Category: Business

Meet Jean O’Neill: Cloud Expert of the Month – January 2020

Cloud Girls is honored to have amazingly accomplished, professional women in tech as our members. We take every opportunity to showcase their expertise and accomplishments – promotions, speaking engagements, publications and more. Now, we are excited to shine a spotlight on one of our members each month.

January Cloud Expert of the Month is Jean O’Neill
Jean O’Neill, Vice President of Channel at Cyxtera, has over 20 years of technology industry experience with deep expertise within Channel.  She was instrumental in building the Channel Programs at Rackspace, Terremark/Verizon, and Involta.  Additionally, she has counseled, mentored and supplied Channel consulting to companies in their initial stages, laying proper foundations to insure successful Channel/Alliances programs.  O’Neill is an early and active member of Cloud Girls who are advocates dedicated to educating themselves and their stakeholders about the vast and dynamic cloud ecosystem.  She is a Magna Cum Laude graduate of Kennesaw State University.

What do you value about being a Cloud Girl?
The sorority and support of women who I hold in such high esteem.

What advice would you give to your younger self at the start of your career?
You may not have chosen the easy path, but you chose the right path.

What is the best professional/business book you’ve read and why?
“Now, Discover Your Strengths” by Donald O. Clifton & Marcus Buckingham because it greatly contributed to the realization that my time and efforts are best used sharpening my strengths while identifying others to utilize their strengths to augment mine..[…] Read more »…..

 

The Most Important Agile Trends to Follow in 2020

The new year promises big changes in Agile methodologies and applications. Here’s a look at what to expect.

The Agile concept has come a long way over the past several years, taking its place as a firmly established set of software development methodologies. Yet Agile continues to evolve and mature, as experience leads to improvements, refinements, and new uses.

Looking forward to 2020, Scott Ambler, vice president and chief scientist of disciplined Agile at the Project Management Institute (PMI), a global nonprofit professional organization for project management, expects Agile to grow even more rapidly. “Agile isn’t just a trend; it’s here to stay, especially as we better learn how to effectively yield its benefits,” he said.

The new year also promises an increased focus on agility at scale, as well as better ways of integrating business delivery into engineering teams, predicted Casey Gordon, director of Agile engineering at Liberty Mutual Insurance. “Where, before, application development teams were handed work from upstream business-centric efforts, there’s a shift to move that work closer to the development teams to help reduce lead time,” he explained. “This may mean organizational alignment and structure changes, while portfolio management and executive teams that were previously planning through longer cycles will see those cycles reduced to quarterly or even monthly,” he added.

Steve Myers, managing director of Accenture’s Industry X.0 emerging, connected and smart technologies practice, noted that enterprises are also prepared to externalize more development capabilities. “Doing so will overturn the traditional approach, where all physical development was carried out in-house,” he stated. “After all, wherever else specialist expertise is required, such as in law or accounting, businesses turn to external experts for their toughest challenges, so why not for development of innovative products?”

SAFe at home

Gina Casamassima, vice president of the federal health division of management consulting firm Apprio, sees Agile moving toward more formal structures, such as Scaled Agile Framework SAFe 5.0. The changeover won’t be easy, however. “Corporations and government entities know they need to transform, but there are challenges in incorporating old managerial styles and structure into SAFe,” she warned. “SAFe 5.0’s focus on business agility requires that business and technology leaders are in sync with development and IT operations,” Casamassima added that business and management leaders should also utilize lean and Agile practices to ensure that the enterprise remains competitive and innovative.

Beth Phalen, president of Dell Technologies’ Dell EMC Data Protection unit, believes there will be greater recognition of Scrum@Scale in 2020. “Business leaders will more aggressively seek out how they need to change as they, too, embrace the Scrum simplicity and power,” she said. As for coders, they will need to keep their product in shippable product quality, always at scale. Coders will also increasingly find themselves collaborating and validating well beyond the confines of their Scrum teams. “They will need to work closely with business leaders on the right methods and investments to shift over to Scrum@Scale,” she explained.

