Home Posts tagged protect

Tag: protect

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , , , , , ,

Industries increasingly rely on data and AI to enhance processes and decision-making. However, they face a significant challenge in ensuring privacy due to sensitive Personally Identifiable Information (PII) in most enterprise datasets. Safeguarding PII is not a new problem. Conventional IT and data teams query data containing PII, but only a select few require access. Rate-limiting access, role-based access protection, and masking have been widely adopted for traditional BI applications to govern sensitive data access. 

Protecting sensitive data in the modern AI/ML pipeline has different requirements. The emerging and ever-growing class of data users consists of ML data scientists and applications requiring larger datasets. Data owners need to walk a tightrope to ensure parties in their AI/Ml lifecycle get appropriate access to the data they need while maximising the privacy of that PII data.

Enter the new class 

ML data scientists require large quantities of data to train machine learning models. Then the trained models become consumers of vast amounts of data to gain insights to inform business decisions. Whether before or after model training, this new class of data consumers relies on the availability of large amounts of data to provide business value.

In contrast to conventional users who only need to access limited amounts of data, the new class of ML data scientists and applications require access to entire datasets to ensure that their models represent the data with precision. And even if they’re used, they may not be enough to prevent an attacker from inferring sensitive information by analyzing encrypted or masked data patterns. 

The new class often uses advanced techniques such as deep learning, natural language processing, and computer vision to analyze and extract insights from the data. These efforts are often slowed down or blocked as they face sensitive PII data entangled within a large proportion of datasets they require. Up to 44% of data is reported to be inaccessible in an organization. This limitation blocks the road to AI’s promised land in creating new and game-changing value, efficiencies, and use cases. 

The new requirements have led to the emergence of techniques such as differential privacy, federated learning, synthetic data, and homomorphic encryption, which aim to protect PII while still allowing ML data scientists and applications to access and analyze the data they need. However, there is still a market need for solutions deployed across the ML lifecycle (before and after model training) to protect PII while accessing vast datasets – without drastically changing the methodology and hardware used today.

Ensuring privacy and security in the modern ML lifecycle

The new breed of ML data consumers needs to implement privacy measures at both stages of the ML lifecycle: ML training and ML deployment (or inference).

In the training phase, the primary objective is to use existing examples to train a model.

The trained model must make accurate predictions, such as classifying data samples it did not see as part of the training dataset. The data samples used for training often have sensitive information (such as PII) entangled in each data record. When this is the case, modern privacy-preserving techniques and controls are needed to protect sensitive information.

In the ML deployment phase, the trained model makes predictions on new data that the model did not see during training; inference data. While it is critical to ensure that any PII used to train the ML model is protected and the model’s predictions do not reveal any sensitive information about individuals, it is equally critical to protect any sensitive information and PII within inference data samples as well. Inferencing on encrypted data is prohibitively slow for most applications, even with custom hardware. As such, there is a critical need for viable low-overhead privacy solutions to ensure data confidentiality throughout the ML lifecycle.

The modern privacy toolkit for ML and AI: Benefits and drawbacks

Various modern solutions have been developed to address PII challenges, such as federated learning, confidential computing, and synthetic data, which the new class of data consumers is exploring for Privacy in ML and AI. However, each solution has differing levels of efficacy and implementation complexities to satisfy user requirements.

Federated learning

Federated learning is a machine learning technique that enables training on a decentralized dataset distributed across multiple devices. Instead of sending data to a central server for processing, the training occurs locally on each device, and only model updates are transmitted to a central server.

Limitation: Research conducted in 2020 from the Institute of Electrical and Electronics Engineers  shows that an attacker could infer private information from model parameters in federated learning. Additionally, federated learning does not address the inference stage, which still exposes data to the ML model during cloud or edge device deployment.

Differential privacy

Differential privacy provides margins on how much a single data record from a training dataset contributes to a machine-learning model. A membership test on the training data records ensures that if a single data record is removed from the dataset, the output should not change beyond a certain threshold.

Limitation: While training with differential privacy has benefits, it still requires the data scientist’s access to large volumes of plain-text data. Additionally, it does not address the ML inference stage in any capacity. 

