BigchainDB Automobile Use Cases – SOC Tracking

Blockchain Databases

As  the  Smart  Contracts  which is  the  primary  use  case of , block chain platform emerge as a  key  interest  for enterprises, one  of the  major  concern  is  the  performance  of  blockchain  as a data store  from enterprise perspective. There are a  few attempts  to  inject  RDBMS Like  Transaction Processing capabilities  and  Big Data  like  Horizontal Scaling in to the blockchain data store  while  maintaining  the  core  tenants of blockchain like  immutability, peer to peer replication etc…

BigchainDB  is  one  such database  that  merges  traditional  database characteristics  with blockchain.  Though  the  vendors  for  now claim that  the  product  is  nearing  a  production class implementation,  there is already  reference  implementation  using  Azure Kubernetes  Container As A Service that  provides  enterprise  grade  architecture.  This  product  works on  top  of  MongoDB that  gives  all  the scalability of the underlying database.

One  important  aspect  of  BigChainDB  is  fundamentally geared  towards  the  concept  of  Assets and subsequent  manage  the  life cycle  of  Asset  through  its  operations. A CREATE transaction can be use to register any kind of asset , along with arbitrary metadata. A TRANSFER transaction is used to  transfer the asset  from  one owner  to another  owner,  while  the   reference  to the  base asset  is maintained. An ASSET  can also have  metadata which will  be useful in tagging and searching of the asset.

Managing Substance Of Concern In Automobiles

As  you may know a  typical  Automobile  Original Equipment  like a Car  is  made up of 100 or even 1000s of parts and components.  Each of these components  and  sub components  are  manufactured  by  various suppliers.  These sub components  potentially  could  be  manufactured  using  SOC (Substance  of Concerns),  which are typically  dangerous  chemicals and contents  like Lead, Nickel.  Also  a  manufacturing  of a  car  involves multiple  suppliers  and  who may  produce  these  components  in different  countries. Also  the supply chain of a  car  involves  multiple  parties  and some times  it is  global in scale, such that the parts  are  manufactured  in one country but may be used in another country. Also once a car  comes out of OEM manufacturing  facility,  it’s ownership  may  be transferred  between multiple owners before  it reaches  ELV ( End of Life of Vehicles). Chemicals legislation, such as REACH, puts significant responsibility on the communication, notification and phase-out of substances of concern (SOCs) throughout the complete supply chain.

Assume that  the OEM is  typically  responsible  for  keeping  track  of  the SOC usage in a car(automobile)  and  needs to report on  it,  but  if  it is not maintained  through a centralized record, this information  may  get  lost  once the vehicle  is  stored  or  even  if  one of the  part manufacturer has  not  reported  all the information, this may  result  in  break  of  compliance  requirements.

Blockchain To The Rescue

Considering  the  fact  that  SOC  tracking  requires a  single  version of   truth  common to all parties  involved  and  also should  stay through  the  life  cycle  of the Asset, a platform  like  Blockchain which  provides   a  distributed  database  across  all the stake holders while maintaining the integrity  of  data, naturally  fits  a best  solution for handling the  issues.

We  already  see  recent  announcements  of  blockchain usage  in  Retail Supply Chain  in tracking the quality of  food  items  like  farm products.  Recently  major  retailers like Dole, Driscoll’s, Golden State Foods, Kroger, McCormick and Company, McLane Company, Nestlé, Tyson Foods, Unilever and Walmart  collaborated  using  IBM  blockchain  for tracking  the  food  safety details. In the  same way  the blockchain  network  can be used  to   track  the SOC  usage  in the  base  components  as well  as  assembled  components  and the  Asset  can be  tracked  throughout its life time, including  the transfer between owners.

BigchainDB Creation of Asset

The  following  is  a  sub section of the code  which can be used by BigchainDB  python  driver  to  create  the  initial  asset,  which  will  done  by  the  OEM after the product  is manufactured.  Here  is the OEM  creates  the  Asset  with its ID,  and the  Asset  representation  is  just for  illustrative  purposes  and  contain  just  few fields  to  identity the  vehicle  and  its  SOC components.

oem_public=’***’
oem_private=’***’
bdb_root_url = ‘http://localhost:9984’
bdb = BigchainDB(bdb_root_url)
car_asset = {
‘data’: {
‘car’: {
‘make’:’my make’,
‘model’: ‘my model’,
‘vin’:’VIN0000001′,
‘type’:’petrol’,
‘transmission’:’automatic’,
‘cylinders’:6,
‘socinfo’:[
{ ‘name’:’soc component 1′, ‘manufacturer’:’vendor 1′},
{ ‘name’:’soc component 2′, ‘manufacturer’:’vendor 2′},
{ ‘name’:’soc component 3′, ‘manufacturer’:’vendor 3′}
]
},
},
}
car_asset_metadata = {
‘plant’: ‘USA’
}
prepared_creation_tx = bdb.transactions.prepare(
operation=’CREATE’,
signers=oem_public,
asset=car_asset,
metadata=car_asset_metadata
)
fulfilled_creation_tx = bdb.transactions.fulfill(
prepared_creation_tx,
private_keys=oem_private
)
sent_creation_tx = bdb.transactions.send(fulfilled_creation_tx)

Once  the  transaction is submitted  to  bigchainDB  it  will be tagged  with  the OEM  as the owner. When subsequently  during  the  life cycle  of the Car  it may  move  multiple parties  and  all these transactions  can refer to the  original asset , such that  the  substance  of concern  info. will be known to every one.  Finally  when the  car reaches  the End of  Life,  appropriate  action  could be taken based  on SOC  handling  procedures.

