New Delhi: The Narendra Modi government is working to turn around the way it handles and maintains important data related to its schemes and citizens — it is conducting an extensive review on the current state of data preparedness of all ministries.

Top government sources told ThePrint that the Development Monitoring and Evaluation Office of the NITI Aayog and the National Informatics Centre (NIC) have started the exercise to assess the preparedness of data systems.

Based on the results of the exercise, which would include a detailed online survey, a Data Governance Quality Index scorecard will be prepared and the ministries will be ranked.

The move comes following a missive from Bhaskar Khulbe, retired IAS officer and adviser to PM Modi. A recent communication from the NITI Aayog to the ministries stated they should complete the survey by 25 May, after which the information shared by them will be shared with the Prime Minister’s Office (PMO).

What will the exercise entail?

All ministries in the Modi government will have to conduct self-diagnosis on the use of information technology for monitoring various data. For this, they have to take an online survey.

The survey will seek to gather extensive details on the process of generation and collation of data on the government’s programmes or schemes. This includes focus on at what level the data is generated (national, state, district, panchayat, village, individual), and if it is digitised at the same level.

It will also seek to know from the ministries if the data is generated in real-time, or monthly, fortnightly, weekly, daily or quarterly.

The ministries will have to explicitly state if they use mobile surveys, geo-coded photos, geo-fenced information or location tracking devices to generate data.

Additionally, the survey will seek to know if ministries check data quality parameters like: proper profiling; control of incoming data; data pipeline design to avoid duplicate data; accurate gathering of data requirements; enforcement of data integrity; use of metadata; and availability of capable data quality control teams.

It will also look to know if the ministries use mobile phones for monitoring, outreach, feedback, collection of data remotely, phone-based survey, geo-tagged photo uploads, geo-fenced data generation, location and GPS data, and multimedia data.

Data analyses by ministries, and the methods used for that — ranging from exploratory data analysis, modeling and algorithms, correlation, causation, progression analysis, predictive or data mining — will also be considered.

Information on if the schemes have dashboards and the purposes for which they are used, such as visual representation of performance measures, will also be sought, among other measures. It will also assess if the ministries use IT for communication — website information, website dashboard, mobile app, social media.

The linkage of the ministries’ Management Information System with Public Financial Management System, Aadhaar, mobile numbers and bank accounts will also be seen.

Additionally, the assessment will check if the ministries use other data resources such as remote sensing data, night light data, social media, private sector generated data, and applies machine learning, artificial intelligence, blockchain and big data analytics.

‘Will curb data discrepancies’

Senior officials in the Modi government said the exercise will be an important step in the government’s management of crucial data using information technology — especially of data pertaining to schemes that are centrally sponsored.

“This would go a long way in monitoring the outputs and the outcomes of the schemes and ensuring that the data is organised. Specific and real-time data is the need of the hour for effective monitoring of their implementation as the central government periodically releases funds for them,” a top civil servant told ThePrint on condition of anonymity.

A second senior government official said the exercise will be important as several flagship schemes of the government are managed by more than one ministry.

“There have been multiple instances where discrepancies have been observed when the data collated by one ministry does not match the data collated by another, on the same scheme,” said the official, who didn’t wish to be named.

“Real-time and detailed data collation and their maintenance will help solve such discrepancies, ensure authenticity of the data and would be of crucial value to the government in making policy decisions,” the official said.

“Presently, there is data available in a manner that does not lead to a complete picture when collated,” the official said. “Moreover, there is no cross department sharing of data, even if it is the same scheme, leading to gaps and confusion. There is no integration of data, whereas data flow should be seamless inter or intra department.”

ThePrint had first reported that the government has begun an extensive exercise to record all Covid-19 response data, and hired a private firm for the job.

The post Modi govt plans to change the way it handles data, to assess ministries on system they follow appeared first on Artificial Intelligence.

