Jan 15, 2021

Is cybersecurity thwarting automation?

John Yardley
5 min
We need to think carefully about the implications of the authentication systems we choose and how we can restructure our access to IT services
We need to think carefully about the implications of the authentication systems we choose and how we can restructure our access to IT services...

Some years back, the major music and film publishers were resisting attempts to digitise sources of entertainment by adding ever more sophisticated protection mechanisms to the media. DVD producers, for example, added encryption and restricted geographic distribution.

A similar thing is happening today to prevent unauthorised access to our data in the Cloud. The basic method of authentication is the username and password. For a remote application to validate that a password is correct, it must store a copy of the password with which to compare that entered by the person attempting to access the data. However, if the application database gets hacked, then all the users’ accounts are compromised.

One way around this is to encrypt the password before storing it. The user is validated by comparing the encrypted password entered with the stored encrypted password. By using irreversible algorithms, it is impossible to extract the passwords from a hacked password database. However, this does not stop a machine trying random (but easily guessed) passwords on thousands of accounts until one works, or a human using a plain text password they may have seen written down.  

What is needed is a method to confirm that a legitimate user is attempting to log in and, arguably, that the user is human.

Increasingly, the weapon of choice is CAPTCHA (or some similar mechanism) where a user identifies features from an image. This is difficult for a machine to do.

Artificial Intelligence is about replicating what a human does and, according to Alan Turing, English mathematician and pioneer of theoretical computer science and AI, the extent to which it can make a human think they are dealing with another human.  

Two factor identification can also be used to confirm the identity of the user. In this scheme, a further step is introduced to the login process, involving sending a message to another, separately authenticated account - such as by email or via SMS to a mobile phone - for confirmation.

Both methods have their merits and shortfalls, and can be used on their own or together.

However, all these schemes often disadvantage those who they are intended to help. While sometimes irritating, it is understandable due the massive amounts of computer power available simply to break authentication schemes and the significant fraudulent activity occurring with IT services.

With the advent of remote working, more of the information we use must also be accessed remotely. And the more general a service needs to be to satisfy a large user base, the more steps are required to access the information needed. The opposite extreme is the bespoke service which can be tailored to a specific customer’s needs. So, for example, if a company needs a daily report on, say, a particular stock price over a certain period, in a bespoke application, a “button” may be created to generate the report in one click. Whereas in a generic application, it is necessary to specify a range of dates, a stock symbol, a currency, and so on, inputting any of which is subject to mistakes. Combine that with the process of authenticating the user, and time taken to generate an accurate report can soon mount up.

Remembering a password can be difficult enough, but with the task of locating, say, a CAPTCHA traffic light that appears in a tiny section grid, then the overall delays in accessing that information, are compounded further. And the more frustrated we get, the more likely we become to fail the “is it a human” test - or simply give up.

Two factor authentication may not help either. Perhaps you cannot locate your phone, or access the text message without losing the context of the service you were logging into, or have difficulty in reading and transcribing the key.

Biometric authentication - for example fingerprints or facial scans - can also be problematic. It may be more convenient for the human user, but it does not solve the problem of providing secure proxy access - that is access you legitimately give to another person or machine. Increasingly, it is machine access that is required to deploy intelligent services on users’ data.

And it is not just authenticating generic services that creates an issue. In order to reduce the burden of processing the vast amount of communication – in the business world largely by email and telephone - we look to AI to tell us which messages to focus on including what is spam, or which messages involve money. But in order to process this information, the AI tool must gain access to it. Throw two factor authentication at it and a large number of useful services are immediately ruled out. 

The alternative, where available, is to decline the stricter authentication procedures. It then becomes a tradeoff between the benefit of providing AI access to your data, against the risk of your account being hacked.

Service providers need to develop other ways of authenticating access to our data or authorising proxy access to others. App-specific passwords go some way towards this, but not far enough. These are passwords generated by the validated account holder for distribution to other processes or people that need to access their account. They work only for specific applications and can be revoked without affecting the main login credentials.

In the meantime, we need to think carefully about the implications of the authentication systems we choose and how we can restructure our access to IT services to minimise the risk of security breaches without preventing the automation of useful processes.

This can often be achieved by separating the data we might wish to share - for example by setting up auxiliary “less secure” accounts and store only the data we need to share. There are also ways of accessing data programmatically (for example APIs). While this may be mostly beyond the capabilities of the average computer user, a small investment in some specialist help may return a significant savings in time and benefits in security.

By John Yardley, Managing Director of Threads Software 

Share article

Jun 15, 2021

The advantages and disadvantages of AI in cloud computing

3 min
AI is being used in cloud computing, which works by allowing client devices to access data over the internet remotely, but are there pros and cons?

Cloud computing offers businesses more flexibility, agility, and cost savings by hosting data and applications in the cloud. AI capabilities are now combining with cloud computing and helping companies manage their data, look for patterns and insights in information, deliver customer experiences, and optimise workflows.

We take a look at some of the benefits and drawbacks of AI in cloud computing. 

The benefits of AI in cloud computing


Lower costs

A major advantage of cloud computing is that it eliminates costs related to on-site data centers, such as hardware and maintenance. Those upfront costs can be restrictive with AI projects, but with cloud enterprises you can access these tools for a monthly fee, making research and development related costs more manageable. AI tools can also gain insights from the data and analyse it without human intervention, reducing staff costs.

Deeper insights 

AI is able to identify patterns and trends in large data sets. Using historical data, AI compares it to the most recent data, which provides IT teams with well-informed, data-backed intelligence. AI tools can also perform data analysis fast so enterprises can rapidly and efficiently address customer queries and issues. The observations and valuable advice gained from AI capabilities result in quicker and more accurate results.

Improved data management

AI enables extensive data management, and cloud computing maximises information security, making it possible to deal with massive amounts of data in a programmed manner to analyse them properly, allowing the business to leverage information that has been “mined” and filtered to meet each need. AI can also be used to transfer data between on-premises and cloud environments. 

Intelligent automation 

Businesses use AI-driven cloud computing to be more efficient and insight-driven. AI can automate repetitive tasks to boost productivity, and also perform data analysis without any human intervention. IT teams can also use AI to manage and monitor core workflows. IT teams can focus more on strategic operations while AI performs the mundane tasks. 

Increased security 

With businesses deploying more applications in the cloud, security is crucial in order to keep data safe. IT teams can use different AI-powered network security tools which can track network traffic, they can flag issues, such as finding an anomaly. 

The drawbacks of AI in cloud computing


Data privacy 

 Enterprises need to create privacy policies and secure all data when using AI in cloud computing. AI applications require a large amount of data, which can include consumer and vendor information. While some data can be anonymous and can't be tied to personally identifiable information, knowing who the data belongs to makes it more valuable. When sensitive information is used, data protection and compliance is a major concern.

Connectivity concerns 

IT teams use the internet to send raw data to the cloud service and recover processed data. Poor internet access can hinder the advantages of cloud-based machine learning algorithms, as cloud-based machine learning systems need consistent internet connectivity. 

While processing data in the cloud is quicker than conventional computing, there is a time lag between transmitting data to the cloud and receiving responses. This is a significant issue when using machine learning algorithms for cloud servers, where prediction speed is one of the primary concerns.

Share article