The  above  is a  simplistic  example,  how  Asset  Life Cycle  Management  can  be improved  by  using  Blockchain  technologies  and  how  BigchainDB  facilitates  use  cases  in this direction.  I am analyzing  further   possibilities  in this  direction,  let  me know  of  any other  use  cases that  can fit  this.

One current  issue  is  that  the Asset attributes  which is maintained  as  Json  is static  from the time of creation,  however  during the  maintenance  of  a  car  a new  component  may be added  and the SOC list  could be updated. It  looks like there are attempts  to make  updates  to the Asset  content using a ORM Driver, but  further  details  needs to be  obtained  on this.

Secure your success

Gone are the times when security was top priority only for Security experts and CIO’s. Today, every executive, irrespective of their domain and specialization, worry information security. This has been especially true after the recent ransomware attacks. Ransomware such as Matrix, Wannacry, Petya etc., have scared civilians and Governments alike.

Hackers are not lone geeks or illegal hacking groups that lurk in the underground anymore. “These days nation-state driven warfare is also on the rise,” opines Ed Skoudis, who has trained more than twelve thousand people on cyber security and incidence response. Worms and viruses like Shamoon, Stuxnet, Gause, Flame, etc., has opened our eyes to cyber espionage, cyber warfare and the involvement of entire countries in cybercrime. Let us logically break down this very real and ever looming threat and explore some solutions as well.

Why would hackers want access to your company’s information?

According to experts from Regis university, College of Computer & Information systems, the motivation to hack could be political, financial, or ideological. When asked why do you want to climb mount Everest, the famous Mountaineer George Mallory said, “Because it is there”. The reason some hackers try and penetrate networks is just because they’re there. To prove their mettle, to test their skills, and to advertise themselves when they do not have an affiliation with a hacker network. Sometimes disgruntled employees and the likes do it for revenge. But more often than not, the motives are financial. Hackers try to get information that could be of financial value to them. Or in the ransomwares’ case, they encrypt information of value to the victim, and demand a ransom to give it back to them.

What are the techniques that are employed to gain access to your company’s information?

Now this is a much more difficult to answer than the previous one. Offensive forensics, Misattribution, seemingly small attacks on IT infrastructure that result in kinetic impact, large scale DDos attacks, password leaks & breaches and social engineering attacks are some of the attacks that worry information security experts like Ed Skoudis and Johannes Ullrich, chief research officer at SANS institute (As stated on this webcast on SANS institute’s site https://t.co/0g0wFWDkJc).

A simple technique like leaving USB drives outside offices and in parking lots can lead them to gain access to a goldmine of information. Researchers dropped about 300 USB drives around the University of Illinois Urbana-Champaign campus, in an experiment. It took only six minutes for someone to get one of the drives and plug it in somewhere. Out of all the dropped drives, 48% were picked up and used. If those USB sticks had a malware planted in them, plugging them to a network device would open the door to hackers to the entire network. Such techniques were hackers manipulate unwitty users into performing something that would in-turn enable them to gain access to the data/systems/network they want, is called, Social engineering. Elie Bursztein, who heads the anti-abuse research team at Google, who also worked on the study, was shocked by the outcome of the experiment. “This surprisingly high conversion rate demonstrates that USB drop attacks are a real threat and underscores the importance of educating users on the risk of plugging in untrusted USB devices,”

In stark contrast to the simple techniques in social engineering, Offensive forensics are techniques hackers employ to take control of the forensic tools themselves. Digital forensics involves finding, recovering and studying the information found in digital devices. The tools used in the field are better equipped to access the file systems since they’re designed to recover digital evidence. Say you’re trying to recover some wrongly deleted data using a tool. What if that the tool gets hacked? It’ll open the doors to the entire file system.

Misattribution is deliberately attributing the wrong source for the cyber threat. For example, when a nation state is trying to use spyware, they would leave errors in the code on purpose, so that it would look like the work of rookies and not strong nations using professionals.

Perhaps the most threatening of the lot, are hacking of infra systems leading to a cascading kinetic impact, even though they look relatively small and harmless. For example, imagine the infrastructure in an operating theatre of a hospital with a few tens of systems on the network, with a doctor remotely performing a surgical procedure on a patient. If hacked, the hackers perform the surgery on the patient, cutting off the doctor. The operations coming to a standstill is not the worst of the endless possibilities of outcomes. Imagine the control tower of an airport being hacked. The possibilities are too appalling to imagine.

How do I secure my enterprise infrastructure?

Getting a good information security solution in place would be one of the most obvious things to safeguard your enterprise infrastructure. There is no super tool or solution out there that you can use to protect your entire environment. And there is no such thing called the best security solution either. Indeed, there are several good tools and solutions in the market, including open source tools. But choosing the right one for your environment, is a giant task and is best left to the experts.

“You can’t blindly suggest one tool for all clients. It totally depends on the organization and the choice would vary based on their domain, size, and a lot many factors”, says Aravindh Subramanian, Associate manager – Information Security, Security Operations Center at GAVS technologies.

Having an enterprise security solution installed doesn’t ensure complete safety. Sometimes more than one software need to be used. You may need to safeguard your network with an entire system of tools, policies and procedures to ensure safety and minimize risks. This is known as Information Security Management System (ISMS) which aims at ensuring business continuity in the event of breaches and such incidents.

