[Log In] []

Exploring the science and magic of Identity and Access Management
Tuesday, May 31, 2016

State of the Market: IoT 2016

Information Security, Internet of Things
Author: Mark Dixon
Friday, May 27, 2016
1:52 pm

VerizonIoT1

This afternoon, I read a recently released Verizon report, “State of the Market: Internet of Things 2016.” It provides a quick, but fascinating read about Internet of Things market forces, real-life industry adoption, key trends and real-world successes.  The report states:

The Internet of Things (IoT) is much more than the result of seemingly fragmented and complex technologies smashed together … forward-thinking business and public sector leaders, as well as consumers and developers, are turning to the Internet of Things to address some of society’s most pressing social, economic and business challenges.

Five macro trends— data monetization, consumer expectations, the regulatory landscape, network connectivity/IoT platforms and security—are helping to speed IoT adoption and deliver measurable results across several industries and sectors.

Verizon believes we just completed the year where IoT graduated from the neat new idea stage to mainstream adoption:

In our view, 2015 was the year IoT gained legitimacy. Businesses moved beyond a “start small think big” mindset. Today, they’re building IoT into future strategies and business models. Companies across all industries now have IoT squarely on their radar.

In 2015, the emphasis of startup capital began to favor enterprise focused IoT businesses over consumer applications in a big way, and the trend appears to be accelerating:

According to analysis conducted by our venture capital (VC) arm, Verizon Ventures, we estimate that consumer IoT startups raised 15% more VC funding than enterprise-focused startups in 2014. However, in 2015, roles seemed to have reversed with enterprise outpacing consumer by around 75%. In 2016, we believe the enterprise will continue that trend, but by a much larger order of magnitude—roughly 2 – 3 times more than consumer.

The sheer size of the potential IoT market continues to boggle my mind. The following chart shows a few big numbers that barely scratch the surface of the potential for IoT growth.  

VerizonIoT4

Of the many potential IoT areas of emphasis, the Verizon report specifically addresses four:

  • Automotive: Connection, convergence, convenience and the connected car
  • Agriculture: Farming with precision
  • Smart Cities: Making communities smart and sustainable
  • Energy: Providing real-time energy insight.

Of these, the closest one to my heart is Farming with Precision – quite a big step from the old farm where I grew up, where adjusting irrigation meant installing canvas dams in ditches and using a shovel to channel water down the correct rows in a field:

Industry experts have quipped that the agriculture industry is proof that soon, every company will be an IoT business.

One of the biggest trends in farming today is precision agriculture, the practice of sensing and responding to variable soil, moisture, weather and other conditions across different plots. Farmers are deploying wireless sensors and weather stations to gather real-time data about things such as how much water different plants need and whether they require pest management or fertilizer  

Using this data, growers can customize growing processes. Indeed, one of the biggest benefits IoT offers farmers is the ability to gather much more granular data about smaller parcels of land. With site-specific data, growers can then optimize growing conditions on a plot-by-plot basis, boosting yields, improving quality and cutting costs in the process.  

VerizonIoT2

Again, the numbers are immense:

The total market size for digital precision agriculture services is expected to grow at a compound annual growth rate of 12.2% between 2014 and 2020, to reach $4.55 billion.

Security, is, of course, of critical importance across many facets of the IoT landscape. 

The sheer volume of IoT devices constantly producing communications, require careful security and privacy considerations. There is no current IoT protection framework that’s ahead of the implementation of this technology. The industry is keeping up with the development of technology by looking to the rising threat vectors—some old, some new—that will impact deployments and ongoing operations. Authentication of critical data, and baseline triggers for action are the emerging security focus.

VerizonIoT3

 The bottom line?

Innovation, productivity and value will thrive as private companies and the public sector both come to the inevitable conclusion that IoT is imperative to delivering the integrated, easy to use and sustainable products and services demanded by an increasingly mobile, tech-savvy 21stcentury society.

No single company or country can realize the full promise of IoT on its own. We believe collaboration, experimentation and openness will:

  • Create cleaner cities
  • Deliver better healthcare
  • Make transportation systems safer
  • Conserve water
  • Boost productivity
  • And make the digital world work better for consumers and citizens.

We live in an exciting world, at an exciting time.  Hang on for the ride!

 

Happy Birthday, Levi’s Jeans!

