I am an IBMer…

As I indicated earlier, I left Intel to pursue an outstanding opportunity in the same space. I know I kept this as a surprise while I went on vacation and didn’t write much, which led to some speculation on where I was going…so here it is. I am going back to IBM after being away for four years – a (sweet) homecoming of sorts :).

When I left Intel, I was seriously considering another opportunity, equally good. But I got to talk to some of my old pals at IBM and learned that they were looking for someone with my skills. Couldn’t hurt, I thought, talking to them. Well, now I am an IBMer!

Read more of this post

Not with Intel Any More…

You might have read my recent blog about Kin Lane. I didn’t realize that I would have to make a decision of my own when I wrote that blog. Though our situations were entirely different, it is always tough to call it right when you are faced with multiple choices, especially when all of them seem like the right answer. In any case, I have decided to move on from my position at Intel in pursuit of other opportunities.

Read more of this post

Taming Big Data Location Transparency

Andy Thurai, Chief Architect & CTO, Intel App security & Big Data (@AndyThurai) | David Houlding, Privacy Strategist, Intel (@DavidHoulding)

Original version of this article appeared on VentureBeat.

Concern over big government surveillance and security vulnerabilities has reached global proportions. Big data/analytics, government surveillance, online tracking, behavior profiling for advertising and other major tracking activity trends have elevated privacy risks and identity based attacks. This has prompted review and discussion of revoking or revising data protection laws governing trans-border data flow, such as EU Safe Harbor, Singapore government privacy laws, Canadian privacy laws, etc. Business impact to the cloud computing industry is projected to be as high as US $180B.

The net effect is that the need for privacy has emerged as a key decision factor for consumers and corporations alike. Data privacy and more importantly identity-protected, risk mitigated data processing are likely to further elevate in importance as major new privacy-sensitive technologies emerge. These include wearables, Internet of Things (IoT), APIs, and social media that powers both big data and analytics that further increase associated privacy risks and concerns. Brands that establish and build trust with users will be rewarded with market share, while those that repeatedly abuse user trust with privacy faux pas will see eroding user trust and market share. Providing transparency and protection to users’ data, regardless of how it is stored or processed, is key to establishing and building user trust. This can only happen if the providers are willing to provide this location and processing transparency to the corporations that are using them.

Read more of this post

Ubisoft API (powered by Intel) – The game plays you now!

By Andy Thurai (Twitter: @AndyThurai)

[Original version of this blog appeared on Intel blogs here]

Remember the old days, when we used to play “graphical” games such as Tetris, and were amazed by them? Twenty years fast forward, Ubisoft is doing things to enrich the user experience in an amazing way. Gone are the days the games are given to you statically so the results are predictable if you play them in a certain way. Now, the real-time games (such as Assassin’s Creed ®) are adapting itself to every player to provide a unique and tailored gaming experience based on each individual player’s skill and play style.  This is the kind of experience Ubisoft wants to deliver to their vast customer base, which posed and interesting challenge.

Tetris

[The most graphical modern game in the late 80s – Tetris]

As any teen can vouch for, gaming is moving from a console-based model to a device-based model (Console/PC/ Mobile/other devices). The games are not controlled by your keystrokes or game controllers anymore, but based on player movements as sensed by sensors such as cameras, body armor, gadgets, etc.

This change posed an interesting challenge to our recent customer Ubisoft. They needed to convert their existing legacy services into a cross-platform enabler to support the above and they also needed to build a new gaming platform for the future that will allow them to provide a richer, connected, and engaged user experience by providing a ubiquitous platform.

Read more of this post

QCON NY 2013

I had a speaking opportunity at QCON in Big Apple last week.

QCON NY2

As usual Big Data and Mobility were the dominating topics in this conference. Surprisingly, there was a strong html5 presence as well. At least ten presentations (including mine) were based on html5 or other modern language themes, which means the momentum is shifting from native apps to html 5 fast. It is not about just plain vanilla JavaScript anymore.

One thing I can vouch for is that the development crowd seems to be getting younger and sharper on a daily basis.

Read more of this post

Ole for APIs…

Video of my speech from API Days Madrid here.  It starts after the first minute after Guillaume finishes his Q&A.

For the first time in my life, I was in Spain (Madrid) last week. What a lovely country and people. Great food too! It amazes me how people can speak multiple languages and entertain the clueless tourists like me by switching to English so quickly :).

ole

In any case, I was there to attend the API Mediterranean event. Can you believe that? This is proof that API has gone to the nook and corner of the world! It was attended by about 100 practitioners. The representative companies included Intel, Kin Lane the API evangelist, WSO2, 3Scale, Layer 7, FaberNovel, API Cultur, Webshell.io, MailJet, and many more. The enthusiasm and eagerness from participants were undeniable. Eduardo was a great host.

