The immense distances and intense beauty in the universe never cease to amaze me.  The following image of the Butterfly Nebula is today’s NASA photograph.

The bright clusters and nebulae of planet Earth’s night sky are often named for flowers or insects. Though its wingspan covers over 3 light-years, NGC 6302 is no exception. With an estimated surface temperature of about 250,000 degrees C, the dying central star of this particular planetary nebula has become exceptionally hot, shining brightly in ultraviolet light but hidden from direct view by a dense torus of dust.

This sharp and colorful close-up of the dying star’s nebula was recorded in 2009 by the Hubble Space Telescope’s Wide Field Camera 3, installed during the final shuttle servicing mission. Cutting across a bright cavity of ionized gas, the dust torus surrounding the central star is near the center of this view, almost edge-on to the line-of-sight. Molecular hydrogen has been detected in the hot star’s dusty cosmic shroud. NGC 6302 lies about 4,000 light-years away in the arachnologically correct constellation of the Scorpion (Scorpius).

Oh, the irony of our crazy industry!  Back in 2009, I blogged about a book entitled, “The Big Switch:  Re-wiring the World, from Edison to Google,” by Nicholas Carr.  This book proposed that the shift from traditional data center computing to a utility-based computing model will follow the same general trend that electricity generation followed – from a model of each individual factory maintaining its own electricity generation capability to our current utility-based electricity generation and grid delivery model. 

Today I read an intriguing article, “What’s threatening utilities: Innovation at the edge of the grid,” which proposed:

… utilities are structured to treat electricity as a commodity, produced in central power plants and delivered to consumers over long distances in a one-way transaction, with price and reliability of supply the sole concerns.  None of that is working anymore. Lots of forces are conspiring to put the current arrangement under stress, but the most important, in my mind, is a wave of innovation on the “distribution edge” of the grid.

Just think … at the same time as utility-style cloud computing is being hyped as the greatest trend in technology, the electrical utility industry is being decentralized to accommodate both generation and consumption at the edge!

One thing is certain.  Wait a few years and things will change some more!

Of the many articles I read today, which one piqued my interest the most? “Google Launches Mobile Backend Starter, A One-Click Deployable Cloud Backend For Android Apps.”

Mobile Backend Starter provides developers with a one-click deployable mobile backend and a client-side framework for Android that provides them with storage services, access to Google Cloud Messaging, continuous queries and Google’s authentication and authorization features. (emphasis mine)

 

Why is this important?  I can think of at least 4 reasons:

1. If this is the easiest way for developers to embed authentication and authorization functionality into their apps, guess which method they will choose?
2. If it is easy to exploit back end services from mobile apps, emerging apps will ail be richer in functionality and content, because app developers will focus on real application innovation, rather than re-inventing the AuthN/AuthZ wheel.
3. Google’s quest to become Identity Provider for the world just took a big step forward.  If app developers can easily rely on Google AuthN/AuthZ, other companies that aspire to be IDPs will be playing catch up.
4. This pattern of easy-to-use backend infrastructure available to developers could revolutionize application development as we know it – not just mobile apps.

The obvious question is “where are you, Apple?”  But a bigger question is for all of us engaged in enterprise IAM, “how will we quickly adapt to this model?”

Back on April 3rd, when I launched my personal Yellow Jeep weightloss project, I weighed in at a humongous 313 pounds.  Last week, before I headed to Idaho to visit my parents, I had dropped 24 pounds, down to 289.  This morning, after returning home to my trusty scales, my weight had dropped another two pounds to 287.  It is working!

The extra motivation I felt after publicly launching the Yellow Jeep Project  Facebook page last Saturday helped me weather some rough spots and kept my attention focused on the goal.

Thanks to everyone who has shared good wishes and words of encouragement.  As of this afternoon, 80 people had liked the Yellow Jeep Facebook page.  118 people had liked or mentioned posts related to the topic.  The response has been wonderful!

So now … onward and upward!  I am really going to do it this time!

On April 3, 2013, I weighed in at 313 pounds – way beyond where I should be. I set a goal to reach 200 pounds within one year. When I reach that goal, I will buy a yellow jeep to reward my success.

I am down below 290 now, but still have a long ways to go. If you would care to help motivate me towards my goal, please like my Yellow Jeep Project Facebook page and post pictures of yellow jeeps on that page. I’ll post my progress every week to let you know how I am doing.

Thanks for your help! I’d love to take you on a ride in my new jeep.

