GDPR is the IT industry's next "Y2K crisis." Effective May 25, 2018, it ensures that any citizen of the European Union can review, rectify, and even erase any personal data from corporate datacenters. Companies that fail to respond to requests can be heavily fined. See Bob Yelland's quick 13-page guidebook on this, titled [GDPR - How it Works].
Known as the "Wizard of Big Data", Jeff Jonas is at home in Las Vegas. Back in the 1990s, Jeff developed software for the casinos to identify and catch cheaters, which was used to catch the six MIT card-counters depicted in the Ben Mezrich's book [Bringing Down the House: The Inside Story of Six MIT Students Who Took Vegas for Millions], and the 2008 movie  starring Jim Sturgess, Kevin Spacey, and Lawrence Fishburne.
His team also developed the Non-Obvious Relationship Awareness (NORA) software for the casinos, combining the records of 15 million customers, 20,000 employees, and 18 different watch lists. If a casino did business with people on certain watch lists, they could be put out of business or heavily fined.
NORA alerts identified 24 active VIP players as known cheaters, 12 employees were active gamblers against company policy, 192 employees had possible relationships with casino vendors, and in seven cases the players were the vendor. One casino discovered they were paying to have one of these cheaters flown to Las Vegas to play at their tables!
(IBM acquired Jeff's company Systems Research and Development (SRD) back in 2005. I had the pleasure of working with Jeff during his 11 year stint at IBM, and participated in his G2 project that was later spun off in 2016 to form his newest company, Senzing. See my 2011 blog post [Storage Innovation Executive Summit] of Jeff's thoughts back then.)
Jeff identifies four challenges in complying with GDPR regulation. Suppose an EU citizen comes to your company and asks just to review all information that you have on them. How would you do that?
So this is Challenge #1: There are lot's of places to look. You have a customer database, loyalty club, marketing programs, vendor and supplier databases, and customer service. But wait, the person might have also been an employee! Does your employee database let you search for information on former employees?
Challenge #2 is that the data occurs in variations. Liz Reston could be stored as Elizabeth or Beth. Her last name might have changed from various marriages and divorces. Can you generate all of the variations to search on?
(I know this personally. I am not the only famous "Tony Pearson" out there. There is Tony Pearson, a cricket player in England. There is Tony Pearson, Chief of Staff in the Australian government. And finally, there is 61-year-old "Mr. Universe" Tony Pearson, the "Michael Jackson" of Bodybuilding. Needless to say, women who showed up at my house unannounced looking for him instead were sometimes disappointed!)
Challenge #3 is that existing systems have search limitations. Imagine going to a library that doesn't have a card catalog or computerized index. Rather, you need to go floor by floor, row by row, book by book, looking for the information you are looking for.
Human Resources software might only offer search options for name, date of birth or employee serial number. Hotel systems don't offer you search capabilities of billing or home addresses.
Small typos can result in incomplete search results. Home addresses, for example, are often written in different ways, suite or apartment numbers may be represented differently as well, and abbreviations may be used to represent fully-qualified names.
What are you going to do, ask the IT department to write custom SQL queries for you? One of the unexpected benefits of Jeff's NORA system was that it could match entities between databases by street address, a trick that normally isn't designed into most applications.
Challenge #4 is that not all things that look alike are alike. For example, Liz Reston and her co-dependent husband Bob might [share the same email address].
Family members might have the same home address and phone number. Sons are often named after their fathers, but don't always write "Senior" or Junior" or "III" at the end of their names.
In other cases, roommates in college, who are not related in any other way, might share the same home address. The same apartment number or home address could be used by different people as the house is sold or apartment is rented from one family to another.
It took Jeff decades to appreciate the results of these entity relationships, and then GDPR happened in 2016. When a citizen asks to review their personal data, which they can after May 25 for free, a company must deliver within 30 days. The person can then ask to rectify certain information, or have it erased altogether.
So what seems like a simple enough question, "What do we know about Liz Reston?" turns out to be challenging to answer for a variety of reasons. Jeff did a survey of over 1,000 European companies, here were the results:
Having access to powerful enterprise-wide "single subject search" discovery tools, however, can also lead to search abuse. For example, a famous celebrity is admitted to a hospital, and suddenly sensitive information is leaked to the tabloids or paparazzi. Someone asks their friend, a police officer, to search the license plate on someone's vehicle. A father searches his corporate database for information on his daughter's new boyfriend.
