In the flurry of news surrounding Google’s acquisition of Nest on Monday, I was particularly intrigued by the following graph from Business Insider   Specifically, the combination of 8 billion Internet of Things devices and 6 billion mobile devices (smart phones and tablets) projected for 2018 gave me pause.

I believe the real value of these expanding markets comes from the combination of the IoT and Mobile segments.  IoT technology progressively enables us to instrument and automate many areas in our daily lives; Tablets and Smartphones provide our primary windows into that instrumented and automated world.  The possibilities are limitless.

Oracle recently released a white paper entitled, “Oracle Access Manager Mobile and Social, A Case Study – Piggy Bank.”  This white paper outlines the use of the Mobile and Social component of the Oracle Access Management platform.  Mobile and Social provides a simple means to integrate Mobile applications with the security capabilities provided by Oracle’s Identity and Access Management platform.

The white paper:

discusses the effort involved in executing a Proof of Concept with a major international bank. While the PoC exercise was real and the requirements described in this paper implemented, certain details have been changed to protect the identity of the bank and its security architecture and simplified for those new to OAM Mobile and Social.

The Proof of Concept detailed in this white paper involved three main tasks:

1. creating a simple electronic banking application
2. the REST/JSON services for the application
3. securing the application and services with the Oracle IAM technology stack.

The “Piggy Bank” represents the bank for which the Proof of Concept was completed.  The basic PoC architecture is shown below:

 

The white paper does a good job of outlining just what is necessary to configure the components in this architecture.

The white paper concludes:

While the PiggyBank application is quite simple, it illustrates the power and capabilities of the Oracle Identity and Access Management platform including Oracle Access Manager, Oracle Adaptive Access Manager and some of the Mobile and Social Services. By using the OAM Mobile and Social SDK a fully functional mobile e-Banking application was created and secured in a very short time, without the need to install and configure any additional software and without the need to write complex code to secure the mobile App and its communication to the services it uses. 

A customer with an existing security infrastructure based on Oracle Access Manager and Adaptive Access Manager can easily deploy Oracle Mobile and Social to extend the same security capabilities to mobile applications. By using the Mobile and Social SDK customers can seamlessly integrate security into their native Apps on popular mobile platforms including iOS and Android.

The need for secure mobile access is already huge and growing rapidly.   The Oracle Mobile and Social product goes a long way towards meeting that demand.

 

 

Last Week, on Thursday, March 7th, the second @OracleIDM Tweet Chat (AKA Tweet Jam) was held. It was great to participate with many others on this lively and informative chat. The Chat Archive for #MobileIDM has been posted here for review.

Please join me and other interested identerati on a live Tweet Chat  about Mobile Identity Management trends and security challenges.

Amit Jasuja, Senior Vice President, Development - Identity Management and Security Products, will host the chat via @OracleIDM.

When?  Tomorrow, March 7th, at 9:00am PST

Please use hashtag #mobileidm in your tweets.

Our last Tweet Chat  (or was it Tweet Jam?) was a great success.  Let’s make this one even better.

This week’s Oracle Information InDepth Security newsletter, “Inside Out Edition,” featured comments from Vadim Lander, Oracle’s chief identity architect on key trends that will shape identity management in 2013 and beyond. The trends he described are:

1. Mobility Is Gaining Momentum
2. Identity Management as a Service Is Emerging
3. A Trend Towards Portable Identity
4. Authentication Services Are Evolving
5. Organizations Continue to Move from Silos to Centralized Systems

I was particularly intrigued by his comments on portable identity:

I expect Oracle customers using Oracle applications via SaaS will increasingly use their Oracle Cloud identity as the identity for a chunk of their user populations, rather than trying to maintain multiple identities in their on-premises system.  Since Oracle is already maintaining a cloud identity for every Oracle Cloud user, that identity is portable as far as the user is concerned. Even if users leave the organization, their Oracle identity can still belong to them as they change jobs. Just as your Google or Facebook identity can provide portability, your Oracle identity may be able to provide the equivalent in a business context.

Oracle as businss IdP?  Intriguing thought.

Sometimes I’m tempted to ditch my mobile phone, but frankly, I would feel naked without one. What will Ziggy do?

Yesterday’s announcement that Intel would pay $7.68 billion for McAfee, Inc. triggered a couple of instant thoughts:

1. McAfee has come a long way from when I first met founder John McAfee in the early 1990’s in a small, cluttered office in Santa Clara.
2. Intel/McAfee: What strange bedfellows!

According the Wall Street Journal article where I first read the news, Intel executives were bullish (as they should have been, after laying nearly $8 billion on the table in a surprise deal.)

“Intel executives argued growing security dangers require new measures, describing the acquisition as an essential step to design chips and other hardware that can protect systems better than software alone. …

"’We believe security will be most effective when enabled in hardware,’ Intel Chief Executive Paul Otellini said in a conference call.

In Yahoo press coverage, Mr. Otellini is quoted:

"Everywhere we sell a microprocessor, there’s an opportunity for a security software sale to go with it … It’s not just the opportunity to co-sell, it’s the opportunity to deeply integrate these into the architecture of our products."

Business week’s analysis was a bit less upbeat:

“Intel will have to persuade customers they need security in non-PC electronics in much the same way it has convinced businesses and consumers that they required chips that speed computing tasks or ensure seamless wireless connections.

“’Right now nobody is screaming for security in their cars and in their cell phones,’ said Gartner’s Peter Firstbrook.”

Forrester Research’s Andrew Jaquith was downright negative:

“What on earth does Intel expect to get for all of the money it is spending on McAfee? I’ve been scratching my head over this, and despite McAfee CTO George Kurtz’ helpful blog post, I am still struggling to figure this one out. …

“I see four problems with Intel’s strategy (at least as much as I can glean, so far):

• Neither Intel nor McAfee are serious players in the mobility market …
• Intel’s hardware platform strategy will not work. …
• Intel doesn’t understand software. …
• The security aftermarket will be very different on Post-PC devices. …”

What do I think?

1. I agree that security at the chip level is part of an integrated end-to-end security chain that will be essential in the mobile market, especially as mobile devices are enabled for mobile payments and other high-value functions.
2. I wonder why Intel had to buy a whole company to get the security expertise necessary to build in security at the silicon level.  Maybe McAfee has some diamonds in the rough hidden away in the R&D lab that will justify Intel’s big acquisition.
3. This very visible acquisition highlights the critical need for Information Security, a topic that is near to my heart.

What do you think?