Of course, encrypting confidential data and following the least privilege principle (only the least required amount of access rights to data is provided to people and revoked immediately when appropriate) only makes sense to be made part of the ISMS. Sadly, such simple and highly important policies may not be part of the ISMS when you don’t choose the right IT partner.

In fact, even storage encryption may not be enough. In addition to encrypting the data at the storage level, Aravindh suggests transaction level encryption for organizations. He says, “Yes, there is a trade-off between time and the security factor here. Encrypted transactions will take longer than ordinary ones, but I think the security is worth it”.

The backups also need to be safeguarded at the same level as your primary data. Caution needs to be exercised in choosing backup locations, technologies and backup software. For small and mid-sized organizations, it makes sense to go for a cloud based backup services provider, especially for tertiary backups. Often, pricing models and performance are given more weightage when choosing a vendor while security takes a backseat. It’s important to check what kind of security measures are in place at their location, what technology they use to authenticate users, how often they conduct penetration tests, are their policies ISO 27001 and ISO 9001 compliant? There might be other rules that your vendor needs to comply with, depending on your domain, say HIPAA for healthcare organizations. This is another task best left to the experts.

After all the appropriate security measures are in place, the people who interact with the environment regularly, need to be trained. In fact, GAVS trains its staff to identify and report attacks right during their induction. They are educated on the types of attacks; the tools used in the environment and are encouraged to report their suspicions even when they aren’t sure. Everybody is aware of whom to call and what to do and what not to do. These kinds of activities are a non-luxury that every organization needs to invest on. Without this simple and inexpensive step, no environment is safe, no matter how good the technology used is. Being digitally secure is one of the necessities in making your organization a success.

DevSecOps – Adding Security to DevOps Approach

Development, operations, and security are fundamentally intertwined. A well-designed, developed and managed system is the foundation of a secure system. As per the RightScale survey, there was a 21% companywide adoption of DevOps in 2016, necessitated by Rapid Time-to-Market, innovation speed and competitive pressures.

DevOps must evolve to a new vision of DevSecOps that balances the need for speed and agility of enterprise IT capabilities with the enterprise need to protect critical assets, applications, and services.

Why security in the DevOps approach is needed?

The rapid adoption of public cloud infrastructure and business agility is enabling new levels of cost efficiency, business agility and development capability for organizations of all sizes. It has shifted the focus away from the traditional perception of security.

DevSecOps is the current trend, where rather than apply security to the application towards the end, it is implemented in all aspect of the development process right from conception to implementation, deployment, and maintenance.

SecDevOps or DevSecOps is about using automation to tackle security-related problems including composition analysis, configuration management, selecting approved images/containers, use of immutable servers, and other techniques to address security challenges facing operations teams. It also helps to eliminate certain class of attacks.

DevSecOps is a combination of Compliance Operation, Security Engineering, Security Science, and Security Operations. It is designed to allow practitioners to provide value to business partners by focusing on solving security complexity with a customer back mindset.

Organizations can build their business strategy around DevSecOps to achieve close collaboration of various departments leading to a faster, cheaper, reliable customer service.

DevSecOps as a Business Priority

Adding security to DevOps, turns out to be a people and process problem more than a technology problem. For many organizations, these teams work in separate areas that don’t even have a common factor between them.

The manifesto of the CIO imperative in the DevSecOps is to collaborate with the diverse teams, focus on the risk and security of the organization.

Enabling a successful implementation of the DevSecOps means directing IT towards focusing on risks rather than security, which helps to better integrate the business perspective into the process. Because, if you start with security, the focus is on what tools are needed to get the ultimate security.

By focusing on risk, CIOs will help the businesses understand how IT can contribute to breaking into a new market or experimenting with a new type of analytic, as well as how IT can minimize the potential dangers of doing so.

SecDevOps (Securing DevOps)

The scenario here is an organization embarking on a DevOps and agile way of working adoption journey. There is concern about security and advise on how to embed security into the DevOps style of operation. This implies embedding and ensuring “secure by design” discipline in the software delivery methodology using techniques such as automated security review of code, automated application security testing, educating and empowering developers to use secure design patterns etc.

DevSecOps (Taking DevOps approach to Security Operations)

The scenario in this case is a security operations team considering adopting a DevOps style of delivering security services. This is all about conceptualizing, developing and deploying a series of minimum viable products on security programs.

For e.g. In implementing security log monitoring, rather than have very large high value program with a waterfall delivery plan to design, implement, test and then operating a SIEM that ingests and monitors many log sources, run it DevOps style to include small set of sources onto a cloud based platform and slowly evolve the monitoring capability.

Here are some examples of common DevOps tools that security teams are now using:

  • Chef can be used to automate security testing.
  • Puppet can be used to enforce security policies and prove compliance.
  • Ansible can be used to define and automate best practices like setting firewall rules, locking down users and groups, or applying custom security policies.
  • SaltStack can be used for orchestration and automation of security practices.

Moreover, with a continuous security monitoring platform like Threat Stack Cloud Security Platform, it’s possible to combine many of these DevOps tools and, through the power of integrations, use them to further your security goals as an organization. That means continuous release cycles can proceed without hindrance while security teams accomplish their goals at the same time.

With the rise of DevSecOps, we get to truly redefine how operations, engineering and security can be brought together to achieve unparalleled success.

