Tag: compliance

Posted on by

Top 10 data and ethics stories of 2024

In 2024, Computer Weekly’s data and ethics coverage continued to focus on the various ethical issues associated with the development and deployment of data-driven systems, particularly artificial intelligence (AI).

This included reports on the copyright issues associated with generative AI (GenAI) tools, the environmental impacts of AI, the invasive tracking tools in place across the internet, and the ways in which autonomous weapons undermine human moral agency.

Other stories focused on the wider social implications of data-driven technologies, including the ways they are used to inflict violence on migrants, and how our use of technology prefigures certain political or social outcomes.

In an analysis published 14 January 2024, the IMF examined the potential impact of AI on the global labour market, noting that while it has the potential to “jumpstart productivity, boost global growth and raise incomes around the world”, it could just as easily “replace jobs and deepen inequality”; and will “likely worsen overall inequality” if policymakers do not proactively work to prevent the technology from stoking social tensions.

The IMF said that, unlike labour income inequality, which can decrease in certain scenarios where AI’s displacing effect lowers everyone’s incomes, capital income and wealth inequality “always increase” with greater AI adoption, both nationally and globally.

“The main reason for the increase in capital income and wealth inequality is that AI leads to labour displacement and an increase in the demand for AI capital, increasing capital returns and asset holdings’ value,” it said.

“Since in the model, as in the data, high income workers hold a large share of assets, they benefit more from the rise in capital returns. As a result, in all scenarios, independent of the impact on labour income, the total income of top earners increases because of capital income gains.”

In January, GenAI company Anthropic claimed to a US court that using copyrighted content in large language model (LLM) training data counts as “fair use”, and that “today’s general-purpose AI tools simply could not exist” if AI companies had to pay licences for the material.

Anthropic made the claim after, a host of music publishers including Concord, Universal Music Group and ABKCO initiated legal action against the Amazon- and Google-backed firm in October 2023, demanding potentially millions in damages for the allegedly “systematic and widespread infringement of their copyrighted song lyrics”.

However, in a submission to the US Copyright Office on 30 October (which was completely separate from the case), Anthropic said that the training of its AI model Claude “qualifies as a quintessentially lawful use of materials”, arguing that, “to the extent copyrighted works are used in training  data, it is for analysis (of statistical relationships between words and concepts) that is unrelated  to any expressive purpose of the work”.

On the potential of a licensing regime for LLM’s ingestion of copyrighted content, Anthropic argued that always requiring licences would be inappropriate, as it would lock up access to the vast majority of works and benefit “only the most highly resourced entities” that are able to pay their way into compliance.

In a 40-page document submitted to the court on 16 January 2024 (responding specifically to a “preliminary injunction request” filed by the music publishers), Anthropic took the same argument further, claiming “it would not be possible to amass sufficient content to train an LLM like Claude in arm’s-length licensing transactions, at any price”.

It added that Anthropic is not alone in using data “broadly assembled from the publicly available internet”, and that “in practice, there is no other way to amass a training corpus with the scale and diversity necessary to train a complex LLM with a broad understanding of human language and the world in general”. 

Anthropic further claimed that the scale of the datasets required to train LLMs is simply too large to for an effective licensing regime to operate: “One could not enter licensing transactions with enough rights owners to cover the billions of texts necessary to yield the trillions of tokens that general-purpose LLMs require for proper training. If licences were required to train LLMs on copyrighted content, today’s general-purpose AI tools simply could not exist.”

Computer Weekly spoke to members of the Migrants Rights Network (MRN) and Anti-Raids Network (ARN) about how the data sharing between public and private bodies for the purposes of carrying out immigration raids helps to prop up the UK’s hostile environment by instilling an atmosphere of fear and deterring migrants from accessing public services.

Published in the wake of the new Labour government announcing a “major surge in immigration enforcement and returns activity”, including increased detentions and deportations, a report by the MRN details how UK Immigration Enforcement uses data from the public, police, government departments, local authorities and others to facilitate raids.

Julia Tinsley-Kent, head of policy and communications at the MRN and one of the report’s authors, said the data sharing in place – coupled with government rhetoric about strong enforcement – essentially leads to people “self-policing because they’re so scared of all the ways that you can get tripped up” within the hostile environment.

She added this is particularly “insidious” in the context of data sharing from institutions that are supposedly there to help people, such as education or healthcare bodies.

As part of the hostile environment policies, the MRN, the ARN and others have long argued that the function of raids goes much deeper than mere social exclusion, and also works to disrupt the lives of migrants, their families, businesses and communities, as well as to impose a form of terror that produces heightened fear, insecurity and isolation.

At the very end of April, military technology experts gathered in Vienna for a conference on the development and use of autonomous weapons systems (AWS), where they warned about the detrimental psychological effects of AI-powered weapons.

Specific concerns raised by experts throughout the conference included the potential for dehumanisation when people on the receiving end of lethal force are reduced to data points and numbers on a screen; the risk of discrimination during target selection due to biases in the programming or criteria used; as well as the emotional and psychological detachment of operators from the human consequences of their actions.

Speakers also touched on whether there can ever be meaningful human control over AWS, due to the combination of automation bias and how such weapons increase the velocity of warfare beyond human cognition.

The second global AI summit in Seoul, South Korea saw dozens of governments and companies double down on their commitments to safely and inclusively develop the technology, but questions remained about who exactly is being included and which risks are given priority. 

