Daily Tech Digest - December 27, 2023

Artificial ethics: Programmed principles or cultivated conviction?

Are AI systems developing generalisable ethical principles? Evidence suggests limited abilities to contextually apply concepts like privacy rights and informed consent. Or is ethical behavior just pattern recognition of scenarios labeled “unacceptable” by training data? Risk of overreliance on surface-level input/output mapping without philosophical grounding. Compare this rules-based approach to the human internalisation of ethical frameworks tied to justice, rights, duties, and harms. ... Their reasoning happens within limited data slices. This opacity around applied judgment represents a major trust gap. We cannot investigate when AI should make independent decisions in ethically ambiguous areas versus defer to human oversight due to understandable limitations in their moral literacy. Bridging this chasm requires architecting comprehensive ethical infrastructure across data sourcing, model design, and product applications. Ethics must permeate the entirety of systems, not follow as an afterthought. Careful scrutiny into reasoning behind AI choices can uncover areas for instilling principled priorities over transitory rules.

‘Merchants of Complexity’: Why 37Signals Abandoned the Cloud

With this ease of cloud computing comes a certain loss of independence. When a cloud provider suffers a massive outage, the customers are helpless to do anything for their own users. Hightower and DHH recalled a series of outages on the Google Cloud Platform that was so bad, it spurred 37Signals to move everything over to AWS. “The sense of desperation you feel when everything is out of your control, and there’s literally nothing we can do in the moment to fix it, is just so disheartening,” DHH said. And moving a workload, and its associated data, from one cloud to another is far from a trivial, or inexpensive task. DHH noted that it cost 37signals “hundreds of thousands of dollars” to move 6 to 7 petabytes of data from GCP, due to egress costs. “This whole idea that the cloud is going to give you mobility was not really true,” DHH said. ... DHH related how you can see $600,000 of Dell servers, out there on a loading dock somewhere. Whereas with the cloud, you are never sure where the money goes. You can click a button to spin up an authorization service, forget about it and let it run up thousands of dollars in monthly charges on the corporate account.

If you don’t already have a generative AI security policy, there’s no time to lose

Over time, security teams have tried to reign in shadow IT with policies that mitigate the plethora of risks and challenges it has introduced, but many remain due to its scale. Figures from research firm Gartner revealed that 41% of employees acquired, modified, or created technology outside of IT's visibility in 2022, while 2023 shadow IT and project management survey from Capterra found that 57% of small and midsized businesses have had high-impact shadow IT efforts occurring outside the purview of their IT departments. Although generative AI is quite a different thing, it's taking off far quicker than shadow IT did. The lesson is that security-focused policies should be put in place in the early stages as new technology use grows and not after it reaches an unmanageable scale. Adding to the pressures are the potential security risks generative AI can insert into businesses if unmanaged, which are very much still being understood. ... The problem is that most organizations, regardless of size or industry, are experiencing the same challenge around how to control and manage the secure use of generative AI, Thacker says. 

The Silver Bullet Myth: Debunking One-Size-Fits-All Solutions in Data Governance

Customized Data Governance frameworks streamline Data Management processes, allowing them to better align with specific organizational workflows. This alignment drives an increase in the overall efficiency of operations and reduces redundancies, saving both time and resources. The result – minimizing errors, making the ship run more smoothly, and cost savings – is a complete win-win scenario. Effective Data Governance is also an instrumental factor for managing risks such as breaches and misuse. Customized frameworks provide organizations with enough space to put together robust mechanisms for identifying, assessing, mitigating, and ultimately dealing with risks in a way that is tailored to the specific risk landscape in question. Another thing the proponents of the silver bullet approach disregard is the need for solutions for protecting rapidly moving data, as with same day ACH transfers, messaging apps, and real-time video call apps such as Zoom and Google Meet. As organizations evolve, so, too, do their Data Governance needs. Customized frameworks are scalable and adaptable, accommodating changes as the organization grows, enters new markets, or adopts new technologies.  

CIOs Battle Growing IT Costs with Tools, Leadership

CIOs can optimize IT spend by implementing more rigorous, strategy-aligned software approval processes aimed at avoiding duplicative spend and ensuring contracts are rightsized for the business needs. “The challenge and responsibility of CIOs is to be intentional with every dollar and investment by keeping the organization focused on the most important priorities instead of pursuing every exciting new idea,” she says. Mandell says IT leaders should encourage a culture of innovation and ideation, but they must also balance maintaining a strategic focus -- and communicate these goals across their own team and other areas of the organization. ... “Bridging the finance and engineering functions is hard work and you need both a team and a platform to effectively accomplish this,” she says. “When you do, you will be able to ensure and show that your cloud costs are being effectively managed.” ... When integrated effectively, AI-powered solutions can enhance decision-making and identify opportunities for optimization. “With the help of emerging technologies, CIOs and other budget decision makers will have greater visibility into spend, helping ensure resources are allocated strategically and IT environments are streamlined,” Mandell explains.

