Connect with us

Featured

OECD adopts AI rules

Published

on

OECD and partner countries formally adopted the first set of intergovernmental policy guidelines on Artificial Intelligence (AI) today, agreeing to uphold international standards that aim to ensure AI systems are designed to be robust, safe, fair, and trustworthy.

The OECD’s 36 member countries, along with Argentina, Brazil, Colombia, Costa Rica, Peru and Romania, signed up to the OECD Principles on Artificial Intelligence at the Organisation’s annual Ministerial Council Meeting, taking place today and tomorrow in Paris and focused this year on “Harnessing the Digital Transition for Sustainable Development”.

Elaborated with guidance from an expert group formed by more than 50 members from governments, academia, business, civil society, international bodies, the tech community and trade unions, the Principles comprise five values-based principles for the responsible deployment of trustworthy AI and five recommendations for public policy and international co-operation. They aim to guide governments, organisations and individuals in designing and running AI systems in a way that puts people’s best interests first and ensuring that AI system designers and operators are held accountable for their proper functioning.

“Artificial Intelligence is revolutionising the way we live and work, and offering extraordinary benefits for our societies and economies. Yet, it raises new challenges and is also fuelling anxieties and ethical concerns. This puts the onus on governments to ensure that AI systems are designed in a way that respects our values and laws, so people can trust that their safety and privacy will be paramount,” said OECD Secretary-General Angel Gurría. “These Principles will be a global reference point for trustworthy AI so that we can harness its opportunities in a way that delivers the best outcomes for all.” (Read the full speech.)

The AI Principles have the backing of the European Commission, whose high-level expert group has produced Ethics Guidelines for Trustworthy AI, and they will be part of the discussion at the forthcoming G20 Leaders’ Summit in Japan. The OECD’s digital policy experts will build on the Principles in the months ahead to produce practical guidance for implementing them.

While not legally binding, existing OECD Principles in other policy areas have proved highly influential in setting international standards and helping governments to design national legislation. For example, the OECD Privacy Guidelines, which set limits to the collection and use of personal data, underlie many privacy laws and frameworks in the United States, Europe and Asia. The G20-endorsed OECD Principles of Corporate Governance have become an international benchmark for policy makers, investors, companies and other stakeholders working on institutional and regulatory frameworks for corporate governance.

The AI Principles can be downloaded in full at this link. In summary, they state that:

1.    AI should benefit people and the planet by driving inclusive growth, sustainable development and well-being.

2.    AI systems should be designed in a way that respects the rule of law, human rights, democratic values and diversity, and they should include appropriate safeguards –  for example, enabling human intervention where necessary – to ensure a fair and just society.

3.    There should be transparency and responsible disclosure around AI systems to ensure that people understand when they are engaging with them and can challenge outcomes.

4.    AI systems must function in a robust, secure and safe way throughout their lifetimes, and potential risks should be continually assessed and managed.

5.    Organisations and individuals developing, deploying or operating AI systems should be held accountable for their proper functioning in line with the above principles.

The OECD recommends that governments:

·         Facilitate public and private investment in research & development to spur innovation in trustworthy AI.

·         Foster accessible AI ecosystems with digital infrastructure and technologies, and mechanisms to share data and knowledge.

·         Create a policy environment that will open the way to deployment of trustworthy AI systems.

·         Equip people with the skills for AI and support workers to ensure a fair transition.

·         Co-operate across borders and sectors to share information, develop standards and work towards responsible stewardship of AI.

Featured

Cloud makes business magic

A cloud summit conference last week illustrated the dramatic way the cloud can transform an organisation’s capacity.

Published

on

What do the movies have in common with banks? Aside from the billions of rands and dollars that flow through both industries, they seem worlds apart. Yet, in the world of cloud computing, they are suddenly close neighbours.

It’s not just that both now tend to host their services in the cloud, accessible from any connected device anywhere in the world. Now, they can take advantage of the lessons, systems and strategies that each has adopted in the cloud.

