Monday, 27 October 2014

Internet of Things roundtable: Experts discuss what to look for in IoT platforms

Networking is at the heart of every Internet of Things deployment, connecting sensors and other “Things” to the apps that interpret the data or take action.

But these are still early days. Assembling an IoT network from commercial off-the-shelf components is still, let’s just say, a work in progress. This will change over time, but for now the technical immaturity is being addressed by System Integrators building custom code to connect disparate parts and by a new class of network meta-product known as the IoT Platform.

IoT Platform products are still in their infancy, but there are already more than 20 on the market today. Approaches vary, so when making a build or buy decision, consider these critical areas of IoT Platform tech: security, sensor compatibility, analytics compatibility, APIs and standards.

iot platform diagram Iot-Inc.

To see where we stand on developments in these areas, I emailed experts from seven IoT Platform companies, big and small, asking for input: Roberto De La Mora, Sr. Director at Cisco, Steve Jennis, SVP at PrismTech, Bryan Kester, CEO at SeeControl, Lothar Schubert, Platform Marketing leader, GE Software, Niall Murphy, Founder & CEO at EVRYTHNG, Alan Tait, Technical Manager at Stream Technologies and Raj Vaswani, CTO and Co-Founder, Silver Spring Networks. Here’s what they had to say:

* Security
De La Mora: Security technologies and solutions that are omnipresent in IT networks can be adapted (carefully) to serve Operational Technology in IoT environments. But security is not about adding firewalls or IPS/IDS systems here and there. Cyber Security for IoT should follow a model applied at every layer of the architecture, and be combined with physical security to add intelligence to the operation via data correlation and analytics.

Jennis: Without a standards-based security framework it is very difficult to create communication channels that are both secure and interoperable. An interoperable security solution is very important in order to prevent vendor lock-in and to enable the system to be extended if required.

Kester: Sophisticated customers are encrypting traffic between the sensor board and the cloud. However most deployments are using private VPNs which don’t require a lot precious CPU or RAM from the remote device/system.

Murphy: Crypto-secure digital identities for physical things enable authenticated identities online by applying token-based security methods through Web standards to manage application access to these digital identities.

Vaswani: Embed security at each layer of the network, including sophisticated authentication and authorization techniques for all intelligent endpoints, require digital signatures and private keys to prevent any unauthorized access or activity on the system, and end-to-end encryption for all communications across the network. Incorporating physical tamper detection and resistance technologies further reduces the risk of unauthorized access and monitoring.

* Sensor Compatibility
Jennis: The following Platform considerations should be taken into account:

· Memory footprint – how much memory does the Platform require to function? Some simple sensors have only 128KB of memory to work with.

· Operating system support – does the Platform require a full POSIX-like OS or can it accept something simpler?

· Network stack support, e.g. IPv4, IPv6, 6LoWPAN, other – simple sensors used in Low Power Wireless Area Networks (LoWPAN) may require a cut down IP stack.

· Programming language support – a Platform may provide APIs for only specific programming languages (e.g. C or C++).

· Java dependence – does the Platform require a JVM to function, limiting sensor choices?

Murphy: The most important consideration is recognizing the risks inherent in vertically integrated solution architectures. By definition, the Internet of Things is heterogeneous in the types of things it is connecting. A horizontal architecture, to manage the information from and about the things they are connecting, can abstract the transport layer from the application layer. This allows applications to be developed independently of specific sensor devices, and sensor devices to be changed and network connectivity methods changed without breaking the application dependencies.

Schubert: A Software-Defined Machine (SDM) decouples software from the underlying hardware, making machines directly programmable through machine apps and allows connecting with virtually “any” machine and edge device, including retrofitting machines and connections to legacy systems.

* Analytics Compatibility

De La Mora: Support for structured and non-structured data, ease of integration with existing operation, automation and control systems, and the ability to operate in a distributed computing environment are all important factors for analytic compatibility.

Kester: To do advanced long-term business intelligence, machine learning or Hadoop-type of parallel processing, your Platform choice should have a well-documented and Web accessible API to interface with your analytic product of choice. It should also be easy for any IT employee, or even savvy business analysts, to use without training.

