Welcome!

Cloud Security Authors: Elizabeth White, Liz McMillan, Yeshim Deniz, Ed Featherston, Pat Romanski

Related Topics: IoT Expo, Java IoT, Log Management, @CloudExpo, Cloud Security, @DXWorldExpo, @ThingsExpo

IoT Expo: Article

The Nature of the Internet of Things

In the Boardroom with... George Romas, Technical Dir., Cybersecurity Solutions Group, HP Enterprise Services, US Public Sector

Mr. George Romas is the Technical Director of the Cybersecurity Solutions Group at HP Enterprise Services, U.S. Public Sector.

SecuritySolutionsWatch.com: Thank you for joining us again today, George. It's been roughly one year since our first meeting when we spoke about building security in, continuous monitoring, and the process that HP undertakes to develop and deliver the right cybersecurity solutions to HP customers. But, one year feels like a decade in the IT space - so much has happened. Today we'd like to discuss with you the topic of IoT (the Internet of Things). We read with great interest your recent blog on this subject. If you don't mind, can you please share with us your primer on IoT?

George Romas: IoT is something that we discuss on a regular basis at HP and I am appreciative of the opportunity to share my ideas on the topic with you. As you know, today we live in a world where just about everything is connected. While the Internet connects computers, in concept, the IoT connects everything else. Solutions in this space are appearing rapidly within the consumer space, while interesting industrial applications are also being deployed (please see my above blog link for examples.) You can think of IoT as a network of connected processors and sensors, and the type of sensors are only limited by your imagination. Today, the consumer space is seeing an expansion in the sensor environment (weather, home, traffic, safety), fitness (health, exercise), and multimedia (streaming to multiple devices, remote control). Yet as embedded processors and sensors become smaller (think "nano-sized"), we will be able to monitor and manage nearly anything. This will impact a wide range of industries and markets, from more efficient utilization of IT infrastructure to transportation systems, to automation of daily personal tasks.

SecuritySolutionsWatch.com: The upside and benefits of IoT are clear... things get done "for us" not necessarily "by us." Today's smart home is perhaps a good example here - as homeowners can control their HVAC and security systems from anywhere, at any time. Forgot to lower the heat when you left for vacation? Did you set the alarm... lock the door? No problem - just do it when you land in Hong Kong - or on the way there - or even your house can be programmed to do it automatically upon detecting your absence. And the convenience of being able to pay a bill, send a gift, check a stock price, find out who won the game, make a dinner reservation, respond to that customer - all in a matter of seconds with our mobile devices - makes us more efficient. But, we all know there are bad guys out there. Are we now also more vulnerable? Does IoT also mean an Internet of greater risk (IoGR)? Should I worry that my iPhone is a target? What are your thoughts?

George Romas: I'd like to start the conversation by talking about extremes. Let's take security out of the equation and assume that everything is connected and life is easy. Just as you outline, we can automate many of our daily tasks, both personal and business. In this scenario, we have processors and sensors everywhere that know your location, behavior, preferences, schedule, tasks, goals, hobbies, etc. This aligns with the typical science fiction depiction of the future: your house wakes you up, adjusts lighting and temperature, breakfast is ready, and clothes are picked out according to your activities that day. Your self-driving car has reviewed current traffic patterns and whisks you off to work while you answer emails and catch up on the news. Your day is already scheduled for you and meetings, phone calls and tasks occur without you having to think about or plan them. The rest of the day proceeds similarly, with everything planned and scheduled by the algorithms and machines around us.

Now, to answer your question - yes, you should worry! All the components of this scenario and the interactions between them are vulnerable to manipulation and disruption. Without security in the equation, that utopian day can quickly devolve into chaos and danger. Each benefit I described also introduces vulnerabilities because by connecting open networks to physical objects and personal information, you're opening yourself to a variety of threats and attacks.

SecuritySolutionsWatch.com: Your colleague at HP, Sridhar Solur, Director, Next-Gen Computing and Cloud Services, presented some eye-opening statistics in his recent IoT presentation - one example being that by 2025 more than one trillion devices will be connected to the Internet. With all these mobile devices coming into the workplace with access to the network, what is your perspective on "best practices" that should be followed by a government agency, a bank, a hospital, an oil and gas company, the transportation entity, or other enterprises that employ owners of those devices?

