Enterprise IOT: Mixed Model Architecture

August 19, 2014 Leave a comment

– By Andy Thurai (@andythurai)

This article was originally published on VentureBeat.

Recently, there has been a lot of debate about how IoT (Internet of Things) affects your architecture, security model and your corporate liability issues. Many companies seem to think they can solve these problems by centralizing the solution, and thus collectively enforcing it in the hub, moving as far away from the data collection centers (not to be confused with data centers). There is also a lot of talk about hub-and-spoke model winning this battle. Recently, Sanjay Sarma of MIT, a pioneer in the IoT space, spoke on this very topic at MassTLC (where I was fortunate enough to present as well). But based on what I am seeing in the field, based on how the actual implementations work, I disagree with this one size fits all notion.

Read more of this post

Filed under API, Big Data, Cloud, Identity, Internet of Things, IOT, PII, Privacy, Security Tagged with , , , , , ,

Not with Intel Any More…

July 26, 2014 Leave a comment

You might have read my recent blog about Kin Lane. I didn’t realize that I would have to make a decision of my own when I wrote that blog. Though our situations were entirely different, it is always tough to call it right when you are faced with multiple choices, especially when all of them seem like the right answer. In any case, I have decided to move on from my position at Intel in pursuit of other opportunities.

Read more of this post

Filed under Analytics, API, APi Management, Big Data, Cloud, Cognitive Computing, Internet of Things, IOT, Personal, Security Tagged with , , , , , ,

How APIs Fuel Innovation

October 21, 2013 Leave a comment

– By Andy Thurai (Twitter: @AndyThurai)

This article originally appeared on ProgrammableWeb.

There has been so much talk about APIs and how they add additional revenue channels, create brand new partnerships, allow business partners to integrate with ease, and how they help with promoting your brand. But an important and under looked aspect, which happens to be a byproduct of this new paradigm shift, is the faster innovation channel they provide. Yes, Mobile First and the API economies are enabled by APIs.

picture1

Read more of this post

Filed under API, APi Management, Cloud, Internet of Things, SOA Tagged with , , , , , , ,

Taming Big Data Location Transparency

October 3, 2013 Leave a comment

Andy Thurai, Chief Architect & CTO, Intel App security & Big Data (@AndyThurai) | David Houlding, Privacy Strategist, Intel (@DavidHoulding)

Original version of this article appeared on VentureBeat.

Concern over big government surveillance and security vulnerabilities has reached global proportions. Big data/analytics, government surveillance, online tracking, behavior profiling for advertising and other major tracking activity trends have elevated privacy risks and identity based attacks. This has prompted review and discussion of revoking or revising data protection laws governing trans-border data flow, such as EU Safe Harbor, Singapore government privacy laws, Canadian privacy laws, etc. Business impact to the cloud computing industry is projected to be as high as US $180B.

The net effect is that the need for privacy has emerged as a key decision factor for consumers and corporations alike. Data privacy and more importantly identity-protected, risk mitigated data processing are likely to further elevate in importance as major new privacy-sensitive technologies emerge. These include wearables, Internet of Things (IoT), APIs, and social media that powers both big data and analytics that further increase associated privacy risks and concerns. Brands that establish and build trust with users will be rewarded with market share, while those that repeatedly abuse user trust with privacy faux pas will see eroding user trust and market share. Providing transparency and protection to users’ data, regardless of how it is stored or processed, is key to establishing and building user trust. This can only happen if the providers are willing to provide this location and processing transparency to the corporations that are using them.

Read more of this post

Filed under API, APi Management, Big Data, Cloud, Internet of Things, PII, Privacy, Security, Tokenization Tagged with , , , , , , , , , ,

Big Data – Big Help or Big Risk?

June 27, 2013 Leave a comment

By Andy Thurai (Twitter: @AndyThurai)

[Original shorter version of this article appeared on PW http://tiny.cc/gbiczw]

As promised in my last blog “Big Data, API, and IoT …..Newer technologies protected by older security” here is a deep dive on Big Data security and how to effortlessly secure Big Data effectively.

It is an unfortunate fact that like other open source models, Hadoop has followed a similar path in that it hasn’t focused that much on security.  “Project Rhino”, an Apache Hadoop security project initiative spearheaded by Intel is aimed at correcting the inherent deficits that previously made Hadoop an untenable solution for security conscious enterprises.

