|By Elizabeth White||
|July 31, 2014 12:45 PM EDT||
Ramesh Kesanupalli is the Founder of Nok Nok Labs and a Founding Member of FIDO Alliance.
Thank you for joining us today, Ramesh. It's an honor to speak with the founder of Nok Nok Labs and the visionary behind the creation of the FIDO Alliance. Before we discuss FIDO Alliance and Nok Nok Labs in greater detail, please tell us about your background.
Ramesh Kesanupalli: Sure. Before founding Nok Nok Labs, and as the FIDO Alliance was forming, I was the CTO of Validity Sensors, which is now part of Synaptics. Prior to that, I was the Senior Vice President at Phoenix Technologies, running Engineering, Marketing and Business Development. I was part of the team that founded Network24 Communications, a video Streaming company acquired by Akamai. I founded and served as CEO at both a Services company and a middle-tier carrier software company, which went through various incarnations before ultimately merging with Harris; and early in my career, I worked as a consultant with IBM Labs on the East Coast.
Ramesh Kesanupalli: Some of the thinking at the core of the Fido Alliance dates back to 2004, but the prime move occurred in 2009 when as CTO of Validity Sensors (now Synaptics), I met with Michael Barrett, who is currently the FIDO Alliance president and was then PayPal CISO. I was looking for ways to bring fingerprint technology into main stream consumer authentication, and Barrett was trying to fix consumer authentication for PayPal. That first conversation between me, Taher Elgamal, Inventor of SSL and now CTO of Salesforce.com security, and Michael Barrett established a working group to address the authentication problem. What started out as an exploration of how to engage PayPal in using Validity fingerprint sensors, expanded when Barrett said that PayPal would want to consider the whole field of authentication options to passwords, and the range of competitors to Validity, including more than fingerprint sensors alone. That stated interest was, and is, a driver in the development of FIDO authentication. Basically, PayPal was first to ask for what everyone wants: unlimited choice, limited liability, complete interoperability, low cost, and lots of flexibility to accommodate unpredictable change. The FIDO authentication model today embraces the full range of local authentication and authenticators, makes all methods interoperable and enables them to communicate with the network to authenticate users without ever sharing passwords or credentials - NEVER! That first meeting, and the working group that emerged from it, are the basis of the FIDO Alliance, which we launched publicly in February 2013 with six founding members. So compelling is the FIDO authentication model and so urgent is the need, that today - only 16 months later - we have 135+ FIDO Alliance members, and our ranks increase weekly. Global leaders in Technology, Financial Services, Healthcare, and Enterprise have joined the FIDO Alliance in our mission to move beyond passwords with universal strong authentication that is more secure, private, and easier-to-use.
SecuritySolutionsWatch.com: We read with great interest regarding the mission of the FIDO Alliance which is to change the nature of online authentication and your interview with Bloomberg Businessweek where you discussed that "passwords had to go." Care to elaborate?
Ramesh Kesanupalli: Yes. Happy to. Prevailing password authentication has proven to be insecure and risky amidst a world of escalating security threats, cybercrime and targeted attacks, not to mention increasing vulnerability associated with so many more vectors of attack coming through the Internet of Things (IoT). Right now, we are moving from informational access to a major life style change where we can access everything digitally. We're at the threshold of using authentication to pay at retail stores with our phones, to open and start our cars, to manage home networks, appliances, and security systems all through connected devices. Authentication is the FIRST step we must perform to begin to effectively use IoT. Even basic usability of passwords is challenged when typing/entering credentials on various devices or using touch screens is neither simple nor fast. As we make this lifestyle change, authentication must be based on universal FIDO standards, not the prevailing password infrastructure. Otherwise, there will be chaos and a scale of cyber disruption we have not yet experienced. Our FIDO Alliance members understand the full scope of the authentication problem and are determined to change the world with authentication that is more secure, private and much easier to use. FIDO standards promise to open new spheres of services with accommodations that potentially change the personal experience in ways we haven't even imagined yet. The impediments of prevailing password systems and the importance of solving the authentication problem cannot be overstated; once FIDO authentication predominates, the ensuing years of digital development will prove the importance of what the FIDO Alliance has accomplished.