8 Common Ransomware Myths Busted!

Common perceptions around what ransomware is, how it works and how it can be defeated are clouded by wrong impressions and incomplete information. When thinking of ransomware, many CISOs and security teams unfortunately take myths as reality. A summary of the facts around ransomware allows IT departments to visualize an achievable anticipatory response plan.

Myth 1: Since We’ve Paid for the Latest Endpoint Protection Platform (EPP), We Have the Latest EPP

A common thought process among organizations is they are protected by the latest EPP as they have paid for the latest EPP platform. Many of the ransomware attacks are due to the negligence of the IT departments in using the recommended configurations for their EPP. They do not have the adequate support to deploy, support and maintain the full suite, thereby limiting the overall possible effectiveness of the platform.

Security teams need to configure and deploy the complete suite of the latest available EPP to broaden the delivery of protection as a coordinated and integrated use of all available system functions.

EPP solutions offer extensions, such as memory protection, to prevent malicious code injection into common processes, application whitelisting to only allow approved applications to operate on the system, isolation, system hardening, and vulnerability shielding (also known as “virtual patching”).

These solutions typically require a high level of security team management and daily maintenance They are best suited for security environments that have a high degree of maturity and operational process structure.

Myth 2: Your EPP Will Protect You from All Threats

A prevailing myth is that ransomware exploits zero-day vulnerabilities. Attackers seek to exploit known vulnerabilities in a target organization’s technology to expand profit margins as best as they can. Attackers have hundreds of well-known and easily exploitable vulnerabilities to select as the starting point of an intrusion. Many of these vulnerabilities remain unpatched despite being well-documented and easily remediated.

Attackers are smart and technologically much more superior to the security personnel. The modus operandi is to make slight modifications to the ransomware and malware to evade the signature base anti-malware protection.

While most EPP anti-malware solutions incorporate some form of signature-based approaches in their malware detection, they also support non-signature-based approaches. Enterprises should imbibe contracts that provide yearly extensions based on the EPP capabilities, level of overall security program maturity and the organization’s ability to assimilate solutions that are of higher technical and operational complexity.

This insight stress on the significance on patching scheduling and updating common user programs, web browsers and applications by the IT departments on a regular basis.

Myth 3: EDR Gives You All the Visibility Necessary to Recover from a Malware Infection

Current endpoint detection and response (EDR) solutions can detect security incidents by monitoring endpoint activities, objects, and policy violations, or by validating externally fed indicators of compromise (IOCs). They restrict the incident at the endpoint, allowing network traffic or process execution to be remotely controlled.

Some of them fix endpoint problems by reverting to the pre-infection state, triggering vulnerability remediation and system patching activities and other system management functions.

While relatively simple to deploy, EDR solutions remain complex to use, and require a well-trained staff to gain the maximum insight and effectiveness. The core of a ransomware incident response plan includes position monitoring and analytics.

IT security can include entity and user behavior analytics (EUBA) for added insight into atypical activity, such as users or administrators accessing data or applications beyond their normal behaviors.

Myth 4: Firewalls, Secure Web Gateways, Secure Email Gateways and Other Perimeter Solutions Are All You Need

While the usual perimeter security solutions are vital to maintain a well-protected environment, EPP solutions require continuous maintenance to run on the latest software releases. They should also be configured with the latest best practice recommendations from the solution provider.

Many of the cyber ransomware attacks are due to the flat networks that are easily breached and allow malware to traverse across them. Its possible due to the weak perimeter security solutions and the web-facing applications that were exploited due to irregular patching and update practices.

Security teams should isolate critical areas and segment environments in high-trust, medium-trust and low-trust zones to minimize traffic flows between highly sensitive data environments and lower-trust entities.

They should use cloud-based secure web gateways for highly mobile laptop populations and to cost-effectively support globally distributed offices and commit to isolating critical areas from lower-trust network traffic.

Myth 5: Administrators Follow Best Practices All the Time, Every Time

We expect IT administrators to follow the best practices in their regular activities. Burdened by heavy workloads, they try to be efficient, which can lead to potentially handing an opportunity to the hackers.

As domain administrator accounts and systems are the main targets for the attacks, that lead to easy installation of ransomware and other malicious software on file servers within the environment, establishing different access credentials for the various systems means the rest won’t be exposed when one server’s credentials are compromised.

Myth 6: Ransomware attack is specific to large enterprises, and not SMB’s

Ransomware attackers are known for their choice of victims. They do their research on the target organization’s financial position and ask for ransom amount which they can actually pay. Irrespective of the business size, the scope of damage that they can impart on the organization and the monetary value that is the result of this action is more important for them.

Myth 7: Avoid sketchy websites to prevent ransomware

Popular method for ransomware encryption attacks is through users unintentionally clicking on email links, downloading malicious online content or through cloud drop boxes. According to the Osterman Research Survey, users are twice more likely to be infected by clicking on links than by visiting an infected website.

Myth 8: You can recover encrypted data using local authorities help

Ransomware perpetrators are sophisticated in their attack, and are far ahead of the local authorities. Equipped with strong encryption methods such as RSA-2048 or AES-128, it is virtually impossible for the ransomware victims to recover their data with the support of local authorities. The best defense is to be proactive in protecting their data and maintain regular backup of data.

