolving to fit today’s workplace,”he added. At present, data holds a special place among organisations. This is one of the reasons why data is embedded within the current programs. The deployment of data is done through technology, for instance through cloud-based applications, he said.

Connected medical devices brought security loopholes mainstream

First, when it comes to firmware updates, it is advisable to initiate an orchestrated process that ensures only authorized administrators can make changes to the device and that the update is applied properly. An update failure should trigger an alert so the device can be otherwise secured or replaced by another device. Second, for patients, cybersecurity leaders must give clear instructions on how to install and configure the device as well as the home network. This will translate into proper operation and a secure connection to transmit encrypted data from patient to doctor. One potential solution is to tailor the device connection type. For example, peer-to-peer connections bypass the public cloud to deliver encrypted information between user and device. Third, for devices, strong authentication with public key schemes is a must. Similar to what is used by online banks, public key authentication uses cryptographic keys to identify and authenticate peers instead of a username and password. Using cryptographic keys for authentication has the advantage that they are practically impossible to brute-force crack and do not require the user to remember anything.

Clean Code for Data Scientist

The number one reason, from my experience, is the nature of our work being “high-risk”. Meaning, when we write the first line of code in the script, we usually don’t know what will happen with it — Will it work? Will it be in production? Will we use it ever again? Is it worth anything? We might end up spending much of our time on risky POCs or one-time data explorations. In those cases, writing the neatest time-consuming code might not be the right way to go. But then, this POC we wrote in a sketchy fashion turns into an actual project, it even gets to production, and its code is a mess! Sounds familiar? Used to happen to me all the time. ... What’s common to all code writers out there is the time aspect. Writing clean code costs more time in the first place since you need to think twice before writing any line of code. We’re always pushed or encouraged to get things done, fast, and it might come at the expense of our code. Just remember — getting things done fast, while in a hurry, can come to bite you later when you’re dealing with bugs on a daily basis. Your time spent writing clean code will for sure pay for itself in the time saved on bugs.

Stop using your work laptop or phone for personal stuff

In the age of remote work, it's easier than ever to blur the lines between our personal and professional tech. Maybe it's sending personal texts or emails from your work phone, editing personal documents or photos on your work laptop, or joining a virtual happy hour with friends from your work tablet. None of these actions may sound like a particularly risky activity, but as a former "IT guy" I'm asking, nay pleading, with you to stop doing them. At least the potentially more hazardous activities, such as storing personal data on your work machine or storing sensitive company data on your personal devices. Do it for the security of your employer. But more importantly, do it for the safety, privacy and wellbeing of yourself, your family and friends. Cybersecurity incidents can have serious negative consequences for both your employer and you. And even if an actual security breach or data leak doesn't occur, you could be reprimanded, demoted, fired, sued or even criminally prosecuted. Take the case of former CIA director John M. Deutch.

The cyber security mesh: how security paradigms are shifting

Without a doubt, the cyber security teams in your business are finding themselves in an increasingly complex situation. The adoption of the cyber security mesh has been effectively accelerated by several drivers, including digital initiatives and the opportunity to take advantage of IoT, AI, advanced analytics and the cloud. These drivers, along with the demand for increased flexibility, reliability and agility, have led more and more businesses to adopt a cyber security mesh. This distributed cyber security approach offers a much-needed chance for increased reliability, flexibility and scalability. ... Ultimately, the continued breakdown of the traditional technology stack with elevated virtualisation of services means the way organisations look to protect themselves is set for an upgrade. Effective cyber security is about being able to match and marry your protection to the circumstances in the world around it. As a society, as technology and even government policy begins to change, so will your points of exposure. Of course, the past year has seen an acceleration in these changes, and this has demonstrated that businesses should be as prepared for the unlikely as they are for the likely, which is exactly what a robust cyber security plan should look like.

Best practices  - code review & test automation.

Doing test automation is about writing code. Test automation code can be easily treated as “second-class citizens”. As it’s not delivered to customers, development is often less formalized and may lack the scrutiny and quality practices otherwise applied in the organization. Lately, I’ve been doing lots of code reviews. ...  All of the reviews exclusively cover end-to-end test automation: new tests, old fixes, config changes, and framework updates. I adamantly believe that test automation code should undergo the same scrutiny of review as the product code it tests because test automation is a product. Thus, all of the same best practices should be applied. Furthermore, I also look for problems that, anecdotally, seem to appear more frequently in test automation than in other software domains. Code review is a very important phenomenon in the SOFTWARE development process. Made popular by the open-source community, it is now the standard for any team of developers. If it is executed correctly, the benefit is not only in reducing the number of bugs and better code quality but also in the training effect for the programmer.

