IT bits and bytes

Monday, September 21, 2015

The importance of layering IoT security by Steve Surfaro On Sep 8, 2015 This table outlines the potential components that a company could insure from a cybersecurity perspective. Photo credit: (Graphic courtesy ASIS International Security Applied Sciences Council) 08 2015 IoT Superball only 55ef1652baed7 The IoT 'Superball' model, pictured above, was developed in cooperation with the Security Applied Sciences Council, ASIS International and The Video Quality in Public Safety Working Group, part of the U.S. Department of Homeland Security Science and Technology Directorate. Photo credit: (Graphic courtesy DHS) cyber insurance chart 55ef170fe27f8 This table outlines the potential components that a company could insure from a cybersecurity perspective. Photo credit: (Graphic courtesy ASIS International Security Applied Sciences Council) 08 2015 IoT Superball only 55ef1652baed7 The IoT 'Superball' model, pictured above, was developed in cooperation with the Security Applied Sciences Council, ASIS International and The Video Quality in Public Safety Working Group, part of the U.S. Department of Homeland Security Science and Technology Directorate. Photo credit: (Graphic courtesy DHS) CLICK HERE FOR MORE INFORMATION CLICK HERE FOR MORE INFORMATION In today’s interconnected universe, network and sensor outages in one system often have cascading impact on other systems with which they interact. For instance, a communications failure of one of the world’s largest airline carriers affected for not only the travel industry, but also the logistics and distribution of consumer goods. Very recently the failure of a sensor network shut down the largest petroleum refinery in the Midwest, causing the wholesale price for gasoline in Chicago and St. Louis to jump 60 cents per gallon in a single day. A fault in a submarine optical fiber cable connecting Australia, Guam and Japan also recently failed; however, hundreds of gigabit per second data traffic from the impacted section was switched to alternate paths on an optical fiber ring configuration. If this resiliency had not existed, the outage could have potentially shutdown untold numbers of credit-card purchases, ATM money withdrawals and vital healthcare teleconferencing while awaiting a cable repair ship to reach the site and repair the damage. And then, of course, there are the deliberate saboteurs. When internal technical issues simultaneously affected operations at two global financial exchanges, communications in the "Dark Web" congratulated the perpetrators on a job well done referencing the institutions by name. Chances are you're not very familiar with this shadowy network of websites often used to sell illegal goods and services. But ironically, the Dark Web itself was shut down recently when someone discovered services protocol vulnerabilities that could reveal the location of supposedly anonymous servers. Essentially, the hackers got hacked. So what can we do as manufacturers, system architects and users to protect ourselves against such catastrophic events, whether initiated accidentally or maliciously? Establishing trusted access authentication for IoT devices According to a recent study conducted by Capgemini Consulting and Sogeti High Tech, the two most significant vulnerabilities in the world of IoT devices are password attacks and identity spoofing. This has led developers to devise better processes for establishing trusted access to the IoT, including server-based authentication. CLICK HERE FOR MORE INFORMATION One approach has been to base cybersecurity on server locations that are far away from the devices connected to the Internet – the "things" in IoT. However that method tends to slow down traffic. A faster alternative is to use multi-factor authentication (MFA) which permits multiple servers located closer to the "edge" IP cameras, physical access control panels and/or communications devices to process authorization requests. Push Notification Services. One of the best examples of these high-performance security processes is the smartphone in your pocket or handbag. Push Notification Services (PNS), a highly efficient and secure remote notification feature for Android, iOS and Microsoft smartphone devices establishes an encrypted IP connection with the PNS and receives notifications over this connection. If a notification for an app arrives when that app is not running, the device alerts the user that the app has data waiting for it. When new data for an app arrives, the provider prepares and sends a notification to the PNS, which pushes the notification to the target device. This process also works with other IoT devices, sensors and even IP cameras. The PNS establishes peer-to-peer authentication in the IoT sensor identity Transport Layer Security (TLS). The IoT device initiates a TLS connection with the PNS, which returns a digital certificate from the server. The device validates this certificate and then sends its device certificate to the PNS, which validates that certificate. PNS servers also have the necessary certificates, credential authority certificates, and cryptographic keys (both private and public) for validating connections and the identities of providers, corporate servers and IoT devices. This provides a more secure alternative to SSL, especially considering the latest PCI-DSS 3.1 compliance requirements Whether it is a text message, video stream or complete digital multimedia content (video, audio and metadata), this process to establish trusted identities is the cornerstone of IoT device cybersecurity. Alternative ways to harden against vulnerability Looking back at the high-speed submarine cable incident, there’s obviously a need for resilient connectivity to maintain service and protect against attack. Although different transmission modes provide for connectivity, the architecture should also include authentication of the devices on the network. So why not just use "sat-backup" to keep authentication servers