...by Daniel Szego
"On a long enough timeline we will all become Satoshi Nakamoto.."
Daniel Szego

Thursday, July 6, 2017

Notes on digital identity and big data

Considering current trends and algorithms in data mining and machine learning, the concept digital identity is actually not so simple. Virtual identity is not just a set of parameters that are published somehow to the web, instead it is all the digital traces that are left behind by someone. It includes digital traces on google, Netflix, on different dating or music apps and so on. Currently data of such an application remains in the context of the application, however will not necessarily remain the same on a long run. As a consequence, serious data and identity leaks might occur, causing for instance that general browsing characteristic of an individual is considered at a credit or insurance evaluation. 

In this sense, the privacy of an or leak of an identity will be an always increasing problem. There might be two possible answers for this problem: 
1. To get the online traces of an individual independent of the identity, like with the help of private browsers, private search and other privacy tools. 
2. Simulate online behavior to match an expected one with the help of online algorithmic tools, for instance with the help of bots. 

Monday, July 3, 2017

Governance issues of self service IT

PowerApps, PowerBI and Flow. These are awesome self service IT tools from Microsoft, meaning that creating reports, mobile Apps small workflows or business logic can be created without real coding knowledge just by clicking the applications together by power users. However this direction of self service application development raises serious questions regarding governance. The situation might be similar that happend with Excel and at the early stages of SharePoint as well, where a huge number of unregulated island solution have borne, without the possibility to integrate or scale them up. 

Such self service solutions clearly have the advantage that a simple power user without developer or coder exercise is able to deliver a solution. Another advantage is that these solutions can usually be developed at a rocket speed, meaning both the first delivery of the application and the possibility to modify as well. What is missing however is the general governance concept: 
- Well defined thumb of rules for authorization: like roles, peoples, groups, the possibility for general authorization guidelines.  
- Rights and visibility in the information flow of data: as an example at a simple report of containing average salary of several employees it makes sense to define access rights on the data side defining who is allowed to see the individual salaries and the total sum. 
- Scaling the application: most rapid application development environments have architecture limits, manifesting in point in the application delivery where further uses-cases can not be delivered with the same methodology. It is a question that point is reached if there is some integrated solution to implement the further use-cases, like extending exchanging self-service development style with classic programming.  
- Migrating between applications: The primary idea of self service IT is to give the possibility for the power-users to "click together" applications. Supposing that we already have some legacy application that we want to more or less automatically migrate to the new platform is usually not supported. 

As a consequence, self-service frameworks provide a solution for certain business requirements but several new challenges regarding governance are raised up as well.