Let me layout the scope of the password problem, so you can clearly recognize the urgency at hand, and the elegant solution that FIDO authentication presents. We are in an interesting and fast evolving world that requires access everywhere - from PC-centric computations to mobile phones with buttons, to touch screens, tablets and various forms of computing - taken altogether, we dub this the Internet of Things (IoT). Our digital and online identity is only as strong as the weakest service that we use; as we extend to an evolving world of IoT, the authentication issues become virtually unmanageable without a disruptive change - that disruption is FIDO authentication.
The public is acutely aware of online and point of sale (POS) attacks and rampant identity theft. Headlines about breaches and scaled attacks on Evernote, EBay, LinkedIn, Yahoo, Target and many other major consumer destinations, point to a dire need to move authentication beyond passwords. The rapid growth of the FIDO Alliance is incomparable and illustrates a consolidated determination across industry, technology, and the world to fix the password problem. The marketplace has been trying to address the password problem for some years, and there are some very strong scalable solutions, but until now these have been proprietary, too expensive, difficult to deploy, or add complexity and friction to the user experience. Moreover, ALL options have been based on password infrastructure, which we know must go.
Even a decade ago, passwords worked adequately on the Internet. The average Internet user in 2004 probably had only 5-6 passwords to try to remember. Now, those same users must cope with 30 or more of them. As such, a coping mechanism for the average user is to use the same password repeatedly everywhere. Basically, that means that the security of their most secure account is now the security of the least secure place where they've used that same password. Criminals understand this very well, which is why we see so many data breaches these days. Adding to the insidious password problem, we now have huge amounts of data about which passwords users use; as well as GPU-based cracking arrays. Even well salted & hashed password databases wither under this assault, as criminals are able to retrieve the passwords used by millions of users.
Though users are at risk personally, the Relying Parties, RPs (Internet services, if you like) who serve them bear inappropriate liabilities for lost or stolen credentials and face huge risk and losses - in the range of hundreds of millions of dollars per year, maybe more.
The largest and most sophisticated of these RPs - typically large financial institutions and online service providers - have developed complex risk based authentication systems. These systems staunch the bleeding somewhat, for those organizations, but don't begin to solve the problem for all of the other companies who provide Internet based services.
Enterprises have roughly the same issues as they look inside their perimeters. Typically, 30 percent of helpdesk costs derive from requests for password help and resets. Meanwhile, the poor CISO is generally complaining to the CIO that stronger authentication is needed in order to manage the risk from APTs (advanced persistent threats).
Password authentication dates back more than 50 years, to the first client/server models when dumb terminals authenticated to mainframes to access data. Though password-based authentication has had a good run, it's clearly not up to authentication as needed now, and Internet providers and businesses know it all too well.
Enter FIDO authentication - It is important to emphasize that FIDO technologies and products are available now to the marketplace. The FIDO Alliance released the first review draft specifications in February 2014 - just one year after our official launch. As soon as the specs became public, four of our members announced the first FIDO technology deployment based on FIDO specifications - Samsung, PayPal, Synaptics and Nok Nok Labs implemented FIDO technology with the Samsung Galaxy S5 in a payments solution that uses the Synaptics fingerprint sensors to authenticate users and confirm transactions in a PayPal point-of-sale payments application, while Nok Nok Labs servers manage FIDO authentication on the back-end for both smartphone users and the RPs to effect very fast, reliable, secure and private mobile payments (https://fidoalliance.org/news/item/the-fido-alliance-announces-first-authentication-deployment-paypal-samsung). Since last February, more FIDO Alliance members are announcing FIDO ReadyTM products, marketplace deployments, and implementation trials across industry - Enterprise, Financial Services, Healthcare, and for a range of Internet and mobility authentication. FIDO authentication is happening now, and let me use this forum to broadcast the good news and encourage more participation in the FIDO Alliance. As more join us, adopt FIDO technologies and deploy FIDO authentication solutions, FIDO specifications become better, and refined to include every potential use case.
