IBM SecurityIntelligence blog: Can You Still Protect Your Most Sensitive Data?

An article in The Washington Post called “A Shift Away From Big Data” chronicled several corporations that are actually deleting their most sensitive data files rather than saving them. This is counterintuitive to today’s collect-it-all data-heavy landscape.

However, enterprises are looking to own their encryption keys and protecting  their metadata privacy. Plus, there is a growing concern that American-based companies are more vulnerable to government requests than offshore businesses.

You can read more on IBM’s SecurityIntelligence.com blog here.

The blockchain world gets more interesting by the day

 

 

 

I was at a conference last week where everyone was doing some interesting things with blockchain technology. This is the not-so-secret sauce behind Bitcoin: a transaction log that is verifiable and can be synchronized across distributed servers and still handle multiple trust relationships, where chargebacks can’t happen and where the crypto is strong enough to have banks and other financial institutions spending millions of dollars supporting dozens of startups.

I have written before about blockchain tech for IBM’s SecurityIntelligence blog here, but what got me interested about the conference was how practical blockchain implementations have been and will be. This is especially true in changes to the world of supply chains, where goods move across the globe under a variety of incomplete and error-prone tracking circumstances.

Indeed, at the conference I saw lots of blockchain apps that related to supply chains and had almost nothing to do with cryptocurrencies. This is an industry that is ripe for change. As one analyst has written, many supply chains have data quality issues and automation has failed to deliver significant productivity gains. That could change with these new apps.

For example, there is a company called Everledger.io. The idea is to attach a unique digital signature to each and every diamond that is traded on the various international exchanges. This signature can be immediately verified with the actual item itself – like the way a checksum can be used to verify if a digital file has been altered – to ensure that the diamond hasn’t been tampered with or substituted. So far they have been able to track close to a million diamonds in this fashion. According to insurers, about seven percent of the world’s diamonds are fraudulent in one way or another. Last fall, data from the Gemological Institute of America, the main diamond industry certification body was altered by hackers.

We are still in early days, but you can see there are lots of other applications to help detect when counterfeit goods enter a supply chain that are ripe for blockchain applications. Sending prescription drugs around the world is another high-value application that several teams are working on blockchain apps.

One FedEx manager was on a panel where they spoke about how they need new technology for managing their supply chain. “The immutability of the transaction is important for us: are you who you say you are, and are you shipping what you say you are shipping?” They spend a lot on insurance and it would be nice if they could leverage blockchain tech to prove that a package actually did make it to the final destination, with something other than an illegible signature.

While they can track a package from when it leaves your door through their shipment network, that only works if they have control over the shipment from end-to-end. That isn’t always the case, and especially internationally where it can be more cost-effective if they can hand off a package to another shipper. The panel also brought up an interesting question, as to what constitutes a delivery address, with one of them holding up his phone, saying how he wants to be able to deliver something right to where he is at the moment. That has a lot of appeal to me, as I recall how many hours I have spent trying to find a package delivery person when I stepped out of my office for a moment.

Also speaking was a representative of Chattanooga-based Dynamo, a new accelerator for supply chain ventures. They are funding several blockchain-related startups. “It isn’t just about saving money with these kinds of businesses, but about finding opportunities to expand commerce.”

The conference started off with a speech from Brian Behlendorf, who is now in charge of the hyperledger project that is part of the Linux Foundation. He has been around the tech industry for a long time, putting up Wired magazine’s early website and developing numerous open source projects. The idea behind hyperledger is to have an open source project that can be used in a number of blockchain circumstances. Think of what the Apache programmers did for web servers back decades ago: the same thing will be attempted with having a set of protocols and standard infrastructure to build blockchain apps on top of with hyperledger.

Before the conference took place, a pre-conference hackathon was held and more than a dozen teams and 50 people participated to win the top prize of $20k. The winners included college students, which should give you an idea of how quickly blockchain is evolving. Unlike many hackathons where the winners get to pose with an oversize check, in this case the winning teams’ prize money was preloaded in bitcoin on a special cryptokey, which was quite fitting. The first place finishers wrote an app to eliminate ID fraud, using blockchain to encrypt and validate who you actually are.

Blockchain isn’t just all about the supply chain: the banks are getting involved too. A private effort from R3 has more than 40 financial services supporters to try to create standards for distributed ledgers. Barclays has more than 45 Bitcoin-related projects. Deloitte has a group based in Toronto doing cryptocurrency and blockchain consulting. A Berlin neighborhood has dozens of retailers who accept bitcoins. Finally, there are other currencies that are gaining traction, including Ethereum and Dash.org, that attempt to improve upon the original bitcoin specifications and further fueling blockchain interest.

It looks like there will lots of blockchain-related news in the coming months.