History
Author: Mark Dixon
Friday, May 20, 2016
3:45 pm

Levi’s blue jeans have been a staple in my life for a long time.  Today I am wearing a new pair I bought last week. The Levi’s brand is quintessential Americana. In fact, complex.com dubbed Levis as the eighth most iconic brand of all time!

Today, we celebrate the birthday of Levi’s. According to History.com:

On this day in 1873, San Francisco businessman Levi Strauss and Reno, Nevada, tailor Jacob Davis are given a patent to create work pants reinforced with metal rivets, marking the birth of one of the world’s most famous garments: blue jeans.

Levis

The pair of Levi’s I am wearing now don’t have classic copper rivets, but I like the comfort and fit. I suppose that wearing Levi’s is the closest I’ll ever come to being “hip.”

 

 

CSA – State of Cloud Security in 2016

Cloud Computing, Information Security
Author: Mark Dixon
Wednesday, May 18, 2016
5:30 pm

CSA2016

The State of Cloud Security 2016, published by the Cloud Security Association Global Enterprise Advisory Board, is a short, but interesting document, focused on articulating the gaps in current cloud security practices to help cloud providers better understand the needs of their customers.

Cloud computing is an incredible innovation. While at its heart a simple concept, the packaging of compute resources as an on demand service is having a fundamental impact on information technology with far reaching consequences. Cloud is disrupting most industries in a rapid fashion and is becoming the back end for all other forms of computing, such as mobile, Internet of Things and future technologies not yet conceived. As governments, businesses and consumers move to adopt cloud computing en masse, the stakes could not be higher to gain assurance that cloud is a safe, secure, transparent, and trusted platform.

With the stakes rising in cloud adoption, cloud providers need to step up with better built-in security:

Cloud computing adoption is solid and increasing. Security and compliance can be adoption barriers. Now is the time to increase the pressure on cloud providers to build security in, not try to bolt it on as an afterthought.

Cloud computing demands new approaches to security:

We need to take a hard look at many of our existing security practices and retire them in favor of new “cloud inspired” approaches that offer higher levels of security.

Finally, solving these tough problems will require cooperative effort between cloud providers and their customers:

Both enterprises and cloud providers need to work together to better align their security programs, architectures and communications.

Let’s work together to conquer these tough challenges.  

 

Cloud Security – 2016 Spotlight Report

Cloud Computing, Information Security
Author: Mark Dixon
Wednesday, May 18, 2016
5:02 pm

Spotlight title

This afternoon, I read the Cloud Security – 2016 Spotlight Report, presented by CloudPassage. It was an informative report based on responses from a Linkedin security community. Aside from the insight it provided about Cloud Security, I found it intriguing that social media groups are proving to be a valuable source of market information.

The report focuses on the risk factors facing enterprises as they progressively adopt cloud computing

Security of critical data and systems in the cloud remains a key barrier to adoption of cloud services. This report, the result of comprehensive research in partnership with the 300,000+ member Information Security Community on LinkedIn, reveals the drivers and risk factors of migrating to the cloud. Learn how organizations are responding to the security threats in the cloud and what tools and best practices IT cybersecurity leaders are considering in their move to the cloud.

It is no surprise that security is a key concern.  I would expect such a response from a self proclaimed information security community.

Cloud security concerns are on the rise. An overwhelming majority of 91% of organizations are very or moderately concerned about public cloud security. Today, perceived security risks are the single biggest factor holding back faster adoption of cloud computing. And yet, adoption of cloud computing is on the rise. The overwhelming benefits of cloud computing should drive organizations and security teams to find a way to “get cloud done”. This is a prime example to where security can have a profound impact on enabling business transformation.

Spotlight concern

It was not surprising that most respondents thought that traditional security tools were inadequate.

The survey results confirm that traditional tools work somewhat or not at all for over half of cybersecurity professionals (59%). Only 14% feel that traditional security tools are sufficient to manage security across the cloud.

Spotlight tools

I am not a expert on the validity of this type of survey vs. a more traditional survey conducted outside of the social media environment, but I think it provides some valuable insight.  There is a lot of work to do, folks!

 

The Treacherous Twelve: Cloud Computing Top Threats in 2016

Cloud Computing, Information Security
Author: Mark Dixon
Wednesday, May 18, 2016
4:24 pm

Treacherous12

This week, I read an interesting report created by the Top Threats Working Group of the Cloud Security Alliance and sponsored by Hewlett Packard. Entitled, “The Treacherous Twelve: Cloud Computing Top Threats in 2016,” this report points out that new security vulnerabilities are emerging …

the improved value offered by cloud computing advances have also created new security vulnerabilities, including security issues whose full impacts are still emerging.

