The Week’s Technology News – 12th December 2014

 

 

Have you planned IoT into your business strategy in 2015?
Increasingly it is now possible to connect any powered device to a network.   The Internet of Things (IoT) is an enormous technical development to comprehend let alone incorporate. However, from a business point of view, the real value in IoT will not just be in the connection of ‘things’, but the opportunity (if done properly), to manage the data and bring the customer needs into focus, alongside the product or services on offer.  This suddenly makes it a transformative technology applied through hardware and software and becomes highly interesting commercially.

Cisco’s Internet Business Solutions Group estimates that next year there will be around 25 billion connected devices, which will double to 50 billion by 2020 and Gartner recently suggested that IoT is peaking now in its ‘Hype Cycle’ of expectation around the subject.

If intelligent services are applied from the insights gathered from collated data and interrogated, this has the potential to radically improve customer experience and cost savings in the long run through prompt performance, increased trust and access (given the right security procedures and policies) and bond an existing relationship more more strongly between provider and customer.

Seen in practical terms, an IoT print-enabled supplier, could remotely monitor their customer’s ink levels to advise on re-supply, simultaneously run diagnostics for updates or repairs needed and advise, upsell improved models matching day-to-day needs and immediately have higher level feedback on how the customer is physically using the equipment in real-time.

From an MSP perspective applying three simple concepts, ‘connecting’, ‘managing’ and ‘engaging’ will create a proactive environment and a more bonded relationship attracting because of the intelligent assistance given.  To get there you have to have an agile infrastructure providing quick, simple and secure connections.  Some businesses worry about how to build the infrastructure to connect their devices. There are admittedly many aspects to consider ie. storage; messaging and routing protocols; security; directories; analysis; automation; and APIs to name a few.

According to a recent global KPMG survey of technology business leaders, 20% of businesses find the concept of implementing IoT too complex looked at from the outside without expert help.  However, by utilising ready-built networks, offering fast, secure and scalable connections alongside a range of tools provided as a Platform as a Service (PaaS), businesses can concentrate their efforts on creating innovative connected products.   Now that sounds like a plan!

internet-of-things-IoT

Sony hacked again – one week later

Last week Sony Pictures Entertainment was hit by a huge cyber-attack, leaking unreleased films and 47,000 personal records.

Since then even more data has been leaked including confidential E-mails between Sony Pictures Chair, Amy Pascal and well known Hollywood film producer Scott Rudin. The e-mails in question mock Barack Obama in an exchange of racist messages, with Pascal asking producer Scot Rudin what she should ask Obama at an upcoming event.  “Although this was a private communication that was stolen, I accept full responsibility for what I wrote and apologize to everyone who was offended.”

This week a new attack aimed at Sony’s PSN (PlayStation Network) took the service down on Monday. The attack came in the form of a Distributed Denial-Of-service (DDOS). Although the timing comes hot off the heels from the Sony Pictures attack they did not come from the same source. The PSN attack came from a group called Lizard Squad who boasted about the attack on their Twitter account.

With fresh information still leaking, including plans for unannounced films, Sony may be playing damage control for some time.  These events only highlight the need for stringent malware protection and tightened defences against ever increasing DDoS attacks, as well as perhaps a pertinent reminder to staff about the appropriate use of email content, which in this case could have saved several blushes.

Sony

Data breach red flags for 2015
Global information services company Experian have published their Second Annual Data Breach Industry Forecast for 2015 after reviewing cyber attacks of 3,000 organisations.  In their report, Experian details a change of attitude amongst business leaders when it comes to cybersecurity.  This will affect organisations and regulators in the year ahead.

Not only is reputation critically at stake alongside security and trust, but the demand by consumers for more communication, as well as remedies in restoring the status quo, whilst ‘data fatigue’ from an expectation of resolution against personal apathy for individuals to take more vigilant steps personally.  With almost 50% of businesses having suffered at least one data breach in 2014, the need to increase investment in security technologies and policy planning and guidelines around this is paramount and accountability goes right to the top of the Board.  A company now without a data breach response plan could be the first to fall largest victim to unscrupulous criminal targeting.

