This week, I am in Orlando, Florida for the [IBM Technical University], with focus on IBM storage, IBM Z mainframes and IBM Power servers. Here is my recap for the keynote sessions on Day 1.
You can follow along this week with Twitter hashtag #IBMTechU, or follow me at @az990tony.
technorati tags: IBM, #IBMTechU, Art Beller, Artificial Intelligence, AI, Kathryn Guarini, MIT, Stanford University, Narrow AI, Broad AI, General AI, False Positive, Hillery Hunter, Federated AI, PowerAI, Distributed Deep Learning, DDL, SnapML, in-memory computing, Clod Barrera, Phase Change Memory, PCM, Microsoft Azure, Transfer Learning, Explainable+AI, Medical Sieve, Fraud Detection
Next week, I will be in Orlando, Florida for the [IBM Technical University], with focus on IBM storage, IBM Z mainframes and IBM Power servers.
Last month, I listed [the various topics I will be presenting there]. To help you prepare for next week, here are my blog posts from the TechU last October in New Orleans:
The New Orleans event was a five-day event, but I had to leave Wednesday evening for other meetings, so missed out on the last two days.
I do plan to be there all of next week in Orlando. Look for me at one of my sessions, during the breaks, the Solutions Reception on Monday evening, the Poster Session on Tuesday evening, or Universal Studios event on Thursday evening.
You can follow along with Twitter hashtag #IBMtechU, or follow me at @az990tony.
Well, it's Tuesday again, and you know what that means? IBM Announcements!
(FTC Disclosure: I work for IBM. This blog post can be considered a "paid celebrity endorsement" of the IBM Z and IBM storage products mentioned below.)
In a few weeks, I will be presenting at the [IBM Systems Technical University], April 30-May 4, in Orlando Florida. If you plan to attend, come look for me. I will be there all week!
technorati tags: IBM, DS8000, DS8880, CSP, MSP, mainframe, Z14, Z14 model ZR1, LinuxOne, LinuxOne RockHopper, DS8884, DS8886, DS8888, DS8884F, DS8886F, DS8888F, z/OS, IBM Z, MIPS, FICON, Transparent Cloud Tiering, Spectrum Scale, Elastic Storage Server, ESS, Audit File Logging, Data Access Edition, Data Management Edition, KPMG, NENR, IBM Cloud, IBM Cloud Object Storage, Amazon S3, Hortonworks, HDP, Ambari, TS4500, LTO, Security Key Lifecycle Manager, SKLM, #IBMtechU, Orlando, FL
GDPR is the IT industry's next "Y2K crisis." Effective May 25, 2018, it ensures that any citizen of the European Union can review, rectify, and even erase any personal data from corporate datacenters. Companies that fail to respond to requests can be heavily fined. See Bob Yelland's quick 13-page guidebook on this, titled [GDPR - How it Works].
Known as the "Wizard of Big Data", Jeff Jonas is at home in Las Vegas. Back in the 1990s, Jeff developed software for the casinos to identify and catch cheaters, which was used to catch the six MIT card-counters depicted in the Ben Mezrich's book [Bringing Down the House: The Inside Story of Six MIT Students Who Took Vegas for Millions], and the 2008 movie  starring Jim Sturgess, Kevin Spacey, and Lawrence Fishburne.
His team also developed the Non-Obvious Relationship Awareness (NORA) software for the casinos, combining the records of 15 million customers, 20,000 employees, and 18 different watch lists. If a casino did business with people on certain watch lists, they could be put out of business or heavily fined.
NORA alerts identified 24 active VIP players as known cheaters, 12 employees were active gamblers against company policy, 192 employees had possible relationships with casino vendors, and in seven cases the players were the vendor. One casino discovered they were paying to have one of these cheaters flown to Las Vegas to play at their tables!
(IBM acquired Jeff's company Systems Research and Development (SRD) back in 2005. I had the pleasure of working with Jeff during his 11 year stint at IBM, and participated in his G2 project that was later spun off in 2016 to form his newest company, Senzing. See my 2011 blog post [Storage Innovation Executive Summit] of Jeff's thoughts back then.)
Jeff identifies four challenges in complying with GDPR regulation. Suppose an EU citizen comes to your company and asks just to review all information that you have on them. How would you do that?