Homomorphic encryption

Homomorphic encryption is a type of encryption that allows computation to be performed on data while it remains encrypted. For modern users, this means that machine learning algorithms can operate on data that has been encrypted without the need to decrypt it first. This can provide greater privacy and security for sensitive data since the data never needs to be revealed in plain text form. 

Limitation: Homomorphic encryption is prohibitively costly because it operates on encrypted data rather than plain-text data, which is computationally intensive. Homomorphic encryption often requires custom hardware to optimize performance, which can be expensive to develop and maintain. Finally, data scientists use deep neural networks in many domains, often difficult or impossible to implement in a homomorphically encrypted fashion.

Synthetic data

Synthetic data is computer-generated data that mimic real-world data. It is often used to train machine learning models and protect sensitive data in healthcare and finance. Synthetic data can generate large amounts of data quickly and bypass privacy risks. 

Limitation: While synthetic data may help train a predictive model, it only adequately covers some possible real-world data subspaces. This can result in accuracy loss and undermine the model’s capabilities in the inference stage. Also, actual data must be protected in the inference stage, which synthetic data cannot address. 

Confidential computing

Confidential computing is a security approach that protects data during use. Major companies, including Google, Intel, Meta, and Microsoft, have joined the Confidential Computing Consortium to promote hardware-based Trusted Execution Environments (TEEs). The solution isolates computations to these hardware-based TEEs to safeguard the data. 

Limitation: Confidential computing requires companies to incur additional costs to move their ML-based services to platforms that require specialized hardware. The solution is also partially risk-free. An attack in May 2021 collected and corrupted data from TEEs that rely on Intel SGX technology.

While these solutions are helpful, their limitations become apparent when training and deploying AI models. The next stage in PII privacy needs to be lightweight and complement existing privacy measures and processes while providing access to datasets entangled with sensitive information. 

Balancing the tightrope of PII confidentiality with AI: A new class of PII protection 

We’ve examined some modern approaches to safeguard PII and the challenges the new class of data consumers faces. There is a balancing act in which PII can’t be exposed to AI, but the data consumers must use as much data as possible to generate new AI use cases and value. Also, most modern solutions address data protection during the ML training stage without a viable answer for safeguarding real-world data during AI deployments.

Here, we need a future-proof solution to manage this balancing act. One such solution I have used is the stained glass transform, which enables organisations to extract ML insights from their data while protecting against the leakage of sensitive information. The technology developed by Protopia AI can transform any data type by identifying what AI models require, eliminating unnecessary information, and transforming the data as much as possible while retaining near-perfect accuracy. To safeguard users’ data while working on AI models, enterprises can choose stained glass transform to increase their ML training and deployment data to achieve better predictions and outcomes while worrying less about data exposure.  

More importantly, this technology also adds a new layer of protection throughout the ML lifecycle – for training and inference. This solves a significant gap in which privacy was left unresolved during the ML inference stage for most modern solutions.

The latest Gartner AI TriSM guide for implementing Trust, Risk, and Security Management in AI highlighted the same problem and solution. TRiSM guides analytics leaders and data scientists to ensure AI reliability, trustworthiness, and security. 

While there are multiple solutions to protect sensitive data, the end goal is to enable enterprises to leverage their data to the fullest to power AI.

Choosing the right solution(s) 

Choosing the right privacy-preserving solutions is essential for solving your ML and AI challenges. You must carefully evaluate each solution and select the ones that complement, augment, or stand alone to fulfil your unique requirements. For instance, synthetic data can enhance real-world data, improving the performance of your AI models. You can use synthetic data to simulate rare events that may be difficult to capture, such as natural disasters, and augment real-world data when it’s limited.

Another promising solution is confidential computing, which can transform data before entering the trusted execution environment. This technology is an additional barrier, minimizing the attack surface on a different axis. The solution ensures that plaintext data is not compromised, even if the TEE is breached. So, choose the right privacy-preserving solutions that fit your needs and maximize your AI’s performance without compromising data privacy.

