Tuesday, November 25, 2014

Security and the Internet of Things

I am a big fan of the Internet of Things - all the smart devices that are changing our lives by being connected to the Internet. I consider myself a pioneer and early adopter of these gadgets. What worries me though, are the security and privacy issues involved with using such devices. So, what are the concerns?

Well, I am not too worried about my IrrigationCaddy sprinkler controller. Even if someone was to hack into it, the most damage they could do is to make my lawn look greener. After all, we’ve been conserving water heavily in California and the lawn looks pretty dry. Similarly, I am not too worried about all the Belkin WeMo switches and outlets that control the lights in my house. A possible hacking could lead to some pranks or annoyance but it would probably not represent a significant security concern.

But I am a bit more worried about my Nest thermostat. The concern is not so much the temperature in my house but rather the fact that the device knows when we are home and when we are away. After all, we set it on “away” mode when we leave town to conserve energy. Knowing we are away could be some very useful information for a potential perpetrator planning a break-in.

Similarly, the wearable devices represent a privacy concern. Jawbone recently published a fascinating blog post about the effect of the Napa earthquake on the sleep of Bay Area residents. While the data is fascinating, it also conveys a disturbing fact – the device knows when you are asleep! What’s the worry with that? Well, if someone were to break into your house, knowing that you are asleep would be pretty useful information, wouldn’t it?

The concern with cloud-based cameras such as the Dropcam – which is now owned by Nest, a Google company – is also pretty obvious. The camera feed is available and often also stored in the cloud, which begs another obvious privacy concern. The fact that Google owns both Dropcam and Nest is only adding to the concerns. After all, Google has been pretty open about their disregard of consumer privacy.

What concerns me even more is the trend towards smart cars. Sure, the Tesla is pretty awesome and the factory’s ability to upload and deploy patches and updates over-the-air is amazing. But what vital systems of the vehicle can be controlled remotely? Could a possible hacker make my car stall while driving on the on the freeway? Could they lock or switch off my breaks? That could become a life-and-death scenario.

I was recently at a conference where I saw a panel about the future of smart cars.  It was scary to see how the insurance companies are chomping at the bit to get the car manufacturers to implement smart devices that would monitor our driving behavior. They claim it is only to our benefit – the good drivers would pay lower premiums than the bad drivers. In fact, the Progressive Snapshot already does that, albeit on a voluntary basis. But it is a small step from Snapshot to the Fitbit activity tracker and if your health insurance company starts accessing your daily activity data to adjust your premiums, you may get worried about the Internet of Things. And rightfully so.


The Internet of Things, the world of smart devices connected to the Internet, will make our lives better. In fact, it will make our lives amazing. But if the data falls into the wrong hands, which is not an unreasonable concern, the smart devices could represent a major privacy and security concern for all of us.
Posted by at No comments:
Labels: , , , , , , , , ,

Tuesday, November 4, 2014

File System in the Cloud

Today, Microsoft and Dropbox surprised us all by announcing a partnership. According to the announcement, Microsoft Office applications on mobile devices will be integrated with Dropbox to allow direct access to documents from within the Dropbox folders. This is a big deal.

With this announcement, Dropbox has the chance to effectively become the file system for mobile devices – the file system in the cloud. This is something that Apple didn’t include in all the ingenious plans for its iOS operating system. Apple has always claimed that applications and their data need to be compartmentalized. But people wanted a file system – perhaps that’s what 30 years of DOS and Windows dominance have taught us. Dropbox came up with an alternative and it became hugely popular.

Apple eventually relented and started introducing iCloud as a way to share data in the cloud, primarily for music and video content that is. Yet Apple didn’t pay much attention to documents, which opened up the window of opportunity to the likes of Dropbox, OneCloud, and Google Drive. Not to mention that only a few users have figured out how Apple iCloud actually works.

Since then, Dropbox has been a run-away success, attracting well over 300 million users. Google, Microsoft, Apple, and dozens of other vendors attempted to follow in their footsteps. Now, it would appear that Microsoft is conceding the race to Dropbox. That alone is huge. Microsoft OneDrive struggled from the beginning to gain any meaningful market share and now, its future is uncertain.

The greater deal yet, is the fact that by way of closely integrating with Microsoft Office, Dropbox really has the opportunity to become the default file system for mobile devices; a cloud based file system – something that Apple failed to deliver.

