In Michael Healey’s recent Information Week article entitled, “Analytics For All, No Data Scientists Needed,” Healey takes the stance that we need to make data accessible and usable by the non-technical end user and provide tools that help that user make sense of the data. He also cites the data scientist shortage and the high price tag of hiring these high-level staffers as key reasons for the need for analytics and BI solutions to shift away from solely the domain of the PhDs and toward developing tools that we can put in the hands of the end user.
As a data scientist, some of the most important and interesting aspects of my role include exploring data to identify relationships, cause and effect, performing “what if” analyses on different scenarios, and overall to answer questions.
Well, after reading a recent Bloomberg article that explains how some large US healthcare providers are using data collected from consumers such as their food and lifestyle purchases to assess whether or not someone is more or less likely to get sick, I think we need to bring some those same critical thinking skills to bear on what are some very serious privacy concerns surrounding the use of people’s personal and behavioral information.
Under the guise of trying to improve people’s health, there are so many “nanny state” red flags mentioned in this article, it’s hard to know where to begin.
I recently read an investigative article by Sara Carter, Senior Washington Correspondent for The Blaze, where the author outlined how the Army had systematically and repeatedly denied warfighters in theatre the use of highly effective private-sector intelligence and analytics technology, and instead, continued to promote and defend inferior technology they built themselves. In one instance, a company commander whose battalion was the first on the scene in Zabul, Afghanistan in 2009 had to build their intelligence infrastructure from scratch, stating “Microsoft PowerPoint was their only real tool.” Are we really saying that this was the best we could have done for our troops?
In the private sector, we have a name for this. It’s called “NIH” or “not invented here” syndrome. The Army program that was being protected began back in 2003, with $28 billion spent on its development and ongoing maintenance. If you can get over the astronomical price tag for a second and simply reflect on all the technological changes that we have experienced over that 10-year period, it’s staggering: GPS, texting, Wikipedia, Facebook, iPhone and smart phone technology, the semantic web, SOA, cloud….the list goes on. This is surely one of the reasons why the newer technology cited in the article created by Palantir was superior. It was built on much newer, advanced underlying platforms that just didn’t exist in 2003.
Last week was a whirlwind for Red Lambda. I am thrilled to report that after a tedious pre-qualification process, a series of elimination phases, and an intense onsite presentation, Red Lambda was selected out of approximately 3,000 entries as a Red Herring Winner for the North America Top 100 Award.
It’s easy to understand why the prestige behind this award is palpable to the entire team here at Red Lambda. It’s well known in tech circles that Red Herring has always had a knack for identifying truly innovative startups that in many cases, burgeon into companies that become household names and permeate our culture like Facebook, Google, eBay and Skype. We are honored and humbled to be in the “hall of fame” so to speak, and among the ranks of companies like these that started out with much potential and promise, just like Red Lambda. At the time they were selected for this award, perhaps only the founders, with their powerful and unstoppable vision for the future, could foresee the magnitude and impact their organizations would have on the global economy in just a few years. Red Herring obviously knew they would be big, but just how big probably was unclear. At Red Lambda, we believe we are in a similar position and envision our solutions changing the paradigm of how we fight cybercrime.
From the retail sector, to banking, to government agencies and other entities, organizations worldwide continue to struggle with IT security. While statistics show that fundamentals such as a lack of planning for a cybersecurity attack or worse, the mindset of “it won’t happen to us,” are still prevalent, there is another reason companies are overwhelmed. It’s because their legacy IT environments are, well—overwhelming.
To protect their data, CIOs and CISOs have resorted to a wide array of point solutions from multiple, disparate vendors, creating a collection of heterogeneous, disparate data sources. This, in turn, has made their IT environments harder and harder to manage and protect.
Let’s take a look at some of the top technical reasons why organizations grapple with data security and the inherent limitations within current systems that are causing today’s CIOs and CISOs such angst:
Speaking to The American Council for Technology– Industry Advisory Council (ACTIAC) recently at their annual Management of Change Conference, former director of the NSA General Keith Alexander made many important points about the role Big Data will continue to play in our future, but among the key takeaways that stood out to us here at Red Lambda were three things: his comments about the need to improve our continuous monitoring capabilities, the need for “a more defensible architecture” to protect sensitive information, and the need for leadership in the Big Data arena.