Paul Madsen posted an excellent article today, “Identity, Application Models and the Internet of Things,” recommending that the prevailing application development model move back to the browser and away from native apps.  He references another excellent article by Scott Jenson, “Mobile Apps Must Die,” which holds that because we use so many native mobile apps, they are “becoming too much trouble to organize and maintain,” and that the native app model, “just can’t take advantage of new opportunities.”

Paul observed how, with the prevailing native app model, the “Internet of things would push us to have 1000s of native applications on our devices, but that would place a completely unrealistic management burden on the User.”

I agree that managing large numbers of apps is becoming very burdensome and counterproductive. Each airline I fly has its own app. Each store I frequent has its own app.  I have apps upon apps upon apps.

I propose, however, that just focusing back on browser apps doesn’t completely solve the problem, particularly with the Internet of Things.  A big problem is the narrow siloed focus of so many apps.

I recently bought a Fitbit device to track all the steps I take and stairs I climb.  It is a nice little device that syncs automatically with an app on my iPhone.  I can also use that app to record food I eat and water I drink along with the automatic recording of steps and stairs.  

However, the app covers only a fairly narrow silo of functionality.  If I want to record other vital statistics (e.g blood pressure or blood glucose), it takes another app.  If I want to record my workout at the gym with any degree of granularity, it takes another app.  Of course, every app has a different concept of my identity. Not good.

Paul’s discussion of a an app to monitor his toaster begs the question – why should I have an app (either web or otherwise) for every device in my house?  Doesn’t it make more sense to have a “home management” app that accommodates toasters, fridges, thermostats, smoke alarms or whatever other Internet connected things may be available?

I propose that we need a new app paradigm that retains the great user interface characteristics of native apps, the “just in time” model of discovery and use that Paul and Scott recommend, coupled with a more integrated approach to solving real life, but more complex use cases.

 

Yesterday, I was introduced to a recently-published 90+ page report, “The Report of the Commission on the Theft of American Intellectual Property.”

The Commission on the Theft of American Intellectual Property is an independent and bipartisan initiative of leading Americans from the private sector, public service in national security and foreign affairs, academe, and politics. The three purposes of the Commission are to:

1. Document and assess the causes, scale, and other major dimensions of international intellectual property theft as they affect the United States
2. Document and assess the role of China in international intellectual property theft
3. Propose appropriate U. S. policy responses that would mitigate ongoing and future damage and obtain greater enforcement of intellectual property rights by China and other infringers

The members of this commission represent an interesting cross section of private and public sector leaders:

• Dennis C. Blair (co-chair), former Director of National Intelligence and Commander in Chief of the U. S. Pacific Command
• Jon M. Huntsman, Jr. (co-chair), former Ambassador to China, Governor of the state of Utah, and Deputy U. S. Trade Representative
• Craig R. Barrett, former Chairman and CEO of Intel Corporation
• Slade Gorton, former U. S. Senator from the state of Washington, Washington Attorney General, and member of the 9-11 Commission
• William J. Lynn III, CEO of DRS Technologies and former Deputy Secretary of Defense
• Deborah Wince-Smith, President and CEO of the Council on Competitiveness
• Michael K. Young, President of the University of Washington and former Deputy Under Secretary of State

The report addresses the huge scale of intellectual property theft – involving hundreds of billions of dollars and huge impact on ongoing innovation:

The scale of international theft of American intellectual property (IP) is unprecedented—hundreds of billions of dollars per year, on the order of the size of U. S. exports to Asia. The effects of this theft are twofold. The first is the tremendous loss of revenue and reward for those who made the inventions or who have purchased licenses to provide goods and services based on them, as well as of the jobs associated with those losses. American companies of all sizes are victimized. The second and even more pernicious effect is that illegal theft of intellectual property is undermining both the means and the incentive for entrepreneurs to innovate, which will slow the development of new inventions and industries that can further expand the world economy and continue to raise the prosperity and quality of life for everyone. Unless current trends are reversed, there is a risk of stifling innovation, with adverse consequences for both developed and still developing countries. The American response to date of hectoring governments and prosecuting individuals has been utterly inadequate to deal with the problem.

The report recommends several short, medium and long term remedies, including public policy, legislation, public/private cooperation and advances in cyber security technology and processes.

In the last category, I was interested to read the following observation (emphasis mine):

Even the best security systems using vulnerability-mitigation measures, including those with full-time dedicated operations centers, cannot be relied on for protection against the most highly skilled targeted hackers. A network exists in order to share information with authorized users, and a targeted hacker, given enough time, will always be able to penetrate even the best network defenses.