To address this privacy concern, Jeff suggests a tamper-proof audit log that shows who searched for whom. Where are we going to get technology to do this? We already have it: Blockchain! That's right, the technology that enables Bitcoin to operate without government controls already includes a tamper-proof audit log for transactions.
Jeff's plans for his new company Senzing is to deliver software for different use cases, with APIs for popular programming languages like Java and Python, and a workbench that runs on Windows. He is also considering a "Community Edition" that could be affordable for even the smallest of businesses, with a challenge to the audience to please contribute to this as an open source project.
The video is still available on [IBM Think 2018 Replays].
technorati tags: IBM, #Think2018, #Think18, #Think, #IBMthink, Jeff Jonas, Data Scientist, Senzing, European Union, General Data Protection Regulation, GDPR, Y2K crisis, Bob Yelland, MIT, Jim Sturgess, Kevin Spacey, Lawrence Fishburne, SRD, NORA, Las Vegas, VIP, G2 project,card catalog, Human Resources, shared email, SQL query, single subject search, search abuse, tamper-proof audit log, Blockchain, Bitcoin, Java, Python, Community Edition
Last week, IBM clients, Business Partners and executives got together for the inaugural IBM [Think 2018] conference. There were over 30,000 attendees.
In an age of exponentially more data, connected devices and computing power, there are more ways for attackers to breach an organization than ever before. Teams are challenged to manage these threats as they deal with too many disparate tools from too many vendors, an enormous security and IT skills shortage, and a growing number of compliance mandates.
Marc van Zadelhoff, General Manager, IBM Security, kicked off the session "Ready For Anything: Build a Cyber Resilient Organization". The year 2017 was a tough year for security. People can relate to the number of security breaches that happened.
Why do companies struggle in this area? It is not just because hackers have become more sophisticated. IBM Security has over 8,000 security experts to help clients. When IBM is called in, we find 90 percent lack basic fundamentals from firewall rules and patch management. It takes on average 200 days for companies to detect breaches. Sadly, 77 percent do not have a response plan after the breach happens.
To help this, IBM has come up with new terminology. At a certain point, [the shit hits the fan], a Canadian phrase meaning "messy consequences are brought about by a previously secret situation becoming public." Marc explained that it often is accompanied by FBI agents showing up at the front door.
Marc referred to this event as "the Boom". All of the preparation and prevention happen "left of Boom". The clean-up, salvaging your brand reputation, and remediating the damage was called "right of Boom". Here are some examples of a Boom event:
Left of Boom is our domain of choice. We are surrounded with just security and IT problems, problems we have studied our entire careers, involving daily activities we complete with a sense of certainty.
Right of Boom is a completely different matter. Others get involved, including Legal, HR, and sometimes even the Board of Directors. These are distant, hazy problems that don't occur every day, and more uncertainty.
The Boom is not the initial breach, but when the breach becomes public, an average of 200 days later. Hackers can do quite a lot of damage during these 200 days. What might have started as phishing emails, might continue with access to sensitive databases, stolen credentials to other servers, access to internal networks, and additional compromises.
Likewise, companies should not expect to clean up the mess in just a few days either. IT forensics are used to determine the scope of the breach. Regulators and auditors are notified, press conferences and legal dispositions are scheduled to address the public concerns, and social media sentiment might fall.
Back in 2016, [IBM acquired Resilient] a security software company. Ted Julian, IBM VP Product Management and Co-Founder of Resilient, performed a live demo of this software. Basically, it is a dashboard that automates gathering incident data, determines the tasks required, and then orchestrates appropriate responses. This allows the security administrator to launch remediation directly in context.
Last year, over 1,400 customers have taken advantage of IBM's security breach simulator lab, the IBM X-Force Command Center. On the right side of the boom, time matters. What might take 90 minutes manually can be done in two minutes with IBM Resilient dashboard and the right amount of practice and training.
Next on stage were Wendi Whitmore, IBM Security Services, and Mike Errity, Vice President IBM Resiliency Services. While Wendi's team is handling the situation from afar, Mike's team lives in the data center. Mike explained Recovery Time Objective (RTO) and Recovery Point Objective (RPO), which applies to recovery after cyberattack, similar to Disaster Recovery after a hurricane.