The announcement begs another question. Giving up on OneDrive in favor of Dropbox is a massive concession. Microsoft doesn’t concede anything often. Dropbox got itself a sweet deal and Microsoft didn’t do it just because it gives the users a choice of storage. Sure, Microsoft gets more money from selling Office than they ever would get from OneDrive, but I suspect that Microsoft is likely getting something more in return. Today, we can only speculate what it is. If I were to place my bet, I’d be putting my chips on Microsoft Azure right now, at the cost of Amazon EC2. I suspect that Dropbox may be leaning closer to Azure now. But that’s of course just speculation.

Today, the world may have changed a bit. Or, maybe it changed a lot. Dropbox has been given the opportunity to become a major force in the cloud-a mobile game of thrones. It doesn’t change much for the enterprise customers who will still need to ask whether the consumer-focused Dropbox is an adequate solution for sensitive corporate data. But in the consumer space, Dropbox has been handed the keys to the kingdom.

Accessing files in Dropbox from within Office on iPad. Cool!

Posted by at No comments:
Labels: , , ,

Sunday, September 21, 2014

It’s Not Just About the Unstructured Data

For well over a decade, the content management world has been claiming unstructured data. The argument usually goes something like this:
Structured data is the information that comes in the form of numbers, words, dates, percentages, and currency amounts that all fit neatly into the rows and columns of a database. Unstructured data, on the other hand, consists of documents, images, web pages, video files, CAD drawings, and PowerPoint files for which a database is ill suited and that thus require specialized technologies to ingest, analyze, manipulate, share, and archive it. This unstructured data – or content - represents over 80% of all the data in the enterprise. BTW, I’m pretty sure that Gartner made up that 80% number.
I admit that I was one of the early pioneers of this message and I carried it dutifully for years. The entire content management industry did that. But the more I’m learning about what customers really want, the more I’m coming to realize that we have been all wrong.
Because, customers don’t care about managing unstructured data.
What customers want are applications that address real business problems. Real business problems require real information and that almost always comes in both, structured and unstructured form. In fact I can hardly think of an application that doesn’t need to combine both types of data sets.

 Take Invoice Processing. There is the structured data like the name of the supplier, the date, the list of goods, the total, etc. But there are also the invoice itself, the bill of lading, the damage reports and pictures, and other unstructured data.

 How about Employee File Management? You have the employee files such as the original job application, resume, contract, performance reviews, and training certificates – all of them are unstructured documents or scanned images. But you also have the reporting structure, salary data, bank account info, benefits, bonus attainment, and other structured data.
In most applications, the structured and unstructured data need to be used together. Sure, the data may need to be kept in different containers – structured data in a database and unstructured data in the repository of a content management system. But using one without the other doesn’t really solve real business problems.
I think that the myopic focus on unstructured data has hurt the enterprise content management (ECM) industry. Sure, we need the specialized software that can manage the unstructured data but ultimately, customers need applications that can handle both, structured and unstructured data together in a single solution.

Posted by at No comments:
Labels: , , , ,

Thursday, September 18, 2014

If Scotland votes ‘Yes’ to independence in the referendum, what will happen to our data?

The following article originally appeared in the IT Pro Portal on September 18, 2014:

Scotland goes to the polls today to vote on independence from the Union. If a ‘Yes’ vote is passed, it will throw into question the massive issue of data sovereignty.

It’s a curious notion, and one that both Whitehall and Holyrood have not publicly answered. If we consider the consequences from a data protection perspective, they are incredibly complex. Especially as the EU Data Protection Directive mandates that data cannot be transferred outside of the 28-member states territory. This means that organisations need to prove where their data is at all times. Scotland, as part of the UK, is presently an EU member but this could quickly change, as only last night the Telegraph reported that Spain’s European Foreign Affairs Minister said that a separate Scotland would need to wait five years for EU membership and join the single currency.

The next wave of EU data protection reforms will introduce further enforcements around information crossing borders. The fact that the majority of business communications are digital by nature – such as email and productivity tools like Microsoft Word and Excel – and are effectively borderless, these carry more problems for data sovereignty compliance. When these reforms were first suggested last year, the Direct Marketing Association said it was ‘”strict and unworkable” and claimed that it would cost UK businesses an eye-watering £47 billion in lost sales and regulatory costs.

Today your data may be based in the UK, but tomorrow, will it be in England or Scotland? The key is allowing companies from either country to pick where they want their data to live and guarantee that it resides there.

A ‘Yes’ vote will mean that the data will have to be migrated. But to where at this stage can only be speculated. What we do know is that for companies that want to move their data from Scotland to England, capacity and power availability within the Greater London M25 belt will be under extreme pressure. If Scottish data needs to head north, then perhaps the challenge isn’t quite so unwieldy. Scotland’s climate is well-suited for cooling power-hungry server farms. It boasts a thriving data centre economy, with substantial investment pumped into the hundreds across the country, with some areas even building new locally-generated renewable energy-based data centres, which are expected to go online next year. Scotland’s digital sector is worth around £3 billion to the economy and boasts over 73,000 jobs. For a population of just over five million, it’s certainly a healthy industry.