Wrap up

Protecting sensitive data isn’t just a tech issue – it’s an enterprise-wide challenge. As new data consumers expand their AI and ML capabilities, securing Personally Identifiable Information (PII) becomes even more critical. To create high-performance models delivering honest value, we must maximize data access while safeguarding it. Every privacy-preserving solution must be carefully evaluated to solve our most pressing AI and ML challenges. Ultimately, we must remember that PII confidentiality is not just about compliance and legal obligations but about respecting and protecting the privacy and well-being of individuals.

Data Privacy, Data Science, Machine Learning

Posted on Posted in Digital transformation, General topics Tagged with , , , , ,

As the threat landscape evolves and adversaries find new ways to exfiltrate and manipulate data, more organizations are adopting a zero trust strategy. However, many are only focusing attention on endpoints, leaving the database vulnerable to malicious attacks. Databases are the last line of defense against data exfiltration by cybercriminals. To combat this, it’s essential that zero-trust security controls are applied to critical database assets.

The zero trust information security model denies access to data and applications by default. Threat prevention is achieved by granting access to only networks and data utilizing policy informed by continuous, contextual, risk-based verification across users and their associated devices. Zero trust advocates these three core principles: 1) All entities are untrusted by default, 2) least privilege access is enforced, and 3) comprehensive security monitoring is implemented.

The traditional scope of cybersecurity was once considered to be perimeter protection of the enterprise network and associated data and applications. This castle-and-moat security model extends trust to all users and devices within the perimeter, allowing extensive or even unlimited access to assets within the castle. Despite massive investments in perimeter security defenses, cyber attackers can still access sensitive data. Zero trust is an evolution of security that no longer relies on castle-and-moat security to protect data environments. It moves enterprise cybersecurity away from over-reliance on perimeter-based security, including firewalls and other gating technologies, to create a barrier around an organization’s IT environment. 

The 2022 IBM Cost of a Data Breach Report, conducted by the Ponemon Institute, found the average total cost of a data breach reached an all-time high of $4.35 million. Implementing zero trust has a direct impact on potentially lowering the cost of a breach by limiting the risk of unauthorized access, insider threats, and malicious attacks. Just 41 percent of organizations in the study said they deployed a zero trust security framework. The 59 percent that didn’t deploy zero trust incurred an average of $1 million in greater breach costs compared to those that did deploy. 

While the initial goal of zero trust is to prevent data breaches, the core goal is data protection. Zero Trust Data Protection (ZTDP) is a new and evolving term for an approach to data protection based on the zero trust security model. Achieving ZTDP requires an effective data security and governance solution that can implement the zero trust model within the data environment. Privacera’s approach is built on three pillars:

Least privilege access control: Most cyber attacks occur when an attacker exploits privileged credentials. By imposing least privilege access-control restrictions on software and systems access, attackers cannot use higher-privilege or administrator accounts to install malware or damage the system. Strong user authentication and authorization: Providing a granular level of data access control across systems for different users by the client, partner, business unit, sub-contractor, customer, franchise, department, or by contractual terms requires unified authentication and authorization controls capable of scaling across large, distributed hybrid and multi-cloud environments.Data obfuscation, using encryption and/or masking: Organizations must be able to granularly encrypt or mask data at the table, column, row, field, and attribute level, not just the entire data set. This enables data science and analytics teams to use more data to build models and extract insights, drive new business opportunities, garner increased customer satisfaction, and optimize business efficiency.

The Cost of a Data Breach Report also noted security automation made the single biggest difference in the total cost of a data breach, making it more likely security best practices will be followed without fail. Zero trust should inform both what is protected and how access is controlled, while security automation can more efficiently put those zero trust principles into practice. The powerful combination of zero trust and Privacera security and governance automation helps your security team to more effectively apply data security controls as well as remediate incidents as quickly as possible — ensuring you maintain a stronger and more resilient security posture while reducing your cybersecurity risks.

Learn more about the emergence of data security governance for evolving zero trust strategies and get your roadmap to business success here.

Zero Trust

Posted on Posted in Digital transformation, General topics Tagged with , , , , ,

Nowadays, the world seems to experience once-in-a-century storms almost monthly. These cataclysmic weather events often cause extensive property damage, including major disruptions to the power grid that can cripple IT systems. More commonly, human error and power fluctuations can be just as costly and devastating to continued IT service delivery. To avoid costly outages and data loss, businesses must ensure continued operations with power protection delivered by a smart solution like Dell VxRail and the APC by Schneider Electric Smart UPS with PowerChute Network Shutdown software.

If the outage is prolonged, the Dell-APC solution enables remote shut down to protect IT systems and ensure a non-disruptive restart.

When the power goes out, gracefully shutting down connected IT devices — like servers, storage devices, and hyper-converged infrastructure (HCI) — helps prevent further damage to those devices. It also prevents loss of business data and damage to enterprise workloads and helps ensure a smoother process for restarting and getting the business back up and running.

Why is this so important? Because the cost of downtime can be catastrophic. Estimates of IT service downtime costs range from $80,000 an hour on the lower end of the scale to $5 million an hour for larger enterprises. And that doesn’t account for damage to business reputation — whether a retailer loses its POS systems, or a larger organization loses its online customer service and sales systems.

Dell Technologies VxRail

With so much at stake, a UPS with remote management capabilities is critical to protect the HCI system and workloads it supports. HCI systems, like Dell VxRail, have become the backbone for data centers and larger organizations. HCI has historically been used to support specific workloads like virtual desktops (VDI). However, it has emerged as a workhorse for running mission-critical workloads that require elevated levels of performance and availability. Enterprises should consider deploying an intelligent smart UPS like the Dell-APC PowerChute solution to protect those mission-critical workloads running on HCI.

While HCI is also well-suited for supporting multiple sites, losing power at remote sites can still cause system damage and data corruption. To prevent this type of damage, organizations must install a UPS at every HCI installation. Ideally, the UPS will keep systems operating throughout an outage. However, if an outage lasts too long, businesses must have a process in place to ensure an automated graceful shutdown, followed by a sequenced infrastructure restart. 

To gracefully shut down the HCI, the UPS must be able to communicate over a distributed network. Then it has to initiate a step-by-step restart sequence to ensure hardware and data protection. The automated restart should begin once power is restored. This automated remedy for power interruption can save time and money — and, ultimately, minimize downtime.

Integrated systems like Dell VxRail HCI and the APC by Schneider Electric Smart UPS with PowerChute Network Shutdown software can help businesses simplify and automate the process during catastrophic power outages and ensure business continuity by enabling graceful shutdown and the ability to simply move virtual machines to another system. This level of network protection acts as insurance against catastrophic downtime that could otherwise lead to the loss of all IT services.  

To learn more about how integrated IT solutions like Dell VxRail and the APC by Schneider Electric Smart UPS with PowerChute Network Shutdown software protect business data assets and ensure business continuity, please visit us here.

Watch this video to learn more:

Infrastructure Management, IT Leadership

Posted on Posted in Digital transformation, General topics Tagged with , , , , ,

Employee happiness is the hidden heartbeat of your business — especially for developers who require deep, uninterrupted focus to do their best work. So what’s the key to keeping everyone on your team engaged, focused, and forward-moving?

Step 1: Go deeper than surface-level task metrics

Pull requests, commits, and code reviews are the first start. Yes, your team is accomplishing tasks. But there’s more to the narrative. When busywork is high, so are these output metrics.

Step 2: Gain a humanized perspective through data

Take a holistic, human approach to measure the following using anonymous surveys:

Efficacy and satisfactionPerceptions about their own productivityFeelings about job satisfaction over time

Developer happiness is crucial to measure and leads to better engineering outcomes. We feel good when we advance meaningful goals.

Step 3: Gain a humanized perspective through data

Productivity drops when developers aren’t able to sustain a flow state — when interruptions, conflicting priorities, or unanswered questions disrupt their work. Here are a few common culprits.

Image

1. https://features.inside.com/were-living-in-a-world-of-distraction

2. https://ieeexplore.ieee.org/document/8666786

Stack Overflow

Step 4: Commit to proactive support

As problem-solvers and knowledge workers, developers work with their minds for a living. There’s a unique mix of emotional and mental health considerations to ensure that people do their best work. Here are some recommended areas for leadership teams to focus upon:

Image

Stack Overflow

Step 5: Level up your collaboration foundation

On engineering teams, neurodiversity is a superpower. With more perspectives, we can uncover new pathways to solving problems. The key to helping everyone feel supported is to create systems for knowledge-sharing and community. As a leader, one of the most powerful steps you can take is to bring your team into the discussion. Truly listen to their concerns and needs. Here are some high-level goals to strive towards:

Support remote work to help technologists focus on their work and control their work environments.Ensure that people have the right balance of collaboration time with long periods of protected time for deep work.Enable autonomy so that engineers can focus on remaining empowered and doing their best work.

To learn more, visit Stack Overflow.

IT Leadership

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , , , , , ,

Due to Nigeria’s fintech boom borne out of its open banking framework, the Central Bank of Nigeria (CBN) has published a much-awaited regulation draft to govern open banking procedures. And at its core is the need to secure customer data through a robust set of requirements.

The regulations streamline how entities who handle customer banking information will secure their systems and share details within protected application program interfaces. They’ll also seek to standardize policies for all open banking participants, and come at a time when the country is enjoying a boom of fintech and banking services that have attracted international funding in the startup space.

According to the Africa Funding Startup 2021 report, Nigerian fintech has brought in more than half of the US$4.6 billion of total African startups, which underpins the growing need for more financial products, and facilitates greater data sharing across banking and payments systems that open banking provides.

For Emmanuel Morka, CIO at Access Bank Ghana, open banking is the future and enterprises should seize on the opportunity.

“Traditional banking is fading away,” he says. “Open banking is the only way you can set systems like agency banking, mobile banking and use dollars.”

He notes that fintech has been at the forefront of the open banking system in the region and believes it will spread across the continent. But wherever there’s money, there’s insecurity and the free exchange of application programming interface (API) across banking platforms has opened opportunities and risks as well. Unsecured systems and API channels can be a point of vulnerability.

Securing customer data

“One of my headaches as a CIO is no one is fully protected,” Morka said, adding that open banking has to ensure that customer data and assets aren’t compromised, so all endpoints in his organization must be fortified. The Operational Guidelines for Open Banking in Nigeria published by the CBN stress that customer data security is critical for the safety of the open banking model. The preliminary draft will guide the industry discussion before the final guidelines are put in place by the end of the year.

The foremost thing to secure data, according to Morka, is to expose fit-for-purpose data for consumption. This means that CIOs need to limit data accessibility to what is requested and can be used.

“I see open banking as an exposure of some data over a secured standardized channel to third parties for consumer banking,” he said. “I am the bridge between business and technology.”

He also says that it’s not only the core banking products that need protection but also tools on CRM and other software that centers on customer data.

The framework provided by the CBN also considers constant monitoring of systems of third-party API users in the open banking system. TeamApt, a Nigeria-based fintech startup, has helped over 300,000 businesses use its digital banking platform and is anchored in open banking.

The company sees legislation such as the Nigeria Data Protection Regulation (NDPR) as a big consideration for companies dealing with personal data.

“Due to the sheer size of personally identifiable information being shared, in the hands of bad actors, this data can be used to pilfer bank accounts, erode credit ratings, and conduct identity theft on a large scale,” said Tosin Eniolorunda, founder and CEO of TeamApt.

Organizations like banks also suffer using resources to recover stolen data, losing customer trust in the process, he said.

“These regulations ensure that customers have some sort of control over how their data is collected, processed and shared,” he says.

The Central Bank’s regulation has also factored in the NDPR requirements to craft how financial institutions manage customer data, and the regulations outline that consent is needed for use of customer data in open banking to avail them of financial products and services.

Six steps to achieve a secure open data platform

There are several steps IT experts can take to make sure customer data are in line with privacy laws, and that security across all systems is in place to shield these data points from leakage.