… and that security is no longer just an IT issue. 

The 2016 Top Threats release mirrors the shifting ramifications of poor cloud computing decisions up through the managerial ranks. Instead of being an IT issue, it is now a boardroom issue.

More vulnerabilities and increased business awareness/responsibility. The urgency of security is rising.

The report identifies security concerns so business leaders can make better decisions about security:

The purpose of the report is to provide organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk management decisions regarding cloud adoption strategies. The report reflects the current consensus among security experts in CSA community about the most significant security issues in the cloud.

The 12 critical issues to cloud security (ranked in order of severity per survey results):

  1. Data Breaches
  2. Weak Identity, Credential and Access Management
  3. Insecure APIs
  4. System and Application Vulnerabilities
  5. Account Hijacking
  6. Malicious Insiders
  7. Advanced Persistent Threats (APTs)
  8. Data Loss
  9. Insufficient Due Diligence
  10. Abuse and Nefarious Use of Cloud Services
  11. Denial of Service
  12. Shared Technology Issues

The report provides includes a variety of useful information about each critical issue, including:

  1. Description
  2. Business Impact
  3. Anecdotes and Examples
  4. List of applicable controls from the Cloud Control Matrix (CCM)
  5. Links to further information

Some of the anecdotes are both intriguing and disturbing:

British telecom provider TalkTalk reported multiple security incidents in 2014 and 2015, which resulted in the theft of four million customers’ personal information. The breaches were followed by a rash of scam calls attempting to extract banking information from TalkTalk customers. TalkTalk was widely criticized for its failure to encrypt customer data.

Praetorian, an Austin, Texas-based provider of information security solutions, has launched a new cloud-based platform that leverages the computing power of Amazon AWS in order to crack password hashes in a simple fashion.

Heartbleed and Shellshock proved that even open source applications, which were believed more secure than their commercial counterparts … , were vulnerable to threats. They particularly affected systems running Linux, which is concerning given that 67.7% of websites use UNIX, on which the former (Linux) is based.

In June 2014, Code Spaces’ Amazon AWS account was compromised when it failed to protect the administrative console with multifactor authentication. All the company’s assets were destroyed, putting it out of business.

The threat is real, folks.  Be careful out there!

 

Is it Real?

Social Media, Space Travel
Author: Mark Dixon
Wednesday, May 18, 2016
1:34 pm

Shuttle

This morning, I saw a cool photo of the Space Shuttle bursting through the clouds on Facebook and shared it with my friends.  

But alas, I subsequently found out in an article on Universe Today, that photographer Richard Silvera faked it;

The picture of the sky and clouds was taken by me from an airplane, and the shuttle is a picture from NASA. Then the assembly was done in Photoshop & Lightroom.

So, as the wise Abraham Lincoln once said, “Don’t believe everything you read on the Internet.”

Or was that George Washington?

 

Do Clickthroughs Drive Sales?

Business
Author: Mark Dixon
Monday, May 16, 2016
9:30 am

Aw, the firm predictability of click-throughs to revenue!

Marketoonist 160516

Thanks to Tom Fishbone, the Marketoonist, for this wry wisdom.

 

Hubble Spies a Spiral Snowflake

Astronomy
Author: Mark Dixon
Friday, May 13, 2016
3:59 pm

The beauties of the universe never cease to amaze me. NASA’s photo of the day features the spiral galaxy NGC 6814 in all its otherworldly splendor.

Hubble friday 05132016

Together with irregular galaxies, spiral galaxies make up approximately 60 percent of the galaxies in the local universe. However, despite their prevalence, each spiral galaxy is unique — like snowflakes, no two are alike. This is demonstrated by the striking face-on spiral galaxy NGC 6814, whose luminous nucleus and spectacular sweeping arms, rippled with an intricate pattern of dark dust, are captured in this NASA/ESA Hubble Space Telescope image.

NGC 6814 has an extremely bright nucleus, a telltale sign that the galaxy is a Seyfert galaxy. These galaxies have very active centers that can emit strong bursts of radiation. The luminous heart of NGC 6814 is a highly variable source of X-ray radiation, causing scientists to suspect that it hosts a supermassive black hole with a mass about 18 million times that of the sun.