The upcoming year should also see growing adoption of larger-scale Agile initiatives. “It’s been a slow burn, but the idea of extending Agile from individual Scrum teams to large-scale programs is really gathering steam,” observed Oliver Merkle, delivery director at Agile software developer Nexient. “Organizations that have adopted small-scale Agile have seen the benefits, and they’re comfortable with the basic principles,” he observed. The next big leap, he noted, will be to apply those principles at scale.

Agile for all?

Recent years have seen Agile practices flow out of IT and into various business departments, leading to Agile Engineering, Agile Human Resources and Agile Marketing organizations, among others. This expansion is likely to continue at an even faster pace in 2020. “We will see the original values and principles of Agile software development applied to new departments, like Agile Customer Service,” said Scott Abate, Agile project manager at digital business solutions provider Anexinet. “These new adopters will undergo transformations and reap the benefits of agility and adaptability in their own dynamic business environments,” he predicted.

Enterprise Agile is reshaping the way enterprises do business, Merkle observed. “Agile is the best way anyone has found to create products that serve customers and drive business value,” he said. “The principles of constant feedback and rapid iteration are just as valid at the enterprise scale as they are for smaller organizations.”..[…] Read more »…..

 

Removing the Human From the Machine Can Doom Cyber Resilience

There is universal acceptance of the need to be cyber threat resilient—anticipating, preparing for and responding to events and adapting these efforts to continuously changing threat profiles. Creating the security-minded organizational culture needed to achieve resilience remains elusive. One challenge is that the human elements of commitment, collaboration and education are often overlooked. If your cyber risk management efforts remove key human elements from the “machine,” you might accomplish compliance but not resilience.

Kurt Lewin, the father of modern social psychology, put it best: “If you want truly to understand something, try to change it!” Below are three key “resilience killers” from lessons learned over years of working to change organizational mindsets to establish resilience. These are behaviors you should strive to avoid when maturing your cybersecurity capabilities.

  1. Lack of commitment. Many organizations address resilience as a stand-alone goal, compartmentalizing cyber resilience as a network management priority and moving it down the list past revenue and profitability, growth and acquisition, cost control and talent strategy. Leadership needs to recognize that cyber resilience is an underlying element that supports all business priorities. Technology solutions need to connect to the people, processes and protocols that drive business. The impacts of a cyber event are not siloed in one area of the company. Direct costs (forensics, legal fees, compensation for personal data compromise, theft of financial assets), operational costs (systems and service delivery disruptions) and cost of decreased customer confidence all result in lost time, productivity, revenue and possibly executive jobs across lines of business.
  2. Static risk management. Intending to manage risk proactively is of little use if your organization cannot let go of “our way” or “the way it’s always been done.” Being dynamic requires agility – the willingness to change quickly and efficiently to meet emerging threats and think differently about your risk environment and security profile. Companies become static when they define strategies based solely on subjectively measured risks coming from independent operating units and fail to incorporate how the executive team looks at overall risk. Executive risk assessment of core functions should be paired with traditional business impact analysis at the process level, putting the greatest focus on the areas deemed the highest risk by senior leaders. This top-down approach creates an opportunity for IT to educate the business on how the application of technology addresses risk and enlightens IT leaders on when to tighten/loosen specific recovery objectives to satisfy business requirements…[…] Read more »….

 

Multi-Cloud Security Is the New #1 IT Challenge for Businesses

Most businesses now have an IT infrastructure that makes use of multiple cloud services providers. A new study from Business Performance Innovation (BPI) Network finds that multi-cloud security has become the biggest immediate IT challenge for businesses, as the authorization and authentication handoffs between these different services provide ample opportunity for things to go wrong.

Mapping multi-cloud architecture with BPI

The mass movement of businesses to a multi-cloud provider model can be traced back to a number of things: a desire to not be locked in to one vendor’s products, lack of necessary tools from a single vendor (or that vendor not offering those particular tools at a competitive price point), and network improvements such as lower latency and downtime.

There is, however, a widespread errant belief that somehow a multi-cloud setup is inherently more secure. This can be true, but only if sensitive data is exclusively stored on and accessed from a private part of the cloud that is properly monitored and managed by IT staff. What tends to happen in reality is that these disparate cloud components end up being difficult to integrate and train company personnel on. This leads to all sorts of mishaps, from misconfigured storage buckets being breached to vendors being given access to a much higher level of sensitive data than is required.

These are some of the themes seen in BPI’s “Mapping the Multi-Cloud Enterprise,” a survey of the multi-cloud security practices of 127 business and IT decision-makers at a mix of international companies of varying sizes. The survey revealed that 8 out of 10 businesses have implemented a multi-cloud infrastructure, and just over half of these have moved more than half of their applications to the cloud. Over the next two years, 84% expect to increase their use of public or private clouds and only 2% planned to decrease their use. 52% are planning to incorporate additional cloud services in the near future, with only 13% ruling out the possibility.

Though these businesses seem to almost universally be shifting to a multi-cloud approach, only 11% rated their transition as “highly successful.” Multi-cloud security is the #1 issue cited. These companies reported difficulty in juggling all of these cloud services, finding and training personnel capable of securely managing them, troubles with automation and performance, visibility issues and issues with scaling among their central problems.

63% of the companies named multi-cloud security as one of their top challenges. Specific security needs were led by centralized authentication (62%), centralized security policies (46%), web application firewalls (40%) and DDoS protection (33%).

Only 9% of the companies surveyed reported being “extremely satisfied” with the current state of their multi-cloud security. The vast majority of respondents (82%) were either currently re-assessing their security and cloud services suppliers or are at least considering such an evaluation. The majority (51%) reported either only being “somewhat successful” with their cloud implementation or entirely unsuccessful.

Two-cloud (36%) and three-cloud (17%) setups are the most common multi-cloud configurations. About 10% of respondents have adopted four or more cloud services as part of their digital transformation.

Multi-cloud security: Incompatible with complexity?

Complexity and security are two concepts that are always inherently tough to reconcile. As Dave Murray, BPI research chief put it: ““IT and business leaders are struggling with how to reassert the same levels of management, security, visibility and control that existed in past IT models.”

The most common multi-cloud security issue is the potential for misconfigurations, and the temptation to simply weaken authorization processes to make sure everything moves from one app to another smoothly. The more disparate cloud components added, the more that visibility also becomes a problem. This is often the reason that unsecured data buckets are found and breached online.

Another underlooked (but potentially serious) issue that impacts enterprises worldwide is the increased burden of regulatory and legal compliance expenses, particularly in regions such as the EU that require extremely detailed data tracking and reporting. Even if a company deploying multi-cloud is not strictly required by law to have a data protection officer, they may find a need to create such a position (or even a team) simply to track compliance issues and data requests as the cloud architecture expands.

The increased possibilities of “shadow IT” and unauthorized access also need to be accounted for in any multi-cloud security plan. Frustrated by inability to get different services working together, staff may simply create insecure workarounds. Vendor compromise and third-party data breaches have also been in the news recently just as much as unsecured Amazon S3 buckets have; the cause of this is often simply handing third-party partners too much access to circumvent having to navigate complex or non-functional authentication procedures…[…] Read more »

 

Malware spotlight: Badware

Introduction: What is badware?

Malware, as the name indicates, is malicious software designed to cause damage to computer systems and networks. Badware is often used as a synonym of malware, but in reality, there are some subtle differences between the two terms.

While malware is an umbrella term that covers a variety of malicious codes including viruses, Trojan horses, ransomware and backdoors, badware is not necessarily software created to destroy systems. In fact, it is often simply used to collect users’ information for a variety of purposes.

In some cases, “users may treat badware infection as an annoyance to be dealt with rather than a threat to their (or their company’s) data and computing resources,” says StopBadware, Inc., an anti-malware organization created in 2006. This nonprofit makes an effort to cleanse websites that are tagged as spreading badware by maintaining a catalog of sites that have been reported to distribute badware and continues to warn consumers about “this kind of attack [that] takes advantage of a vulnerability or ‘hole’ in your web browser, a browser plug-in, or other software on your computer.”

Badware, of course, can be also used by cybercriminals to hack or socially engineer a target and eventually use that info to attack with other types of malware options.