Read more of this post

5 Practical Steps to Building an Enterprise Class API Program

When it comes to building API programs, everyone seems to think in terms of technology, platforms, scalability, security, execution, hackathons, etc., but people tend to forget the most important thing. What do you think it is – TTM (Time to Market)? Additional Revenue? Newer Partners? TCO (Total Cost of Ownership)? Usability? IT approval? or Something else?

If you want to know what that is and how to effectively build an Enterprise class API program, please attend this webinar that I am co-presenting with Mashery and CapitalOne. Every customer seem to have an aha! moment after our conversation.

This live webinar is at 1 pm EST on May 22 (this Wednesday). You can register here http://tiny.cc/0ywexw.

API strategy & practice conference in NYC – Are you going?

Alright, I am sure you have heard this again and again but it’s worth saying it one more time. The first ever API strategy & practice conference is going be in NYC on Feb 21, 22 (http://www.apistrategyconference.com/). If you are just finding this out, it might be way too late for you to get in (But I will tweet anything interesting happening from inside 🙂 ).  There are 72 companies that are confirmed to participate and sending their API whiz kids, gurus, learners, teachers, procrastinators there to make a difference. Intel is proud to be a Gold sponsor to this event.

API strategy post

Yes, Intel. Not only does Intel do software, but they do it really well too. We have an outstanding API Manager that we released recently which will be showcased there. If you happen to attend this, please stop by my 2 speaking sessions/ panels.

Day 1: 2:20-3:30 – Track 3: API Security and Scalability

As APIs gain adoption they become ever more critical gateways to a company’s core business – ensuring access is secure and scalable are mission critical for your business. Presentations include:

  1. Paul Madsen (@PingIdentity) of  Ping Identity
  2. Mark O’Neil (@TheMarkONeill) of Vordel
  3. Travis Reeder (@treeder) of Iron.io
  4. Andy Thurai (@AndyThurai) of Intel
  5. Discussion panel on the challenges and solutions for API Security and Scalability

  Read more of this post

State of CA – Split Personality Syndrome?

It’s interesting to see that the state of CA has a split personality disorder! I wrote in a blog about a year ago how the state of CA is being a model citizen by forcing companies to protect consumer sensitive data by protecting the PII information (such as zipcodes and other sensitive information by classifying them as PII) and imposing penalties on companies that don’t comply. (Link here) But now, they sided with Apple stating that for on-line transactions the vendors can collect additional PII information that is not necessary for brick-and-mortar vendors. This means if you are an online retailer and collect such PII data, you need to have a mechanism to protect all this information you are collecting from your consumers, not just the PCI data but the PII data as well. In order to comply with this dual personality, you will need a solution that can encrypt and tokenize the sensitive information as necessary and as seamlessly as possible.

http://news.cnet.com/8301-13579_3-57567526-37/apple-wins-california-credit-card-privacy-case/

You are Gazetted…

Recently the government of Singapore passed a bill (or “Gazetted” as they call it, which sounds a lot fancier) about protecting personal data of consumers:

Click to access Annex%20D_Draft%20PDP%20Bill%20for%20Consultation.pdf

“Protection of personal data

26. An organisation shall protect personal data in its custody or under its control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification or disposal or similar risks.

Cross-border Transfers

The PDPA also permits an organisation to transfer personal data outside Singapore provided that it ensures a comparable standard of protection for the personal data as provided under the PDPA (Section 26(1)). This can be achieved through contractual arrangements.”

So what they are suggesting is that gone are the days that if a business loses its customers’ data, they tell the consumers, “Oops, sorry, we lost your data…………” and that is about it. Now, the governments are taking initiatives that can hold the companies responsible for being careless with consumer data and not protecting it with their life, if not face consequences.

http://europa.eu/rapid/press-release_IP-12-46_en.htm?locale=en

This means, as a corporation, you need to protect not only the data in storage and in transit, but also given the cross-border restrictions (this is especially strictly enforced in Europe; read about them on above URL links) you need to figure out a way to keep the data and the risk to yourself instead of passing this on to third parties. The easiest way to achieve that would be to tokenize the sensitive data, keep the sensitive data in your secure vault and send only the tokens to the other end. Even if the other end is compromised, your sensitive data and your integrity will be intact, and it will be easy to prove in case of an audit that you went above and beyond not only to comply with requests/ laws such as this, but also you genuinely care for your customers’ sensitive personal data. Brand reputation is a lot more important than you think.

Check out some of my older blogs on this topic:

Who is more sensitive – you or your data?

Content/ Context / Device aware Cloud Data Protection

Part 2: Context aware Data Privacy

Also, keep in mind Intel Token Broker and Cloud Security Gateway solutions can help you solve this fairly easily without messing with your existing systems too much.

Check out more details on Intel cloud data privacy solutions.

%d bloggers like this: