April 03, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Starting with a robust identity and access management (IAM) solution will give new projects a head start on the competition. Users will have access to more features earlier. Additionally, no growing pains also mean no tech debt. Any new project has challenges right from the start. Finishing the MVP is a high priority. Planning meetings to outline necessary features and requirements can suffer from scope creep. Every shortcut taken to deliver on time borrows against the future. Tech debt is a known cost, and many startups take on a significant amount. As any app needs users, it eventually will come down to planning the features and structures needed. Everyone is a user themselves, so it’s easy to come up with a variety of useful features. Single sign-on, social logins and multifactor authentication are all conventional IAM features included in the project scope and planned out for customers. Features and domain knowledge are designed around what the team thinks a user will need. A user’s footprint within your app gets built out in forms and user profile pages. Business data and user data are stored together.
Data is enterprise currency, and executive management discussions in the boardroom are data-driven. A knowledgeable enterprise architect can show the board how data for business requirements are translated into technological specifications. EA can provide timely reports on the status of the current application landscape and IT inventory to provide data that addresses crucial boardroom evaluations and decision-making. Use reports to tie EA into business processes during regular meetings. Data can be used to illustrate real issues with simple diagrams and use cases, demonstrating options and concrete results. EA overlays on top of the business model can help boardroom members visualize cost, revenue, risk, and performance metrics to support decisions and track alignment with initiatives. The enterprise architect is the data guru of the boardroom. ... If you want to have a game in the boardroom, you must get to know the players. You need the sponsorship of executives who wield real influence and can promote engagement of EA initiatives.?
The European Commission put out its proposal for an AI Act just over a year ago — presenting a framework that prohibits a tiny list of AI use cases, considered too dangerous to people’s safety or EU citizens’ fundamental rights to be allowed, while regulating other uses based on perceived risk — with a subset of “high risk” use cases subject to a regime of both ex ante (before) and ex post (after) market surveillance. In the draft Act, high-risk systems are explicitly defined as: Biometric identification and categorisation of natural persons; Management and operation of critical infrastructure; Education and vocational training; Employment, workers management and access to self-employment; Access to and enjoyment of essential private services and public services and benefits; Law enforcement; Migration, asylum and border control management; Administration of justice and democratic processes. Under the original proposal, almost nothing is banned outright — and most use cases for AI won’t face serious regulation under the Act as they would be judged to pose “low risk” so largely left to self regulate — with a voluntary code of standards and a certification scheme to recognize compliance AI systems.
领英推荐
Kenya’s digital ID programme, called the National Integrated Identity Management System (NIIMS), was ruled illegal by the highest court because there was no clear documentation of the data privacy risks, nor was there a clear strategy for measuring, mitigating and dealing with those risks. Related concerns about data privacy and security have arisen in other digital ID platforms as well. For example, India’s Aadhaar is the world’s largest biometric digital ID system. Registration is linked to biometrics and demographics, and can connect to services including SIM cards, bank accounts, and government aid programmes, making financial systems more inclusive. Despite these advantages, Aadhaar has seen pushback regarding feasibility and privacy. ... A major risk surrounding biometrics in particular is that if, and when, an attacker obtains these credentials for a victim, they may be able to impersonate the victim indefinitely, since a user’s biometrics do not change. These risks can be mitigated using emerging technologies like computation over encrypted data with rotating keys.?
The Dartmouth Summer Research Project on Artificial Intelligence in 1956 is widely considered as the founding moment of artificial intelligence as a field: John Mccarthy, Marvin Minsky, Claude Shannon, Ray Solomonoff etc attended the eight-week long workshop held in New Hampshire. On the fiftieth anniversary of the conference, the founding fathers of AI returned to Dartmouth. When Minsky took the stage, Salk Institute professor Terry Sejnowski told him some AI researchers view him as the devil for stalling the progress of neural networks. “Are you the devil?” Sejnowski asked. Minsky brushed him off and went on to explain the limitations of neural networks, pointing out neural networks haven’t delivered the goods yet. But Sejnowski was persistent. He asked again: “Are you the devil?”. A miffed Minsky retorted: “Yes, I am.” Turing award winner Marvin Minsky has made major contributions in cognitive psychology, symbolic mathematics, artificial intelligence, robot manipulation, and computer vision. As an undergraduate student at Harvard, Minsky built SNARC, considered the ‘first neural network’ by many, using over 3000 vacuum tubes and a few components from the B-52 bomber.
Although multifactor authentication is crucial for preventing a great percentage of attacks, however, is not enough – not in today’s rapidly changing threat landscape. Enterprises need to evolve their identity and access management policy towards a modernized authentication solution. As Uri and I agreed, we need to leverage multiple data layers that would allow us to map a legitimate behavior versus a malicious one. Not only do we need to examine contextual data like location and device, but we also need to consider behavioral insights, look at micro behaviors such as hesitation, distraction, and rest. Having all these data layers, we can then leverage machine learning to aggregate them into a coherent analysis that indicates abnormal behaviors. Besides enabling artificial intelligence and machine learning to enhance our security posture, it is equally important to consider customer experience. For example, the best authentication tools today rely on mobile applications. What happens if a ratio of your employees cannot use their mobile phone, or they are reluctant about their employee installing an app in their personal mobile?