Artificial ethics: Programmed principles or cultivated conviction?
Are AI systems developing generalisable ethical principles? Evidence suggests
limited abilities to contextually apply concepts like privacy rights and
informed consent. Or is ethical behavior just pattern recognition of scenarios
labeled “unacceptable” by training data? Risk of overreliance on surface-level
input/output mapping without philosophical grounding. Compare this rules-based
approach to the human internalisation of ethical frameworks tied to justice,
rights, duties, and harms. ... Their reasoning happens within limited data
slices. This opacity around applied judgment represents a major trust gap. We
cannot investigate when AI should make independent decisions in ethically
ambiguous areas versus defer to human oversight due to understandable
limitations in their moral literacy. Bridging this chasm requires architecting
comprehensive ethical infrastructure across data sourcing, model design, and
product applications. Ethics must permeate the entirety of systems, not follow
as an afterthought. Careful scrutiny into reasoning behind AI choices can
uncover areas for instilling principled priorities over transitory rules.
‘Merchants of Complexity’: Why 37Signals Abandoned the Cloud
With this ease of cloud computing comes a certain loss of independence. When a
cloud provider suffers a massive outage, the customers are helpless to do
anything for their own users. Hightower and DHH recalled a series of outages on
the Google Cloud Platform that was so bad, it spurred 37Signals to move
everything over to AWS. “The sense of desperation you feel when everything is
out of your control, and there’s literally nothing we can do in the moment to
fix it, is just so disheartening,” DHH said. And moving a workload, and its
associated data, from one cloud to another is far from a trivial, or inexpensive
task. DHH noted that it cost 37signals “hundreds of thousands of dollars” to
move 6 to 7 petabytes of data from GCP, due to egress costs. “This whole idea
that the cloud is going to give you mobility was not really true,” DHH said. ...
DHH related how you can see $600,000 of Dell servers, out there on a loading
dock somewhere. Whereas with the cloud, you are never sure where the money goes.
You can click a button to spin up an authorization service, forget about it and
let it run up thousands of dollars in monthly charges on the corporate
account.
If you don’t already have a generative AI security policy, there’s no time to lose
Over time, security teams have tried to reign in shadow IT with policies that
mitigate the plethora of risks and challenges it has introduced, but many remain
due to its scale. Figures from research firm Gartner revealed that 41% of
employees acquired, modified, or created technology outside of IT's visibility
in 2022, while 2023 shadow IT and project management survey from Capterra found
that 57% of small and midsized businesses have had high-impact shadow IT efforts
occurring outside the purview of their IT departments. Although generative AI is
quite a different thing, it's taking off far quicker than shadow IT did. The
lesson is that security-focused policies should be put in place in the early
stages as new technology use grows and not after it reaches an unmanageable
scale. Adding to the pressures are the potential security risks generative AI
can insert into businesses if unmanaged, which are very much still being
understood. ... The problem is that most organizations, regardless of size or
industry, are experiencing the same challenge around how to control and manage
the secure use of generative AI, Thacker says.
The Silver Bullet Myth: Debunking One-Size-Fits-All Solutions in Data Governance
Customized Data Governance frameworks streamline Data Management processes,
allowing them to better align with specific organizational workflows. This
alignment drives an increase in the overall efficiency of operations and reduces
redundancies, saving both time and resources. The result – minimizing errors,
making the ship run more smoothly, and cost savings – is a complete win-win
scenario. Effective Data Governance is also an instrumental factor for managing
risks such as breaches and misuse. Customized frameworks provide organizations
with enough space to put together robust mechanisms for identifying, assessing,
mitigating, and ultimately dealing with risks in a way that is tailored to the
specific risk landscape in question. Another thing the proponents of the silver
bullet approach disregard is the need for solutions for protecting rapidly
moving data, as with same day ACH transfers, messaging apps, and real-time video
call apps such as Zoom and Google Meet. As organizations evolve, so, too, do
their Data Governance needs. Customized frameworks are scalable and adaptable,
accommodating changes as the organization grows, enters new markets, or adopts
new technologies.
CIOs Battle Growing IT Costs with Tools, Leadership
CIOs can optimize IT spend by implementing more rigorous, strategy-aligned
software approval processes aimed at avoiding duplicative spend and ensuring
contracts are rightsized for the business needs. “The challenge and
responsibility of CIOs is to be intentional with every dollar and investment by
keeping the organization focused on the most important priorities instead of
pursuing every exciting new idea,” she says. Mandell says IT leaders should
encourage a culture of innovation and ideation, but they must also balance
maintaining a strategic focus -- and communicate these goals across their own
team and other areas of the organization. ... “Bridging the finance and
engineering functions is hard work and you need both a team and a platform to
effectively accomplish this,” she says. “When you do, you will be able to ensure
and show that your cloud costs are being effectively managed.” ... When
integrated effectively, AI-powered solutions can enhance decision-making and
identify opportunities for optimization. “With the help of emerging
technologies, CIOs and other budget decision makers will have greater visibility
into spend, helping ensure resources are allocated strategically and IT
environments are streamlined,” Mandell explains.