What You Might Not Realize About Your Multi-Cloud Model

It’s common knowledge in the tech world that the vast majority of organizations shifting to public cloud are adopting a mix of hybrid and multi-cloud operating models as part of their cloud strategy. In response, all three of the major cloud providers, including Amazon, Microsoft, and Google, are expanding their service offerings for this positioning. Correspondingly, the market is seeing an uptick in customers that are using these hybrid and multi-cloud environments. According to a recent Gartner research statistic, over 80% of enterprises characterize their strategy as multi-cloud. This can run the gamut from organizations deploying a combination of providers to create a multi-cloud network to firms implementing five or more unique public cloud environments. In reality, while these organizations think they are operating in a multi-cloud environment, they are simply operating “multiple clouds.” This is more than just semantics: Multiple cloud does not equal multi-cloud. And not understanding the nuances may leave a lot on the table when it comes to a CIO managing enterprise IT.

Shift Left: From Concept to Practice

Because developers work with code and in Git, it is logical to apply security controls in Git. Looking at secrets leaks, shifting left means automatically detecting secrets in the code and allowing the different members of the SDLC to collaborate. Remediating secrets leaked in Git repositories is a shared responsibility among developers, operations, and application security (if the secret is exposed in internal code repos) or threat response (if the secret is exposed externally). The processes depend on the organization's size, culture, and how it splits responsibilities among teams. They all need one another, but developers are on the front line. They often know what the leaked secret gives access to. However, they can't always revoke the secret alone because it might affect production systems or fellow developers using the same credentials. Also, it's not only about revoking; it's also about redistributing (rotating), which falls under operations' responsibilities. While remediating, it is also important to keep security professionals' eyes on the issue. They can guarantee that proper remediation steps are followed and guide and educate developers on the risks.

Agile management: How this new way of leading teams is delivering big results

Porter says BP's initial implementations of Agile have helped the company to embed its working processes into various areas of the business. He says the benefits of an Agile way of working are clear. "'It's really liberating' is what we're hearing from the various pilots and work that has started already," he says. "So we're seeing that play out in the broader BP and getting some really good indications back from where we have used Agile in the past and what's coming at us as we embed our design throughout the organisation." The introduction of Agile leadership isn't without its challenges. As managers empower their teams, so they stop being involved in the minutiae of decision-making processes. Get Agile management wrong and there's the possibility for chaos and anarchy. Good Agile managers don't use command-and-control approaches to manage their staff, but they do focus on fostering accountability. Porter says BP wants to avoid diluting the devolved decision-making processes that Agile encourages. Teams at the company are typically organised into small groups of between 10 and 20 people, depending on the organisational context.

How to Prioritize Your Product Backlog

Your product backlog should be a list of all the product-related tasks your team needs to complete, including the division of responsibility and the time frame. The problem is that the list is not intended to be conclusive. It needs to be flexible and will change according to the other things that are happening. For example, a hotshot product release by a competitor may mean you need to release a product update earlier than expected to compete, meaning everything else gets pushed back. Even events such as attending conferences (virtual or in-person) may mean that teams may prioritize sales and marketing visible tasks in an effort to connect with new customers. But the problem occurs when tasks keep getting pushed below the list, and the product manager struggles to maintain momentum to review and organize all the tasks in preference and priority. An effective product backlog list needs to be well structured, organized to be easily read and understood, and arranged to meet the company's strategic needs.