How Healthcare Virtual Assistants Can Enhance Patient Engagement

Healthcare industry is poised to raise patient engagement to the next level with Intelligent Virtual Assistant (IVA) or Medical virtual assistants (MVAs). Patient engagement is one strategy to improve health outcomes and better patient care at lower costs. Research shows that providers, payers, and physician groups are expected to spend more than $69 billion on healthcare-related IT in the current year 2017.

Medical virtual assistants (MVAs) aids a healthcare organization to collect demographic information, insurance details, patient health history, finance/costing, procurement details, data mining and analysis of all the records.

Further MVAs facilitate healthcare organizations to reallocate their IT and human resources to overcome the rising health IT costs. This in turn assist the organizations to increase healthcare quality, patient satisfaction, and patient outcome with the same or fewer number of employees.

Patients, most importantly, need their health-related queries answered to help them stay on track. Employing patient-centered virtual health assistants designed by companies like Amazon, IBM Watson, Microsoft to respond to voice or text questions through mobile devices, gives patients 24/7 access to current information, specific to their age, financial ability, literacy, and more. It is observed that increasing patient engagement and improving self-management skills for chronic disease will greatly reduce healthcare inefficiencies.

Virtual assistants empower patients using web and mobile based interactivity and tools, to effectively accomplish online health goals. A wide range of organizations are integrating intelligent virtual assistants as their core technology to enhance the healthcare consumer experience, increase efficiencies, energize mobile engagement, and improve wellness participation rates.

MVAs and Real-Time, Real-World Data in Healthcare

Virtual assistants are the combination of machine learning, artificial intelligence that combine strong decision support systems and leverages big data, natural language processing and voice recognition. These features are part of the reason why virtual assistants have proven to engage consumers.

Virtual assistants are the combination of machine learning, artificial intelligence that combine strong decision support systems and leverages big data, natural language processing and voice recognition. These features are part of the reason why virtual assistants have proven to engage consumers.

Voice enabled VA will change delivery of healthcare to patient’s through

  • Navigate electronic health records
  • Navigate diagnosis & prescription options
  • Improve access to data health records
  • Improve patient discharge & follow up treatments
  • Improve communication between providers

The following are 5 ways VA technologies can enhance patient engagement within healthcare organizations:

1. Automated calling systems and interactive voice response systems (IVRs).

Virtual assistants are increasingly used for tracking patient’s pre- and post- treatments. By adopting text and voicemail confirmation to a prior appointment, VA’s can eliminate cancellations and reduce the outstanding bills. Using Voice over Internet protocol (VoIP) implementation for clinical settings, healthcare organizations are using MVA due to the rising popularity of AI, Deep Learning, Natural Language Processing, and speech recognition applications in smartphones.

2. MHealth apps

Healthcare providers are encouraging patients to use their smart devices to track fitness progress, do their payments and schedule many of their day-to-day activities. Some of the mHealth apps on platforms like Amazon Echo, equipped with VA’s encourage patients to use their mobile devices to order refills, confirm appointments, track their health, and fill up any forms ahead of their appointments.

Fitness devices like Fitbit are enabling patients to track their health parameters like heart rate, BP etc. which is uploaded to the portals that can be accessed by the patients easily through the virtual assistants.

3. Patient portals and Health Kiosks

Adoption of patient health portals is still growing at a modest rate. Ideally, online portals with virtual assistants would be where all patients go to confirm appointments, fill out their medical and social history form, update health records, view lab results, and pay any outstanding balances using voice and text recognition technologies.

Kiosks have great potential for collecting patient information through an integrated VoIP system. Though its available in multiple forms (free-standing kiosks, tablets, and laptops), the health IT infrastructure still needs to provide data security and integrity of the collected data.

4. Discrete data

MVAs can interact with patients and digitally capture their information. The information can be repeated and verified in real time using cloud technologies and IoT connected devices. So when a patient interacts with the virtual assistant, a query to a medication hub is checked and compared against any information previously stored in the facility’s database. Once everything is confirmed, then all that information is processed and populated into the EHR system without any need for paper records.

5. Anytime access from anywhere

For many people in the aging population, it is far more effective to have verbal communication along with visual interaction, instead of a phone call or electronic communication. MVAs can be accessible via websites, smartphones, tablets and PCs. These systems can recognize returning patients and remember recent interactions.

5 ways Machine Learning is Shifting Health-Care Industry towards better future

Machine Learning as a service is all poised to shift healthcare towards a healthier future. It is the next big thing in the healthcare industry as providers start to adopt advanced data analytics capabilities.

The development of machine learning and predictive analytics is likely to reach $19.5 billion by 2025, as per Research and Markets. As the Internet of Things begin to bring huge data into the healthcare environment, providers will start to use this information to drive down costs and improve the patient experience.

Due to the high variety, variable, velocity and unstandardized nature of IoT data, advanced machine learning capabilities will be required to generate multiple data streams and actionable insights that can be used to directly improve results and streamline the process of delivering patient care.

Implementing Machine Learning in a Medical ecosystem.

Machine Learning provides methods, techniques, and tools that can help solve diagnostic and prognostic problems in a variety of medical domains. It is being used to analyze important clinical parameters, prediction of disease progression, data mining of medical research, and for overall patient management.

Successful implementation of ML methods provides opportunities to facilitate and enhance the work efficiency of medical experts and quality of medical care.

Below are some major ML application areas in medicine.

1. Personalized medical treatment

Predictive analytics and Machine learning is offering a wide range of applications in the future that will change the dynamics of healthcare.
Individual and personalized healthcare treatments are based on their medical history, genetic lineage, past conditions, diet, stress levels, and more.
This will impact in high stake treatments like cancer, chemotherapy etc. where every patient’s treatment is based on their age, gender, stage of advancement of the disease etc.

