Welcome!

Wearables Authors: Carmen Gonzalez, Elizabeth White, Liz McMillan, Yeshim Deniz, Christopher Harrold

Related Topics: @ThingsExpo, @CloudExpo, @BigDataExpo

@ThingsExpo: Blog Post

The Convergence of Identities and the Internet of Things | @ThingsExpo #IoT #IIoT #M2M

Q&A with Merritt Maxim of Forrester

How Brands Should Prepare for the Convergence of Identities and the Internet of Things

Q&A with Merritt Maxim of Forrester

Anyone who knows me, knows that I’m extremely passionate about opportunities involving Internet of Things (IoT) – or should I call it Identity of Things – and what it will bring to end-consumers and businesses alike! The industry of connected devices is growing at a breakneck speed and consumers are getting more and more excited as they learn about the ever-expanding possibilities.

But are brands preparing themselves properly for IoT? Do they know the complexities involved?

I recently invited Merritt Maxim, Senior Analyst at Forrester Research, to join me for a webinar to discuss the importance of protecting customer identity data in the era of IoT. We covered such topics as:

  • Understanding the landscape of identity threat vulnerabilities and the impact of breaches on brand experience and customer loyalty
  • Managing the relationship between users and devices
  • Exploring case studies and best practices for protecting customer identity data

Merritt and I then had an opportunity to reflect a little more after our webinar…

Jim: What are the main security implications as Internet of Things is taking off?

Merritt: IoT-enabled connected devices create a range of security and privacy risks. First, IoT devices can increase risk to your company and brand because these devices expand your company’s potential attack surface. The increased attack surface can place your company’s core systems and data at risk, as was clearly demonstrated during the Mirai botnet in the fall of 2016. IoT security requires an end-to-end approach. IoT security must incorporate an end-to-end architecture from the IoT device to the cloud back end. While many security teams focus on securing the IoT device with technologies such as encryption, trusted execution environments, and other chip-level measures, security teams can’t implement these device-centric approaches in isolation. In many cases, IoT devices may operate autonomously, or semi-autonomously, and will not have a human identity involved to validate and authenticate actions. This means that the security teams need to place an equivalent level of emphasis and priority on securing network communications and the back-end data stores connected to IoT devices.

Jim: What are the right questions to ask when considering an IoT vendor or partner?

Merritt: When evaluating any IoT vendor or partner, a crucial consideration is the breadth and depth of the vendor’s IoT ecosystem. The reality today is that it is unlikely that any single technology vendor can address all enterprise requirements for an IoT solution. This places a premium on vendors that maintain or participate in a broader ecosystem of IoT products and services. Rich IoT ecosystems possess more partners and talent familiar working with the systems, which helps ease integration challenges and accelerate deployment times in a risk-appropriate manner. Security certifications are also emerging in importance, and while there is no single definitive IoT standard, certifications are still a useful measure on a given supplier’s commitment to data security.

Jim: With the merging of identities and connected devices, how are brands going to safeguard customer data and trust?

Merritt: Encryption is an absolute must. In IoT scenarios, encryption (whether on the data, the network, or both) is an essential IoT security best practice. And although encryption is necessary to meet the usual requirements around personal privacy and confidentiality, many IoT scenarios now involve automation of industrial, business, and personal processes. This may create business value, but it also introduces scenarios where breaching of these IoT systems can lead to destruction of property and equipment and even personal safety issues. The higher potential risks associated with IoT scenarios mandate encryption of data in motion and at rest and that the security team maintain appropriate key management processes and procedures to ensure integrity of the encryption keys.

In addition to securing the data in motion and at rest (on the device and in the cloud back end), brands must also provide adequate policies around usage and sharing of data that consumers can easily opt in or opt out of, thus providing customers the confidence that their data is being used and shared in an appropriate manner. When done correctly, such measures can reinforce customers’ perceptions toward individual brands.

Jim: How should IT departments prepare to support customer identities across connected devices?

Merritt: Organizations need to focus on the basics first. The first step would involve conducting a base assessment to identify which systems, devices, and users connect with or store valuable data, and prioritize those assets over all others. This ensures that any security alerts are prioritized based on risk.