What problems can badware bring?

Badware can be bad news for both webmaster and users. This is because it is software that is able to somehow bypass the intended use of a website or connection to arrive to a certain scope. For users, this means a number of issues.

In the best-case scenario, badware is intrusive and designed mainly to track a user’s moves online to feed information to advertisers and marketing groups. The user will be unknowingly releasing information on his or her browsing or shopping habits through the use of research software or toolbars designed for the scope, or will be stuck with the installation of a secondary, unwanted program when installing a program of choice.

In the worst-case scenario, malware/badware will lead to compromise of sensitive data (like passwords or financial info), serve as a means towards attacking other computers or trick users into buying items and services. A typical purchase scam is the banner that pops up, warning the user that the computer is running slow and needs to be defragged. This prompts the user to download a specific, often infected, piece of software.

Webmasters can be equally affected by badware turning their legitimate website into a repository of malicious software. This is obviously a blow to the reputation of the site and can result in great loss of viewers and clients.

Is badware a growing problem?

Specific data solely on badware is not currently available, but it’s worth noting that this malware threat was already getting attention a decade ago. In fact, StopBadware.org’s May 2008 Badware Websites Report produced the following findings:

Types of badware

The three most common types of badware behavior are:

  • Malicious scripts: Used to redirect website visitors to a different site or to load actual badware from another source
  • .htaccess redirects: A hidden server file used in Apache web servers that can be compromised by malicious attackers to redirect users to badware websites
  • Hidden iframes: A section of a web page that loads malicious content from another page or site, without the visitor’s knowledge

Cybercriminals can also infect computers with badware using drive-by downloads, which is a common method of spreading malware that occurs when a website automatically (and often silently) installs malicious code (usually an exploit kit) onto the victim’s PC — without the user being aware. No clicking is necessary with this kind of attack, which can take advantage of a vulnerability in a web browser, a browser plug-in or other software on a computer to infiltrate the system and take control of it.

How to prevent badware

First of all, it is important to keep a watchful eye and try to identify badware. For example:

  • You see a warning from the antivirus software when visiting the site that displays a browser warning, such as “Reported attack site” or “This site may harm your computer”
  • The site redirects to an unknown domain when you navigate to it in your browser
  • You notice that permissions or files have been altered, or new users have been added

Webmasters, in particular, need to be aware and check if any search engines redirect users heading to their sites to different URLs or if the same happens while navigating within the site.

Badware can be difficult to avoid, as it can be slipped in a system via vulnerabilities or by exploiting users’ behaviors. There are a number of things, however, that can help you counteract this threat:

  • Keep website software updated with the latest security fixes. This can patch loopholes that can let badware into the computer where a hacker can steal passwords and/or modify the contents that a user has uploaded…[…] Read more »….

 

Cloud Solutions: Four Key Areas of Focus

When it comes to cloud solutions, there are many questions regarding the migration process. To help with the transition, end users need to have a full understanding of what cloud is and what they would be getting. The security industry is conservative and can be slow to make changes, however it’s not a question of ‘if’ you might transfer to cloud, but ‘when.’ Moving to cloud starts with an understanding of operation and functionality. Education and research come next, honing in on what you are looking for and what a cloud solution can offer to meet your physical security requirements.

To help with the transition, what are a few key elements to focus on, when starting to have a conversation about cloud? In an effort to provide guidance, these four cloud facts should help in deciding if a cloud solution is best for you.

1. Cloud Provides Cost-Saving Solutions

Eliminating local system components makes the cloud less complicated, but it also makes system maintenance more cost-effective overall. Transitioning to the cloud will save you money in both the long and short term. A subscription-based model will save on setup and management fees, as well as human resources. With a cloud solution, because you are eliminating the need for NVRs, video management systems, access control servers and panels, you will be eliminating four major expenses.

Additionally, cloud provides a more scalable solution, which means you will be able to add a few cameras or doors to an existing system without having to purchase additional hardware. This allows for a more flexible approach to your security needs – meaning you only pay for what you use. You will no longer have to pay for an NVR that supports 60 cameras, while only having 30 installed.