New trends are anticipated for 2015.   These are anticipated to include:
• New payment technology
• The continued rapid expansion of Cloud and e-commerce
• The consistently high value of healthcare data on the blackmarket
• Employees as one of biggest threats
• Internet of Things (IoT)

1. Payment technology   The deadline for retailers to adopt EMV (Chip and PIN) credit card technology is October 2015  if they want to accept Visa or MasterCard payments. As a result, breaches may increase as the window for hackers closes.

2. Cloud technology   With the increased adoption of Cloud technology, businesses can do much to ensure they protect theirs and their customer’s data, as the value of consumer online credentials continues to grow.  A great starting point is to take extra steps to safeguard passwords, as hackers will be seeking to target progressively more Cloud data as the volume of data explodes exponentially by companies in the Cloud.  This involves the capability and measures to re-set passwords on an enormous scale and to communicate with affected users to advise them to maintain transparency as part of maintaining trust in the relationship.

3. Healthcare data   In the US, the increased number of access points to Protected Health Information (PHI), sensitive data via electronic medical records and increasing popularity of wearable technology, makes the entire healthcare industry vulnerable and attractive for cybercriminals.  On top of this, the FBI reportedly sent a private notice in 2014 to the healthcare industry that their cyber security systems were lax compared to other sectors.  Given the budget constraints facing the healthcare sector in the UK, it would be remarkable given how many have legacy IT infrastructures and constant downward pressure on budgets, to be able to avoid breaches entirely.

4. Human error   One of the least reported issues is the impact from employee breach – either through human error or malicious endeavour.   They remain the leading cause of breaches, accounting for 59% of reported cases – and companies should therefore take the necessary steps to have policies in place to circumvent or minimise any impact.

5. Internet of Things   With the expansion of the Internet of Things, businesses will be seeking to benefit from reviewing data to optimise performance and consumerisation response.  So with more devices being created with Wi-Fi capabilities and sensors that create the opportunity for everyday items eg. car keys, alarm system or wearable devices – these will relay confidential information over the Internet and communicate with each other. Cyber attacks will therefore likely increase via data accessed from third-party vendors.

Takeaway – so, what action is required?  There will be an expectation for Board members to have a better understanding of their organisation’s data breach response plan and comprehension of new technologies and security protocols in the workplace, along with a clearly defined chain of response should such a breach occur.  Currently less than 17% of Board executives surveyed knew if their organisation had suffered a breach in the previous 12 months. Alongside this, should be security awareness training for employees as legal and regulatory scrutiny is anticipated to increase in 2015.

padlock

This week’s technology news – 29th August 2014

Progress with IoT – But Security Concerns Still Dominate Public Opinion
The likelihood of The Internet of Things (IoT) becoming a reality, seems to be gathering pace and fast if public opinion is anything to go by.  According to a recent global report “Internet of Things: Connected Home,” 1,800 20-50 year old tech savvy consumers across 11 countries (including US, Australia, China, Germany, India, and the UK) were polled.  61% thought IoT, in which seamless connections between appliances and electronics are connected to the internet could happen, was “extremely likely” to happen in next five years (with 84% conclusion in China).

The IoT market is expected to grow to US$7.1 trillion over the next six years.  Is it all good news, well no.  Not surprisingly, the greatest concern was the risk of sensitive data being exposed as a result of IoT.

70% of those surveyed said they were either “extremely concerned” or “somewhat concerned” about the risk of data breaches or personal information being compromised.

60% stated that “privacy is important to me and I do not trust how this type of data may be used”.

67% of those in the US advised that if personal data was accessed without their knowledge or consent, they would “feel violated and extremely angry to the point where (they) would take action”.  The majority of those surveyed suggested that their government should regulate how data is collected and what vendors are allowed to do and not do with the collected data.

The risk of losing public trust by not having well through through security and governance protocols in place from the start is too great for governments and network administrators to ignore.
In the UK, the Government has invested a further £1.6m on wireless project HyperCat, a thin interoperability layer which allows devices using different communication platforms to exchange data.  This is part of a £6.4 million package of public funding into IoT. The Government’s contribution to this non-profit making project provides a degree of independent assurance and secure interoperability.  Whilst Qualcomm, Microsoft, Cisco, HTC and Symantec are behind a similar “AllSeen Alliance” and Apple creates its own proprietary IoT standard called “HomeKit”, in the UK, 40+ technology companies including ARM, BT and KPMG are investing £45 million in the hope that their synchronised wireless communication standards version will become the globally accepted international standard, published through the British Standards Institute (BSI).

