SMU Office of Research – A lot has changed in the past decade when it comes to how industry and businesses use computing. Whereas it used to be about converting analogue information into digital form (Digitisation), digital technology now transforms processes and creates a positive product experience (Digitalisation). Technology use has shifted from the backend to become user-facing, and the expertise required to manage it has also changed.
The increased use of computing technology has also exposed companies and especially their information systems to cybersecurity threats, on top of navigating an evolving legal and regulatory environment playing catchup to the breakneck speed of technological advancement.
This combination has created a demand for well-rounded computer scientists who are capable of more than just writing code and managing information systems. Or would technically proficient business graduates better meet industry demands?
“Companies don't really care whether the person they hire studied business as a major and then learned computing, or the other way around – they have certain jobs that need to be done, and the question is who comes equipped with the hard technical expertise to do them,” observe Professor Pang Hwee Hwa, Dean of the SMU School of Computing and Information Systems (SCIS).
“Companies need local expertise here to create and implement a positive product experience. You cannot just say, ‘Okay, let me define the spec [technical specifications], and I go outsource the development.’ It doesn't work that way anymore.
“As a result, there is a lot of local demand for IT professionals who understand emerging technology and have the ability to really create and engineer systems. That translates to the kind of training we have to offer our students.”
Teaching for the future
The School of Information Systems (SIS) became the School of Computing and Information Systems in 2021, with ‘Computing’ added to underline the focus on “the science of computing, hard-core programming, and technology development”. Reflecting the School’s tagline of “Creating Our Digital Future”, the School is ramping up research capabilities in areas such as Machine Learning, Human-Computer Interaction, and Cybersecurity. “In all of our degrees, we have strengthened the technical foundation, coding, project management, and software engineering,” says Professor Pang.
The development of such in-demand knowledge has attracted burgeoning enrolment interest, with SCIS taking in over 600 undergraduates this year – more than double the 270 that the then-SIS took in for 2016 when Professor Pang first took over as the Dean.
Talking to industry partners to find out what skills they want graduates to bring into their companies is a key element of curriculum evolution, Professor Pang says. He adds that feedback from the students – “What skills did you need, and learn, at your internship that you didn't get in school?” – also help in adjusting what is taught.
But what about those who graduated years ago, and who might be wondering what to brush up on to stay relevant in a fast-moving landscape?
“They may not need to develop software or run a project, but it would be very helpful for them to understand the applications of technology,” Professor Pang observes. “Even if they are not software engineers, they should be able to conceptualise what kind of product experience can be created in their line of work. They would be realistic, and not just imagine something that cannot be implemented, or under-utilise the present capability.
“So the ability to understand what technology can achieve today, and is likely to achieve in the next one or two years, is very important for IT professionals.”
Secure data, secure cloud
Professor Pang points to syllabus changes made around 2016, when the then-SIS created specialisation tracks on “Business Analytics, Financial Technology, and one track that has evolved into Digitalisation & Cloud Solutions”. The emergence and apparent ubiquity of cloud services is a “big deal”, says the Dean, who has a keen interest in the cybersecurity aspects of cloud computing.
In his 2020 research paper “Privacy-preserving outsourced calculation toolkit in the cloud”, Professor Pang and his collaborators sought to increase data security when it is outsourced onto the cloud.
“You need lots of data to train AI models. If you can't maintain and manage your data in-house, you need to outsource it [to a cloud provider],” Professor Pang explains. However, you would be concerned about the security of your data on the cloud. Even if it is encrypted, if it needs to be decrypted for machine learning models to understand and work with it, the act of data decryption presents a key vulnerability that can be exploited by hackers.
Professor Pang elaborates on how applications that work directly on encrypted data can enhance privacy and security.
“Let’s say I need to increase someone’s salary by 10 percent. If I can take the encrypted record and effect the 10 percent increment, all in encrypted form, nobody would see the actual numbers because the record was never decrypted.
“Only a small proportion of such tasks can be achieved on encrypted data right now, which is why a lot of times the data is not even encrypted – it is just stored in plain text!” laments Professor Pang. “Plain text is most efficient to process but it is also the least secure.”
So, how far away are computing solutions from the ideal situation of accessing and adjusting encrypted data without decrypting it?
“I think it's still quite far away for general applications. For example, for addition and multiplication it is still a lot slower than processing on plain text directly. You're talking about maybe a million times slower,” says Professor Pang. “When you try to do addition on encrypted text, there are a lot more calculations involved. If we are talking about a million times slower, a lot of companies will just say, ‘It’s not acceptable.’ Companies will just run on plain text data at speeds a million times faster.
“It is always a trade-off between speed and security. The trade-off becomes acceptable only if even a million times slower is fast enough. It would not work if I'm training a machine learning model on encrypted data that is terabytes in size, because a million times slower there would be really slow. But if you are updating a medical record, then a two-second delay may not matter.”
He concludes, “As we continue to develop faster techniques for processing encrypted data, over time more applications will be able to benefit from the enhanced security that it brings.”
Back to Research@SMU August 2023 Issue