2. Cybersecurity Risks Are Alleviated

You might think because you’re connecting a device to the cloud, to something outside of your network, that it poses more security risks than on-premise storage. However, cloud providers have been working for many years to develop technology to encrypt the data from the moment it’s captured through the transportation to the cloud. This gives you end-to-end security, which is safer than an onsite system. In addition, onsite systems can be prone to damage through theft, server issues and hacking – which are not issues with a cloud system.

When choosing a cloud provider, look for organizations with experience and resources that invest significantly in cybersecurity annually. Consider asking how much a provider will spend on cybersecurity and data privacy every year, as well as if they have a designated cyber team and how big that team is. Your cloud provider will likely be able to invest significantly more into cybersecurity development than you might be able to on your own.

3. Cloud Requires Minimal Bandwidth

The cloud platform you select should run on a single, open architecture to deliver faster, more secure and more reliable services. What you might not know about cloud-based systems is that they can operate without cloud-based video storage. A robust and open platform will allow video to be stored on the camera, or gateway device – enabling the system to run using little to no bandwidth. If you choose to store video on a camera or gateway device, you can transport it over the network on-demand.

You should also look for a solution offering a hybrid mode – a combination of on-device and cloud storage. Hybrid mode is customizable to your needs and allows for video to be stored on the cloud, or locally on a bandwidth schedule. At the end of the day, cloud storage offers a number of options, all requiring little bandwidth.

4. Cloud Requires Less Components

Simply put, cloud solutions are easier and less complicated than onsite systems…[…] Read more »….

Meet Wendy Holmquist: Cloud Expert of the Month – December 2019

Cloud Girls is honored to have amazingly accomplished, professional women in tech as our members. We take every opportunity to showcase their expertise and accomplishments – promotions, speaking engagements, publications and more. Now, we are excited to shine a spotlight on one of our members each month.

December Cloud Expert of the Month is Wendy Holmquist
Wendy Holmquist has 20+ years of professional experience working in emerging technologies and go-to market sales strategies. Her experience includes time at Adobe, Oracle, Centurylink, and Verizon working with a wide range of customers and strategic alliance partners in both public sector and enterprise. She is able to provide clients with invaluable market knowledge, comprehensive strategies, and effective solutions to transform business initiatives, markets and organizations. She has a broad base of technology expertise in IaaS, PaaS, SaaS, DRaaS, software, AI, data center, security, network, and digital media.

Wendy has just returned from a 10-month sabbatical and is currently working at Splunk managing global systems integrator alliances for State, Local, and Higher Education (SLED) nationally. She is passionate about driving initiatives, personally and professionally, that have meaningful impact on communities and improving the lives of others. Wendy holds an MBA from the University of San Francisco and Bachelor’s of Science degree from California Polytechnic University in San Luis Obispo, California.

When did you join Cloud Girls and why?
I am one of the original Cloud Girls. I was invited to join what was an informal group of women coming together monthly via conference call to discuss cloud technologies in 2012, back when no one really knew what cloud meant. I joined the first Board of Directors and planned our first Cloud Girls off-site retreat in 2014. The first retreat was a game changer for all of us because it allowed us to physically come together as group and map out our mission and vision for the organization.

What do you value about being a Cloud Girl?
I value the friendships that I have made over the years and the unbiased approach to uplifting our unique community of women. I love and live by our mission to not only support each other, but other young women in their technology aspirations.

What is the biggest risk that you’ve taken?
When I started considering taking some time off from my career to recharge and focus on my family and uninterrupted personal development, it felt like it was too big of a risk to consider, professionally and financially. Ultimately, I allowed myself to take the risk. It’s remarkable how much you learn about yourself, your values, and how to be grateful when you take time to breathe and slow down the chaos of our daily lives. In my time off I learned to ensure that everything I do going forward, at home and as a woman in technology, will reflect authenticity and my core values. As I move step into a new role after a 10 month break, I realize that what felt like a big career risk at the time, is actually extremely beneficial to my career, as I can now move forward with more purpose in my job every day.

