Welcome!

Wearables Authors: Elizabeth White, Liz McMillan, Pat Romanski, Yeshim Deniz, Rostyslav Demush

Related Topics: @ThingsExpo, @CloudExpo, @DXWorldExpo

@ThingsExpo: Blog Feed Post

The Convergence of Identities and the Internet of Things | @ThingsExpo #IoT #IIoT #M2M

Q&A with Merritt Maxim of Forrester

How Brands Should Prepare for the Convergence of Identities and the Internet of Things

Q&A with Merritt Maxim of Forrester

Anyone who knows me, knows that I’m extremely passionate about opportunities involving Internet of Things (IoT) – or should I call it Identity of Things – and what it will bring to end-consumers and businesses alike! The industry of connected devices is growing at a breakneck speed and consumers are getting more and more excited as they learn about the ever-expanding possibilities.

But are brands preparing themselves properly for IoT? Do they know the complexities involved?

I recently invited Merritt Maxim, Senior Analyst at Forrester Research, to join me for a webinar to discuss the importance of protecting customer identity data in the era of IoT. We covered such topics as:

  • Understanding the landscape of identity threat vulnerabilities and the impact of breaches on brand experience and customer loyalty
  • Managing the relationship between users and devices
  • Exploring case studies and best practices for protecting customer identity data

Merritt and I then had an opportunity to reflect a little more after our webinar…

Jim: What are the main security implications as Internet of Things is taking off?

Merritt: IoT-enabled connected devices create a range of security and privacy risks. First, IoT devices can increase risk to your company and brand because these devices expand your company’s potential attack surface. The increased attack surface can place your company’s core systems and data at risk, as was clearly demonstrated during the Mirai botnet in the fall of 2016. IoT security requires an end-to-end approach. IoT security must incorporate an end-to-end architecture from the IoT device to the cloud back end. While many security teams focus on securing the IoT device with technologies such as encryption, trusted execution environments, and other chip-level measures, security teams can’t implement these device-centric approaches in isolation. In many cases, IoT devices may operate autonomously, or semi-autonomously, and will not have a human identity involved to validate and authenticate actions. This means that the security teams need to place an equivalent level of emphasis and priority on securing network communications and the back-end data stores connected to IoT devices.

Jim: What are the right questions to ask when considering an IoT vendor or partner?

Merritt: When evaluating any IoT vendor or partner, a crucial consideration is the breadth and depth of the vendor’s IoT ecosystem. The reality today is that it is unlikely that any single technology vendor can address all enterprise requirements for an IoT solution. This places a premium on vendors that maintain or participate in a broader ecosystem of IoT products and services. Rich IoT ecosystems possess more partners and talent familiar working with the systems, which helps ease integration challenges and accelerate deployment times in a risk-appropriate manner. Security certifications are also emerging in importance, and while there is no single definitive IoT standard, certifications are still a useful measure on a given supplier’s commitment to data security.

Jim: With the merging of identities and connected devices, how are brands going to safeguard customer data and trust?

Merritt: Encryption is an absolute must. In IoT scenarios, encryption (whether on the data, the network, or both) is an essential IoT security best practice. And although encryption is necessary to meet the usual requirements around personal privacy and confidentiality, many IoT scenarios now involve automation of industrial, business, and personal processes. This may create business value, but it also introduces scenarios where breaching of these IoT systems can lead to destruction of property and equipment and even personal safety issues. The higher potential risks associated with IoT scenarios mandate encryption of data in motion and at rest and that the security team maintain appropriate key management processes and procedures to ensure integrity of the encryption keys.

In addition to securing the data in motion and at rest (on the device and in the cloud back end), brands must also provide adequate policies around usage and sharing of data that consumers can easily opt in or opt out of, thus providing customers the confidence that their data is being used and shared in an appropriate manner. When done correctly, such measures can reinforce customers’ perceptions toward individual brands.

Jim: How should IT departments prepare to support customer identities across connected devices?

Merritt: Organizations need to focus on the basics first. The first step would involve conducting a base assessment to identify which systems, devices, and users connect with or store valuable data, and prioritize those assets over all others. This ensures that any security alerts are prioritized based on risk.

Once the assessment is complete, a next step would involve investigating technologies such as strong device authentication controls to the identity of an IoT device and verifying its state. This could include usage of digital certificates/PKI to identify devices as authentic. The next layer would involve assessing how to enable end users to set policies on which actions, data collections, and software updates can be performed on a device and how such policies can be enforced across devices or across individuals (such as in a connected home environment, where there may only be one device but multiple family members with different levels of authorization.)