connected? The issue is response time agility. The total carrying capacity of a typical submarine cable between the U.S. and East Asia is in the range of terabits per second compared to satellites which typically offer only around 1000 megabits per second. The "Cyber Cloud" operators, governments and enterprises need the ability to quickly deliver differentiated services by activating, on notice, a virtual pool of bandwidth through resilient architecture. CLICK HERE FOR MORE INFORMATION Our petroleum example is another case in point. If caught in time, the IoT sensor network responsible for detecting leaking pipes would have notified plant operators in real time to implement a repair. Should a petroleum refinery flow sensor or server come under attack, the usage archives or historical data could be compromised. A cyber-attack on a refinery during peak winter (heating) or summer (automobile usage) periods could be catastrophic. Protecting IoT sensor data in motion is important, but intelligence in the wrong hands can be deadly. This is what cyber resilience is all about: not only protecting the operation and transmission of data, but preserving "data at rest." The business case for investing in IoT safeguards We know what we need to do to protect IoT devices. But how do corporations cost-justify investing in these safeguards? The answer is to expose risk management professionals to the daunting consequences of suffering a breach: class-action lawsuits regulatory fines, penalties and consumer redress damaged reputation data and income loss With successful cyber-attacks on the rise, up from 11 percent in October 2013 to 16 percent in 2014, according to a recent survey analysis from Heavy Reading, many companies are reaching the point where the cost of deploying in-house authentication servers is well-worth the risk mitigation. Damage from escalating cyber-attacks has also given rise to a new type of insurance category: cyber security insurance that covers both network security and privacy liability (see table pictured above). But even with authentication servers and cybersecurity insurance in place, there’s another tough decision for a company to make: whether or not to share their threat intelligence. Does an enterprise keep their name out of the headlines as the yet another victim? Or do they contribute to a safer and secure world by pooling their ideas and strategies on how to combat cybersecurity attacks? As a leading cyber security consultant recently stated, "When it comes to cyber intelligence, there's strength in numbers." Creating multiple security layers for everyone CLICK HERE FOR MORE INFORMATION The Internet of Things in safety and security represents a networking paradigm where interconnected, smart sensors are powered and protected and continuously generate and transmit data over the internet. Multiple layers of protection are needed to secure the operational integrity of those IoT sensors. Those layers include: IoT device structure – This can include the physical housing of an IP camera, as well as a wireless communication antenna and solar energy collection device. Wireless and Wired Communications – This refers to how the device connects to the local area network via Ethernet, Bluetooth or other connectivity as well connectivity to the internet. Cybersecurity – The heart of the external, internal cybersecurity and device protection functions, this layer also serves to assist in MFA. Power transfer – This is where energy for storage is acquired such as wireless charging or energy harvesting. Energy storage – Primarily this is where volatile data storage and processing functions occur. Data exchange – This layer performs protocol negotiation and ensures interoperability. Process and Analysis – This is where metadata analysis, energy management, storage optimization and indexing processes occur. Data storage – This is where the sensor data from all the "Things" in IoT are archived. Striking a balance between protection and responsiveness The trick is to devise those layers of protection without compromising the ease and timeliness of data interchange. Communication, storage, process, data exchange, security and device power are the defining factors in the IoT model structure. Depending on the urgency of the response required for the event, there may be a need for the device to process certain data internally. In the case of an IP camera, for example, there is metadata that describes size, color, speed, trajectory and timeframe which may be needed urgently. For instance, the license plate of a vehicle associated with an amber alert, an armed robbery or other time-sensitive emergency. IoT data may statically reside internally, immediately nearby or in mobile objects and IoT data concentration storage points. The data may be distributed widely, but it always must be transmitted and stored securely. The migration or "flow" of IoT data can continue from one secure container to another, until a centralized data store is reached where more sophisticated processing and analysis takes place, like facial recognition or other pattern matching algorithm. Cyber protection is a joint responsibility CLICK HERE FOR MORE INFORMATION Consider the IoT sensor less of a "razor blade" and more of an evolving device and resource. Its most vital part is often its data, which forces us to make important choices about how we handle it: how it is collected, how it is stored, how it is processed and how it is protected. With this foundation we can expand our use of IoT to a wide range of data types and formats from different data sources, including time and geo-location tags, and global intelligence. By pooling our knowledge about ways to protect these resources we can minimize our vulnerabilities to cyber-attacks even as they continue to evolve. About the Author: Steve Surfaro is the Industry Liaison at Axis Communications. He is also Chairman of the Security Applied Sciences committee for ASIS International. He can be reached at stevesurfaro@gmail.com.