The attendees and experts Computer Weekly spoke with said while the summit ended with some concrete outcomes that can be taken forward before the AI Action Summit due to take place in France in early 2025, there are still a number of areas where further movement is urgently needed.

In particular, they stressed the need for mandatory AI safety commitments from companies; socio-technical evaluations of systems that take into account how they interact with people and institutions in real-world situations; and wider participation from the public, workers and others affected by AI-powered systems.

However, they also said it is “early days yet” and highlighted the importance of the AI Safety Summit events in creating open dialogue between countries and setting the foundation for catalysing future action.

Over the course of the two-day AI Seoul Summit, a number of agreements and pledges were signed by the governments and companies in attendance.

For governments, this includes the European Union (EU) and a group of 10 countries signing the Seoul Declaration, which builds on the Bletchley Deceleration signed six months ago by 28 governments and the EU at the UK’s inaugural AI Safety Summit. It also includes the Seoul Statement of Intent Toward International Cooperation on AI Safety Science, which will see publicly backed research institutes come together to ensure “complementarity and interoperability” between their technical work and general approaches to AI safety.

The Seoul Declaration in particular affirmed “the importance of active multi-stakeholder collaboration” in this area and committed the governments involved to “actively” include a wide range of stakeholders in AI-related discussions.

A larger group of more than two dozen governments also committed to developing shared risk thresholds for frontier AI models to limit their harmful impacts in the Seoul Ministerial Statement, which highlighted the need for effective safeguards and interoperable AI safety testing regimes between countries.

The agreements and pledges made by companies include 16 AI global firms signing the Frontier AI Safety Commitments, which is a specific voluntary set of measures for how they will safely develop the technology, and 14 firms signing the Seoul AI Business Pledge, which is a similar set of commitments made by a mixture of South Korean and international tech firms to approach AI development responsibly.

One of the key voluntary commitments made by the AI companies was not to develop or deploy AI systems if the risks cannot be sufficiently mitigated. However, in the wake of the summit, a group of current and former workers from OpenAI, Anthropic and DeepMind – the first two of which signed the safety commitments in Seoul – said these firms cannot be trusted to voluntarily share information about their systems capabilities and risks with governments or civil society.

 Dozens of university, charity and policing websites designed to help people get support for serious issues such as sexual abuse, addiction or mental health are inadvertently collecting and sharing site visitors’ sensitive data with advertisers.  

A variety of tracking tools embedded on these sites – including Meta Pixel and Google Analytics – mean that when a person visits them seeking help, their sensitive data is collected and shared with companies like Google and Meta, which may become aware that a person is looking to use support services before those services can even offer help.

According to privacy experts attempting to raise awareness of the issue, the use of such tracking tools means people’s information is being shared inadvertently with these advertisers, as soon as they enter the sites in many cases because analytics tags begin collecting personal data before users have interacted with the cookie banner.

Depending on the configuration of the analytics in place, the data collected could include information about the site visitor’s age, location, browser, device, operating system and behaviours online.

While even more data is shared with advertisers if users consent to cookies, experts told Computer Weekly the sites do not provide an adequate explanation of how their information will be stored and used by programmatic advertisers.

They further warned the issue is “endemic” due a widespread lack of awareness about how tracking technologies like cookies work, as well as the potential harms associated with allowing advertisers inadvertent access to such sensitive information.

Computer Weekly spoke to author and documentary director Thomas Dekeyser about Clodo, a clandestine group of French IT workers who spent the early 1980s sabotaging technological infrastructure, which was used as the jumping off point for a wider conversation about the politics of techno-refusal.

Dekeyser says a major motivation for writing his upcoming book on the subject is that people refusing technology – whether that be the Luddites, Clodo or any other radical formation – are “all too often reduced to the figure of the primitivist, the romantic, or the person who wants to go back in time, and it’s seen as a kind of anti-modernist position to take”.

Noting that ‘technophobe’ or ‘Luddite’ have long been used as pejorative insults for those who oppose the use and control of technology by narrow capitalist interests, Dekeyser outlined the diverse range of historical subjects and their heterogenous motivations for refusal: “I want to push against these terms and what they imply.”

For Dekeyser, the history of technology is necessarily the history of its refusal. From the Ancient Greek inventor Archimedes – who Dekeyser says can be described as the first “machine breaker” due to his tendency to destroy his own inventions – to the early mercantilist states of Europe backing their guild members’ acts of sabotage against new labour devices, the social-technical nature of technology means it has always been a terrain of political struggle.

Hundreds of workers on Amazon’s Mechanical Turk (MTurk) platform were left unable to work after mass account suspensions caused by a suspected glitch in the e-commerce giant’s payments system.

Beginning on 16 May 2024, a number of US-based Mechanical Turk workers began receiving account suspension forms from Amazon, locking them out of their accounts and preventing them from completing more work on the crowdsourcing platform.

Owned and operated by Amazon, Mechanical Turk allows businesses, or “requesters”, to outsource various processes to a “distributed workforce”, who then complete tasks virtually from wherever they are based in the world, including data annotation, surveys, content moderation and AI training.

According to those Computer Weekly spoke with, the suspensions were purportedly tied to issues with the workers’ Amazon Payment accounts, an online payments processing service that allows them to both receive wages and make purchases from Amazon. The issue affected hundreds of workers.

MTurk workers from advocacy organisation Turkopticon outlined how such situations are an on-going issue that workers have to deal with, and detailed Amazon’s poor track record on the issue.