When we decided to release FIDO draft specifications and ask for public comment, we struck an enduring model of how FIDO authentication will naturally respond to an evolving landscape that has just begun its expansion into a future that demands secure, private, easy-to-use authentication. By putting FIDO specs to work in products and solutions now, the first implementation draft of the spec will be enlightened by actual deployments and usage that is occurring now. We will never be finished specifying what's best in universal strong authentication, but FIDO standards are already moving the world beyond passwords to universal strong authentication.
SecuritySolutionsWatch.com: What is your perspective regarding the achievements thus far for the FIDO Alliance and your vision of future goals?
Ramesh Kesanupalli: Astonishing progress and incomparable growth! We launched the FIDO Alliance publicly with six members in February 2013; in only 16 months we have 135+ members - comprising leaders in Tech, Financial Services and Industry. We have published draft specifications for two FIDO protocols -one which addresses requirements for using multiple authentication factors with existing devices, and one which addresses use of an external dongle or plug-in - both are easy to use, interoperable (or universal) and move us beyond password dependencies. The two protocols provide more user options, and more options for RPs to specify choice to granularly manage security levels and control their own risk without adding friction to the user experience.
As I've already said, we are very pleased by all the FIDO Ready products, and real deployments and implementation trials underway as we proceed toward the implementation draft of the FIDO specifications. The FIDO Alliance is among only a few industry alliances able to evolve open industry specifications through a working industry ecosystem that is developing new products in parallel with products already working in the field. While our progress has been great, there is still much to do. Ultimately decisions are made and direction taken based on FIDO Alliance governance, and working groups. Though, personally, I anticipate that FIDO authentication will develop and expand from the original model of authenticating from user-to-device and then device-to-service, by eventually extending the model to include device-to-device and service-to-service authentication. This extended model would squarely address the IoT market. We have prepared for FIDO authentication to work with the current marketplace and evolve to accommodate what's next - no longer will authentication be a persistent vulnerability and an impediment to true market expansion. Prepare to be amazed by the possibilities, as FIDO authentication expands in the marketplace.
SecuritySolutionsWatch.com: The Board of the FIDO Alliance reads like a Who's Who of online authentication with eBay, Google, Microsoft, and RSA, just to name a few. Please tell us about the FIDO Alliance Board Member Representatives.
Ramesh Kesanupalli: Yes. The FIDO Alliance can claim some of the world's most significant and highly material companies among our board members, including ARM Holdings, Bank of America, BlackBerry, CrucialTec, Discover Financial Services, Google, IdentityX, Lenovo, MasterCard, Microsoft, Nok Nok Labs, NXP Semiconductors, Oberthur Technologies, PayPal, RSA; Samsung, Synaptics, Visa, and Yubico. With Google and Microsoft, major OS providers are represented; and between Samsung and Lenovo, we have the top device OEMs among us; ARM significantly expands market diversity and reach; and with Mastercard, Paypal, Discover, Visa, and Bank of America we have important financial sector representation; various authenticator technology vendors in our ecosystem add to a well-balanced, capable, and very influential mix of organizations equipped to effect a new authentication model. More enterprises, network operators and carriers are approaching the FIDO Alliance now for trials and membership, and we are actively pursuing these sectors to enlarge the scope of FIDO Alliance membership. Our goal is to meet the need for secure, private, easy-to-use authentication wherever it's needed.
SecuritySolutionsWatch.com: Ramesh, can we discuss the Internet of Things for a moment? The benefits of IoT are clear...in seconds with our mobile devices we can all pay a bill, send a gift, make a dinner reservation, check the stock market, and in growing numbers, control the HVAC and security systems in our homes. But, we all know that there are bad guys out there. The Target breach is still causing repercussions. Are we also more vulnerable now? Is my iPhone a target? What are your thoughts?