The nationalist campaigners suggest they could transfer Scotland’s data from Whitehall systems by 2018, but this is likely to result in considerable disruption to public services, not to mention commercial implications for organisations that own or host from data centres based there. Over time, these issues will have to be remedied. The result will be that data sovereignty will become a board issue and part of future business and legal operations as principle. But this is not necessarily a bad thing.

The recent spotlight on data sovereignty originates from the much-reported WikiLeaks and Snowden affairs and the US’ National Security Agency spying revelations. These stories have created such a wake that, according to ResearchNow, a quarter of UK companies are now expected to pull their data out of US data centres. Protecting the integrity of data is definitely at the top of the corporate agenda and it requires sovereignty and security embedded by design.

If Scotland does separate form the UK and takes a while to decide how it wants to pursue its membership with the EU, it will mean that all data housed in Scotland from another country’s origin would need to move inside the EU. An alternative is that a provision could be made for its own data protection regulation but this would need to be written and ratified – a pretty costly and complicated exercise, never mind the process of data migration.

Given that both England and Scotland speak the same language means that the information doesn’t need to be translated, but that also makes it more difficult to separate Scottish data from English data. The challenge will be organising and sorting through Petabytes of data and establishing whether it originates from England or Scotland. There are obvious clues, such as place names and cultural references, that will help with labelling but in reality this particular job is for humans who unfortunately are inherently unreliable when it comes to organising information. Auto-classification tools on the other hand typically deliver 80–90 per cent accuracy, as opposed to human classification, that on average results in 60 per cent of information being properly classified.

For the whole of the United Kingdom to adhere to data protection laws and deal with the sovereignty of data requires a strategic view when it comes to managing enterprise information. As far as Scottish, Welsh and English borders are concerned, the task of migrating so much information will be a tremendous undertaking. Let’s hope we don’t get to that stage.

Posted by at No comments:
Labels: , , , , ,

Wednesday, May 28, 2014

The World in Real-Time

I came recently across an amazing array of sites that provide a real-time or near real-time view of things happening around the world. I have picked my top ten favorites for my blog post today:

This service has been around for a few years but it continues to fascinate me. It provides a real-time view of the air traffic over pretty much any part of the world. I was once playing with this service on a flight UA902 from Frankfurt home to San Francisco using the on-board WiFi and I was able to locate my flight and see our position better than the screen in the seat in front of me:

Flightradar24.jpg

Marine Traffic provides a very similar service as FlightRadar24 - but for ships. Of course, if we can track planes in the air, we should be able to do it for ships! Watching the ships passing by from the 18th floor of the Transamerica Pyramid while being able to identify them online is cool. Sadly, I never have time for something like this...


The US Geological Survey (USGS) web site provides a near real-time tracking of worldwide earthquakes. Living in California, I have this page bookmarked in my browser. Because when it shakes, you want to know...


LightningMaps.org provides a near real time view of the lightning strikes. Not much use in California where we never get any lighting but I've seen some amazing storms when I lived in Waterloo, ON! As I wrote this post, New Orleans was getting some action.


There are many great weather applications with real-time or near real-time weather maps. I particularly like Dark Sky on my iPhone with it’s down-to-the-minute precipitation forecast. This is a great app for a runner to check what to expect just before leaving the house or hotel! Dark Sky.png

Sailflow is one of the many real-time wind monitors, showing the wind speed and strength anywhere in the world. This is a great service for a [rusty] sailor like me! There are also services that show the near-real time data for ocean currents such as the NOAA site.


Digital Attack Map is a collaboration between Google Ideas group and Arbor Networks. It shows a nice visualization of all cyber attack by country. Kinda scary if you ask me!

GasBuddy provides a National Gas Price Heat map with the ability to drill down to see the current (or recent) gas prices at practically every gas station in your neighborhood. If you don’t mind a little detour, you can save some good money with this app:

Trendsmap Is another Google research project mapping in real time what’s trending on Twitter:


There are many, many other great visual tools tracking things in real time. I couldn't possibly show them all. But I thought my list wouldn't be complete without mentioning Waze, the ultimate real-time road traffic monitor based on crowd-sourced data:

Aren't all these tools amazing? I’m sure you know other examples of real-time monitoring services that I've missed. Please do share your favorites in the comments to this post!
Posted by at 1 comment:
Labels: , , , , ,
Subscribe to: Posts (Atom)