Keynote presentation: Michael Kagan, Chief Technology Officer, Mellanox Technologies
Kagan said that we’re in middle of a networking transformation. “It all started when phones went from being static to mobile. And now it’s something you never leave home without.”
Its functions have expanded – and we generate 2x data annually. It’s a resource like oil in the 20th century. As an example, he cited Nokia and its move into GPS navigation systems, and bought Navteq which built a network of traffic sensors. Waze did the same thing of generating mapping data for free by using people’s phones. So it’s about figuring out where the data is and how you can make use of it.
But all that data needs to be stored somewhere. A small fraction is structured, processed or analysed,most is unstructured. To use data is to process it. But data growth is not aligned with Moore’s Law and is outgrowing CPU power. Network bandwidth is aligned however. So we need to think outside the box to take advantage of this data.
Now we need to use the data to generate services, rather than apps. “The machine learns from the data and applications, and data are created by that data. It’s outside the computer. We need to think at a datacentre scale.” This needs efficiency and doing things that we haven’t done before. Think of ants – singly they can’t do much, together they build cities. Data can program the computer so machines learn from that data.
Cloud is the differentiator, Kagan said. It allows you to chain multiple services to deliver a service. Cars can be transport as a service through connectivity. Pigeons were great at carrying single messages – now we use video-conferencing and translation services to talk across the globe. Other developments using the network – image recognition is better than humans. We see the network as the heart of data processing.
He talked about NVMe, and the need for smart storage using Ethernet cloud fabric. It’s possible to use cloud data as if it were local using Mellanox BlueField Smart NIC and virtualisation.
Talked about virtualisation and cloud / datacentre security. Problem with host-based security, needs isolated security security domain to avoid hacks taking over security policy.
Tomorrow we’ll have more data, and there will be 25+ billion devices.
Interviewer: Jean-Baptiste Su, Forbes Technology Columnist & Principal Analyst, Atherton Research
Kagan discussed his history as a co-founder of Mellanox. Asked why nVidia had just acquired Mellanox, Kagan said: “You want to know why nVidia bought us – ask them. We’ve worked with them for years.”
Debate V – they’re Everywhere! Managing the Incredible Explosion of IoT and IIoT Devices
Chair: Kevin Restivo, Research Manager, European Enterprise Mobility, IDC
Jan Guldentops, Director, BA Labs
Peter Galvin, Chief Strategy & Marketing Officer, nCipher Security
Philip Griffiths, Head of EMEA Partnerships, NetFoundry
Michael Kagan, Chief Technology Officer, Mellanox Technologies
Prof Martin Curley, Director of the Digital Academy and Open Innovation, The Health Service Executive
In his opening presentation, Restivo said that IoT is a set of uniquely identifiable endpoints. He predicted that IoT spending is set to grow, market to be worth $1052.9bn by 2022. Key drivers: enterprise readiness, IoT system complexity and proliferation of devices. Key inhibitors: security, and lack of co-ordination of IoT and IT.
Any other drivers? Galvin said: medical devices, consumer side there’s no security. Guldentops said: there’s a very wide range of devices so you need to cut up the broad field and focus in on particular area – eg industrial. Griffiths said: enterprises need to be ready and prepare the ground by securing the network. Curley said there’s a massive future for IoT with consumerisation of healthcare – eg Apple Watch with heart monitor. In Ireland we found that many notes on vital signs from nurses were incorrect but sensors were 100% correct. We should be able to add several years to the average person’s life through life monitoring. Griffiths said that the average hospital has 4k exposed endpoints. And medical data is highly valuable.
Galvin said smart meters are rolling out, we’ve been working with surgical robots, have seen a lot of interest in automation: in the US, big ploughing machines analyse the soil, in Australia mining machines are remotely controlled. Guldentops said driving can be monitored by speed cameras, parking spaces by sensors. Griffiths said that government asks how they’ll make money out of it. But in a manufacturering plant they will reduce costs of production.
Galvin said there’s so much data being transmitted but without being anonymised, there’s a ton of data about individuals and their medical issues. Kagan said decisions will made using this data and once the decision-making algorithm becomes known, people will game it. Eg when a self driving car decides which cyclist to hit, it will choose those wearing helmets because of their greater chance of survival. Unintended consequence: cyclists stop wearing helmets.
Guldentops said ANPR (automatic number plate recognition) cameras in Belgium are running old Linux which is insecure but they can’t change it because the cameras would all need to be re-validated. So it has legal ramifications. Galvin said there’s still a need for compromise between usability and security. Guldentops said this should be easier with M2M. Curley said it will take a catastrophe to raise awareness.
Q: medical devices are already compromised as a penetration test proved – it’s a life-changing catastrophe NOW. Curley said it’s a systematic problem as IT intensity – only about 3% of IT send where in financials its 15%. In my organisation, it’s 1%, barely functional. Guldentops said one answer is a bug bounty – companies hack devices without changing data. Griffiths said malware has been found in plants where an explosion could kills thousands. You can solve the legacy problem of devices that can’t be patched with a secure overlay network. Guldentops said the problem is that many devices are bought to work for 25 years – yes you can put in a Citrix front end, overlay a secure network… Kagan said these things shouldn’t be too tightly bound together.