In order to effectively use Big Data, it needs to be secured properly. However if you try to force fit everything into an older security model with older security tools, you will undoubtedly end up compromising more than you think.

Read more of this post

Filed under API, APi Management, Big Data, Cloud, Privacy, Security Tagged with , , , , ,

Big Data, IoT, API … Newer technologies protected by older security

May 17, 2013 Leave a comment

Now-a-days every single CIO, CTO, or business executive that I speak to is captivated by these three new technologies: Big Data, API management and IoTs (Internet of Things). Every single organizational executive that I speak with confirms that they either have current projects that are actively using these technologies, or they are in the planning stages and are about to embark on the mission soon.

Though the underlying need and purpose served are unique to each of these technologies, they all have one thing common. They all necessitate newer security models and security tools to serve any organization well. I will explain that in a bit, but let us see what is the value added by these technologies to any organization:

IoT – is specific data collection points that employ sensors placed anywhere and everywhere. Most often times the information collected by these devices are sensitive data and contain specific identifiable targeted data. IoT allows organizations to analyze behaviors and patterns as needed but also poses an interesting problem. Gone is TB (Terabytes) of data; now we are talking about PB (petabytes) of data which continue to grow exponentially. IoTs use M2M communication, which are a newer channel and create a newer set of threat vectors.

Big Data – store massive amounts of data (some of these data are from the aforementioned IoTs) and having the necessary software and infrastructure that allow you to access them faster which promises to cost you a fraction of what it is costs today, further enabling you to capture as many data points as possible.

API – interface, enabler and inter-connector between systems by providing a uniform and portable interface (whether it is to the big data or the platform that enables big data).

While each of technologies at first glance appears to be serving different constituencies within an Enterprise, there is an undeniable interconnectedness that exists. The IoT collects data from everywhere. Hence, it is pouring tons of data that need to be not only stored somewhere, but also analyzed properly so that the dots can be connected, to ultimately form meaningful patterns that people can make use of.

Read more on ProgrammableWeb (PW) blog site

Filed under API, APi Management, Big Data, Cloud, Internet of Things, Security, SOA Tagged with , , , , , , ,

PCI / Cloud Data Privacy webinar – Wednesday Mar/20 @ 12:25 pm

March 18, 2013 Leave a comment

Replay link here for those who missed it. PCI/ PII webinar replay link.

———————————————————————————————————————————-

I am speaking at the SC World eConference this Wednesday (12:25 PM – 01:05 PM) with our customer WestJet on PCI Compliance/ Cloud Data Privacy issues. You can register at the link below. It is free. Plus you earn CPE credits! Attend the session to hear the WestJet use case on how they used Intel solution to get PCI compliant quickly without a long drawn IT engagement.

You can register here: http://tiny.cc/5p15tw

Filed under API, Cloud, PCI, PII, Privacy, Security, Tokenization Tagged with , , , , , , , ,

API Security at the Boston AppSec meetup on Feb. 7th

February 2, 2013 Leave a comment

If you are in the Boston area on Feb. 7th , come over and join 80 fellow geeks for my API security session at the Boston AppSec meetup. Free beer and pizza. Thanks, Akshat, for hosting my speech.
http://securitymeetup.com/events/71803472/?eventId=71803472&action=detail

Filed under Uncategorized Tagged with , , , , , ,

Protected: Follow-up on Global Payments breach

January 18, 2013 Enter your password to view comments.

This content is password protected. To view it please enter your password below:

Filed under PCI, PII, Privacy, Security, Tokenization Tagged with , , , , ,

ISACA Keynote session: Secure the Hybrid Cloud: Protecting Users, APIs and Devices

December 11, 2012 Leave a comment

Website: www.isaca.org

Website: http://www.isaca.org (Photo credit: Wikipedia)

Don’t miss my Keynote session with ISACA on API security with Kin Lane tomorrow at 9:15 am EST

http://www.isaca.org/Education/Online-Learning/Pages/Virtual-Conference-Secure-the-Hybrid-Cloud.aspx

Secure the Hybrid Cloud: Protecting Users, APIs and Devices
Dec/12/2012
9:15 Keynote Session: Secure, Expose and Package APIs as Products—Enable the Secure API Economy for the Enterprise

Filed under API, Cloud, PCI, PII, Privacy, Security, Tokenization Tagged with , , , , , , ,

Older posts