With the spec for Hypercat due to be published in 2015, for organisations everywhere, the advice is to treat IoT with care and fully consider the value of any data gathered and the potential impact of any breach.  As the volume of data in circulation increases and its storage and mining carries ever greater personal and commercial significance, the way in which business handles corporate responsibility and public may determine loyalty and their bottom line.

iot2


The good and evil of 3D printing

Since the development of 3D printing technology, there have been a myriad of different uses coming to market. Two have recently been brought into public focus this week – and they could not be more polar opposites.

The first (good use) is a 3D printed vertebra which has been successfully implanted in a 12 year-old boy with cancer in his spinal cord. The benefits of 3D printing the required part is that it could be specifically designed to match the child’s original vertebra.  The design also includes small holes that let the natural bone grow inside. This makes the 3D printed vertebra a permanent part of the spine which will not need adjustment in the future as the child grows.

On the negative side, like the 3D printed gun before it, not all uses of 3D printing technology we are destined to see will be for the good.   A new “bump key” has been invented using the technology.  A combination of locksmith know-how and 3D printing equipment has resulted in locks you can open without having the original key.   Happily, it is never as simple as it sounds.   First a photo of the lock itself has to be taken to assist in the printing of the “bump key”.  Then with the bump key in the lock it has to be hit with a special mallet at several points of the key turn.   If done correctly, the mechanism will unlock without damage to the lock itself.

As 3D printing equipment costs fall, ever more uses for the printing technology will be discovered. It has the potential to be a disruptive technology and so markets, law enforcers and regulators will need to keep an eye on developments in order to safeguard or counter its good use.

3dbumpkey_thumbnail

 

Shocking jailbreak for prison data
The Ministry of Justice (MOJ) has been fined £180,000 by the Information Commissioner’s Office (ICO) for “serious failings” following the loss of a hard drive containing confidential details of 3,000 prisoners at Erlestoke Prison in Wiltshire in 2013.  The data included information on organised crime, prisoners’ health and drug misuse, along with details about offenders’ victims and visitors.  Central to the severity of the breach was the fact that the disk had not been encrypted.

When a similar incident took place back in 2011, this triggered the issue of new back-up drives across the Prison Service which could be encrypted. However, the upgraded process was flawed from the start, as The Prison Service failed to provide instructions to employees to activate the encryption option which had to be done manually.

The ICO’s Head of Enforcement, Stephen Eckersley did not mince words in his damning report:   “The fact that a government department with security oversight for prisons can supply equipment to 75 prisons throughout England and Wales without properly understanding, let alone telling them how to use it, beggars belief”.  The sensitive information for prisoners, the public and victims remained insecure for over a year.  A spokeswoman for the MOJ advised that this had now been replaced with a secure centralised system.

The lesson for organisations to take from this shocker is simple, to have technology is one thing, to understand and implement the relevant security measures to safeguard the data is the fundamental partner in the equation for good gatekeeping and providing a safe pair of hands.


Questionable use of results from data collection of wearables

Wearables are out in the wild collecting metrics of user’s daily lives where users can see and track their own data. However, it can be tricky to visualise this without example of what the benefit of all this information has on a larger scale.

Jawbone, producers of some wearable fitness technology, published a report showing some live trends which arose following an earthquake this week in South Napa, San Francisco.   People wearing the devices in the vicinity were monitored and the results recorded those who awoke when it struck at 3.20am local time and who got up (90%). This is against those who carried on sleeping, having been located further away from the quake’s epicentre.

This on its own is interesting, but not remarkable.  However, Jawbone’s publication of its data findings from region to region, flags up the notable concern that how personal data is to be used can often be hidden in the small print of terms of conditions. Whilst data is frequently used anonymously, as wearables become more adopted – and especially when being infused with existing technology such as smart phones, this type of data collection will need to become a lot more transparent to prevent consumer backlash.

jawbone-up-san-fran-earthquake-2014-08-25-03

This week’s technology news – 4th July 2014

Personal and corporate lives fuse over mobile devices
Samsung report 75% of workers across Europe use corporate devices for personal tasks and a similar number use their own mobiles for work related activities. There is an increasing blur between the home and workplace – and whilst the figures are slightly lower at nearly two-thirds for UK respondents, it is clear there is still much to do on narrowing the risk and understanding new ways of working with your employees.