The Personal Data Protection (PDP) Bill, 2019 introduces significant new requirements and challenges for legal and compliance functions. This entails changes to the ways in which technologies are designed and managed, including focus on search, storage and security of data. The PDP framework needs to stand test of time in the era of artificial intelligence, machine learning, robotic process automation (RPA), Big Data and the Internet of Things, as well as gadgets like Alexa and the Google Assistant, which are evolving at higher speed and posing many challenges in addressing data protection and privacy.

The Joint Select Committee of Parliament, which is examining the PDP Bill, faces a complex and multifaceted challenge. A number of transformations are at the core of current digital transformation: the blurring of distinction between reality and the virtual world; of a distinction between human, machine and nature; the issue of information abundance; a shift from standalone IT assets to networked assets; and of data and information processing from centralised hardware architecture to distributed-software designed architectures. The size of data in 2022 is to be about 40 times than that of 2020.

The PDP Bill, therefore, needs to be considered keeping in view such transformations in the backdrop, along with key objectives such as promotion of the digital economy, innovation and protection of citizen and consumer interest — with a focus on data privacy — and of the state and public interests.

The interests of the tech and commercial entities need to be balanced with that of the public and state, given reliance of the latter on such entities.

The current PDP Bill must meet such objectives for at least the next five years. The Bill, however, creates a ‘monopoly’, wherein all of the data, personal and non-personal, will be under the purview of the state and its agencies. The Bill does propose to provide checks and balances, albeit in only one or two cases, through rules and regulations. Nevertheless, its important to not only provide robust checks and balances for accessing the data, but also for lawmakers and citizens to know the principles behind them while formulating the law. The lawmakers, at least, would need to be satisfied by the proposals.

Defining personal data

Discussions have been intensely taking place in the country on expanding the scope of the PDP Bill; in particular, the definitions of ‘personal data’ and ‘non-personal data’. Many such discussions are critical to the broadening of the concept of personal data, and the inclusion of non-personal data. Given the technological advancements and the large amount of data available for analysis, absolute and irreversible anonymity may no longer be possible. All data in the near future will either be or will contain personal data, leading to the application of ‘data privacy and protection’ to just about everything. The data-analysis technology is rapidly moving towards perfect identification. Any information is likely to relate to a person.

A more principle-based holistic approach may thus be needed with regard to personal and non-personal data, because of the difficulties in distinguishing between the two.

The concept of personal data as in the PDP Bill is also likely to raise considerable legal uncertainty. According to Clause 3 (28), this concept covers data about or relating to a ‘natural person’, who can be identified either directly or indirectly. The problem here is that identifiability may only result from additional information or data available to and from the data fiduciary. This, as such, prevents anonymisation.

It will thus be necessary, in light of technological innovation, to consider applying the law uniformly to all kinds of personal and non-personal data. The other solution would be a clear separation of personal and non-personal data. In fact, the latter data could be limited to machine-generated data, and be aimed to implement an efficient market-oriented non-personal data law.

The pros and cons of Clause 91 of the Bill have also not been debated before its inclusion. It basically allows the government to ask companies for non-personal and anonymised personal data.

Tech-related aspects

There are certain provisions relating to social media as well. Such provisions should be included in the Information Technology Act, rather than the PDP Bill. In this hyper-connected world, can data localisation be possible, particularly where data is hosted, posted, updated and accessed using public networks in a decentralised environment? Only data that is hosted, posted and accessed on a captive private network can be localised.

It would be necessary to study the European Union’s GDPR (with which the PDP Bill bears many similarities) and other international frameworks, and align the provisions relating to cross-border flow of data while addressing Indian environment, culture and sovereignty of the country. Ultimately, country has to get its data protection and privacy framework recognised with other jurisdictions in the world, keeping in mind the larger interest of commerce, trade and manufacturing. The pitfalls of the GDPR also need to be taken into account.