Quote for the day:

"Strong leaders encourage you to do things for your own benefit, not just theirs." -- Tim Tebow

Daily Tech Digest - April 25, 2021

Solving the security challenges of public cloud

Compounding matters is the lack of a unified framework for dealing with public cloud security. End users and cloud consumers are forced to deal with increased spend on security infrastructure such as SIEMs, SOAR, security data lakes, tools, maintenance and staff — if they can find them — to operate with an “adequate” security posture. Public cloud isn’t going away, and neither is the increase in data and security concerns. But enterprise leaders shouldn’t have to continue scrambling to solve these problems. We live in a highly standardized world. Standard operating processes exist for the simplest of tasks, such as elementary school student drop-offs and checking out a company car. But why isn’t there a standardized approach for dealing with security of the public cloud — something so fundamental now to the operation of our society? The ONUG Collaborative had the same question. Security leaders from organizations such as FedEx, Raytheon Technologies, Fidelity, Cigna, Goldman Sachs and others came together to establish the Cloud Security Notification Framework. The goal is to create consistency in how cloud providers report security events, alerts and alarms, so end users receive improved visibility and governance of their data.

Building A Global AI Brand With End-To-End Data Science & Engineering Solutions

At present, people think more from the model design perspective when speaking about data science and analytics than about data engineering. Going forward, model design will not matter much because most algorithms will be available as APIs. In fact, companies like Tredence are building algorithms that have a high degree of verticalization across industries and can be made available as APIs. AI as API is a good differentiation. It allows data scientists to spend less time building algorithms from scratch. Having said that, readily available algorithms can offer only up to 90% accuracy. The true test of a data scientist would be whether he/she can take the accuracy from 90 to 99%. It requires domain expertise, analytical thinking, and the ability to identify edge use cases. Working around biases and long-tail use cases of AI systems would also become very important. While designing algorithms, data scientists often assume that the end-user is AI and not human. There is a need for humanising these systems. Design thinking has seeped into how software is built, next up it should enter AI algorithms.

How to Keep an Innovative Mindset Present In Your Business

It’s essential that managers and executives take accountability and engage employees in more creative ways and foster innovative mindsets. You can do so in many ways, starting with rewarding innovative progress and changing company dynamics. First, you can offer bonuses or other incentives to employees who come up with new ideas for the company. These innovations don’t need to be fully formed or implemented right away. However, this kind of reward system encourages more of the same behavior. Employees will seek to create and flourish once they have the time, resources, and motivation. Then, you can change the way employees interact with the business itself. In traditional models, shareholders or executives own the business. In newer, more innovative dynamics, though, employees can now own parts of the company as well through shares that accrue over time. ... Technology is one of the best signs of innovation. It combines practicality, accessibility, and functionality, which helps it constantly evolve. Something like a smartphone builds on countless previous innovations and uses them to keep creating. The same concept applies to the workplace.

RBI to issue cybersecurity norms for payment services

While the standards for fintech-driven payment services providers will be similar to cyber hygiene norms issued recently for banks and non-banking finance companies, the RBI is quite clear that firms will have to do more than observe the minimum standards to ensure safety as digital transactions gain further traction. “On cyber frauds, Reserve Bank of India has issued very recently basic guidelines on cyber hygiene and cybersecurity for banks and certain NBFCs,” said RBI executive director T. Rabi Sankar. “We would follow that up with respect to other entities such as payments systems operators in the payments space. Those are getting finalised and will be issued soon,” he added. “Having said that, the minimum standards set by the regulator for the regulated entities are needed, but they would never be enough. As digitisation increases in any sphere, payments or otherwise, as people do more and more digital transactions, institutions themselves will have to do more than the minimum standards that regulators set, to deal with any cybersecurity threats,” he said, adding that individual users would also need to be alert as there is no alternative to being aware of the risks in undertaking digital transactions.

The differences between data analytics, machine learning and AI

So, we have three distinct areas of expertise we’ve outlined there. Each has its own applications, subsets, and specialisations, making them very different fields. However, as you may have noticed already, there are certainly some areas where they overlap. Below, we’ve outlined just some of the ways in which machine learning, data analytics, and AI overlap: Data-driven. Each of these areas relies on analysing huge amounts of data. The more information available, the more effective they are at producing results. It often takes a lot of computer processing power to manage such large data sets; Insights. Data analytics, AI, and machine learning can all be used to produce detailed insights in particular areas. By examining data, each can identify patterns, highlight trends, and provide valuable and actionable outcomes; Predictive models. These technologies can also help to create forecasts and predictions based on existing data. Again, this process can help organisations of all kinds plan for the future and make informed decisions. Of course, many other areas relate closely to those of AI, ML, and data analytics.