Ramesh Kesanupalli: Very good question, and worth emphasizing, as getting IoT authentication right is critical. As I said, we are entering an interesting time of a very inter-connected world. Until now, we've used the Internet to access information, emails, pictures, music and financial information, and sites that offer us things we want to know about, use or buy. We are about to start using the internet for lifestyle management. Our homes are wired; our security monitoring systems are connected; our electricity, gas and thermostats are remotely accessible, along with our home appliances. We can even open doors and access buildings, as well as open and start our cars through digital connections. We manage our health and fitness with connected devices and services. You might say, we are becoming the connected person, and our critical infrastructure is undergoing the transformation now. Typically, we use our Internet-connected mobile devices and PCs as remote controllers. So far, our experience of threats and digital attacks is confined to disruptions of service or the inability to access information or sites. The next generation of bad actors - those who target IoT - could potentially cause disruptions in our lives and create problems that extend well beyond inconvenience and nuisance. For example, what if your neighbor was turning your thermostat off in the middle of the night on a cold winter day, thinking they were affecting their own home? Or imagine that your medical records or your fitness records stored in the cloud suddenly appeared with someone else's data, not yours. While IoT promises an improving lifestyle with new personalization replete with conveniently delivered content and services that find us where we are, we must be vigilant in protecting this highly personalized infrastructure. We must begin with FIDO authentication. We know that password systems cannot withstand hackers and malevolent actors, so FIDO authentication must be engaged before IoT can deliver all we can imagine, unimpeded by threats to our life style and well-being.
SecuritySolutionsWatch.com: We also read with great interest, Ramesh, the recent Nok Nok Press Release regarding Samsung and PayPal which have "...selected the company's NNLTM S3 Authentication Suite." Please give us an overview of Nok Nok solutions and please tell us more about this significant "win" with Samsung and PayPal.
Ramesh Kesanupalli: Yes. That is a significant win for us and we are working on a few more. PayPal has been working with us right from the beginning, and we are very happy that PayPal has deployed our FIDO Ready MFAS server which truly moves PayPal beyond passwords as the leader in the online payments space. We are also quite pleased that Samsung has deployed our Authentication kernel which provides strong authentication working at the hardware core of Samsung S5 with Synaptics's fingerprint sensor.
Nok Nok Labs is the first and, at this time, the only implementer of the UAF protocol, because the implementation draft is not yet published. Nok Nok Labs's MFAS server is a Multi-Factor Authentication server which we deploy within the service provider's infrastructure, and we have clients that work with multiple authentication technologies like Fingerprints, Facial Recognition, Speaker recognition, TPMs, and Secure Elements that can be deployed on Android platforms, Windows platforms. We support multiple browsers on the client. Also, we recently tested our client software with Apple iOS and Touch ID services, and we intend to support them once the Touch ID service from Apple is available publicly.
SecuritySolutionsWatch.com: Thanks again for joining us today, Ramesh. Are there any other subjects you would like to discuss?
Ramesh Kesanupalli: As a synopsis, it is basic but important to state exactly what the FIDO Alliance does and does not do, for your audience's reference.
The FIDO Alliance is an organization that provides a forum for its members to work together to develop and publish open industry standards. FIDO Authentication represents innovation that could only be realized by an ecosystem comprising the titans of technology and industry, and it is a huge step forward in authentication derived from the sum of many parts. FIDO members can each claim unique and patented innovations, but each has contributed their own technologies, experiences and leadership to create FIDO authentication in an open unencumbered standards framework.
FIDO authentication renders all strong authentication methods and solutions interoperable, more secure, private, and easy-to-use. These specifications allow interoperability among strong authentication technologies, and help remedy the problems users face with creating and remembering multiple usernames and passwords. Prior to the emergence of the FIDO specifications, the authentication market was highly fragmented with more than one hundred vendors offering entirely un-interoperable products.
FIDO authentication reverses a prevailing and long-standing inversely correlated model of security and ease-of-use. Until FIDO authentication, more security meant more trouble for users, who were expected to remember more passwords, more PINs, more secret phrases, more security questions, etc. Under FIDO authentication, security improves while the user experience becomes faster and easier. For the first time, users take control over their own authentication credentials; service providers no longer have responsibility for storing constituents' passwords and personal identifying information (PII), and they don't even have access to it.
