Ready to monitor, track and analyze employee behavior using the latest IoT technology? Just ask Dilbert (aka Employee 3452378).
Author: Mark Dixon
Thursday, December 19, 2013
Kuppinger Cole just released an insightful Advisory Note: “Information Security Predictions and Recommendations 2014.” The introduction stated:
Information Security is in constant flux. With the changing threat landscape, as well as a steary stream of new innovations, demand for Information Security solutions is both growing and re-focusing.
I like both the predictions and recommendations in this report. Here are a few excerpts from my favorite recommendations:
Cloud IAM (Identity and Access Management)
Define an IAM strategy for dealing with all types of users, devices, and deployment models that integrates new Cloud IAM solutions and existing on-premise IAM seamlessly.
Before entering this brave, new world of the API “Economy”, define your security concept first and invest in API Security solutions. Security can’t be an afterthought in this critical area.
IoEE (Internet of Everything and Everyone)
Before starting with IoEE, start with IoEE security. IoEE requires new security concepts, beyond traditional and limited approaches.
Encryption only helps when it is done consistently, without leaving severe gaps.
The whole paper is well worth reading. Hopefully, this post whetted your appetite a little bit.
This evening, I finished reading a fascinating book, “Age of Context: Mobile, Sensors, Data and the Future of Privacy,” by Robert Scoble and Shel Israel.
Scoble and Israel propose that we are in the midst of a perfect storm:
Our perfect storm is composed not of three forces, but five, and they are technological rather than meteorological: mobile devices, social media, big data, sensors and location-based services. … they’re already causing disruption and making waves. As discrete entities, each force is already part of your life. Together, they have created the conditions for an unstoppable perfect storm of epic proportion: the Age of Context.
I have long been fascinated with the concept of context. I first mentioned context as an important factor in Identity Management in July, 2005, as I blogged about the Catalyst Conference. During my years with Sun Microsystems, we often spoke about “context-aware, blended services” being delivered via mobile devices. For example, in September, 2008, one of my blog posts entitled, “Sensor-triggered Personalized Services,” stated, in part:
Project Destination, an initiative I lead for Sun, is all about providing the infrastructure to deliver highly personalized, context-aware, blended services to online users across the “screens of your life.” When you couple sensor technologies with Identity, personalization and service orchestration techniques, you can get some powerful results.
It is great to see the progression and refinement of that concept. I sense we are barely scratching the surface of possibilities in this arena. Lot of fun ahead!
In his keynote speech at Oracle Open World today, Dr. Thomas Kiessling, Chief Product and Innovation Officer of Deutsche Telekom reviewed his company’s emerging business in M2M. One use case he described has been referred to in some circles as the “Connected Cow.” Current technology allows dairy cows to be electronically tagged for identification and equipped with temperature sensors to detect the optimum time for breeding. This can help big dairies be more efficient and productive.
When I grew up on a small dairy farm in Idaho, we weren’t nearly so high tech! But now, as we grapple with the challenges of how to administer the expanding universe of people and devices in the Internet of Things, we should also think about how to connect cows and other animals to the Internet! After milk cows, what will be next? Dogs and cats? Pet hamsters?
But I wonder how we would establish identity trust relationships with all these connected creatures!
Author: Mark Dixon
Friday, August 9, 2013
Today I read an informative paper published by GigaOM Research entitled, “The Internet of Things: A Market Landscape.” I find The Internet of Things to be the most interesting area of technology and business in my professional world today. This paper did an excellent job of providing an overview of the IoT landscape and highlighting both opportunities and challenges.
A few things that I found intriguing:
IoT is not just new technology:
The internet of things is not a single technology trend. Rather, it is a way of thinking about how the physical world at large and the objects, devices, and structures within it are becoming increasingly interconnected.
The market is moving rapidly to mind-boggling scale:
- Some 31 billion internet-connected devices will exist by 2020, according to Intel.
- A family of four will move from having 10 connected devices in 2012 to 25 in 2017 to 50 in 2022.
- Mobile subscriptions will exceed the number of people in the world by early 2014.
Identity is first on the list of important characteristics:
For things to be manageable, they need to be identifiable either in terms of type or as a unique entity. … Identification by type or by instance is fundamental to the internet of things.
The power of IoT comes from connectivity, not just individual components:
The internet of things is an ultra-connected environment of capabilities and services, enabling interaction with and among physical objects and their virtual representations, based on supporting technologies such as sensors, controllers, or low-powered wireless as well as services available from the wider internet.
The biggest challenges? Security, monitoring and surveillance:
Computer security, say the experts, boils down to protecting the confidentiality, integrity, and availability of both data and services. With the internet of things looking set to create all manner of data, from heart rate and baby monitors to building management systems, there is clearly going to be a great deal to protect. …
The internet of things enables the whole world to be monitored. … the potential for the inappropriate use of such technologies — for example, to spy on partners or offspring — will grow. In the business context as well, the role of the internet of things offers a wealth of opportunity but also of abuse.
The bottom line? The possibilities are vast, the challenges daunting, but IoT is happening. It will be great to go along for the ride.
