Rencontrez ForgeRock à SIdO Lyon, les 7 et 8 Avril

Salon Internet des ObjetsJe serai présent avec notre équipe au SIdO, l’événement 100% dédié à l’Internet des Objets qui aura lieu à Lyon les 7 et 8 Avril 2015.

Outre notre présence dans l’espace coworking pendant les 2 jours, Lasse Andresen, CTO de ForgeRock, animera un workshop avec ARM et Schneider sur la place de l’Identité dans l’Internet des Objets, le Mercredi 8 à 13h30.

N’hésitez pas à venir nous rendre visite dans l’espace coworking.


Filed under: General, InFrench Tagged: conference, ForgeRock, france, identity, internet-of-things, iot, Lyon, privacy, security

IoT World Forum Review: Interop, Data & Security

This week saw the 2 day Internet of Things World Forum conference take place in London. There is clearly a general consensus, that the IoT market is a multi-trillion dollar opportunity, through the implementation of items such as consumer wearables, embedded predictive failure components and data collecting sensors.



The rapid rise in connected devices and IoT ecosystems, is seemingly beingdriven by several key factors, includingfalling cost of both connectivity anddata storage. These lowering barriers to entry, coupled with more developer friendly ecosystems and open platforms, is helping to fulfil new revenue generating business opportunities in multiple verticals including manufacturing and healthcare.

Matt Hatton from Machina Research started off discussing the progression from local standalone projects (Intranets of Things), through to more internal or enterprise focused deployments (Subnets of Things).  David Keene from Google, extended this further, to say the progression will reach the concept of Web of Things, where accessibility and 'findability' will be key to managing and accessing data.

It was clear that data aggregation and analytics will be a major component in any successful IoT infrastructure, whether that is focusing on consumer enhancements, such as the Jaguar connected car project as described by Leon Hurst, through to smart health care, either in the form of Fitbits, or more advanced medical instrumentation.

API's and machine processing were certainly referenced more than once.  The new more connected web, will provide interaction touch points that only machines can understand, coupled with better data aggregation, distributed data storage and centralised querying. API's of course need protection too, either via gateways or via token management integration for standards such as OAuth2.

One aspect that was conspicuous in it's absence, was that of data privacy, and identity and access management.  The IoT landscape is creating vast amounts of data at stream like speeds.  The concept of little data (small devices in isolation) to big data (aggregated in cloud services) requires strong levels of authentication and authorization, at both the device, service and end user level.  The ability to share and transparently know where data is being accessed will be a key concern in the consumer and health care spaces.

Dave Wagstaff from BSquare, brought up the interesting concept, that many organisations are now subtly moving away from a product based business model, to a software and services based approach. With the the increased capability of devices, organisations now can perform much more in the way of remote monitoring, predictive failure and so on, where the end user really is just paying an insurance or subscription for their physical thing.

Bernd Heinrichs from Cisco followed a similar pattern, where he described the German view of Industry v4.0 (or 4.1...) where innovative production concepts are helping to reduce energy, increase uptime and generate better component output.

From a new market opportunity perspective, Francois Menuier from Morgan Stanley, observed that 6% of all consumers now own a wearable, with 59% of them using that wearable daily. In addition many wearable owners, argued that this was an additional purchase and not one to replace existing technology, solidifying the view that new market initiatives are available in the IoT world. However many consumer wearables generate huge amounts of deeply personal data that needs to be protected and shared securely.

Jon Carter from Deutsch Telekom went through the 7 steps for a successful IoT implementation, which ended with the two main points of applying a minimum viable product concept to design and also leverage secure and open platform.

Dr Shane Rooney from the GSMA focused his thoughts on security within the mobile network operator network, including the concept of device to device and device to service authentication, as well the the need for greater focus on data privacy.

Overall an interesting couple of days. Whilst most manufacturers and platforms are focused on interoperability and data management, identity and access management has a strong and critical role in allowing 3rd party data sharing and interactions to take place. It will be interesting to see if the 2015 and 2016 start to introduce these concepts by default.





Would You Sell Your Privacy for Service Improvement?

When you put the question so bluntly, most people would probably say no.  But in reality this is the common situation many users face when signing up to cloud services, applications and retail sites.

Think of the following common scenario:  you want to get a quote for car insurance / car valuation / current house price or similar.  You will probably be faced with several click through forms where you fill in the necessary product information.  But, and there's always a but, you then need to fill in some personal contact information as a minimum before you are provided with the information you're looking for.  A sort of exchange of data for data.  Just so happens yours is personal.  In addition, you may also need to sign away how that personal data is going to be used.  Perhaps marketing emails or letters via the service provider themselves, or perhaps by a 'trusted' third party.  A final, more subtle exchange of data, is that the service provider now clearly knows you are looking for new insurance / moving house / selling your car.  That is quite a powerful personal context to each of those scenarios.

Is The Exchange of Information Worth It?

This is obviously a subjective question as the information you exchange will have a different value to each data owner.  You could argue that personal contact information is pretty much public domain anyway.  They have been Yellow Page equivalents and directory enquiries facilities for decades.

Finding someones personal or work email address is also pretty trivial these days, simply as they are so commonly used to sign up to so many services.  Many also will take the view, that if someone does send you a marketing or spam email, your ISP filters will simply place it into a junk folder and no harm is done.

If in return, you receive a free white paper, document, quote, temporary access to a new service, or signup to a freemium product perhaps giving away some personal contact information is a good deal?

However, what happens to the data that is harvested?  Where does it end up?  Contact information is one thing, but adding in additional details such as your personal circumstances, how many people live in your property if it's for an insurance quote for example, or perhaps releasing your mobile number, could result in future impacts on your privacy.

Is There An Impact On Privacy?

Again this could be a subjective answer.  There have been many discussions in the past 36 months regarding government surveillance of both individuals and government officials.  I am not an advocate for or against surveillance, but was there a physical impact on the individual during the snooping?  Note the word during.  Many people talked about the invasion of privacy and human rights, but that was only after they knew they had been observed.  The reaction was generally a retrospective one, not an active one.  That is not to say it's less valid, but the context needs to be applied.  The same could be said regarding commercial use of personal data. It's all good, until it isn't.  Whilst no one uses your personal data maliciously, is there a problem to address?  This can probably be classified in the same file as the infamous 'unknown unknowns' approach to threat intelligence by the US government.

eCommerce, Digitization and 'Sticky' Customers

Many organizations have no interest in using personal data maliciously.  The increased digitization of previously physical services and the increased use of online retail, has lead many organizations trying to get a better picture of their consumers, customers and potential customers.  Note the subtle difference between a consumer (who is actively using a service perhaps without registration eg Google), a customer (paying for a service or good) and potential customer.  All have different characteristics from a marketing and customer servicing perspective.  A organisation wants to get the individual perhaps down a consumer --> customer --> repeat/upselling customer route as quickly as possibly, but with a stickiness towards the latter part of the journey - ie when they're a customer keep hold of them.

The information exchange at the beginning of that cycle is key to helping organisations follow that flow.  From a individuals perspective, there needs to be a strong service improvement or cost saving aspect in order to sacrifice some of the data that is being asked for.

By Simon Moffatt