For users, the FIDO experience allows them to choose device-centric authentication mechanisms such as fingerprint, voiceprint, or even securely managed/stored PINs, which are much easier for them to use than today's passwords. The FIDO architecture ensures that users' credentials are only stored securely on their local devices. As such, FIDO authentication removes the large centralized credential databases that today's password infrastructure creates. Additionally, FIDO's decentralized architecture means that it is not vulnerable to even systemic vulnerabilities, such as the OpenSSL "heartbleed" bug, which ravaged the Internet in Q2 2014.
At the same time, providers have much more insight and easier management on the backend to assess security requirements and vary and apply new controls as needed. Online, cloud and mobile service providers can implement FIDO specifications just once, and then determine as a matter of policy which types of authenticators they will trust. Simultaneously, users are freed from security concerns and, for the first time, can enjoy privacy!
Free at last to use online, mobile, and point-of-sale applications with ease, confidence and confidentiality, we're going to wonder how we managed without easy-to-use FIDO authentication.
Ramesh Kesanupalli: Thank you very much for the opportunity and I look forward to more exposure to the FIDO alliance and Nok Nok Labs through this interview.
For more information, please see Ramesh Kesanupalli's "Future of Authentication" presentation at COMPUTEX Taipei:http://www.slideshare.net/computex/2014-cpx-conferenceiot-forum-fido-alliance, and the related FIDO Press Release here:https://fidoalliance.org/news/item/the-fido-alliance-to-deliver-future-of-authentication-vision-at-computex. Find more about the FIDO Alliance at: www.fidoalliance.org. To join the FIDO Alliance and affect FIDO specifications as they develop, visit https://fidoalliance.org/membership.
Fido Alliance Board Members Told Us...
Michael Pak. Vice President of Security R&D, Samsung Mobile Communications, Samsung Electronics, Ltd.
Regarding the mission of the FIDO Alliance and its achievements thus far and vision of the future:
"The FIDO Alliance is the first global and multi-industry effort to set standards for incorporating biometric authentication in consumer electronic devices. For the first time in history, industry leaders from finance, software, hardware and multiple services industries have come together to set the standards that will change how we use ecommerce and the scope of it."
Regarding the importance of FIDO authentication and the vision of the future of authentication and its potential impact on IoT, network breaches, POS vulnerability.
"Credit card payment standards were originally shaped before the invention of the Internet, modern cryptography, and mobile devices. A standardized authentication method, such as FIDO, has been a key missing factor needed to transform the way we shop. Through the FIDO Alliance's efforts, we envision a world where consumers from around the world will be able to shop anywhere - from a small merchant, such as a fisherman in Africa, to advanced/modern department stores in Manhattan."
Liz Votaw, SVP, Customer Protection Strategy Digital Banking, Bank of America
Regarding mission of the FIDO Alliance and perspective regarding the achievements thus far for the FIDO Alliance and vision of the future.
"At Bank of America we take the security of our customers and the protection of their privacy very seriously. We continue to look for opportunities to work collaboratively within the financial industry and across different industries in an effort to develop valuable solutions for our customers. The mission of the FIDO Alliance aligns with our efforts, and since joining the board in February 2014 we have seen great progress toward establishing a shared framework that will benefit all consumers."
Regarding the significance of being a FIDO Alliance board member and the ability to influence outcomes and direct the work of the FIDO Alliance.
"As a FIDO Alliance board member, Bank of America has been able to ensure that the final FIDO specifications reflect the needs of the financial industry and its customers. The board represents a diverse cross-section of industries from software development companies, to hardware manufacturers, to giant technology platforms and financial institutions. Each company contributes their perspective and expertise, making for rich and productive dialogue and sound decision making. Bank of America has a voting seat and participates in the board governance subcommittee, allowing for many opportunities to directly influence the work of the alliance."
Regarding why FIDO authentication is important and the vision of the future of authentication as t can impacts IoT, network breaches, POS vulnerability.
"At Bank of America we are committed to providing secure and convenient banking services, products and account access to our customers. Similar to the goals of FIDO Authentication, we strive to provide frictionless access to all banking needs while at the same time ensuring the privacy and security of our customers' financial data."