Wendi indicates that executives need visibility into what is going on after a breach, and to have retainers involved in PR firms and other industry experts to be called on a short notice as needed right of boom.
Richard Puckett, Vice President Security Operations, Strategy and Architecture, at Thomson Reuters, was the final speaker. Richard spent the first six months of his job uplifting the security protocols at Thomson Reuters. They partnered with IBM to build up their talent for their Security Operation Center (SOC).
Threats are asymmetric. Unlike traditional physical threats from mobs of people, or trucks parked at the front door, cyber threats go undetected. Once they are detected, it can be difficult to identify the perpetrator. Richard suggests that good security requires good management. Patch management is not the sexiest, but is critical. Don't focus on shiny new objects, but rather fixing weak passwords and poor patch management procedures.
In the struggle to keep up, organizations are not doing a good job of mastering the security fundamentals. IBM believes that with the right approach, technologies and experts, our clients can fight back. IBM can deliver security and resiliency at the scale and speed necessary to protect businesses against the challenges of today, and tomorrow.
technorati tags: IBM, #Think2018, #IBMthink, #Think18, #Think, Marc van Zadelhoff, IBM Security, hackers, firewall rules, patch management, security breach, left of Boom, right of Boom, zero-day+malware, ransomware, IBM Resilient, Ted Julian, X-Force Command Center, Wendi Whitmore, Mike Errity, Richard Puckett, Thomson Reuters, asymmetric threat
Last week, IBM clients, Business Partners and executives got together for the inaugural IBM [Think 2018] conference. There were over 30,000 attendees.
While Sal Khan was a hedge fund manager in Nor then California, he was also a math tutor to his cousin Nadia over the Internet in the evenings. This extended to 15 other family members. In November 2006, Sal started to record his teachings on a YouTube channel. His cousins liked the YouTube recordings better, as they could go at their own pace.
In 2007, Sal realized that many people who were not family-related were watching his educational videos on YouTube. Sal quit his job and set up [Khan Academy] as a non-profit organization. Unfortunately, the donations he received from students and parents were not enough to support his monthly expenses. However, he received a generous $10,000 US dollar donation from a parent who used the site with her kids.
Word got around. Bill Gates from Microsoft mentioned Khan Academy in an on-stage interview. Mr. Gates admired Sal's wife for letting him quit his job to pursue his interests.
(Later, Mr. Gates invited Sal to visit the Microsoft campus in Seattle, WA, asking him "What could Khan Academy achieve if you had more resources?" A question folks in public education, or the IT industry for that matter, rarely hear! )
By Fall 2010, the Gates Foundation, Google, [and other supporters] helped make this a fully funded organization, he was able to hire engineers and educators.
Sal gave an interesting analogy. Imagine building a house, the first step is to pour the concrete foundation, instructing the builders to "do what you can in two weeks". The inspection indicates problems, but you go ahead and build first floor with the same approach "do what you can in two weeks", then build second floor. Eventually, the house collapses.
Sal organized Khan Academy similar to [Kung Fu belt colors], rather than the manner students are grouped by age in traditional American schools, promoted lock-step, regardless of their readiness. Many students have gaps, and being moved to next grade just results in more gaps. The solution is to fill the gaps in a timely manner.
Sal gave three inspiring stories of some of his students:
But how effective is Khan Academy overall? Working with the college test board, Sal was able to do efficacy studies. With 250,000 students using Khan Academy for PSAT/SAT prep for just 20 hours produced 100 percent extra gain. A similar study in Idaho found 80 percent extra gain with 10,500 students. In Brazil, a 7,000 student study found that one hour of Khan academy per week resulted in 30 percent more learning.
The videos on Khan Academy favor being simple and authentic, rather than high production value. The software and equipment used to make the first videos only cost a few hundred dollars. The costs are just 30 US cents per hour of learning.
Today, the free online learning resources cover preschool through early college education, including K-12 math, grammar, biology, chemistry, physics, economics, finance, history, and SAT prep. Khan Academy also provides teachers with tools and data so they can help their students develop the skills, habits, and mindsets they need to succeed in school and beyond.