Refugee lawyer and author Petra Molnar spoke to Computer Weekly about the extreme violence people on the move face at borders across the world, and how increasingly hostile anti-immigrant politics is being enabled and reinforced by a ‘lucrative panopticon’ of surveillance technologies.

She noted how – because of the vast array of surveillance technologies now deployed against people on the move – entire border-crossing regions have been transformed into literal graveyards, while people are resorting to burning off their fingertips to avoid invasive biometric surveillance; hiding in dangerous terrain to evade pushbacks or being placed in refugee camps with dire living conditions; and living homeless because algorithms shielded from public scrutiny are refusing them immigration status in the countries they’ve sought safety in.

Molnar described how lethal border situations are enabled by a mixture of increasingly hostile anti-immigrant politics and sophisticated surveillance technologies, which combine to create a deadly feedback loop for those simply seeking a better life.

She also discussed the “inherently racist and discriminatory” nature of borders, and how the technologies deployed in border spaces are extremely difficult, if not impossible, to divorce from the underlying logic of exclusion that defines them.

The potential of AI to help companies measure and optimise their sustainability efforts could be outweighed by the huge environmental impacts of the technology itself.

On the positive side, speakers at the AI Summit London outlined, for example, how the data analysis capabilities of AI can assist companies with decarbonisation and other environmental initiatives by capturing, connecting and mapping currently disparate data sets; automatically pin point harmful emissions to specific sites in supply chains; as well as predict and manage the demand and supply of energy in specific areas.

They also said it could help companies better manage their Scope 3 emissions (which refers to indirect greenhouse gas emissions that occur outside of a company’s operations, but that are still a result of their activities) by linking up data sources and making them more legible.

However, despite the potential sustainability benefits of AI, speakers were clear that the technology itself is having huge environmental impacts around the world, and that AI itself will come to be a major part of many organisations Scope 3 emissions.

One speaker noted that if the rate of AI usage continues on its current trajectory without any form of intervention, then half of the world’s total energy supply will be used on AI by 2040; while another pointed out that, at a time when billions of people are struggling with access to water, AI-providing companies are using huge amounts of water to cool their datacentres.

They added AI in this context could help build in circularity to the operation, and that it was also key for people in the tech sector to “internalise” thinking about the socio-economic and environmental impacts of AI, so that it is thought about from a much earlier stage in a system’s lifecycle.

Source

Posted on by

Interview: Wendy Redshaw, chief digital information officer, NatWest Retail Bank

Wendy Redshaw, chief digital information officer (CDIO) at NatWest Retail Bank, has had a distinguished career leading technology-led change in some of the world’s biggest financial services organisations. Now, she’s using that experience to drive even more innovation.

After four years as CIO for collaborative technology solutions with Deutsche Bank, Redshaw says she was eager to work for a UK finance house. In late 2018, she found the perfect home at NatWest as head of technology and digital distribution for the personal bank.

“The opportunity was interesting because NatWest was ready for digital transformation but wasn’t naturally sitting in a leadership position at that time,” she says. “The role allowed me to land and think about what to do. I found an organisation that was fundamentally focused on its customers and perhaps had less digital experience in-house.”

After working with her team to deliver technological improvements across the personal bank offline and online, Redshaw moved into the CDIO position in February 2020. “It wasn’t just because I wanted a longer acronym than most technologists,” she jokes.

“We created the role so we could sew together business and technology because, as with many organisations, technology had historically been something that happened over there, and the business did their thing, and then they would give the technologists something to work on. We wanted better integration.”

Embracing digital change

Redshaw says the creation of her CDIO role in 2020 was a public statement that NatWest wanted to create a partnership approach to technology and business: “This is a digital bank in the making, and hopefully, with the results that we’ve seen, we’ve achieved our aims.”

The technological transformation in banking services that Redshaw oversees at NatWest today differs greatly from the finance industry she joined as a software engineer in 1987.

“We didn’t call it digital then,” she says. “I remember the focus was on, ‘How do we use technology to make things quicker, simpler and more secure for our customers?’” She points to work on a security module for the London Stock Exchange and the beginning of the settlement systems CHAPS and Euroclear.

“There was a lot of change where technology was being brought in, but it was more for the underpinning services than for the consumer-facing areas,” she says, before fast-forwarding to the present-day bank. “Over that time, we’ve seen that digital is now in the hands of our retail customers.”

Redshaw says the shift in technological focus also helped prompt her switch to the retail side of banking. After a career driving behind-the-scenes IT changes in major firms, such as Lloyds TSB, Barclays Capital and Royal Bank of Scotland, her current role at NatWest is focused on delivering innovative customer services.

“That’s where the exciting stuff is happening. Yes, of course, we use AI across several areas of the organisation – something like 17% of our models are AI-based now, such as for controlling fraud, financial crime and so on,” she says.

“However, in terms of affecting human beings, digital services are at our customers’ fingertips. If you think about my driver for going into the CDIO role, the customer is where I thought I’d have the most impact.”

Delivering pioneering innovations

As CDIO, Readshaw is directly accountable to the group CIO and retail banking CEO. Responsible for digital operations leadership, she manages 4,500 people across four locations globally and leads the delivery of retail banking technology for Royal Bank of Scotland, NatWest and Ulster Bank North.

Redshaw’s team is digitalising services to make life easier for the group’s customers. Their work is supported by a planned investment of £3.5bn from 2023 to 2025, with more than 70% of spending targeted at data and technology.

NatWest has 10.9 million digitally active retail and business banking customers and 3.5 million use online banking platforms. The hard work continues apace. In 2024, Redshaw led the launch of a retail banking app on Apple’s Vision Pro virtual reality headset.