Bret McDowell, Head of Ecosystem Security, eBay Inc., and FIDO Alliance Vice-president
"PayPal spearheaded the formation of the FIDO Alliance with Lenovo, Validity (now Synaptics) and Nok Nok Labs because we knew that there was a better and more secure way for consumers to authenticate - beyond passwords. We also knew that only an open industry standard would be able to supplant passwords at scale. To realize this vision we work closely with an ever-increasing number of FIDO Alliance members to create common specifications, where the first public drafts were released in February 2014. We partnered with Samsung and Nok Nok Labs to deploy the world's first FIDO ReadyTM solution that enables PayPal's privacy-preserving, highly secure fingerprint payments experience available on Samsung's Galaxy S5 and Galaxy Tab S. This solution is a great example of how FIDO technology is poised to impact our future by empowering us to securely deliver better experiences for our customers, anytime, anywhere, from any device."
This interview originally appeared in SecuritySolutionsWatch.com. Republished with permission.
The Internet of Things (IoT) is growing rapidly by extending current technologies, products and networks. By 2020, Cisco estimates there will be 50 billion connected devices. Gartner has forecast revenues of over $300 billion, just to IoT suppliers. Now is the time to figure out how you’ll make money – not just create innovative products. With hundreds of new products and companies jumping into the IoT fray every month, there’s no shortage of innovation. Despite this, McKinsey/VisionMobile data shows "less than 10 percent of IoT developers are making enough to support a reasonably sized team....
Dec. 1, 2015 04:00 PM EST Reads: 502
Just over a week ago I received a long and loud sustained applause for a presentation I delivered at this year’s Cloud Expo in Santa Clara. I was extremely pleased with the turnout and had some very good conversations with many of the attendees. Over the next few days I had many more meaningful conversations and was not only happy with the results but also learned a few new things. Here is everything I learned in those three days distilled into three short points.
Dec. 1, 2015 03:00 PM EST Reads: 385
Most of the IoT Gateway scenarios involve collecting data from machines/processing and pushing data upstream to cloud for further analytics. The gateway hardware varies from Raspberry Pi to Industrial PCs. The document states the process of allowing deploying polyglot data pipelining software with the clear notion of supporting immutability. In his session at @ThingsExpo, Shashank Jain, a development architect for SAP Labs, discussed the objective, which is to automate the IoT deployment process from development to production scenarios using Docker containers.
Dec. 1, 2015 03:00 PM EST Reads: 145
DevOps is about increasing efficiency, but nothing is more inefficient than building the same application twice. However, this is a routine occurrence with enterprise applications that need both a rich desktop web interface and strong mobile support. With recent technological advances from Isomorphic Software and others, rich desktop and tuned mobile experiences can now be created with a single codebase – without compromising functionality, performance or usability. In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, demonstrated examples of com...
Dec. 1, 2015 02:45 PM EST Reads: 448
As organizations realize the scope of the Internet of Things, gaining key insights from Big Data, through the use of advanced analytics, becomes crucial. However, IoT also creates the need for petabyte scale storage of data from millions of devices. A new type of Storage is required which seamlessly integrates robust data analytics with massive scale. These storage systems will act as “smart systems” provide in-place analytics that speed discovery and enable businesses to quickly derive meaningful and actionable insights. In his session at @ThingsExpo, Paul Turner, Chief Marketing Officer at...
Dec. 1, 2015 02:15 PM EST Reads: 451
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
Dec. 1, 2015 02:00 PM EST Reads: 549
In his General Session at 17th Cloud Expo, Bruce Swann, Senior Product Marketing Manager for Adobe Campaign, explored the key ingredients of cross-channel marketing in a digital world. Learn how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects).
Dec. 1, 2015 01:45 PM EST Reads: 358
With all the incredible momentum behind the Internet of Things (IoT) industry, it is easy to forget that not a single CEO wakes up and wonders if “my IoT is broken.” What they wonder is if they are making the right decisions to do all they can to increase revenue, decrease costs, and improve customer experience – effectively the same challenges they have always had in growing their business. The exciting thing about the IoT industry is now these decisions can be better, faster, and smarter. Now all corporate assets – people, objects, and spaces – can share information about themselves and thei...
