Big Data, IoT, API … Newer technologies protected by older security

Now-a-days every single CIO, CTO, or business executive that I speak to is captivated by these three new technologies: Big Data, API management and IoTs (Internet of Things). Every single organizational executive that I speak with confirms that they either have current projects that are actively using these technologies, or they are in the planning stages and are about to embark on the mission soon.

Though the underlying need and purpose served are unique to each of these technologies, they all have one thing common. They all necessitate newer security models and security tools to serve any organization well. I will explain that in a bit, but let us see what is the value added by these technologies to any organization:

IoT – is specific data collection points that employ sensors placed anywhere and everywhere. Most often times the information collected by these devices are sensitive data and contain specific identifiable targeted data. IoT allows organizations to analyze behaviors and patterns as needed but also poses an interesting problem. Gone is TB (Terabytes) of data; now we are talking about PB (petabytes) of data which continue to grow exponentially. IoTs use M2M communication, which are a newer channel and create a newer set of threat vectors.

Big Data – store massive amounts of data (some of these data are from the aforementioned IoTs) and having the necessary software and infrastructure that allow you to access them faster which promises to cost you a fraction of what it is costs today, further enabling you to capture as many data points as possible.

API – interface, enabler and inter-connector between systems by providing a uniform and portable interface (whether it is to the big data or the platform that enables big data).

While each of technologies at first glance appears to be serving different constituencies within an Enterprise, there is an undeniable interconnectedness that exists. The IoT collects data from everywhere. Hence, it is pouring tons of data that need to be not only stored somewhere, but also analyzed properly so that the dots can be connected, to ultimately form meaningful patterns that people can make use of.

Read more on ProgrammableWeb (PW) blog site

ZDnet observation about Chief API Officer

Joe McKendrick of ZDnet wrote a blog commenting on my article Chief API officer. You can read it here.

He makes a couple of valid observations which deserves some clarification.

“CMOs may also help reinvent the business as a cloud provider in its own right — even if the business is something other than technology.” – I agree. This is due to the fact that IT is already crunched for capital and struggling to come up with money to spend on new platforms.  CMO not only has more money but can just shift the spending habits from spending on other marketing and revenue generating channels to this newer channel which has more potential.

“And CEOs and CFOs may like this new direction, since the CMO’s job is all about creating new business.” – I agree. I have seen this time and again. There are customers, Aetna is a prime example, who run (or endorse) the API programs out of the CEO office. Watch out for my follow up article where I discuss this in more detail.

“Is this a good thing? Enterprise technology has become incredibly complex, and it takes very technically proficient individuals to understand and guide the business to invest wisely and avoid costly security errors. Plus, many of the consumerish services being adopted by marketing departments are relatively simple compared to the programming and administration that goes into enterprise IT systems.” – This is debatable. First of all, we are not trying to create a new trend, just trying to embrace the trend. That is IT spending being supported by other organizations that are cash rich as opposed to cash strapped IT operations. Plus, when you invest just purely on the opex model, as opposed to capex model, their expenses are relatively cheaper (on a yearly/ usage model basis, not on a TCO basis which is another big debate). Ultimately, what I am suggesting is that while embracing this trend, provide the other organizations with a more mature, robust, and secure solution that will have an oversight and governance of a mature corporate IT unit even though it is owned, operated, measured and managed by people outside corporate IT.

 

ISACA Keynote session: Secure the Hybrid Cloud: Protecting Users, APIs and Devices

Website: http://www.isaca.org (Photo credit: Wikipedia)

Don’t miss my Keynote session with ISACA on API security with Kin Lane tomorrow at 9:15 am EST

http://www.isaca.org/Education/Online-Learning/Pages/Virtual-Conference-Secure-the-Hybrid-Cloud.aspx

Secure the Hybrid Cloud: Protecting Users, APIs and Devices
Dec/12/2012
9:15 Keynote Session: Secure, Expose and Package APIs as Products—Enable the Secure API Economy for the Enterprise