The PDP Bill is expected to reshape the hierarchical structure of both public and private sectors, which would include the state, too. The state must have assessed this and may be ready for addressing implications of such reshaping, including standards for anonymisation, de-identification and filtering of non-personal data from the composite data set.

It must be noted that while creating and saving the numerous documents and data which may help in the compliance and verification needs of the PDP framework, “Big Data” and AI/ML will be present and applied. The very concept of Big Data, however, is in clash with that of data minimisation, an underlying concept in the PDP Bill.

It is, therefore, important to lay out a proper system of modern law for the digital economy that also integrates the perspective of privacy-based data protection, which may drive efficient market regulations. At the same time, all the stakeholders be made accountable and responsible while recognising their roles and functions.

The framework thus needs to be more modular, and may be expanded as we learn from experience and technological innovations. Care needs to be taken, that the PDP Bill does not become “the law of everything”.

Taneja is a lawyer with Karanjawala & Co. Rai is former National Cyber Security Coordinator, Government of India.

The post Data Protection Bill is vague and intrusive appeared first on Artificial Intelligence.

There is a new saying: “data is the new oil”. It serves as a lubricant in many industries. To have more data is life for companies. As such, companies mine data in order to generate new information. David Hand, the British statistician, summarises data mining as “discovery of interesting, unexpected or valuable structures in large datasets.”

The keyword here is “large”. For data mining to be effective, companies must collect more information than is necessary which violates the purpose limitation principle in the Nigerian Data Protection Regulation. Companies, according to the regulation, must always collect data for the purpose agreed to by the data subject.

Data mining, therefore, might seem a hard chore for most companies. However, with the right technical and organisation measures in place, companies can mine data in a legitimate manner.

A business can collect data for the purposes of ensuring that they serve their customers better.  For example, an air conditioner company can predict with greater degrees of accuracy when maintenance is required for their units located in various buildings. The company can decide to collect data such as temperature, vibration, noise, and images as such, giving them enhanced the ability to detect future faults with greater accuracy. This can be solved by (a) appropriate notification of data subjects (b) right consent mechanism.

From a business-to-business(B2B) perspective, a software company can help a farm carry out accurate analysis by mining data. This usually does not raise data protection issues. For example, the information from an agricultural solution, measuring the level of moisture in the soil, and potentially issuing a command to turn on a watering system for a given amount of time to reach a defined, set level, requires some level of data collection and analysis.

However, from the business-to-consumer(B2C) perspective, this can raise the data protection issue. A company provides a home automation system to customers, which provides temperature readings from a home, and automatically initiates air conditioning systems and window blinds to reach a cooler temperature with less sun impacting the levels and feeds this to an individual’s phone need to be wary of many things. Are we intruding in a way that would expose the customers to danger? Have we carried out a data protection impact assessment? Are we processing the right data?

There are pitfalls in data mining. If done wrongly it could expose a company to a data protection breach.  If data identifies an individual, it best practice not to use it for extra purposes.

Data that does not identify an individual can be used without consent and other beneficial purposes of the company. To be on the safe side, the company that would need to analyse data needs to incorporate a robust anonymization system.

Companies can carry out data mining however, they need to employ the right technical and organisational measures for them to be on the right side of the law. To avoid been fined or exposed to data breaches, companies should gain consent from customers directly or find another lawful basis.  Most companies, these days, mine data but it can be done legally and purposefully without violating or intruding into the privacy of individuals.

The post Data mining in the era of data protection appeared first on Artificial Intelligence.

At the end of the decade, it’s clear that AI has continued at its unrelenting pace of adoption, investment and growth in both the private and public sectors. It has been a banner year for investment across the board in AI, from investors and venture capitalists to governments across the globe. This year was also one of expansion for AI activity across a wide range of industries from finance and banking, accounting, fitness and wellness, legal and many back-office operations. This year also saw people become increasingly aware of their data footprint, and express concerns with how companies are using data. Since it’s clear that AI shows no signs of slowing down as we approach the start of a new year, here are a few predictions about where AI will make waves in 2020.