In our device-led, computer filled age, it may come as no surprise that 40% of the 4,500 workers surveyed said that their productivity levels are higher and 28% reported that stress levels were lowered, because of their ability to complete personal tasks during work time eg. during commuting time or a lunch hour. These included shopping or research – and UK workers reportedly had on average nine personal applications on their work smartphone and eight work apps on their business device. Many workers had no idea if their company even had a policy on use governance.

Clearly it is an important area for companies to protect themselves by ensuring they have a defined mobile and security policy to avoid security leaches or mis-use. Samsung’s own Knox-enabled devices are getting wide adoption, with 25 million devices enabled and attracting more than one million users, with approved endorsement by the UK Government and US military. Part of winning over staff and creating a better overall outcome, will be an education effort between the company and their workforce to advise employees and make them understand why restrictions are necessary. Governance can have a feel good factor if is handled well and not simply seen to obstruct workflow or efficiency.

The physical location of your data may change in the future
Many organisations are very cautious where their business data is physically stored, and rightfully so. The physically location can determine if other parties can also access your data if they believe they have reason to do so. Gartner recognises these concerns, though also believes the physical location of your data will become less relevant in the coming years and irrelevant by 2020. They believe physical location will be replaced with legal, political and logical locations. Neither one of these location types solve the issue alone but organisations will need to take on a hybrid approach, using multiple locations with different service delivery models.

While we plan for this future, we can utilise current software defined data centres to gain the flexibility of increased agility from provisioning applications quickly, improved control and policy-based governance, whilst keeping a handle on the location of your data.

“OFSTED” required for the Internet of Things (“IoT”)
The next phase of internet architecture “The Internet of Things” and how it will connect with our lives, still has a glaring gap to master, namely standards. There is much talk about the collection of data which will layer the insights to intuitively “assist” us in our future life, work and environment. This will happen via billions of little sensors being attached to everything, collected, processed and recycled into the right direction to be useful to us. Currently this is handled in data centres but despite their efforts to reduce energy use, the IoT will change this space. Ultimately, it is the data, its management and how it is aggregated to be intelligent, that lies at the heart of the issue, not so much sensors or home networks which is often the public talking point.

The intelligence of the IoT has to be harnessed by being more green without doubt. The sensors need multiple gateways, connecting a multiplicity of devices of varying power demands, which avoid connecting to the mains or requiring frequent battery replacements. IoT needs low speeds and low energy. It must stay simple and have mass production at scale, to make being “Smarter” compelling. But that will require it being at a reasonable cost.

The conflict lies in there being a lot of technologies with competing interests, vying for their part of the market including Wi-Fi, Bluetooth Low Energy, the latest DECT mutation (ULE) and the Weightless group which uses “white space” radio, plus older versions including ZigBee. But until these shake down to key IoT operators which can deal with and distribute the volumes of power at low cost to commercial mass, clarity cannot be deduced.

And therein lies the conundrum: with the potential to be top heavy in power overheads, how will it all be connected, who will govern the standards – and what will those standards be? It is still a very complex picture. But whilst the answers are not fully expressed yet, it will be big business for some and the live questions must lead to some form of “Office of Standards” to avoid the internet being caught on catch-up with itself and the formulae not working for the good of us all in the long term.

Wearables in the workplace, are you ready?
Google Glass is yet to be officially released, but with the announcement and commercial release of Android Wear, Google’s own smart watches have leap-frogged themselves into customers’ hands. Both Apple and Microsoft are heavily rumoured to be working on their own wearable platforms potentially being released later this year.

Wearables by their nature are meant to be worn throughout your day, monitoring your health and also keeping you notifications at glance level.

If you have not already, you will soon find people wearing their own wearables into the workplace. With a new type of device comes new security concerns. The good news is that wearables will fit into an existing set of good policies. These devices do not connect to the internet directly, but rely on a connection with the user’s phone, so a thought out mobile policy will cover this. Another area of concern is that the camera on Google Glass could record employees without consent. Again, this should already be covered by a mobile or camera policy.

The conclusion is that even if you are not adopting wearable tech now, you shouldn’t be surprised to see a smart watch on an employee’s wrist. Check over your technology policies and make sure you are ready, as the wearable may arrive quicker than you expect.

Android-Wear