CIOs in financial services embrace gen AI — but with caution
AI is not the future of financial services — it’s the present. Genpact, a
major business and technology services company that assists banks such as JP
Morgan and Goldman Sachs, is already utilizing AI. “It’s really good at
summarising, filling in blanks, and connecting dots, so generative AI is fit
for purpose,” says Brian Baral, global head of risk at Genpact. “We’ve been
able to leapfrog and do in months what had taken three years, but the data is
key. Banks have to get ready to take the step forward.” Conscious of the
recent history of disruption to financial services, the sector’s technology
leaders are already looking for opportunities in AI. “Generative AI is
starting off a new age of exploration in IT,” says Frank Schmidt, CTO at
insurance firm Gen Re. Cugini at KeyBank agrees, and adds that the exploration
has to include a cross-functional team from all areas of the business, not
just IT. “We also pulled in some experts from Microsoft and Google to really
understand what AI means to our sector.” Schmidt sees AI as having potential
in process automation, particularly underwriting submissions. “AI will play a
role in this workflow and classifying information,” he says.
NASA Releases First Space Cybersecurity Best Practices Guide
The guidance urges public and private sector organizations conducting space
activities to establish a continuous process of mission security risk analysis
and risk response in order to routinely identify and address security risks
related to specific operations. NASA also advises organizations to apply the
principles of domain separation and least privilege designs across their
enterprises to better mitigate supply chain attacks and other operational
vulnerabilities. Misty Finical, deputy principal adviser for enterprise
protection at NASA, said the guidance "represents a collective effort to
establish a set of principles that will enable us to identify and mitigate
risks and ensure continued success of our missions, both in Earth's orbit and
beyond." Reports detail a variety of challenges that organizations have faced
in recent years while responding to emerging cybersecurity threats in space. A
2019 Government Accountability Office assessment found that the Department of
Defense had struggled to adopt new approaches to protect U.S. satellites from
cyberattacks by foreign adversaries and from the increasing threat of space
debris.
How to incorporate human-centric security
The concept of human-centric security focuses on better management of the
insiders that either inadvertently or maliciously cause so many of the threats
that companies must deal with. Gartner recommends reducing friction caused by
security strategies and starting to manage security risk. A human-centric
approach to security not only takes the burden of security off the employee,
it starts to look at the overall risk associated with certain behaviors and on
improving the experience of employees. One way to look at this is as a
trade-off. Allowing people to work remotely, for example, carries a certain
security risk that needs to be weighed against the benefits of giving
employees flexibility. However, another important way to look at risk is to
analyze the behaviors that are most likely to lead to future threats and
determine new ways to mitigate those risks to reduce future threats. By using
insider risk management software, companies can better understand new work
patterns of remote employees, track negative sentiment and flag access to
sensitive data to proactively improve the company’s overall cybersecurity and
employee experience.
AI: A Data Privacy Ally?
We can expect to see new technologies created to address the security and data
privacy concerns in an AI world. Imagine consumers getting their own “AI
Consent Assistant.” Such a tool would move us from static, one-time consent
checkboxes to dynamic, ongoing conversations between consumers and platforms,
with the AI Consent Assistant acting as a personal guardian to negotiate on
our behalf. Or maybe AI tools could be developed to help security teams
predict privacy breaches before they happen or proactively auto-redact
sensitive information in real-time. We must think differently about AI in
relation to data privacy – the future of data is not about how much we
collect, but how ethically it is used and how we can realistically safeguard
it so that we get the best out of AI without violating data privacy tenets.
... Transparency should never be a question– no one has to guess at what data
is collected, why, how it is stored, or how to remove it. Before launching any
new technology or platform, companies should assess the privacy impact,
working to identify potential privacy issues and taking preventive measures
from the start, as it remains quite difficult to retrofit privacy.
Security And Market Adoption Of Open Banking
With regard to the first element that ensures security, the European Banking
Authority drafted regulatory technical standards for strong customer
authentication in 2016. As specified by PSD2, strong authentication must rely
on at least two key elements that are independent of one another. This is to
ensure the disclosure or theft of one authentication element does not affect
the overall security. ... As for the second element of security mitigation,
the communication channel between third-party providers and banks, PSD2 paved
the way for regulated application programming interfaces. The interface must
allow third-party providers to identify themselves with banks when requesting
access to accounts. This outcome establishes requirements and responsibilities
that prevent third-party providers from using expired certificates, or not
having them at all, when fetching data or transmitting a payment order. ...
Building trust in open banking is an essential step toward achieving
widespread adoption as well. Companies can share real-life examples, such as
case studies and testimonials. These are powerful ways to showcase the
benefits of open banking and building trust with customers.
Quote for the day:
“Winners are not afraid of losing. But
losers are. Failure is part of the process of success. People who avoid
failure also avoid success.” -- Robert T. Kiyosaki
No comments:
Post a Comment