One of her proudest achievements is the introduction of generative AI (GenAI) into the bank’s conversational assistant, Cora. She says the bank made an early move into chatbots. Cora was introduced in 2017. The technology could answer basic questions, but Redshaw wanted it to do more.

“When I joined in 2018, I realised it was quite a good channel to do something with,” she says. “I had some grand ambitions for her – things like digital avatars having a voice, and all these engaging ways of doing things. I said, ‘Look, I see this particular technology being something we could get moving on’.”

Redshaw saw that, while machine learning technology was progressing at pace, it wasn’t quite ready for the giant leap in digital experiences she envisioned. However, the public release of generative AI models in late 2022 helped turn theory into a practical reality. Working with experts from IBM’s client engineering team to develop the initial proof of concept, NatWest launched its next-generation assistant, Cora+, in June 2024.

Cora+ is a multichannel platform that securely accesses data from multiple sources, including products, services and banking information. The virtual assistant technology is powered by IBM’s Watsonx Assistantand built on IBM Cloud. Estimates suggest the technology is creating a 150% improvement in satisfaction for some customer queries.

“It was the perfect example of an interest in technology, an interest in people, and an interest in delivering business value,” she says. “I feel very excited about how we’ve taken something that just answered questions and moved into generative AI at scale for millions of customers. And it’s only the first step. I’ve got big ambitions for what I want to do with that technology.”

Building strong partnerships

Cora+ uses ChatGPT 3.5 alongside an unnamed GPT large language model (LLM). The second model is trained to judge the output of the first model. While the GPT models play an important role in NatWest’s digital strategy, the organisation is eager to keep an open approach to AI and innovation.

Redshaw says the group wants to avoid being locked into a specific LLM. She wants the capability to swap from large to small language models (SLMs). Organisations can use SLMs to derive outputs from constrained amounts of data that require less computing power, which is important for a big business like NatWest that wants to meet sustainability targets.

“As a result, it was a case of, ‘OK IBM, we like working with you, but we want to be able to switch the language models in and out depending on the business requirement’,” she says. “And they were like, ‘Absolutely’. So, that’s great. We have the same mindset around using the best of everything to get value for our customers safely.”

Wendy Redshaw, Natwest

“This is a digital bank in the making, and hopefully, with the results that we’ve seen, we’ve achieved our aims”

Wendy Redshaw, NatWest Retail Bank

In addition to the work on Cora+, Redshaw and her colleagues are analysing how AI can boost customer experiences in other areas. NatWest has worked with IBM to develop a digital legal assistant powered by GenAI. This tool streamlines contract management and enhances accessibility, especially for neurodivergent users. The tool supports colleagues with compliance checks, producing 20% efficiency gains.

More generally, Redshaw is proud her team completes thousands of releases annually. The department’s focus on micro-projects is as important as delivering large-scale initiatives and helps NatWest hit tight transformation deadlines. Across all projects, IBM acts as a key technology partner, with Redshaw suggesting the nature of the long-term working relationship with the tech giant is like interacting with people on the internal team.

John Duigenan, distinguished engineer and general manager of the global financial services industry at IBM, says shifting to constant innovation, experimentation, and learning is typical of the work his company sees in its most pioneering clients. “We got to work with a trusted partner, and we got to learn together,” he said, referring to IBM’s relationship with NatWest.

“It’s great we co-create approaches to using technology and collaborate on innovation. Our teams blend incredibly well, and we deliver together in new ways. We have an approach that says, ‘We know why this work will matter for all of us because we can measure the impact’.”

Providing new experiences

Redshaw reflects on achievements during the past few years. While the benefits of the digital transformation she’s enacted at NatWest are clear, there’s always an opportunity to do more.

She says the rapid pace of transformation makes it difficult to predict with any degree of certainty what will happen next: “What will the success metrics be in three years? We won’t be judged on the same metrics because digital banking is changing quickly.”

However, she expects to see developments in some key areas. “In the AI space, I expect to see more voice,” she says. “At the moment, Cora listens to our telephony and sends a text, a deep link, or something else that’s required. In the future, I think it’ll probably answer the phone and deal with questions.”

Redshaw also expects progress in text-based answering. Her bank’s research suggests people in financial difficulties often prefer having a guilt-free conversation with a bot rather than a human. “I would expect something in that financial health and support space that uses natural language,” she says.

There’s even the potential for advances in unexpected areas. Redshaw says she’s keen to add Cora to ATMs, something that she was previously told was impossible.

“I’ve now spoken to some innovation engineers, and they’ve said they think it might be possible,” she says. “So, I suspect we will see something like a digital point of presence.”

Finally, Redshaw expects the bank to continue honing its approach to mobile. “People now have their bank in their pocket,” she says. “I imagine we will give more richness and engagement through these devices. Even though our mobile strategy is great, I think it will lean towards more engagement and personalisation during the next 24 months.”

Source

Posted on by

Are you on the naughty or nice list for responsible AI adoption?

Over the past year, artificial intelligence (AI) has proved its worth as a long-term investment for businesses. It brings a range of perfectly wrapped presents to the table, making a significant impact on productivity, efficiency, and automation across business functions. With almost 40% of companies worldwide already using AI in some form, it’s undeniable that it has the capability to revolutionise business operations.

For example, Santa’s workshop would benefit from AI adoption in automation of its supply chain orders, faster and more accurate analysis of wish list data, and tracking of items that have made it into his sleigh.