George Romas: As I previously mentioned, security is of the utmost importance when it comes to more and more devices being connected to the Internet, especially as employees bring them to the workplace. One trillion devices globally translate into trillions of attack surfaces. Conversely, having "too much" security doesn't work either, as the nature of IoT requires real-time response. If devices and communications are locked down, and each transaction has to be authenticated, the system would become unusable due to performance and timing issues. Instead, I recommend leveraging the security frameworks that are well known - for example, privacy, data or HIPAA protections - and building the capabilities needed to implement those frameworks into IoT protocols; combining it with approaches to design security in. While some of these capabilities don't exist yet, as I outlined in my blog, there are initiatives to provide both better interoperability and better security for the IoT. More information about these initiatives can be found on my HP blog post, "The Internet of (Secure) Things - Embedding Security in the IoT." We have to walk the fine line between the benefits that come with IoT and the complexity of securing the IoT ecosystem - from human identities to critical infrastructure.

SecuritySolutionsWatch.com: Can we discuss data analytics for a moment? With sensors everywhere that monitor our behavior, our health, as well as the performance of the machines we depend on in our personal and business lives, IoT delivers powerful information that can be monetized. Do you envision certain industries being transformed and other new industries being created as a result of IoT?

George Romas: In transforming industries and our lives, the benefits of IoT are as obvious as its potential abuses. For instance, think of the possible health and medical advances that could be realized by tracking the details of individual diet, exercise and behaviors across an entire population. We don't think twice about allowing our shopping preferences to be tracked so that we can enjoy discounts and targeted coupons. Why wouldn't we do the same if it meant better health and longer life? Instead of just tracking you, IoT devices could modify your life, for a fee, to continuously monitor and optimize the changes in your health; for instance, your refrigerator could substitute items on your shopping list or in your recipes (e.g., substituting Truvia for sugar, or egg whites for whole eggs). Your daily schedule could be modified to include more exercise. Devices could continuously monitor and optimize the changes in your health. Yet, however, if the appropriate security controls are not implemented, the possibility of abuse can be equally envisioned. This same private data could instead be used to target ads and promotions to every individual, monetizing every behavior and preference, or in an extreme case, substituting a deadly allergen or poison as a new form of attack. Instead of optimization, the goal could become consumption, or even a bizarre deadly health hazard.

Thinking about the availability of massive amounts of data that will be collected, I can imagine many novel uses for that information. Integrate streaming video from drones with transportation schedules, weather data, traffic cams/statistics (air, rail and road), and more, to automatically find the optimal route and mode of transportation to-and-from anywhere to anywhere. Provide dates, destination and "family vacation" details to a travel system and your experience can be enhanced as the system could make all of your reservations (at the cheapest rates) for you.

In addition, IoT will create completely new industries that form around smart devices. We already see the beginnings of that today, where smoke detectors, thermostats, audio/video equipment, watches, smart phones, vehicles and more are becoming sensor-rich and network-enabled. Everyday devices in your home or office will collaborate to form new capabilities.

An example of this scenario can be demonstrated through home security. Using IoT, your home would know that your house is vacant by polling the motion detectors embedded in its Nest Protect smoke detectors and thermostat, and correlating that information with the family schedule (work and school). When the back door opens without the proper key code or ping from an authenticated smartphone and motion is detected, your home sounds a piercing alarm over the whole-house audio speaker system. In turn, it also sends an alert with streaming video to the police, sends warning texts to all family members, and disrupts other communications from within the house.

In the workplace, the information gathered from IoT can be leveraged in a number of ways. It identifies and authenticates you to physical and cyber systems, alerting on anomalous behaviors and providing single sign-on access to the resources required for your job/role. Your workplace can utilize this information to better plan and operate IT resources. In addition, a virtual CIO/CISO can continually and minutely monitor performance and security of corporate systems. This information also feeds into business processes, optimizing all the components needed to reach corporate goals.

SecuritySolutionsWatch.com: While we're on the subject of front-page news, more security inevitably means more cost and less convenience to users. Are we going to have to bite the bullet and make these adjustments?