For Immediate Release: a podcast for B2B Marketers

I return to doing a regular series of podcasts with my long-time former partner Paul Gillin, called For Immediate Release: B2B. Paul and I co-hosted almost 100 episodes of MediaBlather back several years ago, and many of those shows have held up well talking about how technical PR and marketing communications professionals can leverage new media and other strategies.

In this week’s show, we talk about the upcoming merger between Microsoft and LinkedIn (Paul and I are split on whether it is a good thing), and interview Radius.com CEO Darian Shirazi about predictive analytics and its utility for marketing and customer retention.

iBoss blog: When geolocation goes south

 

What do a Kansas farm and a seaside McMansion have in common? Both have been discovered as the result of various geolocation-programming errors over the past several years.

Certainly the use of global positioning system (GPS) chips now built-in to tablets and smartphones is mostly a benefit when it comes to navigating to a meeting spot or finding a nearby gas station or restaurant. But the ubiquity of GPS tech also has its downsides too.

Take the case of that Kansas pasture. For more than a decade, the owners of a small family farm outside of Wichita started getting regular visitors and calls thinking their farmhouse were the center of criminal activity or digital abuse. The reason had to do with a deliberate rounding error of their latitude and longitude for the center of the continental US. And thanks to software that matches up IP addresses with a location, their farm was showing up on thousands of records, including the default location for scammers and other questionable situations.

“The harassment continued to the point where the local sheriff had to intervene. He placed a sign at the end of their driveway warning people to stay away from the house and to call him with questions,” according to the post. Sadly, that didn’t help. One irate visitor even dumped a defective toilet on their driveway in frustration.

Others around the country have suffered a similar fate, such as a man in Ashburn Virginia whose home has been attached to millions of IP addresses from the Internet service providers who are located in nearby data centers. Think of them as “living in an IP flood zone” as the above article calls these geolocation disasters.

However, there certainly are other unintended consequences.One report ties the tracking bracelet that was worn by noted cartel boss El Chapo as the way his confederates helped locate the escape tunnel they dug to come out precisely inside his cell. And an ISIS fighter found out too late that his Tweets were being geo-tagged, broadcasting his whereabouts. In another case, a divorce lawyer monitored the social media of his client’s Gen Y children to geolocate properties that weren’t mentioned in the original filings. “We were able to go to the court with a list of assets that we conservatively estimated at $60 million, which the court then seized.”

Even if you don’t geotag your social media posts, there are still ways to figure out where you live, according to this academic research paper published last year. The scientists examined their friends’ geolocations and were able to estimate the target within a few miles.

So what can you do to prevent this? First, understand the accuracy limitations of any enterprise-level geolocation technology that you use. Actual mileage, as the saying goes, can vary. Although geolocation technology has been around for more than a decade, it isn’t as precise a location down to a particular household or street address. Facebook’s “safety check” warnings that its users might be inside a disaster zone turned out initially to not be very accurate, after people around the world were warned they might be near a bombing in Pakistan. Hopefully, the alert location algorithms have been improved since then.

Second, examine the developer tools that are available to employ geolocation and understand what apps you are trying to build. Look at what Google and Facebook are doing in this field and how you can tie into existing mapping efforts from these giant software vendors.

Finally, examine the settings for any corporate-owned phones and tablets and make sure you turn the geolocation features off if this is a concern.

Using citizen science to hunt for new planets

When I was growing up, one of my childhood heroes was Clyde Tombaugh, the astronomer who discovered Pluto. Since then, we have demoted Pluto from its planetary status. But it still was a pretty cool thing to be someone who discovered a planet-like object. Today, you have this opportunity to find a new planet, and you don’t even need a telescope nor spend lonely cold nights at some mountaintop observatory. It is all thanks to an aging NASA spacecraft and how the Internet has transformed the role of public and private science research.

Let’s start in the beginning, seven years ago when the Kepler spacecraft was launched. Back then, it was designed to take pictures of a very small patch of space that had the most likely conditions to find planets orbiting far-away stars. (See above.) By closely scrutinizing this star field, the project managers hoped to find variations in the light emitted by stars that had planets passing in front of them. It is a time-tested method that Galileo used to discover Jupiter’s moons back in 1610. When you think about the great distances involved, it is pretty amazing that we have the technology to do this.

Since its launch, key parts of the spacecraft have failed but researchers have figured out how to keep it running using the Sun’s solar winds to keep the cameras properly aligned. As a result, Kepler has been collecting massive amounts of data and downloading the images faithfully over the years, and more than 1,000 Earth-class (or M class, from Star Trek) planets have already been identified. There are probably billions more out there. 