How do you define success?
Success to me is not only meeting expectations but exceeding them in areas that may not be tangible. When I am working with clients, I try to figure out what the impact of an initiative means to them personally, such as freedom, stress reduction, and/or happiness. A successful project or event is one that impacts people and their lives, and my view of success is always to build towards that ultimate goal.

What are the most exciting opportunities for women in tech?
This is such an extraordinary time for women in technology. As I started to talk to people about my next career move, I found that companies and hiring managers were purposefully looking to add women to their staff to not only add diversity to their teams but to promote women as a new generation of leaders inside technology companies…[…] Read more »…..

 

How Password Reuse Puts Your Enterprise at Risk

You might remember the 2016 LinkedIn data breach disaster when Russian hackers released 117 million breached passwords online.

Just in February 2019, TurboTax maker Intuit locked several users out of their accounts after discovering that an undisclosed number of accounts were hacked. The method used was a credential stuffing attack, which exploited users who had reused a password on multiple accounts.

Instances like these are very common. Data breaches happen every day – it might be happening this very instant.

Why is password reuse a risky business for enterprise owners?

Not trying to sound hyperbolic here, but your customers’ password methods could mean the difference between saving or losing your business to the dark web.

Passwords are the first (and in some cases, the only) defense mechanism that businesses adopt to protect them from attackers.

But herein lies the problem: As employees or enterprise owners, we have the habit of bringing our bad password practices to work. So, when a seemingly irrelevant password from a data breach is leaked online, attackers can use these to access all of your corporate networks.

This was what happened after the LinkedIn data breach case. Hackers got their hands on a password that an employee was using on LinkedIn to access the corporate network’s Dropbox. This led to the exposure of 60 million Dropbox credentials. One reused password was all it took to take down Dropbox.

The consequences of such a breach? Irreparable damage, financial jeopardy, and insurmountable destruction to a brand’s reputation (to name a few).

When it comes to using recycled passwords and how it threatens your enterprise, here are the most important takeaways:

  1. When your customer reuses an already compromised password: Hackers can easily crack open other accounts.
  2. When employees reuse the same password for business and personal accounts: Hackers can breach your entire business network.

Password security is crucial to businesses and it is high time we act on it. We need to change our mindset and find better ways to manage passwords. Here are a few ways to fix the most common password recycling mistakes.

7 remedies for the password reuse epidemic

1. Change default passwords

Sure, default passwords are easy to remember, but they’re a hacker’s go-to for access into accounts. Replace passwords with passphrases, instead! These are usually more difficult to guess, yet easy to remember. To be extra careful, don’t use publicly common phrases, such as popular memes or movie quotes. Use something that only you will know.

2. Do not store passwords in plain text

If you have been storing your business passwords in a spreadsheet, well, don’t. If you’re caught in the ransomware puddle, and that list is exposed, repercussions will be ugly. Paying a ransom will be the least of your problems. The loss of revenue from downtime and customer churn will also take a bite.

3. Do not use easy-to-recognize keystroke patterns

“Zaq12wsxcde3” may seem like a strong password – until you have a closer look at your keyboard. When the pattern is recognizable, it will put your information at risk. Go for a random series of letters and numbers instead.

4. The obvious! Do not reuse passwords

Do not use the same password for two accounts. While this might seem like too much work, you can always opt for password management tools. This will help you securely keep track of your credentials.

5. Adopt a “my passwords are at risk” mentality

Cracking open a business password can be a goldmine for hackers looking to exploit data on a large scale. Therefore, carry the mentality that a hacker may break into your account at any moment. Treat every account as unique and be sure to seal them with complex passwords.

6. Two-factor authentication is a boon

While using long, complex passwords is a good practice, these are not enough for most purposes. That’s where two-factor authentication comes into play. Adding one more step to your login processes, like a fingerprint or iris scanner, can further protect your business from attack.

7. Get creative

Names of celebrities, sports teams or pets are a big “no”. Crooks can easily harvest such information from your social media profiles. A safe way is to use random words and numbers that won’t mean anything.

What else can you do?

Avoiding password reuse is not a robust security plan. Why not? You simply cannot discipline all of your employees, nor can you assure they’re following good password hygiene outside of work. However, there are three things that you can do: […] Read more »

 

 

Watch Out: 7 Digital Disruptions for IT Leaders

Here are seven digital disruptions that you may not see coming.