So this is Challenge #1: There are lot's of places to look. You have a customer database, loyalty club, marketing programs, vendor and supplier databases, and customer service. But wait, the person might have also been an employee! Does your employee database let you search for information on former employees?
Challenge #2 is that the data occurs in variations. Liz Reston could be stored as Elizabeth or Beth. Her last name might have changed from various marriages and divorces. Can you generate all of the variations to search on?
(I know this personally. I am not the only famous "Tony Pearson" out there. There is Tony Pearson, a cricket player in England. There is Tony Pearson, Chief of Staff in the Australian government. And finally, there is 61-year-old "Mr. Universe" Tony Pearson, the "Michael Jackson" of Bodybuilding. Needless to say, women who showed up at my house unannounced looking for him instead were sometimes disappointed!)
Challenge #3 is that existing systems have search limitations. Imagine going to a library that doesn't have a card catalog or computerized index. Rather, you need to go floor by floor, row by row, book by book, looking for the information you are looking for.
Human Resources software might only offer search options for name, date of birth or employee serial number. Hotel systems don't offer you search capabilities of billing or home addresses.
Small typos can result in incomplete search results. Home addresses, for example, are often written in different ways, suite or apartment numbers may be represented differently as well, and abbreviations may be used to represent fully-qualified names.
What are you going to do, ask the IT department to write custom SQL queries for you? One of the unexpected benefits of Jeff's NORA system was that it could match entities between databases by street address, a trick that normally isn't designed into most applications.
Challenge #4 is that not all things that look alike are alike. For example, Liz Reston and her co-dependent husband Bob might [share the same email address].
Family members might have the same home address and phone number. Sons are often named after their fathers, but don't always write "Senior" or Junior" or "III" at the end of their names.
In other cases, roommates in college, who are not related in any other way, might share the same home address. The same apartment number or home address could be used by different people as the house is sold or apartment is rented from one family to another.
It took Jeff decades to appreciate the results of these entity relationships, and then GDPR happened in 2016. When a citizen asks to review their personal data, which they can after May 25 for free, a company must deliver within 30 days. The person can then ask to rectify certain information, or have it erased altogether.
So what seems like a simple enough question, "What do we know about Liz Reston?" turns out to be challenging to answer for a variety of reasons. Jeff did a survey of over 1,000 European companies, here were the results:
Having access to powerful enterprise-wide "single subject search" discovery tools, however, can also lead to search abuse. For example, a famous celebrity is admitted to a hospital, and suddenly sensitive information is leaked to the tabloids or paparazzi. Someone asks their friend, a police officer, to search the license plate on someone's vehicle. A father searches his corporate database for information on his daughter's new boyfriend.
To address this privacy concern, Jeff suggests a tamper-proof audit log that shows who searched for whom. Where are we going to get technology to do this? We already have it: Blockchain! That's right, the technology that enables Bitcoin to operate without government controls already includes a tamper-proof audit log for transactions.
Jeff's plans for his new company Senzing is to deliver software for different use cases, with APIs for popular programming languages like Java and Python, and a workbench that runs on Windows. He is also considering a "Community Edition" that could be affordable for even the smallest of businesses, with a challenge to the audience to please contribute to this as an open source project.
The video is still available on [IBM Think 2018 Replays].
technorati tags: IBM, #Think2018, #Think18, #Think, #IBMthink, Jeff Jonas, Data Scientist, Senzing, European Union, General Data Protection Regulation, GDPR, Y2K crisis, Bob Yelland, MIT, Jim Sturgess, Kevin Spacey, Lawrence Fishburne, SRD, NORA, Las Vegas, VIP, G2 project,card catalog, Human Resources, shared email, SQL query, single subject search, search abuse, tamper-proof audit log, Blockchain, Bitcoin, Java, Python, Community Edition
Last week, IBM clients, Business Partners and executives got together for the inaugural IBM [Think 2018] conference. There were over 30,000 attendees.
In an age of exponentially more data, connected devices and computing power, there are more ways for attackers to breach an organization than ever before. Teams are challenged to manage these threats as they deal with too many disparate tools from too many vendors, an enormous security and IT skills shortage, and a growing number of compliance mandates.