Murphy: The network platform has to enable multiple disparate audiences within a company access to benefit from data collection and perform meaningful analysis. Analytics is often thought of in a reporting sense only, but increasingly analytics is being applied in conjunction with machine learning algorithms and rules logic to drive applications and actuate devices.

Tait: You need to be sure the information you are collecting is stored well (backed up, secure, etc.) and that you have the ability to export your data and you maintain ownership.

Schubert: The tremendous data growth in industrial IoT demands massively scalable, low-cost infrastructure, such as that based on Apache Hadoop v2 and COTS (commercial off-the shelf) hardware. It has to support the various security, compliance and data privacy mandates. Predictive Analytics is how value is delivered to customers. It provides timely foresight into asset and operations, and provides actionable recommendations (when paired with rule engines). Perhaps most important, analytics need to be integrated into the operational processes, rather than be a stand-alone IT solution.

* APIs
De La Mora: RESTful API’s are becoming standard. The abstraction capabilities they provide, along with the architectural model based on the Web, are key. SDK’s that provide API’s that are not compatible with the W3C TAG group are a nonstarter for applications that should be in the end, connected to the Internet.

Jennis: First and foremost, APIs should be clean, type-safe and idiomatic. In addition, APIs should favor non-blocking/asynchronous interaction models to make it easier to build responsive systems. Where possible APIs should be standardized to ease component integration and prevent lock-in.

Murphy: APIs should use Web standards and blueprints (e.g. REST and no WSDL/SOAP), and state-of-art Web security systems. They should also offer ways of extracting the data, not just feeding it in.

Tait: Keep it simple, truly good APIs are clear, concise and have a purpose. They should also do the common things easily.

Schubert: Service-oriented architectures (SOA) and related application development paradigms rely on APIs for integration of services, processes and systems. APIs must be open, accessible and upgrade-compatible.

* Standards
De La Mora: We are calling this the Internet of Things because it will be part of the next generation of the Internet, so the only key standard protocol, that I see in the future, is IPv6.

Kester: Any Platform that is in communication with devices should support the major communication protocols in use today, which are UDP, MQTT, XMPP, CoAP, Modbus/TCP and HTTP.

Murphy: RESTful application programming interfaces, JSON and similar Web-centric formats for data exchange should be used. The Platform that an enterprise uses to manage its physical products and assets as digital assets, needs to be able to integrate smoothly with both the enterprise’s other systems and third party applications. Integration means both the technical protocols of system-to-system interaction (e.g. REST, OAuth) but also critically, the semantics of the information itself.

Vaswani: The use of universal standards such as IP ensures that products can be easily mixed and matched from different vendors to ensure full interoperability and to deliver on other applications supported by an even broader ecosystem of hardware and software players.

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com


Sunday, 19 October 2014

9 employee insiders who breached security

These disgruntled employees show what can happen when an employer wrongs them.

Security admins used to have to worry about keeping the bad guys out of the network, but there have been many documented cases where the devil you know is sitting right next to you. A review of recent FBI cyber investigations revealed victim businesses incur significant costs ranging from $5,000 to $3 million due to cyber incidents involving disgruntled or former employees, according to AlgoSec. Here are just a few over the years of insiders trying to take down their employer's network.

Terry Childs, the former network administrator for the City of San Francisco, held the city's systems hostage for a time. He refused to surrender passwords because he felt his supervisors were incompetent. Childs was convicted of violating California's computer crime laws in April 2010.

In June 2012, Ricky Joe Mitchell of Charleston, W.Va., a former network engineer for oil and gas company EnerVest, was sentenced to prison for sabotaging the company's systems. He found out he was going to be fired and decided to reset the company's servers to their original factory settings.

It was discovered in 2007 that database administrator William Sullivan had stolen 3.2 million customer records including credit card, banking and personal information from Fidelity National Information Services. Sullivan agreed to plead guilty to federal fraud charges and was sentenced to four years and nine months in prison and ordered to pay a $3.2 million fine.

Flowers Hospital had an insider data breach that occurred from June 2013 to February 2014 when one of its employees stole forms containing patient information and possibly used the stolen information to file fraudulent income tax returns.