To ensure he makes the most of AI’s benefits, Santa will have brought it on board with ethical guidelines and responsible practices in mind. But have you? Whether you’ve already adopted and want to make sure you’re using AI responsibly, or you’re yet to adopt and are looking to integrate ethical standards into your plan – time’s running out to get onto Santa’s nice list before Christmas.

Getting into the good books with responsible adoption

Adopting AI responsibly isn’t just about avoiding risks, it’s also a way of setting the stage for sustainable growth, efficiency, and innovation. If you jump on the AI bandwagon without building a solid foundation and outlining a clear strategy, a myriad of risks can await your business. Data breaches, ethical challenges, and financial losses are all risks businesses face if they ignore the importance of responsible adoption.

The most effective way of adopting AI to mitigate these risks is a responsible one, and it’s not as easy as plugging in your Christmas lights. Smart and strategic choices are the key to protecting business data and aligning AI initiatives with business goals.

Santa’s top tips for adopting responsibly

Like writing a Christmas shopping list, AI adoption can be too daunting to start for lots of businesses. With so much information out there, where are you meant to start?

The key is pushing fear to the side and making any type of start, even if it’s small. Those who start now and invest in AI will stay ahead of the curve. But like Rudolph and his crew, the AI gap is real, and businesses who don’t get on board now will be left behind. So, what do you need to consider to adopt AI responsibly?

  • Make sure your data shines like a bauble

Squeaky clean data is crucial to getting reliable insights from AI. Getting AI ready means prepping business operations for AI systems to easily slot in, so business data needs to be accurate, void of bias, and ready for action.

The same way you wouldn’t send Santa a disorganised wish list, you wouldn’t give AI messy data. Making sure data is up to date, without errors or duplicates, is critical to ensuring your AI delivers real value. This comes hand-in-hand with assessing your internal resources, and making sure your infrastructure can handle the scale and power of AI demands. More flexible Cloud platforms like AWS, Google Cloud, and Azure can help business scale AI cost-effectively.

  • Embrace elf-level organisation

Training is a key part of onboarding AI. Do you think Santa’s elves are expected to wrap presents without being trained first? Preparation for AI use is essential to allowing your employees to understand its benefits and using it effectively.

As it affects every team in the business, not just the IT department, the entire workforce needs to be prepped for AI adoption. Whilst this can seem like a costly task, investing in your people is how AI will create valuable results. Change management is a key component to preparing workforces for the changes you need to adopt AI. Fostering a culture of readiness and continuous compliance is key to ensuring it becomes an asset.

Knowing your business objectives and making sure your AI strategy aligns with and contributes to them is key to maximising its capabilities. Whether improving customer experiences, automating repetitive tasks, or personalising services is your business goal, use AI to drive that strategy.

Prioritising AI applications that solve real problems as well as boosting productivity is key to boosting business growth. Do you need help with recommending products to your customers to increase sales? This is a tangible problem AI can solve for you. Like following a gingerbread recipe, baking a strategic AI plan will produce the best goods.

Santa’s secret weapon – Responsible AI

Long-term success is the outcome of adopting AI through responsible practices and with ethical guidelines in mind. High-quality data aligned business goals, and a prepped workforce are the key to thriving rather than falling behind.

If Santa’s already on board, why aren’t you? After all, it’s how he gets his presents from the North Pole to under your tree.

Get onto the nice list this Christmas – start small, think big, and stay responsible.

Kyle Hill is chief technology officer at ANS, a digital transformation provider and Microsoft’s UK Services Partner of the Year 2024. Headquartered in Manchester, it offers public and private cloud, security, business applications, low code, and data services to thousands of customers, from enterprise to SMB and public sector organisations.

Source

Posted on by

Podcast: Storage and AI training, inference, and agentic AI

In this podcast, we look at storage and artificial intelligence (AI) with Jason Hardy, chief technology officer for AI with Hitachi Vantara.

He talks about the performance demands on storage that AI processing brings, but also highlights the extreme context switching it can result in as enterprises are forced to pivot between training and inferencing workloads in AI.

Hardy also talks about a future that potentially includes agentic AI – AI that designs its own workflow and takes decisions for itself – that will likely result in an even greater increase in workload context switching.

Antony Adshead: What demands do AI workloads place on data storage?

Jason Hardy: It’s a two-dimensional problem. Obviously, there is that AI needs speed, speed, speed, speed and more speed. Having that level of processing, especially when talking about building LLMs and doing foundational model training, it [AI] needs extremely high performance capabilities.

That is still the case and will always be the case, especially as we start doing a lot of this stuff in volume, as we start to trend into inferencing, and RAG, and all of these other paradigms that are starting to be introduced to it. But, the other demand that I think is – I don’t want to say overlooked, but is under-emphasised – the data management side of it.

For example, how do I know what data I need to bring and introduce into my AI outcome without understanding what data I actually have? And one could say, that’s what the data lake is for, and really, the data lake’s just a big dumping ground in a lot of cases.

So, yes, we need extremely high performance, but also we need to know what data we have. I need to know what data is applicable for the use case I’m starting to target, and then how I can appropriately use it, even from a compliance requirement, or a regulatory requirement, or anything like that from those themes.

It’s really this two-headed dragon, almost, of needing to be extremely performant, but also to know exactly what data I have out there, and then having proper data management practices and tools and the like all wrapped around that.

And a lot of that burden, especially as we look at the unstructured data side, is very critical and embedded into some of these technologies like object storage, where you have these metadata functions and things like that, where it gives you a little bit more of that descriptive layer.