Effective security concepts against targeted attacks must be based on the reality that a perfect defense against intrusion is impossible. The security concept of threat-based deterrence is designed to introduce countermeasures against targeted hackers to the point that they decide it is no longer worth making the attacks in the first place. In short, it reverses the time, opportunity, and resource advantage of the targeted attacker by reducing his incentives and raising his costs without raising costs for the defender. Conceptual thinking about and effective tools for threat-based deterrence are in their infancy, but their development is a very high priority both for the U. S. government and for private companies.

The observation that “a perfect defense against intrusion is impossible,” is chilling.  What is to be done?

The report’s recommendation to battle this challenge:

Encourage adherence to best-in-class vulnerability-mitigation measures by companies and governments in the face of an evolving cybersecurity environment. Despite their limited utility against skilled and persistent targeted hackers, computer security systems still need to maintain not only the most up-to-date vulnerability-mitigation measures, such as firewalls, password-protection systems, and other passive measures.

They should also install active systems that monitor activity on the network, detect anomalous behavior, and trigger intrusion alarms that initiate both network and physical actions immediately. This is a full-time effort. Organizations need network operators “standing watch” who are prepared to take actions based on the indications provided by their systems, and who keep a “man in the loop” to ensure that machine responses cannot be manipulated.

Organizations need to have systems—software, hardware, and staff—to take real-time action to shut down free movement around the house, lock inside doors, and immobilize attackers once the alarms indicate that an intrusion has started. Some government agencies and a few corporations have comprehensive security systems like this, but most do not.

The bottom line is that Intellectual Property espionage is a huge problem with no simple solutions.  Technology alone cannot solve the problem.  There are major social, political, economic and cultural challenges that must be addressed. But we in the information security business have our work cut out for us.

Last Friday afternoon, at the invitation of Doug Brunke of GrowthNation, I was privileged to attend a private showing of the SolarImpulse airplane during its stop in Phoenix along its Across America tour.

What a delightful experience!  More than just a fun scientific excursion, to me this was a celebration of innovation, dedication and profound enthusiasm for conquering the impossible.  Bertrand Piccard, co-founder and chairman of SolarImpulse has stated:

Adventure is not necessarily a spectacular deed, but rather an “extra-ordinary” one, meaning something that pushes us outside our normal way of thinking and behaving. Something that forces us to leave the protective shell of our certainties, within which we act and react automatically. Adventure is a state of mind in the face of the unknown, a way of conceiving our existence as an experimental field, in which we have to develop our inner resources, climb our personal  path of evolution and assimilate the ethical and moral values that we need to accompany our voyage.

The solar powered airplane, with a wingspan of 208 feet, uses 2,000 square feet of solar panels to power its flight and charge its batteries, so it can fly both during the day and at night.  It completed a 26 hour day and night flight in 2010.  A second generation aircraft, currently under construction, is scheduled to attempt an around the world flight in 2015.

Besides viewing the airplane and talking to engineers who were preparing for the next leg or its journey to Dallas, Texas, we were addressed by Dr. Piccard and the second pilot, André Borschberg, “an engineer and graduate in management science, a fighter pilot and a professional airplane and helicopter pilot, is the co-founder and CEO.” I found their messages challenging and enlightening.  I applaud their innovation and tenacity.

Several photos I took during the tour have been uploaded to SmugMug if you would care to take a look.

As I reviewed news stories about the tragic Oklahoma tornado, I couldn’t help but notice the stark contrast between a photo taken from far away and one taken up close and personal.  The first photo is from NASA: “The image was captured on May 20, 2013, at 19:40 UTC (2:40 p.m. CDT) as the tornado began its deadly swath.”

The second is from a CBS News account on the day the storm hit: “A child is pulled from the rubble of the Plaza Towers Elementary School in Moore, Okla., and passed along to rescuers Monday, May 20, 2013.”

My thoughts and prayers go out to the people who are struggling to cope with the aftermath of this huge disaster.  How wonderful to hear stories of the many, many people who are giving personal, selfless service to help the good people of Oklahoma.

I like the diagram Mark O’Neill of Vordel put in a recent post, “Identity is the New Perimeter.” That phrase has been floating around for some time, but I think this diagram illustrates the concept in the simplest, clearest way I have seen:

The article does a good job of describing this new way of looking at security.  As Mark mentioned in the post, Bill Gates once said, “security should be based on policy, not topology.”