According to Techworld.com, 34-year-old Sam Chihlung Yin created a fake VPN token in the name of a non-existent employee which he tricked Gucci IT staff into activating after he was fired in May 2010.

Army Private First Class Bradley Manning released sensitive military documents to WikiLeaks in 2009. Manning, now known as Chelsea Manning, was given a sentence of 35 years in prison.

Back in 2002, Timothy Lloyd was sentenced to three-and-a-half years in prison for planting a software time bomb after he became disgruntled with his employer Omega. The result of the software sabotage was the loss of millions of dollars to the company and the loss of 80 jobs.

Earlier this year, NRAD Medical Associates discovered that an employee radiologist had accessed and acquired protected health information from NRAD’s billing systems without authorization. The breach was estimated to be 97,000 records of patient names and addresses, dates of birth, Social Security information, health insurance, and diagnosis information.

And of course there is the most famous whistleblower of all time: Edward Snowden. Before fleeing the country, he released sensitive NSA documents that became a blowup about government surveillance.




Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Thursday, 9 October 2014

Gartner: Top 10 strategic predictions for businesses to watch out for

For a session that is high-tech oriented, this year’s Gartner strategic predictions were decidedly human.

That is to say many were related to increasing the customer’s experience with technology and systems rather than the usual techno-calculations.
Gartner 2014

“Machines are taking an active role in enhancing human endeavors,” said Daryl Plummer is a managing vice president, chief of Research and chief Gartner Fellow. “Our predictions this year maybe not be directly tied to the IT or CIO function but they will affect what you do.”

Plummer outlined the following predictions and a small recommendation as to what IT can do to prepare for the item. Read on:

1. By 2018, digital business requires 50% less business process workers and 500% more key digital business jobs, compared to traditional models. IT leaders — need to develop new hiring practices to recruit for the new nontraditional IT roles.

2. By 2017, a significant disruptive digital business will be launched that was conceived by a computer algorithm. CIOs must begin to simulate technology-driven transformation options for business.

3. By 2018, the total cost of ownership for business operations will be reduced by 30% through smart machines and industrialized services. CIOs must experiment with precursor "almost smart machine" technologies and phantom robotic business process automation. Business leaders must examine the impact of increased wellness on insurance and employee healthcare costs as a competitive factor.

4. By 2020, developed world life expectancy will increase by 0.5 years due to widespread adoption of wireless health monitoring technology. Business leaders must examine the impact of increased wellness on insurance and employee healthcare costs as a competitive factor

5. By year-end 2016, $2.5 billion in online shopping will be performed exclusively by mobile digital assistants. Apple’s Siri is a type of assistant, but many online vendors offer some sort of software-assist that you may or may not be aware of. Marketing executives must develop marketing techniques that capture the attention of digital assistants as well as people. By the end of 2016, $2.5 billion in online shopping will be performed exclusively by mobile digital assistants.

6. By 2017, U.S. customers' mobile engagement behavior will drive U.S. mobile commerce revenue to 50% of U.S. digital commerce revenue. Recommendation: Marketing executives must develop marketing techniques that capture the attention of digital assistants as well as people. Mobile marketing teams investigate mobile wallets such as Apple's Passbook and Google Wallet as consumer interest in mobile commerce and payments grows.

7. By 2016, 70% of successful digital business models will rely on deliberately unstable processes designed to shift as customer needs shift. CIO need to create an agile, responsive workforce that is accountable, responsive, and supports your organizational liquidity.

8. By 2017, more than half of consumer product and service R&D investments will be redirected to customer experience innovations. Consumer companies must invest in customer insight through persona and ethnographic research.

9. By 2017, nearly 20% of durable goods e-tailers will use 3D printing to create personalized product offerings. CIOs, product development leaders, and business partners—evaluate gaps between the existing "as is" and future "to be" state (process, skills, and technology.)

10. By 2018, retail businesses that utilize targeted messaging in combination with internal positioning systems (systems that know you are in or near a store) will see a 20% increase in customer visits. CIOs must help expand good customer data to support real-time offers.


Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com