One of the best-known examples of leveraging the cloud for global impact is Netflix, which hosts its content in the data centres of Amazon Web Services (AWS), the world’s largest cloud computing service. Along with videos and movies, it also uses applies regional licensing frameworks via this cloud platform, meaning it can instantly launch new services and videos worldwide that comply with local regulations in every country.

At last week’s AWS Summit in Cape Town, it became clear just how powerful the cloud can be for South African organisations. One of South Africa’s oldest insurance companies, one of the country’s largest universities and the country’s newest bank all took to the stage to share case studies of how the cloud had transformed their operations.

That is probably all that Old Mutual, the University of Pretoria and TymeBank have in common, but they slotted in neatly to a bigger story: the cloud is available to any institution or business, large or small, old or new. This is the underlying secret to the astonishing growth of TymeBank, South Africa’s first fully digital bank, and the first entity to receive a banking license in this country in 19 years.

Launched earlier this year, it currently brings 100,000 new customers on board every month. To achieve this, it uses no less than 54 distinct services available on the AWS platform, says Dieter Botha, chief information officer of the bank.

“We’ve got so many services in the ecosystem. From a security point of view, every single one of our customers’ conversations with banks comes into the AWS world via a security layer, a content delivery network, web application firewall and AWS’s Advanced Shield, so we are pretty resilient from cyber attacks. The primary purpose is to make sure our face to the world is protected from attack.”

The most fascinating aspect of their ability to leverage the AWS cloud, however, was the fact that they were able to piggyback on processes and systems that streaming video giant Netflix had created for its own services in the cloud.

“They’ve got what we call the Netflix stack, a set of tools they put together that makes it easier to manage microservices, small elements of computer processes that run in what are called containers.”

Netflix built its own application containers, on top of an open-source platform, meaning that anyone could use and adapt the systems it had developed. However, that was only a starting point while TymeBank was pulling itself up by its own bootstraps.

“This is where we say, if you take a step back, this stuff is very cool, but it translates into an element of risk. From a risk point of view, rather than using that scaffolding, we said let’s take our microservices container, and get an animal like AWS to run it for us. So we’re effectively replacing the Netflix stack with AWS and its native services.

“Now our techies can just focus on the code inside our operations rather than build the heavy scaffolding we had to worry about. The documentation is so good on AWS, because they have real technical gurus who understand the systems, that it de-risks our services.”

Netflix wasn’t the only everyday consumer service that played its part on building TymeBank. It turns out that many of the global giants have made their systems and learnings available to anyone on the world. The bank turned to a product from none other than Facebook to help build its Web presence.

“When you look under the hood of our Internet banking product, the programming language is JavaScript, but Facebook has packed it into a framework for building their pages. They then open-sourced it, and called it React, which makes it easier to use it. Our Internet banking product is built using the Facebook React framework. In the exact same way, Netflix are also releasing frameworks to the Open Source community all the time.”

As TymeBank refines its services and migrates deeper and deeper into the Amazon cloud, it has also been able to cut costs dramatically.

“We found as we’ve grown and become more comfortable in that cloud and more skilled in the use of the cloud, we began consuming more native services, meaning they are designed to run in the cloud. That’s a really big deal for us. That’s when you see the benefits of the cloud ecosystem. One native service can trigger another, because they talk to each other well.

“This includes a set of services that help you manage your life and bills in the cloud. People forget about costs. Now we can tag a lot of our services in the AWS cloud to understand exactly what is driving cost points, and we are able to manage costs right down to the level of the techies.

“Traditionally, if you sign a contract with a big supplier, it gets filed away, and the techies don’t even know what is driving costs. By tagging services in the cloud, you’re giving cost knowledge to your techies, and it’s in their power to push it up and down. You give them the power to understand costs and manage them. That’s never been possible before.”

This partly explains why TymeBank is able to bring the monthly cost of having a bank account to exactly zero. It is only when one starts using its services that banking fees kick in.

However, the fact that a 174-year-old insurance company like Old Mutual and a 156-year-old like Standard Bank are also rapidly migrating to the AWS platform is a clear message that the cloud is not just for newcomers.

Both institutions began offering their services in the middle of the 18th century, when the concept of technology barely existed. Yet, the constant evolution and falling price of cutting-edge tech like cloud computing has meant they can not only survive, but even thrive, in the presence of young upstarts like TymeBank.

