Exploring machine learning in the cloud with AWS

There has been a resurgence of interest in machine learning in recent years. The ability to uncover hidden patterns and derive insights from vast, complex datasets is exceptionally valuable in an age where sensors are omnipresent and storage is cheap. Machine learning’s current status as the technology ‘buzzword of the year’ does not diminish the enormous potential of this technology in applications ranging from healthcare to self-driving cars.

Despite this, there are still considerable complexities in the design and implementation of a machine learning solution. Computational power is one of the core challenges; training a machine learning algorithm involves massive numbers of floating point operations, which regular computers perform relatively slowly and inefficiently. Cloud-based machine learning solutions can address this by offering access to highly optimised hardware that can perform the calculations at a fraction of the time and energy required by a traditional computer. AWS P3 instances are a great example of these specialised machines, providing up to one petaflop of floating point performance – meaning the machine can complete 1,000,000,000,000,000 floating point operations per second. This is around 1000 time faster than the average consumer PC. Cloud solutions can also reduce the cost and complexity of implementing a machine learning solution by providing developers with a pre-provisioned and configured platform to work with.

AWS recently hosted a seminar in Melbourne providing an overview of their machine learning platforms and capabilities, which I attended to explore opportunities for integration with Umps Health’s analytics platform. The session provided an excellent overview of the AWS offerings, which are broadly divided into three categories:

  1. Application Services
    These are API-based services for specific language and visual applications. These services are a simple and relatively low cost way to perform common machine learning tasks like image recognition, natural language processing, and translation. The pricing is based on the number of API requests made.
  1. Platform Services
    The most important service in this category is SageMaker, a managed service which enables a machine learning solution to be built, trained, and deployed using a simple modular interface. Sagemaker eliminates the complexities involved in platform implementation and enables users to focus on more important aspects – the data, algorithms, and insights. SageMaker’s pricing structure is based on usage time, billed per second.
  1. Frameworks and AMIs
    AWS also offers specialised machine learning Amazon Machine Images (AMIs). These are virtual machines running on optimised hardware, which are preconfigured with a range of popular machine learning tools like Apache MXNet, TensorFlow, and PyTorch. This option gives developers the maximum amount of control over the machine, but requires a greater level of technical knowledge to get the best results. The pricing model is based on hours of virtual machine uptime.

It’s important to note that (as of March 2018), SageMaker is only available in the US and EU regions. This means that users outside these regions (in Australia, for example) can still use SageMaker, but their data must be transferred to one of these regions for processing – a major problem for personal or sensitive data, which is generally subject to strict privacy laws and limitations on cross-border disclosures. Machine learning application services and AMI instances are already available worldwide, so most users will be able to run analytics with these services in the region in which their data was collected.

The seminar concluded with a demonstration of AWS DeepLens, a camera that analyses video using deep learning in real time and securely integrates with other AWS services. The accuracy of its object recognition algorithms was generally very good, and as a proof-of-concept and development tool DeepLens is impressive.

By eliminating the need for prohibitively expensive hardware and streamlining the implementation process, cloud-based machine solutions can significantly lower the cost and complexity of creating a powerful machine learning platform. However, as with any solution that handles personal data, privacy and security must remain a top priority.

How to make sure your thermostat doesn’t attack your toaster: Security in the Internet of Things

After a slow start, Internet of Things (IoT) solutions for the home are experiencing a surge in popularity. Recent research by Telsyte found that more than 40% of Australian households currently have at least one IoT device, with more than 150 million devices expected to be in operation by 2021. As smart home devices become more widespread, however, security becomes an increasing concern; 2016 research by Deloitte found that 80% of consumers did not feel well-informed about security risks and 13% cited it as the main reason for not adopting IoT solutions at home.

Data and device security is vitally important in any IoT solution, and the responsibility for this must lie with the companies developing these solutions. Facing an ever-increasing range of threats, what can a company do to ensure its users’ data and devices are secure? While cybersecurity is a complex topic, the most important aspects are quite straightforward:

1. Design for security in every layer

In a typical smart home solution data is constantly flowing between connected devices, smart hubs, cloud platforms, mobile devices and web apps. Finding the best way to move data around is one of the core challenges of IoT; while cost, interoperability and energy efficiency constraints often dictate which technologies are used, it is critical to consider security here too.

Controlling wireless network access in the home, exclusively using encrypted communication protocols, and restricting access to cloud platforms will go a long way towards ensuring the safety and integrity of the solution. Secure data storage is also essential – don’t make the same mistakes as CloudPets, a line of internet-connected teddy bears which in 2017 was found to be storing customers’ personal information and voice recordings in publicly accessible Amazon cloud storage.

2. Plan for the future

Sooner or later, vulnerabilities will be found in any system, often in areas beyond your control. In October 2017, for example, Belgian researchers revealed the KRACK attack against WPA2, a ubiquitous security protocol used in all modern WiFi networks. This attack meant that every secure WiFi network became vulnerable due to a previously unknown flaw in WPA2. It is rarely possible to predict these incidents, but once a vulnerability is exposed a solution will generally be published very quickly. It is therefore vital that every aspect of an IoT solution can be rapidly upgraded in response to new threats.

3. And finally – get the basics right

In October 2016 the Mirai botnet launched multiple massive denial-of-service attacks, preventing users from accessing a range of major websites including Amazon, Airbnb, Twitter and Spotify. This incident was particularly significant as it was the first high-profile attack carried out by millions of infected IoT devices such as cameras, printers and thermostats. Mirai was able to infect all of these devices by simply attempting to log into them with common default usernames and passwords. In this case, the most basic level of security – setting the username and password of the devices to something other than ‘admin’ – would have been enough to keep these devices safe.

In addition to changing default credentials, every organisation working with IoT solutions should also be:

  • Ensuring the entire software stack is up to date at all times
  • Protecting your cloud credentials
  • Implementing a strong password policy, and never storing or transmitting users’ passwords in plaintext
  • Closely monitoring who has access to your data at all times. For example, is your sensor data being sent to someone else’s cloud too?
  • Raising employee awareness about the importance of security

These best practices are not new or revolutionary, but without them the strongest security architecture and most advanced cryptography in the world won’t keep a system secure.

IoT solutions for the home inherently deal with huge amounts of personal data; protecting this data and ensuring device integrity must be a priority. As the number of connected devices increases and threats multiply, it is critical that the developers and providers of IoT solutions be both transparent and proactive in their approach to cybersecurity.

The post How to make sure your thermostat doesn’t attack your toaster: Security in the Internet of Things appeared first on Umps Health.