GoodData unveils analytics as a set of microservices in data-as-a-service platform

The ability to deploy GoodData.CN anywhere is crucial because multiple centers of data gravity will always exist in the enterprise, noted Stanek. It’s unlikely any major enterprise is ever going to be able to standardize on a single data warehouse or data lake, he said. The GoodData.CM platform provides all the metadata capabilities required to maintain a single source of truth across what are rapidly becoming highly federated environments, noted Stanek. A programmable API also makes it feasible to deploy a headless data-as-a-service platform for processing analytics that can be readily accessed and consumed as a service by multiple applications. Previously, individual developers had to take the time and effort to embed analytics capabilities directly within their application, noted Stanek. The GoodData.CM platform makes applications more efficient and, as a consequence, smaller. That is because more analytics processing is offloaded to the headless platform, added Stanek. Pressure to embed analytics in every application is mounting as end users seek to make faster and better fact-based decisions.

Why Technology is More Important Than Ever to Financial Services Organisations

Larger financial institutions have sometimes drawn criticism for their pace with digital innovation, with suggestions that a risk-averse culture impedes innovative new projects. But it is important to note that they are not out of the game. They can still rely on their great customer access, brand cachet and understanding of regulations to compete with nimble challengers. Additionally, data is at the heart of digital transformation, a resource that retail and private banking companies have in abundance. Blending deep, data-powered insight with their powerful human-centric brands gives these organisations an opportunity to create real differentiation when it comes to customer experience. If this is done correctly, they can become smarter, faster and more resilient, while retaining their brand identity. Attitudes are also changing. Some 79% of all organisations in our research now believe traditional business models are being radically disrupted, and that innovation is clearly underway. A further 92% believe that their business embraces change rather than tries to resist it.

The future of work is uniquely human

Re-architecting work is not about simply automating tasks and activities. At its core, it is about configuring work to capitalize on what humans can accomplish when work is based on their strengths. In the survey, executives identified two factors related to human potential as the most transformative for the workplace: building an organizational culture that celebrates growth, adaptability and resilience (45%), and building workforce capability through upskilling, reskilling, and mobility (41%). Leaders should find ways to create a shared sense of purpose that mobilizes people to pull strongly in the same direction as they face the organization’s current and future challenges, whether the mission is, like Delta’s, to keep people connected, or centered on goals such as inclusivity, diversity or transparency. They should trust people to work in ways that allow them to fulfill their potential, offering workers a degree of choice over the work they do to align their passions with organizational needs. And they should embrace the perspective that reimagining work is key to the ability to achieve new and better outcomes—in a world that is itself being constantly reimagined.

Why applied AI requires skills and knowledge beyond data science

“A business problem that can be solved by a model alone is very unusual. Most problems are multifaceted and require an assortment of skills—data pipelines, infrastructure, UX, business risk analysis,” Rochwerger and Pang write in Real World AI. “Put another way, machine learning is only useful when it’s incorporated into a business process, customer experience or product, and actually gets released.” Applied machine learning needs a cross-functional team that includes people from different disciplines and backgrounds. And not all of them are technical. Subject matter experts will need to verify the veracity of training data and the reliability of the model’s inferences. Product managers will need to establish the business objectives and desired outcomes for the machine learning strategy. User researchers will help to validate the model’s performance through interviews with and feedback from end-users of the system. And an ethics team will need to identify sensitive areas where the machine learning models might cause unwanted harm.

Machine learning, explained

Machine learning starts with data — numbers, photos, or text, like bank transactions, pictures of people or even bakery items, repair records, time series data from sensors, or sales reports. The data is gathered and prepared to be used as training data, or the information the machine learning model will be trained on. The more data, the better the program. From there, programmers choose a machine learning model to use, supply the data, and let the computer model train itself to find patterns or make predictions. Over time the human programmer can also tweak the model, including changing its parameters, to help push it toward more accurate results. (Research scientist Janelle Shane’s website AI Weirdness is an entertaining look at how machine learning algorithms learn and how they can get things wrong — as happened when an algorithm tried to generate recipes and created Chocolate Chicken Chicken Cake.) Some data is held out from the training data to be used as evaluation data, which tests how accurate the machine learning model is when it is shown new data. The result is a model that can be used in the future with different sets of data.

Quote for the day:

"You may be good. You may even be better than everyone esle. But without a coach you will never be as good as you could be." -- Andy Stanley