But when it comes to traditional NAS, that’s a lot more of a challenge, but also a lot more of where the data’s coming from. So, it’s, again, this double-sided thing of, “I need to be extremely fast, but I also need to have proper data management tools wrapped around it.”

Features for AI use cases

That leads me nicely to my next question, which is, what features do enterprise data storage arrays need for AI use cases?

Hardy: You’re absolutely right. One is leading into the other, where, just like we said, we need to be extremely performant, but what we also need to be is performant at scale.

If you look at it from, for example … if we talk about model training, model training was always about, “I need a massive amount of volume and a huge amount of throughput so I can just crunch and learn from this data and go from there.”

Now what we’re seeing is [that] we’re starting to operationalise and bring a level of enterprise-ness into these AI outcomes that requires a lot more of the compliance side of it and the data visibility side of it, while also being very performant.

But the performance side is also changing a bit, too. It’s saying, yes, I need high throughput and I need to be able to constantly improve on or fine-tune these models … But then it’s also [that] I now have an indescribable workload that my end users or my applications or my business processes are starting to integrate into and creating this inferencing-level workload.

And the inferencing-level workload is a little bit more unpredictable, especially as we start to step into context switching. Like, “Hey, I always need to be fine-tuning and improving on my models by injecting the latest data, but I also need to introduce retrieval augmentation into this, and so I now have the RAG workload associated with it.”

So, I need to be able to do this high-throughput, high-IOPS context switching back and forth, and be able to support this at enterprise scale.

But also, as new data is introduced into the ecosystem – generated through applications and normal business processes – I need to understand, not necessarily in real time, but almost in real time, what new data is made available so I can incorporate that.

[That’s] as long as it’s the right data and it has the right wrapper and controls and everything around it. Depending again on the data type, to allow for me to embed or improve on my RAG processes or whatever, but [also] how I can incorporate a lot of that data into it.

And then at the same time, too, is the source systems that we’re pulling this information from. Whether it’s an OLTP environment like an SQL or some sort of structured environment, or if it’s an unstructured environment, those source systems also need to be equipped to be able to support this additional workload as well.

I need to have this data awareness, but I need to have performance even outside of just what’s generally made available to the GPU directly from the high performance file system that’s supporting directly against the GPU workload. So, one is really the other, and it’s not a mystery, this major epiphany or anything. These are common data practices that we at Vantara have always been practicing and preaching for a long time, [that] data has value.

You need to understand that data is [using] proper indexing, proper tagging – again, all of those data processes – and proper data hygiene. But also now, how do you do that at scale and do that very performantly?

Training and inference needs

How do the needs of training and inference in AI differ when it comes to storage?

Hardy: That’s a great question. And like I said, we’ve been focused so heavily on – “we” being the market – I’ve been so focused on how to build models and how to integrate in and create these foundational models that can start to really revolutionise how we do business. That was all well and good; massive amounts of volume. Hitachi ourselves are creating these for a lot of the markets that we work inside of from the big Hitachi perspective.

But now what’s happening is we’re shifting from – and we’re going to start to see this trend in 2025 and 2026 … just [being] exclusively about building models into how we integrate in and we do inferencing at scale.

Inferencing at scale, like I said, is very random because it’s driven by end users or applications or processes, not in a predictable fashion like, “Hey, I’m going to start a training process, and I’m going to evaluate it and do another training process where it’s very regimented and scheduled in a way.”

This is kind of at the whim of how the business operates and almost at the whim of, “I have a question that I want to ask the system” … and then it now spins up all these resources and processes to be able to support that workload.

So, this becomes a lot more random. Additionally, it’s not just one use case. We’re going to see many use cases where the infrastructure needs to support this all simultaneously.

It’s loading the proper model up, it’s tokenising, it’s then being able to get the output from what’s being interfaced into, and then being able to portray that back to the customer or the consumer, and then the back and forth nature of that. So, from our perspective, what you’re going to see here is inferencing is going to drive a huge level of random workload that is also going to be more impactful to the source data sides as well, not just the model.

So, again, like I mentioned earlier, retrieval augmentation, agentic AI, things like that.

These are spinning up all sorts of different levels of consumption against the storage platform that is specifically being driven by inferencing.

Agentic AI, this new trend that’s starting to appear, is going to make this more of an exponential problem as well, because now, instead of traditionally, if I’m going to interface with a system, I ask it a question, a model gets loaded, it does its tokenisation, I get the result back, etc, etc. That whole process.

Well, now what’s happening is that same level of communication of working with the system is turning into not just one model, but many different models, many different queries or the same queries being done against many different models to try to get to the best outcome or the best answer for that specific question.

Now what’s happening is this is spinning up that exponential level of more workload. And then, once that’s done, you need to spin that down and shift back over to doing your fine-tuning or your training or whatever other workload, because you don’t just have an idle set of resources there that are just going to wait. It’s going to be constantly used for both sides now, the inferencing and the training workloads.

This context switching is going to put a big burden on the storage platform to be able to support really high-speed checkpointing so that I can stop my tuning or stop my model training and then shift into using those resources to fulfil the end user or the process demand as quickly as possible, because that is a real-time interface.

Then that gets spun down because the inferencing is done, and then I spin back up and I continue with where I left off on the training and tuning side. So, you’re going to see now this really weird, random level of workload that both of these types of demands are going to place onto the storage systems.

