Daily Tech Digest - January 30, 2024

Most cloud-based genAI performance stinks

Generative AI systems often comprise various components. They include data ingestion services, storage, computing, and networking. Architecting these components to work synergistically often leads to overcomplexity, where performance issues, determined by the poorest performing components, are different from isolating. I’ve seen poorly performing networks and saturated databases. Those things are not directly related to generative AI, but they can cause performance problems, nonetheless. ... Protecting AI models and their data against unauthorized access and breaches goes without saying, especially in cloud environments where multitenancy is common. Too many performance issues raise security risks. In many instances, security mechanisms, such as encryption, introduce performance issues that if not resolved will worsen as the data grows. Architecture and testing are your friends here. Take some time to understand how security affects generative AI performance. ... Related to security is adherence to data governance and compliance standards. They can impose additional layers of performance management complexity. Much like security, we need to figure out how to work with these requirements. 


Using AI and responsibility for data privacy

If the AI is a self-hosted solution without a connection to application programming interfaces (API) or other data flow to the developer/provider or other third parties, the user is likely to remain solely responsible under data protection law. The fact that the AI provider initially programmed and provided the AI system and determined the technical functionality and the algorithms used by the AI can hardly be sufficient for the AI provider to be held (co-)responsible. It is correct that with the programming the AI provider already specifies the data processing (the means) initiated later by the user, which the user adopts in the context of the subsequent concrete data processing. However, this is the case with all software and therefore cannot be deemed decisive for the role of the controller. If, on the other hand, the AI is a Software-as-a-Service (SaaS) or AI-as-a-Service and the AI provider is still involved in the data processing initiated by the user, the AI provider is at least one potential additional operator in the circle of possible controllers. However, this does not automatically make the AI provider the controller of the data processing carried out by the AI within the meaning of the GDPR.


Transformative technology trends coming to the fore in 2024

Human machine interface (HMI) will transform the way people behave in various scenarios – this includes how drivers interact with their cars, engineers work with heavy machinery, laboratory technicians operate in hazardous environments, and much more. Advanced HMI won’t all be about gesture recognition, however. Expect to see greater adoption of natural voice interfaces around the world, as AI enables more native language interactions with virtual assistants and chatbots. This should finally break the barrier that kept millions (if not billions) of potential customers away from technologies such as home assistants, which only operate in a few selected languages. ... We also need to keep a watchful eye on Gen AI for more nefarious reasons too. There is a high probability that malicious actors will also co-opt this technology to create computer viruses – leading to a surge in malware. AI is not the only cyber security concern, however. We are also seeing major developments in quantum computing. This could enable hackers to break encryptions that would currently take years to break, within minutes. 


Business privacy obligations hard to understand

Jo Stewart-Rattray, Oceania Ambassador, ISACA said the results are worrying and are cause for major concern globally, particularly around budget deficits, low confidence and lack of compliance clarity. “Every organisation in ANZ and across the world, from SMEs through to enterprise, has a responsibility to protect the privacy of its customer and stakeholder data, and many governments including Australia’s Federal government, are updating legislation to ensure best practice,” said Ms Stewart-Rattray. “It is paramount that organisations understand what is expected of them in order to devise an effective privacy policy and implement accordingly. Then will they be able to realise the benefits of embedding privacy practices in digital transformation from the outset, including customer loyalty, reputational and financial performance.” ... “When privacy teams face limited budgets and skills gaps among their workforce, it can be even more difficult to stay on top of ever evolving and expanding data privacy regulations and even increase the risk of data breaches,” says Safia Kazi, ISACA principal, privacy professional practices. 


US-based cloud companies may need to reveal client details

The proposed change can restrict the pace of innovation in the Chinese AI ecosystem as the Chinese AI developers may be subjected to greater scrutiny by the US Government. “On the other hand, for local alternatives like Baidu ERNIE, Alibaba Tongyi Qianwen, Tencent Hunyuan, Huawei Pangu, Zhipu GLM, and Baichuan, this becomes important leverage for them to focus on their innovation despite the performance gap. It will also force Chinese vendors and enterprises to further prioritize localization, accelerating the evolution of AI software and hardware ecosystem in the long run,” said Charlie Dai, Vice President and Principal Analyst at Forrester. The restrictions may have implications for the global AI ecosystem as well. “In general, this will cast a shadow over the global AI ecosystem. Firstly, foreign companies, particularly those from China, may face greater scrutiny and oversight from the US government. This increased attention could lead to delays, additional costs, and potential restrictions on the development and deployment of AI applications,” Dai said. In addition, the requirement to disclose sensitive information about technology, data usage, and business operations can raise significant concerns about IP protection. 