Be like Apple, not Kodak. Years ago, Kodak was the first to offer digital film. But instead of pursuing the market that would disrupt one it already commanded, Kodak opted to invest in its traditional business by buying a chemical company for its conventional film business. Other companies went on to market digital film. Then came digital cameras and mobile devices with cameras in them. Kodak chose the wrong path.

Apple went down the path of disrupting its own successful product, the iPod MP3 player, to develop and sell the iPhone. It turned out to be the right decision.

Gartner VP, analyst and chief fellow Daryl Plummer recounted these stories in the introduction to his keynote address titled 7 Digital Disruptions You Might Not See Coming at the Gartner IT Symposium recently. So how do you be Apple instead of Kodak?

“It’s really about protecting yourself from what might happen to you,” Plummer said. “Futureproofing yourself means that you are ready for the things that are coming, and even if you don’t know what they are, you can adapt.”

What disruptions may be coming down the pike that you aren’t expecting? Plummer provided a peek into the following 7 digital disruptions that you may not see coming:

1. Emotional experiences

Inexpensive sensors can now track physical biometrics, and organizations are working on providing hyper-personalized digital experiences, according to Gartner. The firm is forecasting that by 2024, AI identification of emotions will influence more than half of the online ads that you see.

This trend will reach beyond marketing to consumers. It could also be used in HR applications and be applied to employee evaluations, for instance.

Gartner recommends that CIOs identify emotional trigger-based opportunities with employees and customers, add emotional states evaluation to 360 Review processes, and mitigate privacy concerns with opt-in for-pay emotion mining.

2. AI decency, trust, and ethics

How do we know that the decisions AI is making are fair when there are many examples of questionable results that exhibit bias? What about fake news and deep fakes? Plummer said that this trend will disrupt trust models, certification of developers, auditing rules, and societal norms for trust. Gartner is predicting that by 2023, a self-regulating association for oversight of AI and machine learning designers will be established in at least four of the G7 countries.

CIOs should prescribe principles that establish an AI trust framework for developers and users.

3. Distributed cloud

Plummer said that in its most basic form, this trend means that the responsibility for cloud will shift entirely to the provider. About 75% of private clouds won’t work out in the long run because the DIY effort won’t be as good as what is available in the public cloud. Openshift, Cloud Foundry, and Azure Stack are taking us along this path to distributed cloud.

The trend will disrupt private cloud, hybrid cloud, data location, and data residency.

CIOs should demand packaged hybrid services, identify latency-sensitive use cases, and request explanation of economics of cloud operations.

4. Democratization of space

While it cost 4% of the entire U.S. budget to put a man on the moon, putting a satellite into orbit now costs just $300,000, Plummer said. That has led to a low space orbit getting mighty crowded with hundreds of satellites. It also raises a host of new questions. What rules apply to data residency in space? What laws apply? What about crime in space? Countries and companies will be competing in space, and the cheaper it gets to launch a satellite, the more crowded it will become.

This trend will disrupt the economics of space-based systems, connectivity, and legal issues.

Technology providers will need to explore LEO (low earth orbit) connectivity options as space-based compute options become real.

5. Augmented humans

People will have technology such as chips and storage embedded in their bodies, and it will drive disruptions such as PC thought control, brain computer interfaces, and mind-link technology.

To prepare, tech providers should enhance disabled access to compute technology using brain computer interfaces and begin the shift from lifestyle to lifeline technologies, according to Gartner…[…] Read more »…..

 

Reducing the Risks Posed by Artificial Intelligence

To thrive in the new era, enterprise security needs to reduce the risks posed by AI and make the most of the opportunities it offers.

Artificial Intelligence (AI) is creating a new frontier in information security. Systems that independently learn, reason and act will increasingly replicate human behavior. Like humans, they will be flawed, but also capable of achieving great things.

AI poses new information risks and makes some existing ones more dangerous. However, it can also be used for good and should become a key part of every organization’s defensive arsenal. Business and information security leaders alike must understand both the risks and opportunities before embracing technologies that will soon become a critically important part of everyday business.

