3 - 4 OCTOBER 2018 / EXCEL LONDON

A Human-First Approach to Predictive Analytics

Wednesday 16 August 2017

I’ve been looking at ‘pre-crime’. The science of this falls under “predictive analytics” – the idea that we can use past history combined with knowledge about the present to make predictions about likely futures. 

The use of predictive analytics for determining that an employee is considering leaving is pretty common. In the insider threat space, the knowledge that an employee is probably leaving can have darker overtones. Since many employees will steal corporate data when they leave, one can consider the prediction of departure as a risk indicator. This in turn increases the probability that a data move by the user represents a theft. This is both an opportunity and a problem.

Employers have the right/duty to protect their corporate intellectual property. Being concerned that an action carries with it a bit more risk is a good thing. The trick is what is done with that knowledge. One option is to limit that user’s access – but that’s essentially penalizing a user for something they haven’t done yet. Another approach might be to increase monitoring, so if data is stolen, the company has some form of remediation. Finally, data could be dynamically and silently encrypted when it is moved off a managed device. If that data moves back to another corporate device, it is decrypted, and all is well. If it is moved to a personal device, it’s protected and locked up in an encrypted package.

The point is that context is everything and we must use these analytics in a human-first way. Each of the mitigations above works technically, but only one really wins from the human perspective. Analytics that allow us to predict an employee’s likely future cannot be used in a way that disadvantages that employee in the workplace.

This human-first approach is still in its infancy and my fear is – and remains – that these powerful predictive analytics algorithms will end up being deployed based on numbers, not on people. In that world, we all lose.

Posted by Carl Leonard, Principal Security Analyst, Forcepoint. 

Carl Leonard will be speaking on using predictive analytics with a “human first” approach or come find him on the Forcepoint stand (A20).

Top