Author: Mark Dixon
Tuesday, August 6, 2013
This afternoon I completed a second step in an interesting exercise. A couple of months ago, after reading about various alternative currencies, such as BitCoin, I signed up for an account with Ripple.com which was born of an idea to use a decentralized currency system, base on the Ripple protocol for a payment network:
In its developed form, the Ripple network is intended to be a peer-to-peer distributed social network service with a monetary honour system based on trust that already exists between people in real-world social networks; this form is financial capital backed completely by social capital.
Ripple uses the Ripple currency, XRP (sometimes called ripples).
I don’t understand the potential uses or the pros and cons of such a network, but I thought it would be interesting to see how they handled security and identity.
As of this afternoon, I now have a Ripple wallet at Ripple.com, and an account at SnapSwap, a new US-based Ripple gateway, that is linked to a personal bank account. I have 2,500 Ripples in my wallet, placed there as rewards for signing up with Ripple.com and SnapSwap. I think at the current exchange rate, all those Ripples are worth about USD $10.
Somehow in this system, I am supposed to be able to exchange dollars for ripples and vise versa, but I haven’t figured out why I would want to. Any ideas?
Author: Mark Dixon
Thursday, August 1, 2013
A link to an uplifting post by Tony Robbins caught my eye this morning – a post about Identity, but not about the digital type – about how we define ourselves. I was inspired by these words from the post, “The Meaning of Life: Finding your True Identity:”
People have enormous capabilities beyond what’s thought to be possible. The power to tap into our tremendous potential comes from our identity: how we define ourselves, and what believe we can achieve.
Six “Key Principles of Identity” are proposed:
- Identity is the most important power that determines our actions.
- Once we know who we are, we must learn to be ourselves.
- Sometimes, people maintain the illusion that their behavior decides who they really are.
- When you take responsibility, you restore your identity.
- The fastest way to expand our identity is to do something that’s inconsistent with our current self-image.
- Our personal identities are in a constant state of evolution.
Knowing who I am is foundational for my life. I really believe that.
Author: Mark Dixon
Friday, July 19, 2013
Today I had a very thought provoking Twitter exchange. It started when I read the article, “GE just invented the first ‘internet of things’ device you’ll actually want to own.” Rather than tweeting the title of that article, I chose to quote a phrase deep in the article:
“pretty soon just about everything we own will have some degree of self-awareness” http://t.co/ZtySg70wMf #IoT
Quite quickly, I received two responses, which were really from the same person. Paul Roberts, tweeting both from his personal account @paulfroberts and his professional account @securityledger, responded:
@mgd “everything we own” but nobody we know, unfortunately!
Could it be that as we instrument our lives more completely in order to connect more efficiently with THINGS, we lose touch with PEOPLE we know?
It is ironic that rather than having this discussion face to face with anyone I know, I am sequestered in my home office communicating virtually with folks in cyberspace. Am I really IN TOUCH more, or progressively OUT OF TOUCH?
Somehow, I believe we can achieve balance in all of this – seeking to capture the good in IoT and virtual connections while not abandoning the real-world relationships we hold dear.
Oh, the irony of our crazy industry! Back in 2009, I blogged about a book entitled, “The Big Switch: Re-wiring the World, from Edison to Google,” by Nicholas Carr. This book proposed that the shift from traditional data center computing to a utility-based computing model will follow the same general trend that electricity generation followed – from a model of each individual factory maintaining its own electricity generation capability to our current utility-based electricity generation and grid delivery model.
Today I read an intriguing article, “What’s threatening utilities: Innovation at the edge of the grid,” which proposed:
… utilities are structured to treat electricity as a commodity, produced in central power plants and delivered to consumers over long distances in a one-way transaction, with price and reliability of supply the sole concerns. None of that is working anymore. Lots of forces are conspiring to put the current arrangement under stress, but the most important, in my mind, is a wave of innovation on the “distribution edge” of the grid.
Just think … at the same time as utility-style cloud computing is being hyped as the greatest trend in technology, the electrical utility industry is being decentralized to accommodate both generation and consumption at the edge!
One thing is certain. Wait a few years and things will change some more!
Author: Mark Dixon
Monday, June 3, 2013
Of the many articles I read today, which one piqued my interest the most? “Google Launches Mobile Backend Starter, A One-Click Deployable Cloud Backend For Android Apps.”
Mobile Backend Starter provides developers with a one-click deployable mobile backend and a client-side framework for Android that provides them with storage services, access to Google Cloud Messaging, continuous queries and Google’s authentication and authorization features. (emphasis mine)
Why is this important? I can think of at least 4 reasons:
- If this is the easiest way for developers to embed authentication and authorization functionality into their apps, guess which method they will choose?
- If it is easy to exploit back end services from mobile apps, emerging apps will ail be richer in functionality and content, because app developers will focus on real application innovation, rather than re-inventing the AuthN/AuthZ wheel.
- Google’s quest to become Identity Provider for the world just took a big step forward. If app developers can easily rely on Google AuthN/AuthZ, other companies that aspire to be IDPs will be playing catch up.
- This pattern of easy-to-use backend infrastructure available to developers could revolutionize application development as we know it – not just mobile apps.
The obvious question is “where are you, Apple?” But a bigger question is for all of us engaged in enterprise IAM, “how will we quickly adapt to this model?”