2. Autonomous treatment or recommendations

Still in the trial stages, autonomous treatment will be an opportunity for providers to monitor, adjust and disperse the medications by tracking the patient’s data about their blood, sleep, diet etc. It will automatically regulate and take corrective actions like calling the doctors in case of emergencies.

Take the example of insulin pumps that work autonomously, constantly monitor blood sugar levels and inject insulin as needed, without disturbing the user’s daily life.
The legal constraint of having so much power based on algorithms are not trivial, and like any other innovation in healthcare, autonomous treatments of any kind will be scrutinized to prove their viability, safety, and advantage over other treatment methods.

3. Improving performance (beyond amelioration)

While contemporary medicine is primarily focused on treatment and prevention of disease, the need is for proactive healthcare prevention and intervention. Driving this change is the IoT devices, notably the wearable technologies like Fitbit, smart watches etc. that push for this initiative.

Machine learning and artificial intelligence can be leveraged to not only monitor health related parameters like BP, blood sugar etc. but also to track work related aspect like job stress levels and seek positive improvement in high risk groups.

4. Autonomous robotic surgery

At present, robotic surgical system like the da Vinci Surgical System are still in the nascent stages of complex assisted surgery using minimally invasive approach and is controlled by a surgeon from a console. They have the dexterity and trained ability of a surgeon and are commonly used for cardiac valve repair and gynecologic surgical procedures.

Machine learning, in the future could be used to combine visual data and motor patterns within devices such as the da Vinci to allow machines to master surgeries. These machine learning algorithms could learn as many surgical procedures with enough training to better perform medical procedures.

5. Virtual Assistants and Machine Learning

Apple’s Siri, Google’s Assistant and Microsoft’s Cortana have successfully made voice-enabled devices popular with the smartphone users, including healthcare professionals and patients. Powered by speech and text recognition software, machine learning and artificial intelligence (AI), these virtual assistants can interact with users and help them with day-to-day tasks.
These voice-based assistant devices collect data through verbal interaction with the patients. Various platforms such as Echo Dot incorporate these capabilities and features to collect the necessary data that can benefit patients and healthcare professionals.

Top security predictions and trends for 2017

The year 2016 is the year where security breaches left many top tier companies like Yahoo, LinkedIn, Verizon, and Oracle reconsider their existing security measures. It exposed their security gaps and the innovative ways in which hackers try to extort and steal information from businesses and organizations and forced them to look for new ways to protect themselves.

Digital transformation and security will be the highest priority for both IT and business executives and will shift their focus towards infrastructure, application development and analytics.

Some of the major security predictions and trends for 2017 that will redefine IT infrastructure and focus on several key technologies like Cloud, Industrial Internet of Things (IIoT), Operational Technology (OT), Operational Analytics and Predictive Maintenance, will drive the security landscape.

#1. Internet of malicious things

Internet of Things (IoT) devices like consumer devices, smart meters, medical devices, automobiles and more will continue to be security risk due to their limited computing power and firmware running on them. Organizations will focus on preventing possible attacks from DDoS to Trojans that serve as entry points into enterprise networks for other attacks like ransomware.

#2. Cybercrime becomes first attack point

Emerging cybercrime by hacktivists and hobby hackers using off-the-shelf tools for attacks like web defacement, port scans, damaging attacks through DDoS as a service and Ransomware as a Service (RaaS) will continue to increase. Their attacks could be costly and cause reputational damage to the company brand.

#3. DDoS: Weapon of mass obstruction

DDoS attacks on the IT infrastructure at all levels is becoming the norm for hackers due to the millions of devices that lack even basic security. As, the number of online devices grows, the volume and velocity of these attacks is also increasing, crippling Internet services with denial of service attacks.

#4. Increasing dependence on cloud technology

The increasing adoption of virtual reality, IoT connected devices and wearables by the companies in their IT infrastructure network, are making companies adopt cloud applications and solutions to benefit from its security, compliances, and regulations. They will continue to leverage its distributed, scalable, and high availability features to move their services from traditional corporate data centres.

Enterprises will need to shift their security focus from endpoint devices to users and information accessed across all applications and services to guard against ransomware and other attacks. Cloud Security-as-a-Service will cut the cost of purchasing and maintaining firewalls.

#5. Expect more similar style Wikileaks

Companies can expect more corporate data breaches as hacking of the network infrastructure will allow exploitation of insecure web browsers, mobile devices, servers, and data centres. Dedicated network tools for security will be able to perform smart network segmentation and isolation to block hackers from getting on to the networks.

#6. Focus on open source security

Open source infrastructure technologies reduce development costs, promotes innovation, speeds time to market and increases productivity. At the same time, it increases security risks due to infrequent security patch updates, that allows the open source vulnerabilities to be exploited by hackers against sites, applications, and IoT devices.

#7. Betting on Cyber Insurance

As attacks become more common and damages more widespread, organizations are moving towards cyber insurance as a safer bet. It will be seen as a solution for handling cyber risks in 2017. As per the new Market research report the global cyber insurance market is expected to grow at a compound annual growth rate (CAGR) of nearly 28% from 2016 to 2022. It will focus on prevention, better detection and incident response capabilities through developing programs that drive better security hygiene.