2020 will be the year of model-as-a-service

Last year, we predicted that 2019 was going to be the year of the pre-trained model and improved third party datasets. For 2020 we’re going to take this prediction one step further and say that these pre-trained models offered by third parties will become a larger percentage of the overall model usage. Known as model-as-a-service, we’ll see entities set up specifically to offer models for usage on a per-consumption, subscription or license basis. This means we’ll start to see more model marketplaces and model-as-a-service embedded in cloud offerings.

Currently machine learning is, for the most part, limited to companies that have large data sets and large teams. These tech companies, big enterprises and well-funded startups have all invested heavily in data science talent and machine learning skills to build and manage their own models. However, small businesses also want access to the same machine learning technology. These organizations will be more interested in consuming models built by others rather than developing the in-house talent and skills to build their own.

This will result in a shift in the market, as companies adopting AI in 2020 will not be those building their own proprietary machine learning models from scratch but rather using or extending third party models. This will increase the reach of AI to a much larger pool of companies, including smaller businesses such as regional banks, regional insurance companies and regional retailers.

Machine learning ops comes to the fore

Commensurate with the growth of third-party model usage is the shift to consumption-centric approaches to ML model usage. The market is already shifting in the way that organizations approach model development and usage. While up to this point the primary emphasis has been on model development and creation for use by a single organization, the shift to consumption-centric models will require tooling and environments that have the specific needs of model users vs. model developments.  In 2020, we’ll see the growth of machine learning ops infrastructure that provides a range of functionality and capabilities for those looking to consume models.

Machine learning ops systems are meant to simplify the usage and consumption of various AI and machine learning models that were built in-house or by third-party vendors. The platforms will offer features including model governance for controlling, limiting or prioritizing access to models for different users, allowing for collaboration in model usage among various team members. Managing model operationalization, handling model versioning, model monitoring, model security, model transparency and other factors primarily relevant to model usage and consumption will also be features. Machine learning ops platforms ensure that the correct model versions are in use, that models are secure and not corrupted, and continual monitoring is done to prevent model decay.

In 2019, companies such as HPE and Booz Allen Hamilton released machine learning ops platforms, but we expect to see many more companies to enter the fray in 2020. The growth of machine learning ops usage is going to help both public and private sector users get a better overall understanding and management of all their machine learning models.

Responsible and ethical AI continues to be important

The General Data Protection Regulation (GDPR) entered full effect in 2019, making the European Union’s data privacy regulation a de facto worldwide law. Part of GDPR is particularly relevant to AI in 2020 in that it requires companies to comply with the various data-centric regulations such as the lawful, fair and transparent processing of personal data or consumers’ right to be forgotten. In 2019, the state of California also passed a data privacy law called the California Consumer Privacy Act (CCPA), which is set to officially take effect in January 2020.

The combination of these laws, as well as people becoming increasingly more aware of their data footprint and the use of their data, is going to have an impact on the use of consumer data in machine learning model development in 2020. As AI becomes even more intertwined in our everyday lives, users will increasingly demand the responsible and ethical use of AI.

To help address these issues, companies are taking an active stance by promoting efforts to help with transparent and ethical AI. For AI in 2020, we expect this trend to accelerate. As it is now common knowledge that the most popular machine learning algorithm approach in use today, deep learning, is widely considered to be an unexplainable “black box,” people are increasingly demanding more transparency into how these systems arrive at decisions. Some organizations are tackling this problem by creating standards and transparency scores for users to better understand models. As model-as-a-service becomes more widespread, and AI is used to make increasingly important decisions at organizations, these efforts around transparency will become more important.

RPA market shows signs of maturity and possible consolidation

While RPA is often discussed in the same context as AI, many have become acutely aware of the fact that RPA systems are not intelligent and rely on third-party machine learning tools to add any aspect of cognitive intelligence. Despite the possibly mistaken association between RPA and AI, the market continues to be hot, and possibly overinflated, for the past year.