Another growing area of interest is assessing how analytics can be used to identify device and user behavior that may indicate security vulnerabilities and compromises, so that the security team can proactively respond to such possible breaches.

Jim: What are Forrester’s predictions about IoT trends this year?

Merritt: In 2017, we expect that hackers will continue to use IoT devices to promulgate distributed denial of service (DDoS) attacks and attack devices themselves. The biggest targets will likely be the hottest areas of IoT adoption, including:

  1. Fleet management in transportation
  2. Security and surveillance applications in government
  3. Inventory and warehouse management applications in retail
  4. Industrial asset management in primary manufacturing

The fact that many IoT solutions lack simple update and patching mechanisms exacerbates the security problem, making remediation of security vulnerabilities more challenging.

The continued rise of IoT threats will require security teams to collaborate more closely with developers to ensure the ability to release and deploy remediation quickly and prevent organizations, brands, and devices from becoming the 2017 poster child for IoT security incidents.

To hear more from our recent webinar on IoT, please watch the replay here. And if ever you’d like to have a meaty conversation on where the IoT industry is going, I’m always up for a chat!

Read the original blog entry...

More Stories By Jim Kaskade

Jim Kaskade currently leads Janrain, the category creator of Consumer Identity & Access Management (CIAM). We believe that your identity is the most important thing you own, and that your identity should not only be easy to use, but it should be safe to use when accessing your digital world. Janrain is an Identity Cloud servicing Global 3000 enterprises providing a consistent, seamless, and safe experience for end-users when they access their digital applications (web, mobile, or IoT).

Prior to Janrain, Jim was the VP & GM of Digital Applications at CSC. This line of business was over $1B in commercial revenue, including both consulting and delivery organizations and is focused on serving Fortune 1000 companies in the United States, Canada, Mexico, Peru, Chile, Argentina, and Brazil. Prior to this, Jim was the VP & GM of Big Data & Analytics at CSC. In his role, he led the fastest growing business at CSC, overseeing the development and implementation of innovative offerings that help clients convert data into revenue. Jim was also the CEO of Infochimps; Entrepreneur-in-Residence at PARC, a Xerox company; SVP, General Manager and Chief of Cloud at SIOS Technology; CEO at StackIQ; CEO of Eyespot; CEO of Integral Semi; and CEO of INCEP Technologies. Jim started his career at Teradata where he spent ten years in enterprise data warehousing, analytical applications, and business intelligence services designed to maximize the intrinsic value of data, servicing fortune 1000 companies in telecom, retail, and financial markets.

@ThingsExpo Stories
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
"We view the cloud not as a specific technology but as a way of doing business and that way of doing business is transforming the way software, infrastructure and services are being delivered to business," explained Matthew Rosen, CEO and Director at Fusion, in this SYS-CON.tv interview at 18th Cloud Expo (http://www.CloudComputingExpo.com), held June 7-9 at the Javits Center in New York City, NY.
The Founder of NostaLab and a member of the Google Health Advisory Board, John is a unique combination of strategic thinker, marketer and entrepreneur. His career was built on the "science of advertising" combining strategy, creativity and marketing for industry-leading results. Combined with his ability to communicate complicated scientific concepts in a way that consumers and scientists alike can appreciate, John is a sought-after speaker for conferences on the forefront of healthcare science,...
WebRTC is great technology to build your own communication tools. It will be even more exciting experience it with advanced devices, such as a 360 Camera, 360 microphone, and a depth sensor camera. In his session at @ThingsExpo, Masashi Ganeko, a manager at INFOCOM Corporation, introduced two experimental projects from his team and what they learned from them. "Shotoku Tamago" uses the robot audition software HARK to track speakers in 360 video of a remote party. "Virtual Teleport" uses a multip...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
In his session at Cloud Expo, Alan Winters, U.S. Head of Business Development at MobiDev, presented a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to maximize project result...
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
DXWorldEXPO LLC announced today that ICC-USA, a computer systems integrator and server manufacturing company focused on developing products and product appliances, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City. ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of ...
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Archi...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Personalization has long been the holy grail of marketing. Simply stated, communicate the most relevant offer to the right person and you will increase sales. To achieve this, you must understand the individual. Consequently, digital marketers developed many ways to gather and leverage customer information to deliver targeted experiences. In his session at @ThingsExpo, Lou Casal, Founder and Principal Consultant at Practicala, discussed how the Internet of Things (IoT) has accelerated our abilit...
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
DXWorldEXPO LLC announced today that the upcoming DXWorldEXPO | CloudEXPO New York event will feature 10 companies from Poland to participate at the "Poland Digital Transformation Pavilion" on November 12-13, 2018.