Friday, 11 November 2016

The IoT Deluge


It was amusing to hear at a conference earlier this year, how one speaker had hacked into an acquaintances home network of smart devices and used this to scare the living daylights out of him one night, just to demonstrate the point that you need to firewall your home networks adequately. However, despite stories about peoples kettles and fridges being harnessed for use in Distributed Denial of Service (DDoS) attacks, the means for implementing Internet of Things (IoT) security frameworks already exist. If you go to any IoT event, someone will be promoting their IoT security platform. It's just that there is some catching up to do with the installed base of old unprotected SCADA systems and first generation "smart devices" to ensure that they are properly protected. As most of them were deployed with scant consideration of security.

Recently, it has become increasingly obvious that reality is beginning to set in about IoT exploitation. Businesses which want to exploit IoT in any meaningful way need to set about heavy duty industrialisation of key capabilities. Depending upon the business scenario in which you wish to exploit IoT, you may or may not have control of the end devices. In most cases you won't. So your solution may need to take into account different APIs for integration and different levels of security. It also needs to take into account that at any point in time, a significant part of the overall population of devices that you are communicating with may not be working for any number of reasons.

You also need to take into account the shear volume of data. IoT exploitation inevitably means large, fast growing volumes of data which has to be captured, sanitized, stored, analysed or exploited and managed according to relevant policies. However, many applications may need to take into account issues to do with geography; network bandwidth is not uniform within a county, let alone between countries. At sea it may be  extremely low compared with land. Legal jurisdictions can impact what is permissable from a privacy or even data export perspective.

However, key to scalability is the means to manage an IoT network. Each IoT device used by your solution will generate large volumes of data itself. Whilst attention to date has been focused on the application data, the volumes of event data for the devices, networks, associated installations and security devices could potentially drown the volumes of application data involved. Managing this data so that you can control the overall performance of the solution and optimise business outcomes, is a problem vastly larger than that which most IT organisations struggle with today. Automation is the only answer. Automation which brings all the data together, intelligently analyses it and visualises it for analysis is needed. IoT adoption, usually means changing your business model to do things differently and more intelligently. This cannot happen if you are not capturing and fixing problems as they happen as well as anticipating problems based on trend analysis. So Automation of monitoring and analysis is key. So automated monitoring is not just a nice thing to have because the DevOps boys told you it is trendy. Automation is key to survival. It has to deal with both operational and security incidents, and it has to be integrated across your whole environment. Point solutions are not good enough.

Fortunately, there is a new generation of tools which do this. They do it across hybrid cloud environments and deal with multiple protocols. Analysis of experience to date indicate that not only do they lead to dramatically shorter resolution times to problems (e.g. quarter to a third of previous times using traditional approaches), but to reductions in incidents (by similar margins) and therefore significantly reduced loss of value when problems occur. 




Wednesday, 9 November 2016

DIGITAL DECEPTIONS & ACCELERATION

It has been a great week for special events. Trump did the unspeakable and pulled off the Presidential contest in the US. Who would have forecast it?

Away from politics, there has been great excitement with the announcement that Dubai could host the debut of HyperLoop One's radical transit technology, linking to Abu Dhabi in 12 minutes and implementing Elon Musk's vision of near supersonic pod transport.

Sitting over a glass of Moldovan Wine (yes Moldovan) at the World Travel Market, in London's Excel, I casually bumped into one of London'd start up kings, Razvan Patrascioiu, see http://bit.ly/2fydFf4 , who is working on his new venture to ensure that London's visitors get to really enjoy the great restaurants that have become part of the capital's landscape. Later over Slovakian and Israeli wine on other stands I mused on the power of wine to connect people, especially in the digital world. So anyone who is remotely keen on this idea should check out the Chief Wine Officer on LinkedIn and Twitter. This is still my favourite digitaly enabled marketing vehicle and remains extremely effective at connecting CIO level people with technology providers.

Anyway, anyone who actually read my post about digital vikings, will know that digital entrepreneurs face defensive business fortifications which can derail their asymetrical attacks on new markets. This week Facebook halted the deployment of a Fintech Insurance app aimed at correlating facebook behaviour with driving behaviour. Facebook will not release the data to be used in the app. It's against their policy. Additionally, Uber was told that under UK law, their drivers are effectively employees and entitled to minimum wages and holiday pay. This just goes to show, that you need to able to respond quickly to set backs and if you cannot anticipate problems, at least plan to implement in ways that adapt to changes in circumstance and don't burn all your funds at once.

Finally in a great demonstration at the ACM Conference on Computer and Communications Security Hofburg Palace, Vienna, Austria, researchers from Carnegie Melon demonstrated how special glasses could be used to fool commercial facial recognition systems. For example a male test subject wearing the special glasses was recognised as actress Milla Jovovich..


Thursday, 3 November 2016

Blockchain Frenzy

You cannot pick up a business publication these days without seeing something written about Blockchain or Bitcoin. Blockchain has pushed Big Data, IoT and Digital Business Models onto the sidelines. This has been accompanied by a huge rush to invest in the technology and thousands of start ups being established, hoping to exploit the technology.

Yet if you read the articles written about Blockchain, it is difficult to get your head around the subject. Recently, I read a comment by a Consultant who specialises in Blockchain noting his complaints about the complete gibberish being published about it. So I decided to educate myself on the subject and was relieved to find an introductory talk on the subject being run by the Business Information Systems Group of the BCS. 

What I learnt was:

- Blockchain is a protocol for a Distributed Ledger;
- It creates read only transaction records which are cryptographically protected by Hashing;
- Transactions are contained within time-stamped blocks; each block is hashed; the blocks are chained together in such a way that their hashes are based on their position within the chain;
- The main parties participating in the transactions get complete copies of the chains;
- Parties can only view the records which relate to them;
- The ledger can deal with anything of value and does not have to be limited to money;
- It is possible to apply some conditional business rules via "smart contracts".

The speaker has a great web site www.distlytics.com on which he has provided some good resources for learning more. It's worth a visit.

Put together, this makes for a highly resilient (to fraud or denial of service attack) means of exchanging value or valuable assets without the involvement of trusted 3rd parties. It also provides confidentiality, traceability or provenance by default. So there are many innovative initiatives and opportunities around it. Removal of the need for a trusted 3rd party would remove the need for brokers in certain types of transaction, whether it is financial, commodity or asset based. The provenance trail could be useful in art dealing or international antiquity import and export; conveyancing of property deals could become a thing of the past and so on.

There are some issues. Some are regulatory. For example tax and treasury authorities typically do not like the unmonitored and invisible to them. There also is potential for the use of the technology for criminal purposes on the so called dark web.

However the key issue at present appears to be scalability. The scale of duplication in very large markets is likely to be unsustainable, unless new concepts are added. It appears that existing implementations are only able to sustain modest transaction rates for comparatively small sizes of market. The duplication involves significant overheads on transactional complexity, network traffic and storage.

So if Blockchain is going to involve, there is a need for a standards body or user body to evolve the protocol for performance, APIs etc. At present this is interesting as the original protocol was floated by someone or collection of people using a pseudonym. So at present there appears to be no authoritative owner to legitimise such a body.

It will be interesting to see what happens next and how market forces will shape the evolution of Blockchain.