Two of the biggest vendors in the market each raised large sums from investors in 2019. UiPath raised $568 million in Series D funding with a $7 billion valuation, and Automation Anywhere raised an additional $290 million at a $6.8 billion valuation.. Given that intense interest by the market, Microsoft entered the fray with their own offering in late 2019 with UI Flows as part of the Power Automate platform. The company is already claiming 150,000 users, which indicates the latent interest for RPA offerings and the potency of Microsoft as a market disruptor.

Despite these growth indicators, there are signs of potential cooling and consolidation in the market in 2020. UiPath announced a very public round of layoffs right after their big event in Las Vegas in October 2019, letting go of over 400 employees. Similarly, we’re hearing indications that the large enterprise software vendors including Oracle, SAP, IBM and others might be making more aggressive moves in this market. Within the next few years it’s highly likely that the RPA market will consist of large enterprise software vendors who have grown either organically or through acquisition of fast-growing RPA vendors looking to provide their investors a return on their significant investments.

Voice assistant stagnation, at least in the enterprise

In 2019 we predicted that voice assistants were going to start seeing more adoption in the enterprise. We got this prediction wrong. With most voice assistants sitting on smartphones and inside user’s homes, it’s clear that voice assistant vendors are focusing primarily on personal and consumer use cases for the system and not enterprise-focused ones. While there are many efforts to push enterprise use of voice assistant technology, the recent announcement of Microsoft’s pull back on use of Cortana and the lack of greater enterprise emphasis on the devices leads us to wonder if enterprise voice assistant use will continue to stagnate in 2020.

That said, media analytics firm ComScore says that by 2020, 50% of all searches will be voice searches. With such an increase in searches done through voice, rather than web or text-based searches, this is going to change the way that users engage with content and information. Users are beginning to demand instant, accurate results while also accepting a limited availability of choice. This will open opportunities for forward-thinking companies to be early adopters in embracing voice search and learning how to get to the top results. With the expected increase in voice-based searches in 2020, businesses of all sorts will grapple with the fact that the voice assistants will be mediating the opportunities they have to reach customers. This will pose challenges to companies who have so far used the power of web-based search to increase their visibility with customers.

Throughout the past few years AI adoption has continued, with just about every single industry finding use cases for AI. As such, we don’t expect to see the momentum, excitement or adoption slow down any time soon. We’re excited to see what 2020 has in store regarding AI.

The post Machine learning ops to lead AI in 2020 appeared first on Artificial Intelligence.

The financial services industry has witnessed considerable hype around Artificial Intelligence (AI) in recent months. We’re all seeing a slew of articles in the media, at conference keynote presentations and think-tanks tasked with leading the revolution. AI indeed appears to be the new gold rush for large organisations and FinTech companies alike. However, with little common understanding of what AI really entails, there is growing fear of missing the boat on a technology hailed as the ‘holy grail of the data age.’ Devising an AI strategy has therefore become a boardroom conundrum for many business leaders.

How did it come to this – especially since less than two decades back, most popular references of artificial intelligence were in sci-fi movies? Will AI revolutionise the world of financial services? And more specifically, what does it bring to the party with regards to fraud detection? Let’s separate fact from fiction and explore what lies beyond the inflated expectations.

Why now?

Many practical ideas involving AI have been developed since the late 90s and early 00s but we’re only now seeing a surge in implementation of AI-driven use-cases. There are two main drivers behind this: new data assets and increased computational power. As the industry embraced big data, the breadth and depth of data within financial institutions has grown exponentially, powered by low-cost and distributed systems such as Hadoop. Computing power is also heavily commoditised, evidenced by modern smartphones now as powerful as many legacy business servers. The time for AI has started, but it will certainly require a journey for organisations to reach operational maturity rather than being a binary switch.