NASA has extended Kepler’s mission as long as it can, and part of that extension was to establish an archive of the Kepler data that anyone can examine. This effort, called Planethunters.org, is where the search for planets gets interesting. NASA and various other researchers, notably from Chicago’s Adler Planetarium and Yale University, have enlisted hundreds of thousands of volunteers from around the world to look for more planets. You don’t need a physics degree, you don’t need any sophisticated computer or run any Big Data algorithms. Instead, if you have a keen mind and eyesight to pore over the data and the motivation to try to spot a sequence that would indicate a potential planetary object.

What is fascinating to me is how this crowd-based effort has been complementary to what has already happened with the Kepler database. NASA admits that it needs help from humans. As they state online, “We think there will be planets which can only be found via the innate human ability for pattern recognition. At Planet Hunters we are enlisting the public’s help to inspect the Kepler [data] and find these planets missed by automated detection algorithms.”   

Think about that for a moment. We can harness the seemingly infinite computing power available in the cloud, but it isn’t enough. We still need carbon-based eyeballs to figure this stuff out.

Planet Hunters is just one of several projects that are hosted on Zooniverse.org, a site devoted to dozens of crowdsourced “citizen science” efforts that span the gamut of research. Think of what Amazon’s Mechanical Turk does by parcelling out pieces of data that humans classify and interpret. But instead of helping some corporation you are working together on a research project. And it isn’t just science research: there is a project to help transcribe notes from Shakespeare’s contemporaries, another one to explore WWI diaries from soldiers, and one to identify animals captured by webcams in Gorongosa National Park in Mozambique. Many of the most interesting discoveries from these projects have come from discussions between volunteers and researchers. That is another notable aspect: in the past, you needed at least a PhD or some kind of academic street cred to get involved with this level of research. Now anyone with a web browser can join in. Thousands have signed up.

Finally, the Zooniverse efforts are paying another unexpected benefit: participants are actually doing more than looking for the proverbial needle in the haystack. They are learning about science by doing the actual science research. It is taking something dry and academic and making it live and exciting. And the appeal isn’t just adults, but kids too: one blog post on the site showed how Czech nine year old kids got involved in one project. That to me is probably the best reason to praise the Zooniverse efforts.

So far, the Planet Hunters are actually finding planets: more than a dozen scientific papers have already been published, thanks to these volunteers around the world on the lookout. I wish I could have had this kind of access back when I was a kid, but I also have no doubt that Tombaugh would be among these searchers, had he lived to see this all happening.

Does your city have a data dashboard?

I love data dashboards. They are a great way to visualize data, to spot trends quickly, to get a handle on complex relationships, and to just geek out in general. At the Tableau conference last fall, the central ballroom area had its own data dashboard that showed you interesting up-to-the-second stats about how many Tweets were posted, where attendees came from, and other fun conference facts. You would expect something from the company that delivers a data dashboard product line to do something like this.

Data dashboards are popping up everywhere, and this past week I took a closer look at some of the ones that local cities are creating to monitor their own performance and connect to their citizens. A good “mayor’s dashboard,” as they are known, should show a lot of information in one screen, be attractive but not completely eye candy, and do more than just be a brochure for advancing the latest political agenda.

When you think about a mayor’s dashboard, it would be nice if they were actually used by the mayor to monitor progress and to help with his or her decision-making too. It should weigh items such as crime stats, quality of life metrics, and things that a city’s residents care about: trash pickup, time on hold in various phone queues and so forth. While the mayor’s dashboard is still an evolving area, here are some example of cities that have already implemented them and my initial thoughts.

And if you want some great general guidelines on building your own dashboard, start with this presentation from a past Tableau conference here.

Feel free to recommend your own in the comments below.

New York City has been working hard on opening various databases to public access, with more than 1200 different ones that can display various insights. It is all a bit overwhelming, not much different that what a visitor new to the city might find in real life. There isn’t a single pane of glass to summarize the information that I could find however.

bostonwBoston’s Mayor Walsh has had a public dashboard for more than a year, and is perhaps one of the more attractive ones (one part of which is shown here), with a rotating series of graphics on city performance data. You can see that there have four homicides this year, and compare with last year’s numbers. This is very actionable information too.

You would expect Portland Oregon to have a dashboard, and it does, showing things such as the percentage of renewable energy consumed and other groovy-oriented stats. It is arranged as more of a brochure than a dashboard: so you have to click around to find a particular stat, such as the average response time for a fire alarm is more than seven minutes. You can see in the graph that this hasn’t changed much over the years.

Detroit’s dashboard is more of a book report than an interactive dashboard. This shows you what they have accomplished last week such as how many LED-based streetlights were installed or blighted homes torn down.

London’s dashboard was launched last fall and is just for crime stats. It is chock full of graphs and figures, but you can’t see the whole picture on one page unfortunately.

Denver’s dashboard is more of an RSS portal, and you can customize it to your own particular needs, displaying alerts and news feeds on economic or public safety stats.