George Romas: Yes, but we have the opportunity to do this the correct way. As Sridhar noted, IoT devices will be ubiquitous. Investing more today in developing the proper protections and protocols must be done. These protections will speed adoption, and economies of scale will more than pay for today's investment. Just do a Web search for "IoT" and you'll see a large number of companies and open source initiatives working in this market. We have to work towards a common, secure framework to provide these solutions with a resilient, assured environment to operate in.

SecuritySolutionsWatch.com: Thank you again for joining us today. Are there any other subjects you'd like to talk about?

George Romas: In some ways, I consider myself a futurist, in the same way that science fiction authors can sometimes accurately predict future technologies and solutions. When I think of what IoT may look like in 2025, with possibly one trillion devices (a global network of sensors), I can't help but think of Isaac Asimov's Foundation series of science fiction novels. He created the science of psychohistory - by combining the studies of history, sociology and statistics against large populations, you could accurately predict the flow of future events. Imagine that unprecedented collection of current and past human behavior on a global scale.

HP is prepared for this explosion of data with scalable big data management and analytics platforms like HAVEn and Autonomy - designed to help enterprises leverage all your relevant Big Data, to make more informed decisions. However, for the time being, my parting thought is to ask, is it too far of a leap to believe that we could create algorithms that could predict future human behavior and consequent events? Just something to ponder....

This interview originally appeared in SecuritySolutionsWatch.com. Republished with permission.

More Stories By Elizabeth White

News Desk compiles and publishes breaking news stories, press releases and latest news articles as they happen.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
It is of utmost importance for the future success of WebRTC to ensure that interoperability is operational between web browsers and any WebRTC-compliant client. To be guaranteed as operational and effective, interoperability must be tested extensively by establishing WebRTC data and media connections between different web browsers running on different devices and operating systems. In his session at WebRTC Summit at @ThingsExpo, Dr. Alex Gouaillard, CEO and Founder of CoSMo Software, presented ...
WebRTC is great technology to build your own communication tools. It will be even more exciting experience it with advanced devices, such as a 360 Camera, 360 microphone, and a depth sensor camera. In his session at @ThingsExpo, Masashi Ganeko, a manager at INFOCOM Corporation, introduced two experimental projects from his team and what they learned from them. "Shotoku Tamago" uses the robot audition software HARK to track speakers in 360 video of a remote party. "Virtual Teleport" uses a multip...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
When shopping for a new data processing platform for IoT solutions, many development teams want to be able to test-drive options before making a choice. Yet when evaluating an IoT solution, it’s simply not feasible to do so at scale with physical devices. Building a sensor simulator is the next best choice; however, generating a realistic simulation at very high TPS with ease of configurability is a formidable challenge. When dealing with multiple application or transport protocols, you would be...
Detecting internal user threats in the Big Data eco-system is challenging and cumbersome. Many organizations monitor internal usage of the Big Data eco-system using a set of alerts. This is not a scalable process given the increase in the number of alerts with the accelerating growth in data volume and user base. Organizations are increasingly leveraging machine learning to monitor only those data elements that are sensitive and critical, autonomously establish monitoring policies, and to detect...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settl...
In his session at @ThingsExpo, Dr. Robert Cohen, an economist and senior fellow at the Economic Strategy Institute, presented the findings of a series of six detailed case studies of how large corporations are implementing IoT. The session explored how IoT has improved their economic performance, had major impacts on business models and resulted in impressive ROIs. The companies covered span manufacturing and services firms. He also explored servicification, how manufacturing firms shift from se...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of bus...
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
Amazon started as an online bookseller 20 years ago. Since then, it has evolved into a technology juggernaut that has disrupted multiple markets and industries and touches many aspects of our lives. It is a relentless technology and business model innovator driving disruption throughout numerous ecosystems. Amazon’s AWS revenues alone are approaching $16B a year making it one of the largest IT companies in the world. With dominant offerings in Cloud, IoT, eCommerce, Big Data, AI, Digital Assista...
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
IoT is at the core or many Digital Transformation initiatives with the goal of re-inventing a company's business model. We all agree that collecting relevant IoT data will result in massive amounts of data needing to be stored. However, with the rapid development of IoT devices and ongoing business model transformation, we are not able to predict the volume and growth of IoT data. And with the lack of IoT history, traditional methods of IT and infrastructure planning based on the past do not app...