Don’t run before you can walk

The Gartner Hype Cycle for Emerging Technologies (Figure 1 below) infers that there is a disconnect between the reality today and the vision for AI, an observation shared by many industry analysts. The research suggests that machine learning and deep learning could take between two-to-five years to meet market expectations, while artificial general intelligence (commonly referred to as strong AI, i.e. automation that could successfully perform any intellectual task in the same capacity as a human) could take up to 10 years for mainstream adoption.

Other publications predict that the pace could be much faster. The IDC FutureScape report suggests that “cognitive computing, artificial intelligence and machine learning will become the fastest growing segments of software development by the end of 2018; by 2021, 90% of organizations will be incorporating cognitive/AI and machine learning into new enterprise apps.”

AI adoption may still be in its infancy, but new implementations have gained significant momentum and early results show huge promise. For most financial organisations faced with rising fraud losses and the prohibitive costs linked to investigations, AI is increasingly positioned as a key technology to help automate instant fraud decisions, maximise the detection performance as well as streamlining alert volumes in the near future.

Data is the rocket fuel

Whilst AI certainly has the potential to add significant value in the detection of fraud, deploying a successful model is no simple feat. For every successful AI model, there are many more failed attempts than many would care to admit, and the root cause is often data. Data is the fuel for an operational risk engine: Poor input will lead to sub-optimal results, no matter how good the detection algorithms are. This means more noise in the fraud alerts with false positives as well as undetected cases.

On top of generic data concerns, there are additional, often overlooked factors which directly impact the effectiveness of data used for fraud management:

• Geographical variances in data.
• Varying risk appetites across products and channels.
• Accuracy of fraud classification (i.e. which proportion of the alerts marked as fraud are effectively confirmed ones).
• Relatively rare occurance of fraud compared to the huge bulk of transactions; having a suitable sample to train a model isn’t always guaranteed.

Ensuring that data meets minimum benchmarks is therefore critical, especially with ongoing digitalisation programmes which will subject banks to an avalanche of new data assets. These can certainly help augment fraud detection capabilities but need to be balanced with increased data protection and privacy regulations.

For instance, the General Data Protection Regulation (GDPR) comes in force in May 2018 across EU member states and utilising new data assets such as device, geo-location or behavioural insight derived from session data may not be possible, unless consented. This is a notable change from previous national legislations such as the UK’s Data Protection Act where the Section 29(1) exemption allowed for ‘personal data processed for specified purposes of crime prevention/detection, apprehension/prosecution of offenders or imposition of tax or similar duties’ without explicit consent.

A hybrid ecosystem for fraud detection

Techniques available under the banner of artificial intelligence such as machine learning, deep learning, etc. are powerful assets but all seasoned counter-fraud professionals know the adage: Don’t put all your eggs in one basket.

Relying solely on predictive analytics to guard against fraud would be a naïve decision. In the context of the PSD2 (Payments Services Directive) regulation across EU member states, a new payment channel is being introduced along with new payments actors and services, which will in turn drive new customer behaviour. Without historical data, predictive techniques such as AI will be starved of a valid training sample and therefore be rendered ineffective in the short term. Instead, the new risk factors can be mitigated through business scenarios and anomaly detection using peer group analysis, as part of a hybrid detection approach.

Yet another challenge is the ability to digest the output of some AI models into meaningful outcomes. Techniques such as neural networks or deep learning offer great accuracy and statistical fit but can also be opaque, delivering limited insight for interpretability and tuning. A “computer says no” response with no alternative workflows or complementary investigation tools creates friction in the transactional journey in cases of false positives, and may lead to customer attrition and reputational damage – a costly outcome in a digital era where customers can easily switch banks from the comfort of their homes.