posted by OttoKee  # 7:56 PM

Thursday, March 15, 2012

The State of Internet

posted by OttoKee  # 8:11 AM

Thursday, February 09, 2012

HANOI, VIETNAM - 24 Oct 2006: The Ministry of Finance (MOF) and IBM (NYSEIBM) reaffirmed each other's commitment to the Treasury & Budget Management Information System (TABMIS) project at an executive briefing to government users on 17 October 2006. Teams from both organizations reported on the progress of the "Treasury and Budget Management Information System" (TABMIS) project to date.
The TABMIS project, inked in December 2006, a deal worth US$49 million and funded by the World Bank is set to reform the Vietnamese financial and budget management system to enhance its performance measurement and standardize its financial control mechanisms.
MOF affirmed that TABMIS is the cornerstone of the Vietnamese government's financial management reform plan. It will integrate and centralize the financial management systems into a single information system to improve the transparency and accountability of public financial management, therefore to support the decision making and governance of the government of Vietnam.
Krishna Giri, Partner, Public Sector Leader, ASEAN/South Asia, IBM Global Business Services, said, "IBM is very proud to embark on leading the transformation and implementation of this important project along with MOF, Oracle and The Corporation for Financing and Promoting Technology (FPT) Business Partners. Between MOF, IBM and our project partners, we have marshaled the best team with deep industry insights and first hand experience of implementing new financial system for many governments. We are well positioned to help the Ministry of Finance, Vietnam, to transform and modernize its financial management system. With strong sponsorship and commitment from MOF, I am confident TABMIS will be operational in pilot sites from April 2008."
The State Treasury of Vietnam, key stakeholder of TABMIS, has been and will be working closely with vendors during the implementation of the project. Under the supervision of MOF together with strong commitments of concerned parties, it is believed that TABMIS will go-live as scheduled.
TABMIS is a turn-key, integrated Commercial-Off-the-Shelf Software Solution and Hardware Platform to be used at all levels of government (central, provincial and district) throughout Vietnam, at three levels of central, provincial/municipal and district.
TABMIS will link the Central State Treasury to the provincial and district financial offices and different ministries to support the efficient use of resources and drive a sustainable growth strategy upon completion.
IBM is the primary partner providing consulting services, hardware, software and support services. FPT and Oracle are secondary contractors who implement the system integration of the project.
For more information about MOF, please go to: http://www.mof.gov.vn
For more information about IBM, please go to: http://www.ibm.com
For more information about FPT, please go to: http://www.fpt.com.vn
For more information about Oracle, please go to: http://www.oracle.com

posted by OttoKee  # 2:09 AM

Wednesday, January 25, 2012

IBM System Z Update
Shipped 800 zBX with 450 blades
Signed 80 new System z customers
Encourages new mainframe participants with education and recruitment support
Has added Windows to the supported platforms on zBX and URM
Focuses on business analytics workloads with Smart Analytics System 9700 and 7100 alongside its Smart Analytics Cloud
We expect to see Security Analytics addressed in future through its Q1 Labs acquisition