The concept scales well. Khan Academy has over 150 employees, with another 14,000 volunteers helping with translations. Over 59 million students have registered across 190 countries. Every year, about 300,000 people send in donations. The webiste has had over 1.4 billion views.
Sal finished his talk with a thought experiment: Go back 400 years ago to Western Europe, a time when only about 10 percent of men, and 5 percent of women, could read. If you asked someone, back then, what percentage of people could be taught to read, they would estimate only 20 to 30 percent.
Today we know that nearly 100 percent of people can be taught to read. However, if you asked people today what percentage of people could become a software engineer, start a business, or write a novel, people respond only one to five percent.
IBM Watson is also helping out in the area of education. Register today at [Teacher Advisor]!
technorati tags: IBM, #Think2018, #IBMthink, #Think, Mark Jeffries, Sal Khan, Khan Academy, Ann Doerr, Bill Gates, Google, Mongolia, Afghanistan, Taliban, efficacy study, Idaho, Brazil, PSAT, SAT, YouTube
This week, IBM clients, Business Partners and executives get together for the inaugural IBM [Think 2018] conference. There are over 30,000 attendees.
This is a combination of last year's three events: Edge, InterConnect, and World of Watson (WoW). The combined event is divided into four "campuses":
(I am not in Las Vegas! In my first post in this series, [Science Slam], I forgot to mention that I was not physically there, and have since been flooded with invitations and requests for one-on-one meetings with clients and cocktail parties. Sorry folks! I am in Tucson writing these blog posts by watching the live stream videos of the event.)
Ginni (and the rest of the company) has re-invented IBM to achieve exponential change. The change impacts all industries, not just the three we saw on the stage during this keynote session.
To follow along with the rest of Think2018 conference, watch the live stream on [www
technorati tags: IBM, #Think2018, #IBMthink, #Think, InterConnect, Edge, World of Watson, Science Slam, Putting Smart to Work, Ginni Rometty, Moore's Law, Metcalfe's Law, Watson's Law, Man+Machine Learning, Credit Mutuel, Catalyst Award, Workday, POWER9, Mainframe, IBM Cloud Private, IBM Cloud Private for Data, Bell Atlantic, GTE, Vodaphone, MCI, fiber optic, Mars, 5G Wireless, Michael White, Maersk, IBM-Maersk joint venture, Bitcoin, anonymity, paperless transactions, global trade platform, Dave McKay, Royal Bank Canada, RBC, Apple Wallet, data stewardship, exponential change, RBC AVA, IBM Cloud, Artificial Intelligence, IBM AI
This week, IBM clients, Business Partners and executives get together for the new IBM [Think 2018] conference. This is a combination of last year's three events: Edge, InterConnect, and World of Watson (WoW).
(The theme this week is "Putting smart to work." Some might feel that this is a gram
The keynote session today was "Science Slam: Unveiling 5 Breakthrough Technologies That Will Change the World!" by Arvind Krishna, IBM Research Director. IBM has over 3,000 researchers, in 12 labs, across six continents.
This talk was based on IBM's annual five-in-five, five predictions that might change the world in the next five years. For amusement, read my 10-year-old blog post [Five in five for 2008], including predictions for smart thermostats that can be controlled remotely, and self-driving cars.
("Science Slam" is IBM Research version of [Pecha Kucha], but instead of art students having 20 minutes to show 20 PowerPoint slides, each IBM research scientist has 5-7 minutes to explain the research project they are exploring. These are done both internally, as well as to audiences outside the company.)
Jamie Garcia served as emcee, introducing each of the five experts. Each spent 5-7 minutes, Science Slam style, on what projects they were working on.
To learn more about these five topics, see [5-in-5 predictions]. To follow along with the rest of this conference, watch the live stream on [www
technorati tags: IBM, #Think2018, #IBMthink, #Think, Edge, WoW, InterConnect, Science Slam, Arvind Krishna, Jamie Garcia, Andreas Kind, John+Oliver, Blockchain, Crypto-Anchor, Tom+Zimmerman, McGyver, robotic microscopes, face recognition, early warning system, Francesca Rossi, cognitive bias, Buster Benson, MIT, Quantum Computing, Talia Gershon, QISkit, IBM Q