Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
The Convergence of Identities and the Internet of Things | @ThingsExpo #IoT #IIoT #M2M
Q&A with Merritt Maxim of Forrester

How Brands Should Prepare for the Convergence of Identities and the Internet of Things

Q&A with Merritt Maxim of Forrester

Anyone who knows me, knows that I’m extremely passionate about opportunities involving Internet of Things (IoT) – or should I call it Identity of Things – and what it will bring to end-consumers and businesses alike! The industry of connected devices is growing at a breakneck speed and consumers are getting more and more excited as they learn about the ever-expanding possibilities.

But are brands preparing themselves properly for IoT? Do they know the complexities involved?

I recently invited Merritt Maxim, Senior Analyst at Forrester Research, to join me for a webinar to discuss the importance of protecting customer identity data in the era of IoT. We covered such topics as:

  • Understanding the landscape of identity threat vulnerabilities and the impact of breaches on brand experience and customer loyalty
  • Managing the relationship between users and devices
  • Exploring case studies and best practices for protecting customer identity data

Merritt and I then had an opportunity to reflect a little more after our webinar…

Jim: What are the main security implications as Internet of Things is taking off?

Merritt: IoT-enabled connected devices create a range of security and privacy risks. First, IoT devices can increase risk to your company and brand because these devices expand your company’s potential attack surface. The increased attack surface can place your company’s core systems and data at risk, as was clearly demonstrated during the Mirai botnet in the fall of 2016. IoT security requires an end-to-end approach. IoT security must incorporate an end-to-end architecture from the IoT device to the cloud back end. While many security teams focus on securing the IoT device with technologies such as encryption, trusted execution environments, and other chip-level measures, security teams can’t implement these device-centric approaches in isolation. In many cases, IoT devices may operate autonomously, or semi-autonomously, and will not have a human identity involved to validate and authenticate actions. This means that the security teams need to place an equivalent level of emphasis and priority on securing network communications and the back-end data stores connected to IoT devices.

Jim: What are the right questions to ask when considering an IoT vendor or partner?

Merritt: When evaluating any IoT vendor or partner, a crucial consideration is the breadth and depth of the vendor’s IoT ecosystem. The reality today is that it is unlikely that any single technology vendor can address all enterprise requirements for an IoT solution. This places a premium on vendors that maintain or participate in a broader ecosystem of IoT products and services. Rich IoT ecosystems possess more partners and talent familiar working with the systems, which helps ease integration challenges and accelerate deployment times in a risk-appropriate manner. Security certifications are also emerging in importance, and while there is no single definitive IoT standard, certifications are still a useful measure on a given supplier’s commitment to data security.

Jim: With the merging of identities and connected devices, how are brands going to safeguard customer data and trust?

Merritt: Encryption is an absolute must. In IoT scenarios, encryption (whether on the data, the network, or both) is an essential IoT security best practice. And although encryption is necessary to meet the usual requirements around personal privacy and confidentiality, many IoT scenarios now involve automation of industrial, business, and personal processes. This may create business value, but it also introduces scenarios where breaching of these IoT systems can lead to destruction of property and equipment and even personal safety issues. The higher potential risks associated with IoT scenarios mandate encryption of data in motion and at rest and that the security team maintain appropriate key management processes and procedures to ensure integrity of the encryption keys.

In addition to securing the data in motion and at rest (on the device and in the cloud back end), brands must also provide adequate policies around usage and sharing of data that consumers can easily opt in or opt out of, thus providing customers the confidence that their data is being used and shared in an appropriate manner. When done correctly, such measures can reinforce customers’ perceptions toward individual brands.

Jim: How should IT departments prepare to support customer identities across connected devices?

Merritt: Organizations need to focus on the basics first. The first step would involve conducting a base assessment to identify which systems, devices, and users connect with or store valuable data, and prioritize those assets over all others. This ensures that any security alerts are prioritized based on risk.

Once the assessment is complete, a next step would involve investigating technologies such as strong device authentication controls to the identity of an IoT device and verifying its state. This could include usage of digital certificates/PKI to identify devices as authentic. The next layer would involve assessing how to enable end users to set policies on which actions, data collections, and software updates can be performed on a device and how such policies can be enforced across devices or across individuals (such as in a connected home environment, where there may only be one device but multiple family members with different levels of authorization.)

Another growing area of interest is assessing how analytics can be used to identify device and user behavior that may indicate security vulnerabilities and compromises, so that the security team can proactively respond to such possible breaches.

Jim: What are Forrester’s predictions about IoT trends this year?

Merritt: In 2017, we expect that hackers will continue to use IoT devices to promulgate distributed denial of service (DDoS) attacks and attack devices themselves. The biggest targets will likely be the hottest areas of IoT adoption, including:

  1. Fleet management in transportation
  2. Security and surveillance applications in government
  3. Inventory and warehouse management applications in retail
  4. Industrial asset management in primary manufacturing

The fact that many IoT solutions lack simple update and patching mechanisms exacerbates the security problem, making remediation of security vulnerabilities more challenging.

The continued rise of IoT threats will require security teams to collaborate more closely with developers to ensure the ability to release and deploy remediation quickly and prevent organizations, brands, and devices from becoming the 2017 poster child for IoT security incidents.

To hear more from our recent webinar on IoT, please watch the replay here. And if ever you’d like to have a meaty conversation on where the IoT industry is going, I’m always up for a chat!

Read the original blog entry...

About Jim Kaskade
Jim Kaskade currently leads Janrain, the category creator of Consumer Identity & Access Management (CIAM). We believe that your identity is the most important thing you own, and that your identity should not only be easy to use, but it should be safe to use when accessing your digital world. Janrain is an Identity Cloud servicing Global 3000 enterprises providing a consistent, seamless, and safe experience for end-users when they access their digital applications (web, mobile, or IoT).

Prior to Janrain, Jim was the VP & GM of Digital Applications at CSC. This line of business was over $1B in commercial revenue, including both consulting and delivery organizations and is focused on serving Fortune 1000 companies in the United States, Canada, Mexico, Peru, Chile, Argentina, and Brazil. Prior to this, Jim was the VP & GM of Big Data & Analytics at CSC. In his role, he led the fastest growing business at CSC, overseeing the development and implementation of innovative offerings that help clients convert data into revenue. Jim was also the CEO of Infochimps; Entrepreneur-in-Residence at PARC, a Xerox company; SVP, General Manager and Chief of Cloud at SIOS Technology; CEO at StackIQ; CEO of Eyespot; CEO of Integral Semi; and CEO of INCEP Technologies. Jim started his career at Teradata where he spent ten years in enterprise data warehousing, analytical applications, and business intelligence services designed to maximize the intrinsic value of data, servicing fortune 1000 companies in telecom, retail, and financial markets.

Latest AJAXWorld RIA Stories
DX World EXPO, LLC, a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the ...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structu...
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct ...
In his session at 21st Cloud Expo, James Henry, Co-CEO/CTO of Calgary Scientific Inc., introduced you to the challenges, solutions and benefits of training AI systems to solve visual problems with an emphasis on improving AIs with continuous training in the field. He explored app...
The question before companies today is not whether to become intelligent, it’s a question of how and how fast. The key is to adopt and deploy an intelligent application strategy while simultaneously preparing to scale that intelligence. In her session at 21st Cloud Expo, Sangeeta...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021


SYS-CON Featured Whitepapers
ADS BY GOOGLE