|By Elizabeth White||
|June 3, 2014 11:00 AM EDT||
Mr. George Romas is the Technical Director of the Cybersecurity Solutions Group at HP Enterprise Services, U.S. Public Sector.
SecuritySolutionsWatch.com: Thank you for joining us again today, George. It's been roughly one year since our first meeting when we spoke about building security in, continuous monitoring, and the process that HP undertakes to develop and deliver the right cybersecurity solutions to HP customers. But, one year feels like a decade in the IT space - so much has happened. Today we'd like to discuss with you the topic of IoT (the Internet of Things). We read with great interest your recent blog on this subject. If you don't mind, can you please share with us your primer on IoT?
George Romas: IoT is something that we discuss on a regular basis at HP and I am appreciative of the opportunity to share my ideas on the topic with you. As you know, today we live in a world where just about everything is connected. While the Internet connects computers, in concept, the IoT connects everything else. Solutions in this space are appearing rapidly within the consumer space, while interesting industrial applications are also being deployed (please see my above blog link for examples.) You can think of IoT as a network of connected processors and sensors, and the type of sensors are only limited by your imagination. Today, the consumer space is seeing an expansion in the sensor environment (weather, home, traffic, safety), fitness (health, exercise), and multimedia (streaming to multiple devices, remote control). Yet as embedded processors and sensors become smaller (think "nano-sized"), we will be able to monitor and manage nearly anything. This will impact a wide range of industries and markets, from more efficient utilization of IT infrastructure to transportation systems, to automation of daily personal tasks.
SecuritySolutionsWatch.com: The upside and benefits of IoT are clear... things get done "for us" not necessarily "by us." Today's smart home is perhaps a good example here - as homeowners can control their HVAC and security systems from anywhere, at any time. Forgot to lower the heat when you left for vacation? Did you set the alarm... lock the door? No problem - just do it when you land in Hong Kong - or on the way there - or even your house can be programmed to do it automatically upon detecting your absence. And the convenience of being able to pay a bill, send a gift, check a stock price, find out who won the game, make a dinner reservation, respond to that customer - all in a matter of seconds with our mobile devices - makes us more efficient. But, we all know there are bad guys out there. Are we now also more vulnerable? Does IoT also mean an Internet of greater risk (IoGR)? Should I worry that my iPhone is a target? What are your thoughts?
George Romas: I'd like to start the conversation by talking about extremes. Let's take security out of the equation and assume that everything is connected and life is easy. Just as you outline, we can automate many of our daily tasks, both personal and business. In this scenario, we have processors and sensors everywhere that know your location, behavior, preferences, schedule, tasks, goals, hobbies, etc. This aligns with the typical science fiction depiction of the future: your house wakes you up, adjusts lighting and temperature, breakfast is ready, and clothes are picked out according to your activities that day. Your self-driving car has reviewed current traffic patterns and whisks you off to work while you answer emails and catch up on the news. Your day is already scheduled for you and meetings, phone calls and tasks occur without you having to think about or plan them. The rest of the day proceeds similarly, with everything planned and scheduled by the algorithms and machines around us.
Now, to answer your question - yes, you should worry! All the components of this scenario and the interactions between them are vulnerable to manipulation and disruption. Without security in the equation, that utopian day can quickly devolve into chaos and danger. Each benefit I described also introduces vulnerabilities because by connecting open networks to physical objects and personal information, you're opening yourself to a variety of threats and attacks.
SecuritySolutionsWatch.com: Your colleague at HP, Sridhar Solur, Director, Next-Gen Computing and Cloud Services, presented some eye-opening statistics in his recent IoT presentation - one example being that by 2025 more than one trillion devices will be connected to the Internet. With all these mobile devices coming into the workplace with access to the network, what is your perspective on "best practices" that should be followed by a government agency, a bank, a hospital, an oil and gas company, the transportation entity, or other enterprises that employ owners of those devices?
George Romas: As I previously mentioned, security is of the utmost importance when it comes to more and more devices being connected to the Internet, especially as employees bring them to the workplace. One trillion devices globally translate into trillions of attack surfaces. Conversely, having "too much" security doesn't work either, as the nature of IoT requires real-time response. If devices and communications are locked down, and each transaction has to be authenticated, the system would become unusable due to performance and timing issues. Instead, I recommend leveraging the security frameworks that are well known - for example, privacy, data or HIPAA protections - and building the capabilities needed to implement those frameworks into IoT protocols; combining it with approaches to design security in. While some of these capabilities don't exist yet, as I outlined in my blog, there are initiatives to provide both better interoperability and better security for the IoT. More information about these initiatives can be found on my HP blog post, "The Internet of (Secure) Things - Embedding Security in the IoT." We have to walk the fine line between the benefits that come with IoT and the complexity of securing the IoT ecosystem - from human identities to critical infrastructure.
SecuritySolutionsWatch.com: Can we discuss data analytics for a moment? With sensors everywhere that monitor our behavior, our health, as well as the performance of the machines we depend on in our personal and business lives, IoT delivers powerful information that can be monetized. Do you envision certain industries being transformed and other new industries being created as a result of IoT?