Holistic view

For effective detection and deterrence, fraud strategists must gain a holistic view over their threat landscape. To achieve this, financial organisations should adopt multi-layered defences – but to ensure success, they need to aim for balance in their strategy. Balance between robust counter-fraud measures and positive customer experience. Balance between rigid internal controls and customer-centricity. And balance between curbing fraud losses and meeting revenue targets. Analytics is the fulcrum that can provide this necessary balance.

AI is a huge cog in the fraud operations machinery but one must not lose sight of the bigger picture. Real value lies in translating ‘artificial intelligence’ into ‘actionable intelligence’. In doing so, remember that your organisation does not need an AI strategy; instead let AI help drive your business strategy

The post Artificial Intelligence for fraud detection: beyond the hype appeared first on Artificial Intelligence.

It’s a safe bet that some of the websites and apps you use collect and subsequently sell your personal data. But how can you know which ones? An EPFL researcher has led the development of a program that can answer that question in just a few seconds, thanks to artificial intelligence.

If you’re like most people, you don’t always take the time to read website terms and conditions before accepting them. Not only are they extremely lengthy, they are also convoluted and written in opaque legalese. However, they can contain surprising clauses about a website’s or app’s right to use the data it collects about you, such as your IP address, your age and your online preferences. To help consumers get a better grasp of what they’re agreeing to, a team of researchers from EPFL, the University of Wisconsin-Madison, and the University of Michigan have developed a program that uses artificial intelligence to decipher websites’ data protection policies in the blink of an eye. Called Polisis, short for privacy policy analysis, their program can be used free of charge either as a browser extension (for Chrome of Firefox) or directly on their website.

“Our program uses simple graphs and color codes to show users exactly how their data could be used. For instance, some websites share geolocation data for marketing purposes, while others may not fully protect information about children. Such clauses are typically buried deep in their data protection policies,” says Hamza Harkous, a post-doc working at EPFL’s Distributed Information Systems Laboratory and the project lead.

With a little help from machine learning

The researchers used artificial intelligence to teach their program how to pick apart websites’ data protection policies, drawing on over 130,000 that they found online. Once the text of a policy is fed into the program, the software scours through it in just a few seconds and displays the results in easy-to-read visuals. That lets you see at a glance which data a website would be authorized to collect and for what purpose. You can then make an informed decision about whether to use the website, or, in the case of an app, download it. The program also indicates what options you have for refusing to share certain data and lists the potential disadvantages of each one.

Polisis works hand-in-hand with another program called Pribot, which is an online chatbot where you can enter questions (for now only in English) about a website’s data protection policy. For example, you can type in “Does it share my credit card information?” and get a speedy answer. While Pribot, like Polisis, is not perfect – their results are for information only and offer no legal guarantee – it gives the right answer in the top 3 in around 82% of the time. A respectable score that could make it, along with its sister Polisis, extremely useful for consumers as well as journalists, researchers and data protection watchdogs.

Giving consumers a choice

Going forward, the team’s program could be used for other applications such as the Internet of Things. If you’re thinking about installing a connected object in your home, then you want to make sure its data protection policy is rock-solid. “We want to show consumers that they have a choice by giving them the tools to evaluate a service and select an alternative if necessary,” says Harkous. His next goals are to develop an alert system that would notify users of any unexpected use of their data, and to create a system for ranking services and connected objects according to their data protection policies.

The post Artificial intelligence can help you protect your personal data appeared first on Artificial Intelligence.

Amazon offers a number of excellent tools to help enterprises keep their data (Read more click here) and applications safe in the cloud. Last year, Amazon unveiled Amazon Inspector, its host-based application vulnerability assessment tool to monitor what is installed and configured on each virtual Instance. This year, it’s Amazon Macie, a security service designed to automatically discover and protect sensitive data stored in AWS.

As organizations move more of their data to Amazon’s various cloud offerings, security teams have the unenviable task of continuously tracking the data to identify, classify and protect sensitive pieces of information such as personally identifiable information (PII), personal health information (PHI), regulatory documents, API keys, secret key material and intellectual property.