#8. Cybersecurity and Ransomware remain in the forefront

Almost all enterprise hacks begin with phishing, forcing organizations to reframe the way they approach cybersecurity and network security. Ransomware will continue to increase, evolve, get stealthier and use automation to attack the cloud, IoT devices, critical infrastructure, and mission-critical servers. In addition, malware that not only encrypts files but leaves code in place will increase.

#9. Privacy laws under review

The legal conflict between Apple and the FBI, shifted focus to privacy laws, information, security, and the use of government surveillance for tracking alleged terrorists and activists. 2017 will focus on the laws and regulations that will decide whether encryption backdoors to devices that require encryption keys to unlock them, are required. Any action in this area should weigh any short-term benefits against the long-term impacts and not pose security threats.

#10. Skills gap? Use automation

Organizations will look to automation to overcome the security skills gap, so that skilled workers are spared from wasting time on mundane, manual responsibilities and regularly performed duties. This should give security professionals more time to focus on what really matters and receive fewer notifications with more security relevance and find the truly malicious ones.

Unified Customer Experience (CX) and Leveraging IT Infrastructure – The Key for Success

Businesses are still lagging in providing a unified customer experience because they don’t understand each customer as an individual. In this competitive business environment, they need to understand and think of measures to transform their customer experience ecosystem, that include customers, employees, partners, and its overall IT infrastructure of the company.

Recognizing the importance of a unified customer experience, businesses have started rethinking what it means to be customer-centric. This means they must present themselves as a unified experience from the customer’s viewpoint, including the unification of the front-end and the back-end software application as well.

Companies often make the mistake of thinking that a uniform experience is equivalent to a unified experience. This confusion leads them to take decisions which alienate the customers from their perceived goals. Currently thinking IT Infrastructure as a postscript for customer experience will be like digging a grave, instead by proactively managing it, one can leverage it as a differentiator.

uniform experience consists of the same visual design, representation, upgrading the IT infrastructure to latest technology and messaging across all channels. It uses the same content across all the touchpoints and ensures all the features or functionalities are available in all touchpoints. But at the same time, it restricts the customers from leveraging the channel and device capabilities.

unified customer experience, on the other hand, allows business to express their brand image through right visuals and messaging. It automatically optimizes the content accordingly to the channel specific requirements while targeting the features and functionalities of the channel. Customers can leverage the unique channel capabilities to provide a relevant experience.

Organizations can lead their unified CX initiatives through:

Provide a single sign-on process to achieve CX

Single sign-on is a powerful process that links all your applications and websites with a single login credential. It acts as a layer between the customer and your business, as it creates a single centralized profile of a customer that is more just a synopsis of the information of your different applications and websites.

Single sign-on facilitates a single view of the customer to analyze and deduce the contextual information that your customer is looking out for. Businesses can help their customers get things done across different touchpoints, without thinking about the device or platform when the customer can pick it up from where they left off across any device or platform.

Employ omnichannel approach across organization

Customers have become more self-aware about their unique requirements and the multiple channels available to fulfill those necessitates. They expect their interactions across the multiple channels to be personalized and tailored rather than accept one solution for all.

The goal of an omnichannel approach is to enable customers to choose where and how they want to interact and provides consistency of information across the various touchpoints including laptops, mobiles, tabs etc. They want continuity and access to relevant information when transitioning across them while maintaining the brand image of the company.

CX professionals are important

CX professionals are leading the way through their expertise in delivering a unified CX by establishing a standard set of processes and designs that align with the customer’s end goals, overall strategy, and brand attributes. They help in tracking and using metrics that measure the overall customer experiences across various channels. CX professionals help maintain a reusable repository of library content and assets, thus meet the internal standards and usability best practices that can be easily repurposed to fit the needs of other groups.

Facilitate cross-silo connections

Organizations must oversee that the different projects across various departments, business units, channels, and touchpoints, have a central team of CX professionals, who can understand the processes and approaches that different teams take and provide guidance when they move away from the customer goals and strategies. They facilitate cross-silo connections that may not happen otherwise.

Have a CX strategy plan in place

A clear digital CX strategy reflects the company strategy, its brand image and how it meets the customer’s needs. It spells out how the CX professionals provide guidance in its implementation and execution. It translates the company’s customer promises into key factors that direct the activities that matter most to the customers.

Shifting from CX to IT infrastructure, it is a pertinent call that customer experience cannot be neglected.

Every application entails the right blend of high performing IT infrastructure elements for exceeding end user expectations. IT Infrastructure drives performance of a customer service without any hesitation.

Several customers conveyed signals of improvement in their experience as the time spent (using in managing monitoring tools) decreases with implementation of a unified approach. A flexible IT infrastructure architecture and high end approach towards customer centric as well as supporting new technologies with designated agile yet unified approach deliver a superb credible customer experience.

Adopting a unified customer experience strategy across the organization is a challenging process that involves strong backing from the leaders, process maturity, appropriate tools, and technologies to succeed.

Impact of Automation to IT Operations

Modern day automation is all about achieving a capable control system using intelligent devices. It is going to accelerate with initiatives like internet of things which will help to increase performance and lower software maintenance costs.

It removes complicated middleware software which helps to streamline and create better system architectures that are more responsive, effective and affordable. Real-time control is used to drive processors achieve high standards using distributed controllers, sensors and actuators.