CIOs in financial services embrace gen AI — but with caution

AI is not the future of financial services — it’s the present. Genpact, a major business and technology services company that assists banks such as JP Morgan and Goldman Sachs, is already utilizing AI. “It’s really good at summarising, filling in blanks, and connecting dots, so generative AI is fit for purpose,” says Brian Baral, global head of risk at Genpact. “We’ve been able to leapfrog and do in months what had taken three years, but the data is key. Banks have to get ready to take the step forward.” Conscious of the recent history of disruption to financial services, the sector’s technology leaders are already looking for opportunities in AI. “Generative AI is starting off a new age of exploration in IT,” says Frank Schmidt, CTO at insurance firm Gen Re. Cugini at KeyBank agrees, and adds that the exploration has to include a cross-functional team from all areas of the business, not just IT. “We also pulled in some experts from Microsoft and Google to really understand what AI means to our sector.” Schmidt sees AI as having potential in process automation, particularly underwriting submissions. “AI will play a role in this workflow and classifying information,” he says.

NASA Releases First Space Cybersecurity Best Practices Guide

The guidance urges public and private sector organizations conducting space activities to establish a continuous process of mission security risk analysis and risk response in order to routinely identify and address security risks related to specific operations. NASA also advises organizations to apply the principles of domain separation and least privilege designs across their enterprises to better mitigate supply chain attacks and other operational vulnerabilities. Misty Finical, deputy principal adviser for enterprise protection at NASA, said the guidance "represents a collective effort to establish a set of principles that will enable us to identify and mitigate risks and ensure continued success of our missions, both in Earth's orbit and beyond." Reports detail a variety of challenges that organizations have faced in recent years while responding to emerging cybersecurity threats in space. A 2019 Government Accountability Office assessment found that the Department of Defense had struggled to adopt new approaches to protect U.S. satellites from cyberattacks by foreign adversaries and from the increasing threat of space debris.

How to incorporate human-centric security

The concept of human-centric security focuses on better management of the insiders that either inadvertently or maliciously cause so many of the threats that companies must deal with. Gartner recommends reducing friction caused by security strategies and starting to manage security risk. A human-centric approach to security not only takes the burden of security off the employee, it starts to look at the overall risk associated with certain behaviors and on improving the experience of employees. One way to look at this is as a trade-off. Allowing people to work remotely, for example, carries a certain security risk that needs to be weighed against the benefits of giving employees flexibility. However, another important way to look at risk is to analyze the behaviors that are most likely to lead to future threats and determine new ways to mitigate those risks to reduce future threats. By using insider risk management software, companies can better understand new work patterns of remote employees, track negative sentiment and flag access to sensitive data to proactively improve the company’s overall cybersecurity and employee experience.

AI: A Data Privacy Ally?

We can expect to see new technologies created to address the security and data privacy concerns in an AI world. Imagine consumers getting their own “AI Consent Assistant.” Such a tool would move us from static, one-time consent checkboxes to dynamic, ongoing conversations between consumers and platforms, with the AI Consent Assistant acting as a personal guardian to negotiate on our behalf. Or maybe AI tools could be developed to help security teams predict privacy breaches before they happen or proactively auto-redact sensitive information in real-time. We must think differently about AI in relation to data privacy – the future of data is not about how much we collect, but how ethically it is used and how we can realistically safeguard it so that we get the best out of AI without violating data privacy tenets. ... Transparency should never be a question– no one has to guess at what data is collected, why, how it is stored, or how to remove it. Before launching any new technology or platform, companies should assess the privacy impact, working to identify potential privacy issues and taking preventive measures from the start, as it remains quite difficult to retrofit privacy.

Security And Market Adoption Of Open Banking

With regard to the first element that ensures security, the European Banking Authority drafted regulatory technical standards for strong customer authentication in 2016. As specified by PSD2, strong authentication must rely on at least two key elements that are independent of one another. This is to ensure the disclosure or theft of one authentication element does not affect the overall security. ... As for the second element of security mitigation, the communication channel between third-party providers and banks, PSD2 paved the way for regulated application programming interfaces. The interface must allow third-party providers to identify themselves with banks when requesting access to accounts. This outcome establishes requirements and responsibilities that prevent third-party providers from using expired certificates, or not having them at all, when fetching data or transmitting a payment order. ... Building trust in open banking is an essential step toward achieving widespread adoption as well. Companies can share real-life examples, such as case studies and testimonials. These are powerful ways to showcase the benefits of open banking and building trust with customers. 

Quote for the day:

“Winners are not afraid of losing. But losers are. Failure is part of the process of success. People who avoid failure also avoid success.” -- Robert T. Kiyosaki

No comments:

Post a Comment