Amazon Macie automates what has traditionally been a labor-intensive task by using machine learning to understand where sensitive information is stored and how it is accessed. Macie dynamically analyzes all attempts to access data and flags anomalies, such as large amounts of data being downloaded, uncommon login patterns, or data showing up in an unexpected location. Macie can alert when someone accidentally makes sensitive data externally accessible or stored credentials insecurely.

“Amazon Macie is a service powered by machine learning that can automatically discover and classify your data stored in Amazon S3. But Macie doesn’t stop there, once your data has been classified by Macie, it assigns each data item a business value, and then continuously monitors the data in order to detect any suspicious activity based upon access patterns,” Tara Walker, AWS tech evangelist, wrote on the Amazon Web Services blog.

Currently only available for S3 customers, Macie support for other AWS data stores will come later in the year.

Understanding Macie

Amazon Macie applies predictive analytics algorithms on authentication data such as location, times of access and historical patterns to develop a baseline for how each piece of data is used. To use Macie, administrators have to enable appropriate IAM (identity and access management) roles created for the service. Amazon has created sample templates for cloud formation to set up the necessary IAM roles and policies.

Instead of continuously scanning S3 buckets to find new data which needs to be classified, Macie uses event data from AWS CloudTrail to check for all PUT requests into S3 buckets. This way data is classified automatically as they are added into the buckets. Macie uses the file metadata, file contents and what it has learned about similar files in the past to properly classify the data. It doesn’t rely on patterns to just recognize known data, such as PII, but can also look at things like source code. After classifying the data, Macie assign a risk level between 1 and 10, with 10 being the highest risk and 1 being the lowest data risk.

“Since we started using Amazon Macie, we’ve found that it is flexible enough to solve a range challenges that would have previously required us to write custom code or build internal tools, such as securing PII and alerting us to access anomalies, helping us move fast with confidence,” says Patrick Kelley, senior cloud security engineer at Netflix. The video streaming service is no stranger to building custom tools when necessary.

Macie can also be integrated with AWS CloudWatch Events and Lambda. For example, organizations have to comply with the European Union’s strict privacy regulation–The General Protection Data Regulation (GDPR)–by May 2018. As Amazon Macie recognizes personally identifiable information (PII), organizations can use the Macie dashboard to show compliance with GDPR regulations around encryption and pseudonymization of data. Macie can be combined with Lambda queries to remediate GDPR issues.

Catching up on security

Despite dominating the cloud services market, Amazon has lagged behind Microsoft and Google in security. Amazon Web Services provides a comprehensive set of security tools, but they are effective only if the administrators actually take advantage of them to secure their instances. In contrast, Microsoft has integrated management tools in its Azure platform and Google offers many security offerings by default in Google Cloud Platform. Amazon’s latest moves help close some of the gap.

Turning on AWS CloudTrail, a governance, compliance and auditing service for AWS accounts, by default is a particularly welcome change. CloudTrail provides visibility in everything that happens under the account, and is extremely helpful for understanding what changes were made, by whom, and when. The problem was that too many administrators found out too late that CloudTrail was not turned on; it doesn’t collect data if not enabled at the time the instance is created. With the change, all customers by default now get visibility into the last seven days of account activity without having to configure the service.

Amazon is adding rules to its AWS Config Service to evaluate AWS configurations to help secure S3 buckets. Considering the number of data exposures this year alone which arose because the S3 buckets were not configured correctly, these rules would help identify buckets that allow global read/write access before they become problems.

Amazon Elastic File system now offers encryption of data while at rest. Amazon also did a complete rewrite of CloudHSM (Hardware Security Module) so that provisioning, patching, high availability and backups are now built into the managed service. FIPS 142-2 Level 3 support is included, along with security mechanisms designed to detect and respond to physical attempts to access or modify the HSM.

The post Amazon Macie automates cloud data protection with machine learning appeared first on Artificial Intelligence.