Dec. 1, 2015 12:00 PM EST Reads: 311
The Internet of Everything is re-shaping technology trends–moving away from “request/response” architecture to an “always-on” Streaming Web where data is in constant motion and secure, reliable communication is an absolute necessity. As more and more THINGS go online, the challenges that developers will need to address will only increase exponentially. In his session at @ThingsExpo, Todd Greene, Founder & CEO of PubNub, exploreed the current state of IoT connectivity and review key trends and technology requirements that will drive the Internet of Things from hype to reality.
Dec. 1, 2015 11:45 AM EST Reads: 476
Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessions, I wanted to share some of my observations on emerging trends. As cyber security serves as a fou...
Dec. 1, 2015 11:45 AM EST Reads: 375
The cloud. Like a comic book superhero, there seems to be no problem it can’t fix or cost it can’t slash. Yet making the transition is not always easy and production environments are still largely on premise. Taking some practical and sensible steps to reduce risk can also help provide a basis for a successful cloud transition. A plethora of surveys from the likes of IDG and Gartner show that more than 70 percent of enterprises have deployed at least one or more cloud application or workload. Yet a closer inspection at the data reveals less than half of these cloud projects involve production...
Dec. 1, 2015 11:00 AM EST Reads: 515
Countless business models have spawned from the IaaS industry – resell Web hosting, blogs, public cloud, and on and on. With the overwhelming amount of tools available to us, it's sometimes easy to overlook that many of them are just new skins of resources we've had for a long time. In his general session at 17th Cloud Expo, Harold Hannon, Sr. Software Architect at SoftLayer, an IBM Company, broke down what we have to work with, discussed the benefits and pitfalls and how we can best use them to design hosted applications.
Dec. 1, 2015 10:45 AM EST Reads: 136
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true change and transformation possible.
Dec. 1, 2015 10:00 AM EST Reads: 581
Microservices are a very exciting architectural approach that many organizations are looking to as a way to accelerate innovation. Microservices promise to allow teams to move away from monolithic "ball of mud" systems, but the reality is that, in the vast majority of organizations, different projects and technologies will continue to be developed at different speeds. How to handle the dependencies between these disparate systems with different iteration cycles? Consider the "canoncial problem" in this scenario: microservice A (releases daily) depends on a couple of additions to backend B (re...
Dec. 1, 2015 09:00 AM EST Reads: 485
Container technology is shaping the future of DevOps and it’s also changing the way organizations think about application development. With the rise of mobile applications in the enterprise, businesses are abandoning year-long development cycles and embracing technologies that enable rapid development and continuous deployment of apps. In his session at DevOps Summit, Kurt Collins, Developer Evangelist at Built.io, examined how Docker has evolved into a highly effective tool for application delivery by allowing increasingly popular Mobile Backend-as-a-Service (mBaaS) platforms to quickly crea...
Dec. 1, 2015 08:00 AM EST Reads: 398
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.
Dec. 1, 2015 08:00 AM EST Reads: 397
We all know that data growth is exploding and storage budgets are shrinking. Instead of showing you charts on about how much data there is, in his General Session at 17th Cloud Expo, Scott Cleland, Senior Director of Product Marketing at HGST, showed how to capture all of your data in one place. After you have your data under control, you can then analyze it in one place, saving time and resources.
Dec. 1, 2015 08:00 AM EST Reads: 256
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound effect on the world, and what should we expect to see over the next couple of years.
Dec. 1, 2015 06:30 AM EST Reads: 515
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Day 2 Keynote at 17th Cloud Expo, Sandy Carter, IBM General Manager Cloud Ecosystem and Developers, and a Social Business Evangelist, wil...
Dec. 1, 2015 05:00 AM EST Reads: 624
PubNub has announced the release of BLOCKS, a set of customizable microservices that give developers a simple way to add code and deploy features for realtime apps.PubNub BLOCKS executes business logic directly on the data streaming through PubNub’s network without splitting it off to an intermediary server controlled by the customer. This revolutionary approach streamlines app development, reduces endpoint-to-endpoint latency, and allows apps to better leverage the enormous scalability of PubNub’s Data Stream Network.
Dec. 1, 2015 05:00 AM EST Reads: 362