  • Arthur Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter and Instagram on @art2gee

Continue Reading

Featured

Think like a hacker

Ethical hackers play a key role in keeping a company secure.

Published

on

Relevant cybersecurity isn’t perpetuated exclusively through investment and systems; it is reliant on people and their understanding of the cyber threat. 

A leading ethical technology hacker in Europe, Jamie Woodruff, gained access to a well-known financial institution by simply posing as a pizza delivery man. He was quoted as saying that it is the mistakes that people make that are the true threat to the business. That said, it is people like Woodruff who can provide the organisation with the insight required to pre-empt attacks, find hidden loopholes and educate employees. 

These ethical hackers know how to play the game of cybersecurity thrones. They understand the methodologies and the mindsets of those who make a living from penetrating business defences unlawfully and use this understanding to reshape security infrastructure and investment.

“The role of the ethical hacker has evolved considerably over the past few years,” says Karien Bornheim, CEO of Footprint Africa Business Solutions (FABS). “In the past, they would be hired by organisations to ensure that their security was capable of withstanding a concerted attack and, in some cases, find out if they had already been breached. Many organisations only discover that they’ve had a breach years after it has taken place. Today, the ethical hacker has added to their arsenal – their skills have evolved and so have the methods they use. Not only are they penetrating the front lines of defence, they are also launching attacks from the inside of the organisation.”

There has been a subtle shift from the slide in and out pen testing of the past when ethical hackers would attack organisations over a period of a few days or weeks. Now, many undertake long-term undercover assignments that embed them into the company. These are the ethical hackers that become part of the culture so they can identify the insider threats that are affecting the organisation, and even identify the source of ongoing security challenges. Many ethical hacker training courses specialise in undercover training into very specific technology skill sets that allow them to find the bigger threats to the organisation, particularly those perpetrated by employees.

The insider threat is a very real problem. According to CA’s Insider Threat 2018 Report, 90% of organisations feel that they are vulnerable to an insider attack, 53% have had confirmed insider attacks, and 27% have seen an increase in frequency. This has sparked significant internal investment into insider threat programmes that focus on deterrence, forensics and user behaviour monitoring.

“Ethical hackers are capable of immersing themselves into the culture of the business. They use this to detect behaviour that could potentially indicate if someone is an insider threat,” says Bornheim. “Their skills allow them to find digital proof of misdeeds and rapidly detect certain system issues or behaviours. Those who take on these roles can spend months or even years at an organisation protecting it both from within and without.”

That said, in spite of their security expertise and experience, many organisations remain reluctant to hire external ethical hackers and grant them access to their information. It’s an understandable concern. Many ethical hackers have moved from the so-called black hat (criminal) side of hacking to the white hat (legal) side and bring with them a suitcase of smart skills that few companies want to see thrown at their cybersecurity walls. However, this discomfort is the precise reason why the business should be paying attention and the bill.

“These individuals do command high salaries but what they offer the organisation in terms of reputational and cost-saving benefits, cannot be understated,” says Bornheim. “Should they discover a bug, a loophole, an existing piece of dangerous code, or any other threat to the company, they can save it millions.”

The average cost to the company, according to IBM’s study – Costs of Data Breaches Increase Expenses for Businesses, is around $US3.86 million for a data breach.  This cost has risen since 2016 by 6.4% and will likely increase again over the next 12-24 months. Any company facing that reckoning at the end of a cybersecurity hack from a black hat will suddenly see the bill that comes from a certified white hat like a missed opportunity.

“Certified ethical hackers operate under very strict ethical controls,” concludes Bornheim. “They report any issues or information they find and help the organisation to put more stringent or relevant controls in place. The ethical hacker is ultimately a weapon, one that can be safely wielded by the untrained to defend the organisation against future attacks, to rebuild systems and security platforms, and to uncover insider threats. Their role is as critical to the development of a robust cybersecurity stance as the software, solutions and training that are embedded into the human, machine, server, and system.”

Continue Reading

Trending

Copyright © 2019 World Wide Worx