We recently spent some time in London with IBM’s Ray Berard and his team discussing its mainframe impetus. We’re sure you’d like to read more about this leading server platform.
System Z Market Success

Figure 1 shows our assessment of System z revenue and revenue growth by quarter up to Q3 2011 (based on a rolling 4 quarter analysis) and includes major product introductions along the way. We believe System z has had strong success, although its recent revenues have missed peaks at the beginning of 2007 and the middle of 2008. It suffered something of a ‘perfect storm’ in 2008, with the recession cut-backs coinciding with its customers slow down in spending in anticipation of the new machines in 2009. It has spent massively on development of System z, incorporating its impressive technical advances in the current line-up. System z is the most successful of the dwindling number of alternatives to x86 processors in the server area. It’s also well covered by IBM’s Smarter Computing approach, which we have covered extensively in the past.
In the year to September 2011 IBM claims significant success for its System z and associated offerings. In particular:
It shipped over 80 BladeCenter Extension (zBX) units
It shipped over 475 blades into these units
It signed up over 80 new System z clients (although this includes existing users installing a machine in a new location)
We assess System z Mips growth as 40% and revenue, 37% for the annual period to the end of September 2011.
In addition IBM has enjoyed a stronger adoption of System z by partners. In particular:
It now has around 7,000 applications supported, including 3,250 for Linux and 4000 for z/OS
1,200 new and upgraded applications were added to System z in 2010, when it launched the zEnterprise
It has added around 120 new ISV partners
IBM has engaged in a number of activities to encourage the development of mainframe skills among the younger generation. In particular:
It has enrolled 814 schools enrolled in the ‘Mainframe Curriculum’
32,941 students from 17 countries participated in its ‘Master the Mainframe’ contests
It has launched SystemzJobs.com, which connects System z clients, partners and businesses with students and professionals
All of this demonstrates that it is doing more than just holding position with System z in the server area.
Developing zBX And URM Business Analytics Solutions
For those of you not familiar, zBX and URM were part of the original zEnterprise announcement in 2009. IBM’s zBX is a box connected directly to either the z196 or z114. It has a 10GB data connection and 1GB service. Unified Resource Management (URM) capabilities are delivered over the service connection, allowing common systems management between the mainframe and the attached BladeCenter. Currently the attached BladeCenter can have two chassis per rack and up to 14 blades per chassis.
Initially customers were slow to adopt these offerings. We noted at the time that the failure to accommodate Windows would limit adoption. In addition to adding Windows to Linux and AIX as supported operating systems, IBM has also been active in developing specific solutions to increase the value of integrated co-processing. The latest flavour of these has been for Business Analytics solutions. In particular:
Smart Analytics System 9700 – an integration of hardware, software and services based on the zEnterprise 196 platform for large-scale analytics
Smart Analytics System 9710 – a smaller packaged based on the zEnterprise 114 platform for lower-cost analytics
IBM has also launched its DB2 Analytics Accelerator, which uses attached Netazza data warehousing appliances rather than zBX; its users report increased speeds of up to 1,000 times and – in one case – a ROI of 4 months. It also offers the Smart Analytics Cloud, which it describes as ‘a private cloud computing solution for business intelligence and analytics’.
As always with these events we came away with many ideas about developments and the messages IBM is promoting, such as application software cost savings for System z over x86 servers in large deployments, the role System z plays in test and development and production environments. Through its deep idiosyncratic technical knowledge goes further than other vendors in promoting its advantages in ‘total cost per workload’
Some Conclusions – Expect More Workload-Specific Mainframes
Despite IBM’s investment and educational push around mainframes, x86 machines continue to predominate. They are firmly associated with the Financial sector, where we believe 70% of sales take place. IBM has been expansive internationally recently, selling a handful of machines in Africa, but we doubt whether its System z will be considered by many as a general purpose alternative to x86 – certainly not outside large and relatively big medium-sized organisations. It is right to focus on its advantages in lowering the cost of workloads, where the larger the implementation, the larger the savings will be. It is also right to concentrate on producing tuned solutions in the business analytics area to add to the lead it has here in transaction processing. You should expect to see new areas addressed in future, such as security analytics through its Q1 Labs acquisition. The high-speed connectivity between zBX and the mainframe extends the value of association beyond close systems management to clever provisioning of virtual machines. We’re voted before that vertical integration has replaced the horizontal approaches of the past. In the mainframe area IBM’s maturity makes it a leader in business analytics, which HP and others are trying to emulate.