LA has several different data dashboards including a “performance” top-line summary that shows single numbers for things such as total employment, non-attainment air quality days, and the time it takes for police to respond to 911 calls. Clicking on any of these items will bring up graphical displays and lots of city rhetoric and more marketing information. There is also an open data project too.

Seattle’s dashboard has a similar design to LA’s, with single number top-line summaries that can be expanded with more graphical detail.

Meetup adds ‘Chip in’ donation feature today

NOTE: This post was written in 2014. Since then Meetup has sadly removed this feature.

Perhaps you know already about Meetup.com, the site that anyone can organize any group on any topic. I have not been an organizer but have attended numerous meetups in St. Louis, and used the site to research people that I wanted to connect with when I traveled to other cities around the world in the past. Today Meetup organizers are getting a new incentive: the ability to add a “chip in” button so that members can donate cash to the group.

“We want to make it easy for supportive members to chip in on costs and help make Meetup groups even better,” according to a post on their blog this morning As of today, any group or event organizer can quickly add this feature. It is a pretty bold experiment and perhaps the widest expansion of crowdsourcing to date. To give you an idea of the scope of this work, there are nearly 200,000 meetups around the world organizing half a million events every month.

contributions 2The way it works is simple: a Chip In button on the Meetup home page will bring up a dialog box asking for your contribution, as shown here. You enter your payment information and you are done. It works on both web browsers and phone apps.

Meetups are a pretty low-budget affair, for the most part. Many organizers pay for the costs of running the meeting (beer and pizza are the usual enticements) out of their own pockets, or else try to find a corporate sponsor (such as the company who is hosting the meeting at their facilities), but the Chip In feature formalizes this and makes it easier to raise funds. About 2,000 Meetups have already been using the feature and have found it very helpful, as you can imagine. While Meetup.com won’t reveal how much money has been collected, I hear it is quite impressive.

My long-time colleague and friend Tristan Louis has been heading up this effort and he told me, “We’re trying to carefully introduce ways to help the organizers without requiring them to ask the uncomfortable questions surrounding money. We know that organizers often get stuck being the ones paying for the pizza and we want to change that dynamic by having everyone chip in.” Contributions aren’t mandatory, but we’ll see if the psycho-dynamics of the meetup changes as a result of them.

Building your own early warning system

 

What do a bowl of yellow M&Ms have to do with the Distant Early Warning or DEW line? Both are ways to provide early warning systems of sorts. Let me explain.

The DEW line was a big deal back in its day. The idea was to be notified of any incoming Soviet bombers that were going to take us out by flying over the pole. The system of radar installations stretched across northern Canada and Alaska back in the cold war when both countries were stockpiling thousands of nuclear bombs. It would just take a few minutes for a bomber or a missile to reach our country, hence having a series of detection points closer to the source could provide a few minutes’ warning of an imminent attack.

The same could be said for the bowl of M&Ms. A friend of mine is a musician and explained the typical concert contract riders that specified a particular color of candy present in the dressing rooms or backstage. It wasn’t because the musicians were being prima donnas, as I always thought. “They wrote these riders as an early warning system. If a band showed up at a venue and saw the wrong color of candy, they knew they had better get out to the stage and spend some more rehearsal time. If the venue didn’t read the contract, it meant that other things probably wouldn’t be right for their show. It had nothing to do with their personal preferences,” he told me. Snopes quotes David Lee Roth of Van Halen, who put on some very complex shows, here: “If I saw a brown M&M in that bowl . . . well, line-check the entire production. Guaranteed you’re going to arrive at a technical error. They didn’t read the contract. Guaranteed you’d run into a problem.”

Great idea, I thought. Those old rockers were on to something after all.

I thought about this as I attended the annual Teradata Partners conference last week in Nashville. I have been coming to this show for several years and find it very interesting, mainly because so many IT managers present what they are doing at dozens of sessions. This year’s show was no different, and I heard a lot of folks talk about they have developed their own early warning systems that they have put into place.

For example, what about tracking what happens to your worst customers? These are people that you want to know about, and try to fix their problem before they actually leave you for your competitors. Wouldn’t it nice if you could be notified about some issue in time to change their minds? That is one of the things that Teradata excels at with its various data warehousing and analytic tools.

One British clothing retailer has gone so far to set up its systems so that it can tell when an online shopper is calling its call center trying to complete an order. While that can be borderline creepy, it can help increase revenues and customer satisfaction rates too. Wells Fargo Bank has a number of executive dashboards that are used to track what banking products are used by their customers, as a way to see who isn’t really engaged.

Interestingly, the same systems can also be used to track what is going on with your best customers too.

So whether it is a bowl of candy or some multimillion dollar systems, think about ways that you can detect early trends and keep your customers.