Automation reduces operational complexities

  • It extracts data from legacy system and uses it to automate manual processes to save time and reduce human errors.
  • It simplifies the planning process by creating a centralized system for corporate, finance and operations department.
  • It will help to analyze different cost and the its impacts.
  • It provides access to the best and most trusted sources when dealing with financial matters.
  • Helps to gain strategic insights using real time data and different virtualization tools.

Role of automation in different business scenarios:

Internet of Things

Requires real time data which is generated using automated devices and applications like sensors, controls and software installed within different processes. It uses this information to setup a response system which can monitor multiple check points and repair faults without human intervention.

Big Data

For big data to be successful, there is need to develop a centralized enterprise system which can provide all the business information. Automation makes it possible to access the entire business process environment like ERP processes and databases, data integration activities, data warehouse solutions and business information solutions without human intervention.

Business process Integration

Businesses are looking for ways to integrate processes. Automation helps to monitor and deliver different data applications, storage & files systems and other information to different departments. The information is automatically transformed to meet specific process and people requirements. It alerts and notifies system malfunctions and provides remote access to troubleshoot them using multiple devices.

Real time process automation

Business need to consider internal and external factor while taking crucial decisions. Real time automation tool integrates with multiple components which automatically collect information at all levels including screen scrapping, digital image recognition, external & internal servers and website links. It uses this information to provide company’s performance scorecards and factors influencing them.

Integrated machine design

Manufacturing firms are constantly looking for ways to build machinery in a more efficient manner. Firms use automation designing functions like PLC programming, device configuration and operator panel design to get the desired results. Automation is also used to achieve right combination of pressure control, heater control, servomotor control, image processing and vibration analysis.

Machine to Machine automation

Businesses face problem in allocating human resources to performance repetitive operations like manual checking as well as manage uncertain work volumes. IT automation can help robots interact with other robots and automatically manage workflows depending upon the work volumes without human intervention. It automatically interacts with multiple applications at user interface level reducing errors.

Automation of additive manufacturing

Certain products must be designed using 3D technology and printed in precision environment. The modern-day 3D printers automatically gauge environmental factors and perform functions like updating of order status, managing print operations and reducing hardware variation without any human intervention. It performs these functions using real time data provided by external devices.

Different parameters to be considered before investing in automotive technologies:

  • Determining the most specific areas that need improvement within the organization and accordingly set performance targets.
  • Gain good knowledge about the new technologies that are to be implemented and how it will help to achieve the expected performance levels.
  • Understanding the different types of organizational implications, the new technology will bring and the ways to align them with future vision.

Smart Machines Transforming Business Outcomes

Smart machines will redefine and transform business processes by detecting, classifying and locating faults and recommend actions.

It must have the capacity to automatically repair and correct processing errors and avoid failures by developing capabilities to increase accuracy and power. It should be able to use basic knowledge which includes both practical and science-based theory considering present and past research models.

Current trends in the smart machines industry:

Trend #1: Automated safety systems

The system combines standard and safety control methods into a single platform using artificial intelligent which will collect safety system data and automatically raises alerts. The data is also used to increase productivity, monitor downtime and report compliance issues.

Trend #2: Access to secure information

Operational, business and transactional data are connected with different performance dashboards which will support to develop actionable insights.

Trend #3: Real time diagnostics

Embedded intelligence devices are used to predict maintenance issues using real-time data which will help to quickly troubleshoot and repair problems. It remotely monitors critical parameters and repairs the problems before they reach a point of failure.

Trend #4: Intelligent personal assistance

The tasks are automatically performed by taking to consideration user input data, location, weather and traffic conditions. It also manages emails, calendar events and work schedules.

Trend #5: Smart integration

Replacing a multi-tiered networking strategy with a single network which can simplify network information platform by easing the collection, transfer and analysis of real-time operations data.

Trend #6: Smart data discovery

Provides highly complex results by using the most tailored use cases. It deploys a variety of data types and provide a detailed outcome which can be applied to all the departments of the business.

Trend #7: Cognitive computing

Involves human thoughts and creates a self-learning system using data mining, pattern recognition and natural language processing technologies with an aim to automate IT systems to solve problems without human assistance.

Trend #8: Machine to Machine communication

Helps to implement large-scale remote monitoring systems. It uses the concept of internet of things to manage warehouse scheduling, controls traffic, tracks logistic services and integrates supply chain.

Trend #9: Data analytics helps process excellence

Companies are recording data at different set points which provide information on the complete manufacturing and production work flows. This analyzed data is used to automate shop floor and take management level decisions.

Trend #10: Mobile robotic device

It helps to cover multiple locations by using navigation devices which allows it to travel a pre-defined route and automatically manage inventory, pick items on the shop floor and deliver orders to different departments.

Trend #11: Connected enterprise

It automates manufacturing and industrial processes uses internet of things and helps to share information across people, plants and supply chains. It reduces process complexities and minimizes risks related to information security.

Different ways by which smart machine helps to create a successful business model:

  • Provides scope to remain globally competitive by using relevant business model which helps to easily shift from mass production to mass customization.
  • Automates workforce issues like creating a process to knowledge transfer and retaining skills of retiring workers.
  • Uses latest inputs which helps to address risks related to security threats and complex regulations.
  • Provides information on different type of technologies for different processes.
  • Automated analysis and repairing capabilities which will help to create latest decision support system.
 

GAVS’ ZIF is an AIOps based TechOps platform that enables proactive detection and remediation of incidents helping organizations drive towards a Zero Incident Enterprise™ . Visit www.zif.ai to know more