posted by OttoKee  # 11:09 PM

Tuesday, October 25, 2011

Randers, Denmark and Las Vegas -- 24 October 2011 -- IBM (NYSE: IBM) today announced that Danish energy company Vestas Wind Systems will use IBM big data analytics software and powerful IBM systems to improve wind turbine placement for optimal energy output. Turbine placement is a major challenge for the renewable energy industry, and Vestas expects to accelerate the adoption of wind energy internationally and expand its business into new markets by overcoming this challenge.

posted by OttoKee  # 1:23 AM

Monday, January 24, 2011

IBM celebrating centennial this year.

posted by OttoKee  # 6:41 PM

Monday, January 17, 2011

Multitenant Magic - Under the Covers of the Force.com Data Architecture

CRM only have about 500 tables define,, these are data tables, index tables, pivot tables supporting 50000 clients.. . amazing!

posted by OttoKee  # 11:10 PM
Startup- Wavemaker
Elimininating web development complexity.

posted by OttoKee  # 9:58 PM

posted by OttoKee  # 8:57 PM


04/01/2004 - 05/01/2004   05/01/2004 - 06/01/2004   06/01/2004 - 07/01/2004   07/01/2004 - 08/01/2004   08/01/2004 - 09/01/2004   09/01/2004 - 10/01/2004   12/01/2004 - 01/01/2005   01/01/2005 - 02/01/2005   02/01/2005 - 03/01/2005   04/01/2005 - 05/01/2005   05/01/2005 - 06/01/2005   06/01/2005 - 07/01/2005   07/01/2005 - 08/01/2005   08/01/2005 - 09/01/2005   03/01/2006 - 04/01/2006   06/01/2006 - 07/01/2006   08/01/2006 - 09/01/2006   09/01/2006 - 10/01/2006   10/01/2006 - 11/01/2006   11/01/2006 - 12/01/2006   12/01/2006 - 01/01/2007   03/01/2007 - 04/01/2007   04/01/2007 - 05/01/2007   05/01/2007 - 06/01/2007   08/01/2007 - 09/01/2007   09/01/2007 - 10/01/2007   01/01/2008 - 02/01/2008   02/01/2008 - 03/01/2008   03/01/2008 - 04/01/2008   06/01/2008 - 07/01/2008   07/01/2008 - 08/01/2008   09/01/2008 - 10/01/2008   10/01/2008 - 11/01/2008   11/01/2008 - 12/01/2008   03/01/2009 - 04/01/2009   04/01/2009 - 05/01/2009   09/01/2009 - 10/01/2009   12/01/2009 - 01/01/2010   05/01/2010 - 06/01/2010   07/01/2010 - 08/01/2010   08/01/2010 - 09/01/2010   12/01/2010 - 01/01/2011   01/01/2011 - 02/01/2011   10/01/2011 - 11/01/2011   01/01/2012 - 02/01/2012   02/01/2012 - 03/01/2012   03/01/2012 - 04/01/2012   09/01/2015 - 10/01/2015  

This page is powered by Blogger. Isn't yours?