Debate VI – AI Meets Security: Next-Generation Tools Leverage Machine Learning for Detection and Instant Response
Chair: Fran Howarth, Practice Leader: Security, Bloor Research
Andrzej Kawalec, European Director of Strategy & Technology, Optiv
Roark Pollock, CMO, Ziften Technologies
Ali-Reza Moschtaghi, Global Chief Enterprise Architect, Nandos UK
Saqib Chaudhry, Chief Information Security Officer, Cleveland Clinic Abu Dhabi
In her opening presentation, Howarth defined terms: we’re not talking about AI but machine learning (ML). Most companies don’t have an enterprise-wide AI strategy, no matter what the Forbes survey says. Algorithms don’t write themselves – people do it. But AI is not a silver bullet.
Chaudhry said: we see lots of threats – it costs too much to hire more and more SOC analysts. We decided to go for predictive analytics and machine learning, then prescriptive analytics, then cognitive analytics to predict what will happen and how to react – ie auto-remediation. This provides us with threat management – identify them and their scope, and our weaknesses and vulnerabilities. We’re looking into user behaviour eg insider threats, and endpoint protection to help prepare against zero-day attacks and provide an instant response.
Moschtaghi said that at Nandos, such issues not quite as critical. AI and ML could reduce the need for security. But we can use systems to predict using daily traffic data how many customers we’re likely to see, and so how many chickens to order. Pollock said almost every vendor is using ML in threat prevention/detection and response.
Kawalec said yes, this technology works really well but in other areas pattern matching works well, so you end up with lots of different algorithms running on different machines on different datasets. This all adds complexity so AI is not making things easier. It also creates a talent challenge. Too many AI systems are looking inwardly, not helping develop a common set of criteria and data to develop common platform to improve security. It needs better integration, people who understand it etc. So we need a system-wide approach not individual point products.
Pollock said yes, the reaction to threats can often take too long – there’s a protection gap – as development of heuristics and matching patterns. ML makes reaction almost instant, and adds prediction.
Chaudhry said we need an autonomous immune system, like the human body. Google has a utility that uses ML, and AWS uses ML for S3 too. Challenges – from a healthcare perspective, we have to be very careful as we can’t bring down systems that have direct impact on patient care. Also want to develop in-house capabilities – talent was a problem so we hired fresh graduates and trained them.
Pollock said the reason AI is growing is because of the growth of data – there’s masses out there which allows us to train systems, you put AI system in the environment and it learns from that data.
Q: are there threat actors using AI/ML? Pollock said yes, it’s available to anyone. Companies use it for pen testing – black hats can do that. Chaudhry said: in one instance, black hats use ML to impersonate someone inside the company. And we have ethical issues which they don’t. Pollock said there’s no end-game to this industry. Like law enforcement, it’s never going away. Kawalec said: analytics has been used for malware that generates targeted phishing campaigns.
Q: what about prevention vs reaction? Kawalec said we need to focus on internal environment as much as external. Chaudhry said we’d love to see attack surface reduced – but with more devices and data every day, the skewed reaction vs prevention ratio not going away.
Debate VII – The Future of Banking Technology – Into the Digital-First World
Chair: Bill Boyle, Senior Analyst, IBS Intelligence
Arash Aloosh, Assistant Professor in the Finance Department, NEOMA
Gavin Scruby, CIO, SmartDebit
Moisés Navarro, Principal Strategist, VMware
Boyle opened by talking through drivers for data analytics and updated latest developments in digital banking. What does digitisation mean in practice?
Scruby said the challenge is that everything affects everything else. Future services won’t be from central banks. Users haven’t seen enough use of analytics, could help us understand where the money goes. Aloosh said the industry is changing. In Asia, digitisation is moving fast but in Europe things are moving slowly. Efficiencies are needed – still takes three days to trade shares. Banks are looking into blockchain. Navarro said efficiency is boring but banks are still working in that direction. We need to use their power for our benefit. Application development is not leveraged. Scruby said banks think customers don’t tell you what they want only what they don’t want. They work on making their datacentres more efficient. Aloosh said banking is a complex industry, it’s not easy to make policy. They’re very conservative.
Boyle said 20% of Britons use digital banks. Navarro said banks try to grow and increase growth rate for share price reasons. Also trying to change their scale, ie not deal with millions but billions of customers. Also become platform for business needing change services.
Q: what kind of regulations do banks need to move into digitisation? Scruby said it depends on the market and the incumbents. Navarro said regulation compliance can be defence against new entrants. No preference re regulation. Aloosh said banks should think about their impact on the economy. Scruby said the UK is a dynamic environment.
Q: is there a cultural barrier to change in the banks? Boyle said banks talk to me a lot about the number of financial technology companies they’re starting up. Scruby said banks as innovation hubs? They often come up with something that’s not innovative. Navarro said banks have been trying for years to break free of dependencies of the past through innovation but struggle with how to monetise it. There’s no magic bullet.
Q: Blockchain: what’s happening there? Aloosh said it’s an innovation in the finance industry. We have helped them understand it but it’s not being adopted soon. There’s much learning going on. Scruby said we’re a long away from it being useful. Navarro said banks have reacted smartly – this is fancy and hot but let’s get back to normal business. Aloosh said it’s hard to regain trust once lost.