George Romas: In transforming industries and our lives, the benefits of IoT are as obvious as its potential abuses. For instance, think of the possible health and medical advances that could be realized by tracking the details of individual diet, exercise and behaviors across an entire population. We don't think twice about allowing our shopping preferences to be tracked so that we can enjoy discounts and targeted coupons. Why wouldn't we do the same if it meant better health and longer life? Instead of just tracking you, IoT devices could modify your life, for a fee, to continuously monitor and optimize the changes in your health; for instance, your refrigerator could substitute items on your shopping list or in your recipes (e.g., substituting Truvia for sugar, or egg whites for whole eggs). Your daily schedule could be modified to include more exercise. Devices could continuously monitor and optimize the changes in your health. Yet, however, if the appropriate security controls are not implemented, the possibility of abuse can be equally envisioned. This same private data could instead be used to target ads and promotions to every individual, monetizing every behavior and preference, or in an extreme case, substituting a deadly allergen or poison as a new form of attack. Instead of optimization, the goal could become consumption, or even a bizarre deadly health hazard.
Thinking about the availability of massive amounts of data that will be collected, I can imagine many novel uses for that information. Integrate streaming video from drones with transportation schedules, weather data, traffic cams/statistics (air, rail and road), and more, to automatically find the optimal route and mode of transportation to-and-from anywhere to anywhere. Provide dates, destination and "family vacation" details to a travel system and your experience can be enhanced as the system could make all of your reservations (at the cheapest rates) for you.
In addition, IoT will create completely new industries that form around smart devices. We already see the beginnings of that today, where smoke detectors, thermostats, audio/video equipment, watches, smart phones, vehicles and more are becoming sensor-rich and network-enabled. Everyday devices in your home or office will collaborate to form new capabilities.
An example of this scenario can be demonstrated through home security. Using IoT, your home would know that your house is vacant by polling the motion detectors embedded in its Nest Protect smoke detectors and thermostat, and correlating that information with the family schedule (work and school). When the back door opens without the proper key code or ping from an authenticated smartphone and motion is detected, your home sounds a piercing alarm over the whole-house audio speaker system. In turn, it also sends an alert with streaming video to the police, sends warning texts to all family members, and disrupts other communications from within the house.
In the workplace, the information gathered from IoT can be leveraged in a number of ways. It identifies and authenticates you to physical and cyber systems, alerting on anomalous behaviors and providing single sign-on access to the resources required for your job/role. Your workplace can utilize this information to better plan and operate IT resources. In addition, a virtual CIO/CISO can continually and minutely monitor performance and security of corporate systems. This information also feeds into business processes, optimizing all the components needed to reach corporate goals.
SecuritySolutionsWatch.com: While we're on the subject of front-page news, more security inevitably means more cost and less convenience to users. Are we going to have to bite the bullet and make these adjustments?
George Romas: Yes, but we have the opportunity to do this the correct way. As Sridhar noted, IoT devices will be ubiquitous. Investing more today in developing the proper protections and protocols must be done. These protections will speed adoption, and economies of scale will more than pay for today's investment. Just do a Web search for "IoT" and you'll see a large number of companies and open source initiatives working in this market. We have to work towards a common, secure framework to provide these solutions with a resilient, assured environment to operate in.
SecuritySolutionsWatch.com: Thank you again for joining us today. Are there any other subjects you'd like to talk about?
George Romas: In some ways, I consider myself a futurist, in the same way that science fiction authors can sometimes accurately predict future technologies and solutions. When I think of what IoT may look like in 2025, with possibly one trillion devices (a global network of sensors), I can't help but think of Isaac Asimov's Foundation series of science fiction novels. He created the science of psychohistory - by combining the studies of history, sociology and statistics against large populations, you could accurately predict the flow of future events. Imagine that unprecedented collection of current and past human behavior on a global scale.
HP is prepared for this explosion of data with scalable big data management and analytics platforms like HAVEn and Autonomy - designed to help enterprises leverage all your relevant Big Data, to make more informed decisions. However, for the time being, my parting thought is to ask, is it too far of a leap to believe that we could create algorithms that could predict future human behavior and consequent events? Just something to ponder....
This interview originally appeared in SecuritySolutionsWatch.com. Republished with permission.
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Feb. 26, 2017 02:30 AM EST Reads: 13,708
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
Feb. 26, 2017 02:00 AM EST Reads: 4,765
"We host and fully manage cloud data services, whether we store, the data, move the data, or run analytics on the data," stated Kamal Shannak, Senior Development Manager, Cloud Data Services, IBM, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Feb. 26, 2017 01:45 AM EST Reads: 6,212
Zerto exhibited at SYS-CON's 18th International Cloud Expo®, which took place at the Javits Center in New York City, NY, in June 2016. Zerto is committed to keeping enterprise and cloud IT running 24/7 by providing innovative, simple, reliable and scalable business continuity software solutions. Through the Zerto Cloud Continuity Platform™, organizations can seamlessly move and protect virtualized workloads between public, private and hybrid clouds. The company’s flagship product, Zerto Virtual...