Already, AI is finding its way into many mainstream business use cases. Organizations use variations of AI to support processes in areas including customer service, human resources and bank fraud detection. However, the hype can lead to confusion and skepticism over what AI actually is and what it really means for business and security. It is difficult to separate wishful thinking from reality.

What Are the Information Risks Posed by AI?

As AI systems are adopted by organizations, they will become increasingly critical to day-to-day business operations. Some organizations already have, or will have, business models entirely dependent on AI technology. No matter the function for which an organization uses AI, such systems and the information that supports them have inherent vulnerabilities and are at risk from both accidental and adversarial threats. Compromised AI systems make poor decisions and produce unexpected outcomes.

Simultaneously, organizations are beginning to face sophisticated AI-enabled attacks – which have the potential to compromise information and cause severe business impact at a greater speed and scale than ever before. Taking steps both to secure internal AI systems and defend against external AI-enabled threats will become vitally important in reducing information risk.

While AI systems adopted by organizations present a tempting target, adversarial attackers are also beginning to use AI for their own purposes. AI is a powerful tool that can be used to enhance attack techniques, or even create entirely new ones. Organizations must be ready to adapt their defenses in order to cope with the scale and sophistication of AI-enabled cyber-attacks.

Defensive Opportunities Provided by AI

Security practitioners are always fighting to keep up with the methods used by attackers, and AI systems can provide at least a short-term boost by significantly enhancing a variety of defensive mechanisms. AI can automate numerous tasks, helping understaffed security departments to bridge the specialist skills gap and improve the efficiency of their human practitioners.

Protecting against many existing threats, AI can put defenders a step ahead. However, adversaries are not standing still – as AI-enabled threats become more sophisticated, security practitioners will need to use AI-supported defenses simply to keep up.

The benefit of AI in terms of response to threats is that it can act independently, taking responsive measures without the need for human oversight and at a much greater speed than a human could. Given the presence of malware that can compromise whole systems almost instantaneously, this is a highly valuable capability.

The number of ways in which defensive mechanisms can be significantly enhanced by AI provide grounds for optimism, but as with any new type of technology, it is not a miracle cure. Security practitioners should be aware of the practical challenges involved when deploying defensive AI.

Questions and considerations before deploying defensive AI systems have narrow intelligence and are designed to fulfil one type of task. They require sufficient data and inputs in order to complete that task. One single defensive AI system will not be able to enhance all the defensive mechanisms outlined previously – an organization is likely to adopt multiple systems. Before purchasing and deploying defensive AI, security leaders should consider whether an AI system is required to solve the problem, or whether more conventional options would do a similar or better job.

Questions to ask include:

  • Is the problem bounded? (i.e. can it be addressed with one dataset or type of input, or does it require a high understanding of context, which humans are usually better at providing?)
  • Does the organization have the data required to run and optimize the AI system?

Security leaders also need to consider issues of governance around defensive AI, such as:

  • How do defensive AI systems fit into organizational security governance structures?
  • How can the organization provide security assurance for defensive AI systems?
  • How can defensive AI systems be maintained, backed up, tested and patched?
  • Does the organization have sufficiently skilled people to provide oversight for defensive AI systems?

AI will not replace the need for skilled security practitioners with technical expertise and an intuitive nose for risk. These security practitioners need to balance the need for human oversight with the confidence to allow AI-supported controls to act autonomously and effectively. Such confidence will take time to develop, especially as stories continue to emerge of AI proving unreliable or making poor or unexpected decisions.

AI systems will make mistakes – a beneficial aspect of human oversight is that human practitioners can provide feedback when things go wrong and incorporate it into the AI’s decision-making process. Of course, humans make mistakes too – organizations that adopt defensive AI need to devote time, training and support to help security practitioners learn to work with intelligent systems.

Given time to develop and learn together, the combination of human and artificial intelligence should become a valuable component of an organization’s cyber defenses.

Preparation Begins Now

Computer systems that can independently learn, reason and act herald a new technological era, full of both risk and opportunity…[…] Read more »….