In a recent survey by HFS Research, 86% of data science decision makers across the Global 2000 said that machine learning is impacting their industry today. But leaders want to be smart about how they forge ahead. When respondents were asked for their most important machine learning proof points, the number one concern was security.
Here at Infinia ML, security is a top priority. Our product group works closely with our Chief Information Security Officer to establish and reinforce a secure foundation for everything we build.
In this post, we’ll explore a blueprint for practicing machine learning in a way that protects your business and your data. Let the Five Ws and Three As of machine learning security be your guide.
The Five W’s
The first step in securing your company’s machine learning efforts is asking the five W’s: Who, What, When, Where, and Why.
How are certain departments, teams, and individuals involved with your machine learning efforts? Are these internal employees, contractors, or vendors.
What data do employees have access to? Is the data anonymized? Sensitive? Subject to regulation?
How frequently are the models running on the data? How often does model retraining occur?
Are you performing the model training on company owned hardware or in the cloud?
How is this machine learning effort generating ROI for your business?
The Three A’s
Once you’ve answered the five W’s, consider the following three A’s:
- Wherever possible, leverage your organization’s Single Sign On solution (if your company doesn’t use Single Sign On, consider an implementation). This not only saves time for users, but also ensures that your authentication process is in sync with your authorization procedures. Many companies use Single Sign On to automate the five W’s.
- Ensure that you have a strong password policy in place; implement two-factor authentication.
- If you allow vendors or contractors to access your systems, make sure that their login credentials are temporary and expire once the contract is complete.
- Based on your machine learning workflow, map various groups and individuals into certain steps in the process.
- Identify what permissions are required to complete each task and isolate user access levels accordingly.
- If a system or application requires shared credentials, leverage technologies that allow you to securely share sensitive credentials (e.g. a secrets manager like AWS Secrets Manager or Thycotic).
- Log all the actions that authorized and authenticated users perform across various systems.
- Do not allow logs to be edited by any user.
- Maintain these logs in a secure environment for an indefinite period.
When performed securely, machine learning can give your company a competitive edge by uncovering insights your competitors don’t have. When performed insecurely, poor data hygiene can open your company up to unwanted risk and exposure.
To learn more about Infinia’s approach to machine learning and data security, please contact us today.