Once the assessment is complete, a next step would involve investigating technologies such as strong device authentication controls to the identity of an IoT device and verifying its state. This could include usage of digital certificates/PKI to identify devices as authentic. The next layer would involve assessing how to enable end users to set policies on which actions, data collections, and software updates can be performed on a device and how such policies can be enforced across devices or across individuals (such as in a connected home environment, where there may only be one device but multiple family members with different levels of authorization.)

Another growing area of interest is assessing how analytics can be used to identify device and user behavior that may indicate security vulnerabilities and compromises, so that the security team can proactively respond to such possible breaches.

Jim: What are Forrester’s predictions about IoT trends this year?

Merritt: In 2017, we expect that hackers will continue to use IoT devices to promulgate distributed denial of service (DDoS) attacks and attack devices themselves. The biggest targets will likely be the hottest areas of IoT adoption, including:

  1. Fleet management in transportation
  2. Security and surveillance applications in government
  3. Inventory and warehouse management applications in retail
  4. Industrial asset management in primary manufacturing

The fact that many IoT solutions lack simple update and patching mechanisms exacerbates the security problem, making remediation of security vulnerabilities more challenging.

The continued rise of IoT threats will require security teams to collaborate more closely with developers to ensure the ability to release and deploy remediation quickly and prevent organizations, brands, and devices from becoming the 2017 poster child for IoT security incidents.

To hear more from our recent webinar on IoT, please watch the replay here. And if ever you’d like to have a meaty conversation on where the IoT industry is going, I’m always up for a chat!

Read the original blog entry...

More Stories By Jim Kaskade

Jim Kaskade currently leads Janrain, the category creator of Consumer Identity & Access Management (CIAM). We believe that your identity is the most important thing you own, and that your identity should not only be easy to use, but it should be safe to use when accessing your digital world. Janrain is an Identity Cloud servicing Global 3000 enterprises providing a consistent, seamless, and safe experience for end-users when they access their digital applications (web, mobile, or IoT).

Prior to Janrain, Jim was the VP & GM of Digital Applications at CSC. This line of business was over $1B in commercial revenue, including both consulting and delivery organizations and is focused on serving Fortune 1000 companies in the United States, Canada, Mexico, Peru, Chile, Argentina, and Brazil. Prior to this, Jim was the VP & GM of Big Data & Analytics at CSC. In his role, he led the fastest growing business at CSC, overseeing the development and implementation of innovative offerings that help clients convert data into revenue. Jim was also the CEO of Infochimps; Entrepreneur-in-Residence at PARC, a Xerox company; SVP, General Manager and Chief of Cloud at SIOS Technology; CEO at StackIQ; CEO of Eyespot; CEO of Integral Semi; and CEO of INCEP Technologies. Jim started his career at Teradata where he spent ten years in enterprise data warehousing, analytical applications, and business intelligence services designed to maximize the intrinsic value of data, servicing fortune 1000 companies in telecom, retail, and financial markets.

@ThingsExpo Stories
NHK, Japan Broadcasting, will feature the upcoming @ThingsExpo Silicon Valley in a special 'Internet of Things' and smart technology documentary that will be filmed on the expo floor between November 3 to 5, 2015, in Santa Clara. NHK is the sole public TV network in Japan equivalent to the BBC in the UK and the largest in Asia with many award-winning science and technology programs. Japanese TV is producing a documentary about IoT and Smart technology and will be covering @ThingsExpo Silicon Val...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the USA and Europe, we work with a variety of customers from emerging startups to Fortune 1000 companies.
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Analytic. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deli...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound e...
SYS-CON Events announced today that Grape Up will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company specializing in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the U.S. and Europe, Grape Up works with a variety of customers from emergi...
The age of Digital Disruption is evolving into the next era – Digital Cohesion, an age in which applications securely self-assemble and deliver predictive services that continuously adapt to user behavior. Information from devices, sensors and applications around us will drive services seamlessly across mobile and fixed devices/infrastructure. This evolution is happening now in software defined services and secure networking. Four key drivers – Performance, Economics, Interoperability and Trust ...
@ThingsExpo has been named the Most Influential ‘Smart Cities - IIoT' Account and @BigDataExpo has been named fourteenth by Right Relevance (RR), which provides curated information and intelligence on approximately 50,000 topics. In addition, Right Relevance provides an Insights offering that combines the above Topics and Influencers information with real time conversations to provide actionable intelligence with visualizations to enable decision making. The Insights service is applicable to eve...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.