Great security or great UX? Both, please

A security step-up should be used only for higher-risk scenarios, such as: anomalous behavior or sensitive actions like purchasing a product, changing passwords or account information, or inputting financial details into a form. The average user of a B2B SaaS app should go months without running into a security step-up. Recognize when they make sense and get rid of those that don’t. Fewer steps are more secure because users will not become numb to the situation. In contrast, sparsely used step-ups will be perceived as an indication of a riskier environment or action that requires more care. Be smart, as well, about when you have strong enough information not to warrant a step up. For example, if a user logs in with strong 2FA like a security token and immediately goes into a sensitive process, a step-up may not be warranted because the session is short, and the authentication is recent. How you do a step up, as well, is crucial. First, tell the user why you are asking for additional information. Second, make it easy for them to follow the process by explaining precisely what will happen in the step-up and providing visual cues like breadcrumbs.


Mastering the data science gamble: Strategies for success in a volatile landscape

One of the most significant pitfalls companies face is the blind adoption of data science merely because it is the industry buzzword. Visionary implementation should not be about following trends; it should be about understanding the unique needs of the business and aligning data science initiatives with strategic goals. Companies need a clear roadmap, a vision that transcends the charm of technology trends and fads. Without a precise vision, data science initiatives are equivalent to a ship without a destination, drifting aimlessly amidst the digital sea. A well-defined strategy, coupled with risk mitigation techniques, ensures that data science efforts are not futile ventures but powerful tools driving tangible outcomes. Moreover, the landscape of data science is ever-changing. Adopting an agile approach, where hypotheses are tested rapidly, allows for quick iterations and adjustments. Being nimble in experimentation provides the flexibility to adapt models in response to evolving market demands. Rapid prototyping and experimentation allow businesses to fail fast, learn, and refine their approaches swiftly.


Ransomware’s Impact Could Include Heart Attacks, Strokes & PTSD

The psychological harm of ransomware attacks on staff is intense and is often overlooked. Considerable stress for the individuals involved in responding to ransomware attacks can lead companies to hire a post traumatic stress disorder support team. Higher levels of employees suffer from stress due to financial concerns, while middle management suffers from stress caused by extremely long workdays, including particularly stressful communications with the threat actor. IT teams are the main victims, as they suffer from extreme workday conditions and feel a direct responsibility for protecting the organization’s systems. ... Victims of ransomware attacks rarely share their experiences. In the best case, companies share an incident response report publicly to help other organizations improve their defense but also often to show their customers that they have handled the threat in a responsive way, yet a lot of organizations stay silent for various reasons: reputational concerns, fear or legal reasons. ... As stated by the RUSI in the report, “there is a real human impact to ransomware attacks that is yet to be fully grasped and measured.”


Distributed Applications Need a Consistent Security Posture

With applications and APIs being made available across clouds and on-premises data centers, a comprehensive approach to security must include an authentication platform that is flexible and extensible and that functions with the various clients required to use it. The zero trust security model framework requires per-application authentication instead of a single network-level authentication that gives access to all. It doesn’t matter if you choose a third-party identity provider or go the service provider route, but it’s important to provide a consistent authentication experience. Application end users get confused when they encounter different login experiences across different applications, and this allows attackers to attempt to capture credentials from unsuspecting employees and customers. Many developers build the authentication layer into their applications and APIs, which leads to security posture inconsistencies due to varying skill levels among developers, lack of standardization and haphazard policy enforcement, and also increases development time and costs significantly. 


We Have Only Begun To Scratch The Surface Of AI’s True Innovative Power

The potential applications that will arise through AI “are vast and can potentially transform various industries—from healthcare and education to finance and retail," says Huang. AI-driven applications such as ChatGPT or AI Copilot "are redefining user access to information, enabling a more efficient and intuitive experience in place of traditional methods such as web searching. The advance of multi-modal AI models has created a new paradigm of opportunities for businesses around context generation and retrieval." It means there will be new and far more intuitive ways of dealing with computers. With recent AI progress in large language models, "in addition to voice and video generation, we will likely see new businesses, focused on providing more natural and human-centric interactions between humans and machines, sprouting up," Huang predicts. Business leaders across the spectrum recognize that we are only starting to recognize what AI — fused with other concepts — can deliver. “AI can act as a powerful tool for serendipity, connecting disparate information and fostering unexpected discoveries,” says Bownes.



Quote for the day:

"Leadership is a matter of having people look at you and gain confidence, seeing how you react. If you're in control, they're in control." -- Tom Laundry

No comments:

Post a Comment