Feb. 26, 2017 01:15 AM EST Reads: 1,738
Some people worry that OpenStack is more flash then substance; however, for many customers this could not be farther from the truth. No other technology equalizes the playing field between vendors while giving your internal teams better access than ever to infrastructure when they need it. In his session at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will talk through some real-world OpenStack deployments and look into the ways this can benefit customers of all sizes....
Feb. 26, 2017 12:00 AM EST Reads: 1,479
SYS-CON Events announced today that delaPlex will exhibit at SYS-CON's @CloudExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. delaPlex pioneered Software Development as a Service (SDaaS), which provides scalable resources to build, test, and deploy software. It’s a fast and more reliable way to develop a new product or expand your in-house team.
Feb. 25, 2017 11:45 PM EST Reads: 1,983
Extreme Computing is the ability to leverage highly performant infrastructure and software to accelerate Big Data, machine learning, HPC, and Enterprise applications. High IOPS Storage, low-latency networks, in-memory databases, GPUs and other parallel accelerators are being used to achieve faster results and help businesses make better decisions. In his session at 18th Cloud Expo, Michael O'Neill, Strategic Business Development at NVIDIA, focused on some of the unique ways extreme computing is...
Feb. 25, 2017 10:45 PM EST Reads: 8,588
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
Feb. 25, 2017 10:30 PM EST Reads: 1,866
Due of the rise of Hadoop, many enterprises are now deploying their first small clusters of 10 to 20 servers. At this small scale, the complexity of operating the cluster looks and feels like general data center servers. It is not until the clusters scale, as they inevitably do, when the pain caused by the exponential complexity becomes apparent. We've seen this problem occur time and time again. In his session at Big Data Expo, Greg Bruno, Vice President of Engineering and co-founder of StackIQ...
Feb. 25, 2017 09:45 PM EST Reads: 9,320
The security needs of IoT environments require a strong, proven approach to maintain security, trust and privacy in their ecosystem. Assurance and protection of device identity, secure data encryption and authentication are the key security challenges organizations are trying to address when integrating IoT devices. This holds true for IoT applications in a wide range of industries, for example, healthcare, consumer devices, and manufacturing. In his session at @ThingsExpo, Lancen LaChance, vic...
Feb. 25, 2017 09:00 PM EST Reads: 9,125
"Plutora provides release and testing environment capabilities to the enterprise," explained Dalibor Siroky, Director and Co-founder of Plutora, in this SYS-CON.tv interview at @DevOpsSummit, held June 9-11, 2015, at the Javits Center in New York City.
Feb. 25, 2017 08:45 PM EST Reads: 4,726
FinTech is the sum of financial and technology, and it’s one of the fastest growing tech industries. Total global investments in FinTech almost reached $50 billion last year, but there is still a great deal of confusion over what it is and what it means – especially as it applies to retirement. Building financial startups is not simple, but with the right team, technology and an innovative approach it can be an extremely interesting domain to disrupt. FinTech heralds a financial revolution that...
Feb. 25, 2017 08:45 PM EST Reads: 1,942
In his session at DevOps Summit, Tapabrata Pal, Director of Enterprise Architecture at Capital One, will tell a story about how Capital One has embraced Agile and DevOps Security practices across the Enterprise – driven by Enterprise Architecture; bringing in Development, Operations and Information Security organizations together. Capital Ones DevOpsSec practice is based upon three "pillars" – Shift-Left, Automate Everything, Dashboard Everything. Within about three years, from 100% waterfall, C...
Feb. 25, 2017 08:00 PM EST Reads: 11,333
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
Feb. 25, 2017 08:00 PM EST Reads: 1,916
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
Feb. 25, 2017 08:00 PM EST Reads: 13,560
SYS-CON Events announced today that Addteq will exhibit at SYS-CON's @DevOpsSummit at Cloud Expo New York, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Addteq is one of the top 10 Platinum Atlassian Experts who specialize in DevOps, custom and continuous integration, automation, plugin development, and consulting for midsize and global firms. Addteq firmly believes that automation is essential for successful software releases. Addteq centers its products an...
Feb. 25, 2017 07:45 PM EST Reads: 569
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
Feb. 25, 2017 07:30 PM EST Reads: 1,823
SYS-CON Events announced today that IoT Now has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
Feb. 25, 2017 07:00 PM EST Reads: 1,709
SYS-CON Events announced today that WineSOFT will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Based in Seoul and Irvine, WineSOFT is an innovative software house focusing on internet infrastructure solutions. The venture started as a bootstrap start-up in 2010 by focusing on making the internet faster and more powerful. WineSOFT’s knowledge is based on the expertise of TCP/IP, VPN, SSL, peer-to-peer, mob...
Feb. 25, 2017 06:45 PM EST Reads: 1,943
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
Feb. 25, 2017 06:30 PM EST Reads: 1,401