We couldn’t agree more.
In a bold statement this week by Symantec Senior Vice President for IT Brian Dye, he declared that “Antivirus is dead” in an interview with MSN Money online.
Considering that this is from the organization that created and pioneered antivirus software in the 80s and built a billion dollar global conglomerate based on this technology, it’s actually quite remarkable. Yet, at the same time, it’s not at all surprising. The writing has been on the wall for a long time for antivirus systems like Symantec and McAfee, as well as with firewall, SIEM and other appliance-based data security solutions. While these systems may continue to have a shelf life out of necessity, they are simply not enough and in fact, are not architecturally designed to protect today’s complex IT environment which is riddled with multiple appliances, constant upgrades, custom middleware, proprietary interfaces, incompatible databases, operational silos and a bevy of IT consultants. Symantec recognizes this, as only a small fraction of its revenues are generated by solutions for businesses. The bulk of their revenue is from individual users of their solutions.
It’s a very exciting time for us at Red Lambda. In a few weeks, we will be heading to Monterey to present our big data security and analytics solution, MetaGridTM, at the Red Herring North America Forum as a Top 100 North America Award finalist. Chosen from literally hundreds of U.S companies across a wide range of technology sectors, we are looking forward to meeting with other entrepreneurs, strategists, investors and other individuals as part of this prestigious event.
Since Red Herring began its Top 100, it has done a very good job identifying companies like Red Lambda that have truly innovative, leading-edge solutions to offer the marketplace. And the publication has a strong track record in picking winners. This is probably the result of their ability to cut through much of the high-tech hype, and their evaluation process is very stringent. Each of the Top 100 was evaluated on a combination of factors: technological innovation, strength of the management team, market potential, investor record, customer acquisition and financials. Red Herring also looks for companies that can grow at an explosive rate and that is certainly true for Red Lambda.
I have been watching closely the news surrounding the Heartbleed vulnerability. In the recent American Banker article, entitled, “FFIEC Issues Heartbleed Warning; Major Banks Say They're Protected” the article states that most of the banks and online banking vendors contacted for comment report that their sites and software are not at risk. While it’s commendable that these organizations don’t want to alarm the public unnecessarily, no one really knows how complex Heartbleed is, or the full extent of what may have been compromised. Every day we are seeing breaking news about new exploitations cropping up from the UK to Canada.
Clearly, the core banking software vendors like Fiserv, Jack Henry and D+H USA (formerly Harland Financial Solutions), as well as the many online banking providers, go to extraordinary measures to protect their financial data. Likewise, the big banks mentioned in the article have vast IT resources to address vulnerabilities in terms of both people and infrastructure. Overall, the industry is doing everything it knows how to do with the current tools and systems it has to work with to reduce its vulnerabilities. And therein lies the problem: today’s technological approach to IT and network security has changed little over the last two decades, while everything else that touches it has changed dramatically.
In a recent Bank Technology News article titled, “Banks Urged to Beef Up Defenses Against DDoS Attacks, ATM Fraud,” the author reports how the Federal Financial Institutions Examination Council is “urging” (quotes mine) banks to establish better security controls related to ATM fraud, as well as denial-of-service (DDoS) attacks. Not surprising, Verizon ranked ATMs and file servers as two of the top three most vulnerable to cyberattacks for banks.
With more than 30 years in the financial services industry, I continue to see banks of all sizes struggle to protect themselves. I have also seen how, in response to these threats, CIOs and CISOs have resorted to deploying a wide array of point solutions from a whole host of vendors. This has created a mish mosh of disparate, often redundant systems and an IT environment rife with constant upgrades, custom middleware, proprietary interfaces, incompatible databases, operational silos—and frankly, a lot of money paid to IT consultants. This is the reality of operating within the confines of today’s legacy and signature-based security solutions.