Marc van Zadelhoff, General Manager, IBM Security, kicked off the session "Ready For Anything: Build a Cyber Resilient Organization". The year 2017 was a tough year for security. People can relate to the number of security breaches that happened.
Why do companies struggle in this area? It is not just because hackers have become more sophisticated. IBM Security has over 8,000 security experts to help clients. When IBM is called in, we find 90 percent lack basic fundamentals from firewall rules and patch management. It takes on average 200 days for companies to detect breaches. Sadly, 77 percent do not have a response plan after the breach happens.
To help this, IBM has come up with new terminology. At a certain point, [the shit hits the fan], a Canadian phrase meaning "messy consequences are brought about by a previously secret situation becoming public." Marc explained that it often is accompanied by FBI agents showing up at the front door.
Marc referred to this event as "the Boom". All of the preparation and prevention happen "left of Boom". The clean-up, salvaging your brand reputation, and remediating the damage was called "right of Boom". Here are some examples of a Boom event:
Left of Boom is our domain of choice. We are surrounded with just security and IT problems, problems we have studied our entire careers, involving daily activities we complete with a sense of certainty.
Right of Boom is a completely different matter. Others get involved, including Legal, HR, and sometimes even the Board of Directors. These are distant, hazy problems that don't occur every day, and more uncertainty.
The Boom is not the initial breach, but when the breach becomes public, an average of 200 days later. Hackers can do quite a lot of damage during these 200 days. What might have started as phishing emails, might continue with access to sensitive databases, stolen credentials to other servers, access to internal networks, and additional compromises.
Likewise, companies should not expect to clean up the mess in just a few days either. IT forensics are used to determine the scope of the breach. Regulators and auditors are notified, press conferences and legal dispositions are scheduled to address the public concerns, and social media sentiment might fall.
Back in 2016, [IBM acquired Resilient] a security software company. Ted Julian, IBM VP Product Management and Co-Founder of Resilient, performed a live demo of this software. Basically, it is a dashboard that automates gathering incident data, determines the tasks required, and then orchestrates appropriate responses. This allows the security administrator to launch remediation directly in context.
Last year, over 1,400 customers have taken advantage of IBM's security breach simulator lab, the IBM X-Force Command Center. On the right side of the boom, time matters. What might take 90 minutes manually can be done in two minutes with IBM Resilient dashboard and the right amount of practice and training.
Next on stage were Wendi Whitmore, IBM Security Services, and Mike Errity, Vice President IBM Resiliency Services. While Wendi's team is handling the situation from afar, Mike's team lives in the data center. Mike explained Recovery Time Objective (RTO) and Recovery Point Objective (RPO), which applies to recovery after cyberattack, similar to Disaster Recovery after a hurricane.
Wendi indicates that executives need visibility into what is going on after a breach, and to have retainers involved in PR firms and other industry experts to be called on a short notice as needed right of boom.
Richard Puckett, Vice President Security Operations, Strategy and Architecture, at Thomson Reuters, was the final speaker. Richard spent the first six months of his job uplifting the security protocols at Thomson Reuters. They partnered with IBM to build up their talent for their Security Operation Center (SOC).
Threats are asymmetric. Unlike traditional physical threats from mobs of people, or trucks parked at the front door, cyber threats go undetected. Once they are detected, it can be difficult to identify the perpetrator. Richard suggests that good security requires good management. Patch management is not the sexiest, but is critical. Don't focus on shiny new objects, but rather fixing weak passwords and poor patch management procedures.
In the struggle to keep up, organizations are not doing a good job of mastering the security fundamentals. IBM believes that with the right approach, technologies and experts, our clients can fight back. IBM can deliver security and resiliency at the scale and speed necessary to protect businesses against the challenges of today, and tomorrow.
technorati tags: IBM, #Think2018, #IBMthink, #Think18, #Think, Marc van Zadelhoff, IBM Security, hackers, firewall rules, patch management, security breach, left of Boom, right of Boom, zero-day+malware, ransomware, IBM Resilient, Ted Julian, X-Force Command Center, Wendi Whitmore, Mike Errity, Richard Puckett, Thomson Reuters, asymmetric threat