As NGC 6814 is a very active galaxy, many regions of ionized gas are studded along its spiral arms. In these large clouds of gas, a burst of star formation has recently taken place, forging the brilliant blue stars that are visible scattered throughout the galaxy.

Just think – less that one hundred years ago, scientists thought the Milky Way Galaxy was the only of its kind in the universe!

 

My 11 Years Blogging on Identity

Blogging, Identity
Author: Mark Dixon
Friday, May 13, 2016
3:00 pm

Eleven

Eleven years ago today, on May 13, 2005, also Friday the 13th, I wrote my first post for this Discovering Identity blog, then hosted on the Sun Microsystems blog server.  In my maiden post, entitled Sun-Microsoft Interoperability – Focus on Identity Management, I wrote about Scott McNealy and Steve Ballmer speaking about enabling interoperability between Microsoft and Sun platforms.  

In line with my focus on Identity Management, I commented:

Identity Management is the key to enabling interoperability. It is the pivot about which the Microsoft/Sun relationship turns. Why – because Identity, by its very nature, transcends platforms. Regardless of which application or platform is being used, a user’s basic identity doesn’t change. So, in a naturally heterogenous world, an ability to rise above the differences between computer platforms is necessary if companies are to reach goals of efficiency and connectivity they require for business success.

Although I might now change a word or two in that paragraph, the essence of the statement still holds true –  Identity is definitely a key enabler for digital interactions among people, systems, applications and devices.

As a novice blogger, I also commented about my excitement in joining Sun the previous October:

I’m delighted to be here, on the front lines of a market with high customer demand, multiple business benefits, interesting innovation, strong competition and real-world results.

It turned out that publishing my blog was the single most beneficial thing I did for my career at Sun. It opened doors, solidified my credibility, triggered new opportunities and launched new friendships with people all over the world.

A lot of water has passed under the proverbial bridge in the last eleven years. Just think – my blog is older than the iPhone and almost as old as Facebook!  Once a formidable giant, Sun Microsystems is no more. Interesting terms like the “Internet of Things” and “selfie” hadn’t yet been invented when this blog was launched. The number of channels for sharing information on the Internet has skyrocketed exponentially since then. But the content of this blog still hangs around. 

Although the frequency of my posts diminished dramatically after joining Oracle six years ago, and my blog’s popularity in the IAM industry certainly waned, I still find it enjoyable to make my little contribution to the blogosphere every now and then.

It makes me wonder, what will the next eleven years bring?

 

Oracle Public Cloud Security

Cloud Computing, Information Security
Author: Mark Dixon
Friday, May 6, 2016
11:14 am

This morning, I read a recently published Oracle white paper, “Oracle Infrastructure and Platform Cloud Services Security”: 

This white paper focuses on shared and service-specific security capabilities of the following services: Oracle Compute Cloud Service, Oracle Storage Cloud Service, Oracle Network Cloud Service, Oracle Java Cloud Service, and Oracle Database Cloud Service – Enterprise Edition.

Oracle Cloud Services have been engineered from the ground up with security in mind. 

Security is a top priority for Oracle Cloud solutions. Oracle’s vision is to create the most secure and trusted public cloud infrastructure and platform services for enterprises and government organizations. Oracle’s mission is to build secure public cloud infrastructure and platform services where there is greater trust – where Oracle customers have effective and manageable security to run their workloads with more confidence, and build scalable and trusted secure cloud solutions.

Development of Oracle cloud services follows a rigorous methodology for incorporating security into all aspects of cloud services:

The Oracle Cloud Services development process follows the Oracle Software Security Assurance (OSSA) program. The OSSA is Oracle’s methodology for incorporating security into the design, building, testing, and maintenance of its services. From initial architecture considerations to service post-release, all aspects of cloud services development consider security.

However, despite this solId foundation of security in the Oracle Public Cloud, it was interesting to read about the “shared responsibility model” for information security:

Oracle Cloud infrastructure and platform services operate under a shared responsibility model, where Oracle is responsible for the security of the underlying cloud infrastructure, and you are responsible for securing your workloads as well as platform services such as Oracle Database and Oracle WebLogic Server. The following figure shows the shared security responsibilities.

The following diagram provides a good illustration of the shared security model:

Shared

This illustrates how customers can’t just “throw things into the cloud,” and hope all will be well. There are significant responsibilities associated with deploying enterprise workloads in the cloud, even when the cloud services provide a highly secure foundation.

 
 
 
 
Copyright © 2005-2013, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.