1. Technology leaders must have their systems and processes adhere to privacy laws and the final guidelines to be published by the CBN. “It’s important that executive teams work closely with lawyers who have the necessary data experience to advise on the requirements and implications of applicable regulations and guidelines like those released by the CBN on open banking,” says Eniolorunda.

2. Morka suggests that only a customer’s information that’s relevant to a transaction should be used—something he calls fit-for-purpose data. Not all data points need to be exposed during transactions. CIOs need to ascertain what type of data can be enough for transactions to securely take place.

3. Eniolorunda encourages the use of technology in know your customer (KYC) processes. Morka also says that the use of artificial intelligence (AI) should be implemented to make the process of KYC easier on financial institutions while making it accurate and efficient.

4. There needs to be constant evaluation of banking systems and APIs used in transactions, according to Morka. In terms of supply chains, Eniolorunda adds that companies must ensure that third-party vendors they use have the highest possible security standards, and the security programs of these vendors must be routinely audited and validated.

5. Customer education is key. Morka agrees that some technologies like smartphones and internet access have not reached most rural regions in African countries. This hinders the appropriate use of banking technology and slows down its adoption. For those who have embraced digital banking, constant education on how to keep their accounts secure is essential.

6. The collaboration between stakeholders will make the banking ecosystem robust and guide its growth. The CBN, through its Open Banking Guidelines, seeks to ensure that its oversight affords more collaboration for superior digital banking products for customers.

Banking, Data and Information Security

Posted on Posted in Digital transformation, General topics Tagged with , , , , , ,

Cloud-based platforms, the “work from anywhere” culture, and other trends are upending traditional network monitoring. This is because some or all of the infrastructure is no longer owned by the IT organization, instead, relying on home network infrastructure, the Internet, and SaaS/public cloud networks.

A study by Dimensional Research reveals that current monitoring solutions are inadequate when it comes to supporting this growing scale and complexity as well as new technologies, devices, and network architectures. Some 97% of network and operations professionals report network challenges, for example, with the primary consequence being the impact on employee productivity (reported by 52%), followed by executives being brought into the loop because network issues are impacting the business (39%).

Network delivery of the user experience does not exist within the four walls of the data center anymore. With more employees working remotely and more workloads running on cloud platforms, it is harder to gain visibility into the end-to-end user experience. Network monitoring must reach services beyond the edge of the corporate infrastructure; it must utilize user-experience metrics through standard operating procedures and workflows to not only ensure reliable network delivery but an exceptional customer experience.

This large contact center outsourcer, for example, at one time managed 14 sites. Owing to the pandemic and call center agents working from home, that number has risen to 8,000 sites – and every connection is different. The challenge for the outsourcer is to keep operations running smoothly and to maintain the same quality as when call center services were centralized.

How network professionals can reimagine the digital experience

Network teams need a modern, innovative approach to managing digital experience in this new, complex ecosystem. Teams that transition will align themselves better with core business metrics and provide more value to their organization. Those that don’t will quickly be marginalized, becoming yet another IT organization where the CEO says, “they just don’t get it.”

Understanding the digital experience can be a moving target in a highly decentralized and hybrid enterprise world. As a result, network teams can’t choose between network performance monitoring and digital experience monitoring. They really need both. To solve this dilemma, IT leaders must rethink their network operations and evolve traditional NetOps strategies into modern Experience-Driven NetOps.

With Experience-Driven NetOps, organizations benefit from unified network visibility of digital services running on traditional and modern software-defined network architectures. This single pane of glass insight enables network professionals to understand, manage and optimize the performance of every digital service – through their standard troubleshooting procedures – from the core network to the edge, to the end-user.

Now is the time for action. To stay in front of change, organizations need to deliver experience-proven connections and ensure network operations teams are experience-driven. This modern monitoring approach is closely aligned with key business outcomes, improving customer experience and making the IT organization a better partner driving accelerated digital transformation.

You can learn more about how to tackle the challenges of modern network monitoring in this eBook, 4 Imperatives for Monitoring Modern Networks. Read now and discover how organizations can plan their monitoring strategy for the next-generation network technologies.

Networking