Source

Posted on by

Six trends that will define cyber through to 2030

Guessing the future is always a difficult task. Six trends for the next five years seem more apparent than others, and it will be interesting to re-read this article in 2029 to assess its accuracy. In the meantime, the six trends standing out as top priorities, in no particular order, are:

Preparing the post-quantum cryptographic migration, including raising top management awareness to provide sufficient resources.

There will be a need to identify where cryptography is used in the organisation, which can be found in several places, including libraries, the Internet of Things (IoT), communication protocols, storage systems, and databases. Prioritizing systems for the transition will be paramount, taking care to clearly identify your critical systems.

Choosing how to manage the transition will also be essential since it may hinder the organisation. More precisely, hybrid protocols, mixing classical and post-quantum cryptography, could be an interesting option to consider, since it allows your clients to migrate at their own pace.

Also, testing will be mandatory, while deploying a realistic test environment might be complex. Finally, the right migration time will be hard to establish, even if governments provide guidelines.

Finalising operational technologies (OT) oversight, improving their cyber resilience, and integrating them into existing cyber security operations.

This convergence started more than 10 years ago and is still ongoing. OT cyber security must include addressing human safety concerns and intensive collaboration with engineering.

The monitoring approach should rely on artificial intelligence (AI) to identify abnormal behaviour, from weak signals, to support advanced persistent threat hunting. Since some systems are legacy, they may lack the necessary features to directly collect the information needed. Encapsulating with an intermediate security system could be a viable solution.

A layered defence strategy and a movement toward a zero-trust architecture might help minimise the attack surface.

Improving cyber security fundamentals, including identity management and network micro-segmentation, and supporting zero-trust architecture while enabling automated threat response.

This leads to implementing robust identity and access management that enforces least-privilege principles and multi-factor authentication.

By integrating policy-based automation, access management becomes more dynamic, transparent and enforceable. Continuous monitoring and real-time analytics should be used to detect anomalies and unauthorised activities, including user behaviour, device posture and geolocation.

Learning how to conduct cyber security for artificial intelligence pipelines (AIOps) while constructing a business case for artificial intelligence-based cyber security, like zero-day attack detection.

This dual focus addresses the sharply increasing complexity of cyber threats and the pervasiveness of AI. As AI continues to revolutionise the landscape, international and domestic regulations are being defined and will become vital to ensure its compliance, resilience and trustworthiness.

Addressing increasing regulations to maintain global compliance, notably for privacy, critical infrastructure, and business continuity.

As stricter rules are adopted, like European Union’s (EU’s) General Data Protection Regulation (GDPR) and AI Act, California’s Consumer Privacy Act (CCPA) for privacy, as well as European Network and Information Systems Directive 2 (NIS2) and CISA guidelines in the United States for critical industries, and more specific requirements from the EU’s Digital Operational Resilience Act (DORA) for the financial industry, organisations need to contextualize these requirements and integrate them into their security posture.

Collaborating closely with third parties, including identifying their Software Bill of Materials (SBOM), and communicating any vulnerability along the supply chain. This will remain an important priority for security leaders as the global enterprise landscape becomes increasingly interconnected.

This should ensure a better understanding of the dependencies toward the third parties, and when an organisation becomes more mature, the broader interdependencies of their ecosystem.

In conclusion, while predicting the near future remains a challenging task, these six top priorities will play a pivotal role in organisational resilience.

As we look ahead, there seems to be a distant echo on the horizon. Let’s hope it is not your next threat!

Pierre-Martin Tardif is a member of the ISACA Emerging Trends Working Group. A longstanding IT and cyber security professional and educator, he is based in Quebec, Canada.

Source

Posted on by

Schwarz Group partners with Google on EU sovereign cloud

Google has partnered with retail giant Schwarz Group to deliver what the pair claim is truly secure and sovereign cloud-based collaboration for German and European regulated industries.

Through the partnership, Schwarz Group’s StackIT, the cloud provider for the retailer, which operates as an independent company offering sovereign cloud capabilities, will provide client-side encryption of customers’ Google Workspace data.

StackIT said customers’ data will remain resident within the European Union (EU), with full redundancy offered by backups hosted solely in its European datacentres to meet customer demands around data protection, data residency and data resiliency.

“Germany and the EU have until now lacked enterprise-grade cloud collaboration solutions that fully address the sovereignty requirements of regulated industries, including ensuring all data is secured and backed up on local soil with absolutely no opportunity for access by foreign nations or platform providers,” said Rolf Schumann, co-CEO of Schwarz Digits, the IT and digital division of the Schwarz Group.

“Our partnership and new offering with Google Cloud will fill this gap with an entirely new business model.”

Client-side encryption means Google has no access to customers’ data. According to Schwarz and Google, this safeguards the sovereignty of not only Schwarz Group, but also all customers who value the independence of their operations, giving them full confidence that their data is always in their control.

“This new partnership will enable the companies of Schwarz Group to combine its leadership in digital transformation with Google Cloud’s strengths in productivity, collaboration and security, enabled by our cutting-edge AI,” said Sundar Pichai, CEO of Google and Alphabet. “Together, we are opening up a world of new, sovereign opportunities for European organisations to innovate and build on our joint solutions, accelerating a new era of innovation.”

Through the partnership, Google Cloud’s security will be integrated with those of XM Cyber, Schwarz Digits’ hybrid cloud security company. This integrated offering will then be distributed to customers via the Google Cloud Marketplace.

According to Google and Schwarz, this integrated security will help German and European organisations, particularly those in highly regulated industries, raise the bar on their enterprise and multi-cloud security. In addition, XM Cyber’s Continuous Exposure Management will be embedded into the sovereign Google Workspace office productivity suite offered to European enterprises.

“This partnership changes the game for regulated industry players in Europe by removing the sovereignty and security concerns that often hold back more ambitious adoption of the cloud for productivity and collaboration,” said Thomas Kurian, CEO of Google Cloud. “Our alliance with companies of Schwarz Group will enable entire industries in Europe to deliver digital innovation with security and compliance at its core.”

Schwarz Group is Europe’s largest retailer, and the fourth-largest in the world. The company plans to transition its global office workforce to Google Workspace. The partnership with Google, according to Schwarz Group, enables critical workplace data to be protected against third-party access including foreign government institutions, and also transferred to alternate service providers if needed.

“Switching to Google Workspace is an important step for us out of legacy and into innovative, efficient and future-proof cloud-based collaboration,” said Christian Müller, Co-CEO of Schwarz Digits. “Google Workspace is the most secure and reliable productivity platform in the industry today, and we expect our organisation-wide migration to have significant flow-on benefits to all areas of operations from simplifying IT management to rendering our point-of-sale workflows significantly more efficient.”

Source

Posted on by

Overcoming the cyber paradox: Shrinking budgets – growing threats

Recent years have seen a general cost-cutting in organisations caused by economic pressures. Many organisations have seen a fall in customer demand due to the cost-of-living crisis, as well as inflationary pressures affecting costs. Higher interest rates, increasing organisations’ cost of capital, are another factor.

There’s also a sense of fatigue associated with spending on cyber security. Businesses’ spending on cyber has been increasing year-on-year for a sustained period of time, and a tendency has crept in for organisations to feel that, by now, they have done the necessary investing required to protect themselves, even though the reality is that the cyber threat landscape is ever-intensifying and regulatory pressures are mounting.

Lastly, we’ve seen a ‘platformisation’ of cyber software, with the big suppliers creating cohesive, unified cyber solutions. This encourages CISOs to embrace economies of scale in their spending, allowing them to do ‘more with less’. This has led to reductions in spending on single-use-case software solutions.

All of these factors combined are contributing to a flatlining of cyber budgets over the past 12 to 18 months in many organisations.

What makes organisations feel security is a worthwhile ‘cut’?

In this area, spending is highly correlated to compliance – often more than risk appetite. Compliance drives action, and this leads to a situation where if the organisation feels compliance has been achieved, the spend begins to plateau as the sense of urgency around cyber dissipates.

Some sectors are pushing hard on compliance, for example DORA for financial services in EMEIA and NIS2 for critical infrastructure in the European Union (EU). Spending on cyber security is more robust in these sectors, commensurate with the demands of these regulatory frameworks, but in sectors where regulation is less onerous, the spend is measurably flattening.

How can CISOs and security leaders lobby to maintain their budgets?

This is where a shift in perspective is badly needed. The case needs to be made that spending on cyber is a value investment – not just a risk management cost. Organisations need to start regarding cyber as an enabling ecosystem which unlocks value in multiple ways. It can enable AI implementation right across the organisation, for one thing. It can help enable acquisitions, for another. Creating a strong platform can also differentiate the organisation in the eyes of customers. All this contributes tangible value.

This is an important shift in mindset, from a perspective that views cyber only as a cost to one that understands it as an enabling infrastructure that links directly to the value generated by the products and services it underpins.

This new perspective should enable businesses to consider that, instead of relying solely on central funding for cyber, they can allocate to cyber a share of their budgets for new initiatives – on the basis that an optimal cyber infrastructure is a necessary condition of the initiative’s success.

It’s also useful to quantify the effectiveness of cyber spend, using Cyber Risk Quantification to demonstrate the tangible link between risk reduction and spend.

How can CISOs and security leaders increase their budgets?

One of the main things cyber can enable is AI, and this is becoming the fastest-moving – and fastest-growing – change catalyst in the whole landscape. There is no doubt that AI is a cyber threat multiplier, allowing cyber criminals to become better at what they do: better malware, better phishing, and so on.

This means that the custodians of business need to become better, too. And that’s going to require ongoing investment, and an ongoing evolution of the tools and solutions we implement, to enable organisations to try and keep up with the criminals.

As cyber criminals avail themselves of AI to create more effective cyber-attacks, organisations are going to need to fight AI with AI.  It is important to look at opportunities to automate cyber defence, especially in key use cases around Threat Detection and Response, Automated Testing and User Access Rights management. 

EY’s research shows that one of the key indicators of organisations who perform best in cyber security is that they consistently adopt emerging technology – especially automation – quickly. Companies who can ingrain that technology-friendly approach are the ones that suffer the least from being attacked.

The threat outlook for 2025

The existing big threats – ransomware, phishing and supply chain attacks – will all continue, and will continue to grow in sophistication. Alongside that, we expect to see more targeting of Operational Technology (OT), as well as the Internet of Things (IoT).

It’s reasonable to expect that the fast growth of AI implementation across organisations and sectors will produce new vulnerabilities, and that as a result, more data breaches will occur as an inevitable aspect of this fast pace of change.

Finally, the other key development will be the way cyber criminals are themselves utilising and deploying AI. The intensity of malware attacks is likely to increase, as attackers weaponise GenAI. The pace of development is capable of being equally effective on both sides of the battle, which is precisely why organisations cannot afford to be complacent.

Richard Watson is global and APAC cyber security consulting lead at EY

Source