Archive

Archive for the ‘Security’ Category

Predicting the (near) Future

December 22, 2015 Leave a comment
The future is always tricky to predict and, in keeping with Star Wars season, the dark side is always there to cloud everything. But as we all know in IT the ‘Cloud’ can be pretty cool, except of course when it leaks. Last month saw the final edition of Gartner’s Symposium/ITxpo 2015 in Barcelona, and I was fortunate to attend (courtesy of my Business Unit) and bear witness to some amazing predictions about the road ahead for our beloved / beleageured IT industry.
 
Judging from the target audience, and the number of people in attendance, it is safe to say that the future is at best unpredictable, and at worst unknowable, but Gartner’s Analysts gave it a good go; making bold statements about the state of things to be, within the next 5 years or so. The following are some key messages, observations and predictions which I took away from the event.
 
1. CIOs are keen to see exactly what lies ahead.
Obviously. However, it does confirm to my mind that the future is highly mutable, especially given the amount of change to be navigated on the journey towards digital transformation. I say ‘towards’ because, from all indications, there is likely no real end-point or destination to the journey of digital transformation. The changes (and challenges / opportunities) just keep coming thick and fast, and at an increasing pace. For example, by 2017, Gartner predicts that 50% of IT spending will be outside of IT, it currently stands at 42% today, therefore CIOs must shift their approach from command and control style management to leading via influence and collaboration.
 
2. Algorithmic business is the future of digital business
A market for algorithms (i.e. snippets of code with value) will emerge where organizations and individuals will be able to: licence, exchange, sell and/or give away algorithms – Hmmm, now where have we seen or heard something like that before? Anyway, as a result, many organisations will need an ‘owner’ for Algorithms (e.g. Chief Data Officer) who’s job it’ll be to create an inventory of their algorithms, classify it (i.e. private or “core biz” and public “non-core biz” value), and oversee / govern its use.
 
3. The next level of Smart Machines
In the impending “Post App” era, which is likely to be ushered in by algorithms, people will rely on new virtual digital assistants, (i.e. imagine Siri or Cortana on steroids) to conduct transactions on their behalf. According to Gartner, “By 2020, smart agent services will follow at least 10% of people to wherever they are, providing them with services they want and need via whatever technology is available.” Also, the relationship between machines and people will initially be cooperative, then co-dependant, and ultimately competitive, as machines start to vie for the same limited resources as people.
 
4. Platforms are the way forward (and it is bimodal all the way)
A great platform will help organisations add and remove capability ‘like velcro’. It will need to incorporate Mode 2 capability in order to: fail fast on projects / cloud / on-demand / data and insight. Organisations will start to build innovation competency, e.g. via innovation labs, in order to push the Mode 2 envelope. Platform thinking will be applied at all layers (including: delivery, talent, leadership and business model) and not just on the technology / infrastructure layer.
 
5. Adaptive, People Centric Security
The role of Chief Security Officer role will change and good security roles will become more expansive and mission critical. In future, everyone gets hacked, even you, and if not then you’re probably not important. Security roles will need to act more like intelligence officers instead of policemen. Security investment models will shift from predominantly prevention based to prevention and detection capabilities, as more new and unpredictable threats become manifest. Also organisations will look to deploy People Centric Security measures (PCS) in order to cover all bases.
 
6. The holy grail of business moments and programmable business models
The economics of connections (from increased density of connections and creation of value between: business / people / things) will become evident especially when organsiations focus on delivering business moments to delight their customers. Firms will start to capitalise on their platforms to enable C2C interactions (i.e. customer-2-customer interactions) and allow people and things to create their own value. It will be the dawn of programmable business models 
 
7. The Digital Mesh and the role of wearables and IoT
One of the big winners in the near future will be the ‘digital mesh’, amplified by the explosion of wearables and IoT devices (and their interactions) in the digital mesh environment. Gartner predicts a huge market for wearables (e.g. 500M units sold in 2020 alone – for just a few particular items). Furthermore, barriers to entry will be lower and prices will fall as a result of increased competition, along with: more Apps, better APIs and improved power.
 
The above are just a few of the trends and observations I got from the event, but I hasten to add that it will be impossible to reflect over 4 days of pure content in these highlight notes, and that other equally notable trends and topics such as: IoT Architecture, Talent Acquisition and CIO/CTO Agendas, only receive honourable mentions. However, I noticed that topics such as Blockchain were not fully explored as might be expected at an event of this nature. Perhaps next year will see it covered in more depth – just my prediction.
In summary, the above are not necessarily earth shattering predictions, but taken together they point the way forward to a very different experience of technology; one that is perhaps more in line with hitherto far-fetched predictions of the Singularity, as humans become more immersed and enmeshed with machines. Forget the Post-App era, this could be the beginning of a distinctly recognisable post human era. However, as with all predictions only time will tell, and in this case, lets see where we are this time next year. I hope you have a happy holiday / festive season wherever you are.

Copyright And Technology 2012 Conference

June 20, 2012 Leave a comment

Yesterday saw the first UK edition of this annual conference, which took place in London’s Kings Fund venue. The full day conference featured panels and expert speakers on that most interesting, challenging and potentially lucrative junction of copyright, content and technology. And, another buzzword for the ‘social’ melting pot – Social DRM!

Copyright And Technology Conference Word Cloud

Copyright And Technology Conference Word Cloud

The event format involved the usual keynotes and plenary sessions, during the morning segment, and a split into two streams, (covering technology and legal aspects), in the afternoon. My key take-aways include:

  1. User education on copyright content infringement is far too one-sided. According to expert copyright lawyer, Andrew Bridges, potential infringers / fans need ‘credible teachers’ with a more balanced agenda
  2. Traditional Hollywood release window is under threat (from user demand for content, here and now!)
  3. Piracy data collection / analysis are increasingly used by big content owners (e.g. Warner Bros and Harper Collins) to identify potential demand for specific content, via pirate channels. An interesting question by conference chair, Bill Rosenblatt, was whether content providers saw any potential for combining piracy data collection/analysis with social media buzz analysis, in order perhaps to help identify new market opportunities, remained mostly unanswered
  4. Media monitoring organisations can collect and analyse, (with consumers’ permission), actual usage data from user computers. According to the speaker from Warner Bros, their research apparently confirms claims that HADOPI has had an impact, with a recent decline in Peer-to-Peer file-sharing, in France.
  5. According to MarkMonitor, a high proportion of pirated ebook content are in the PDF format, which some think may be a result of easy portability between devices. Also, according to Harper Collins speaker, key motivational factors for ebook piracy include: Pricing, DRM and territorial restrictions.
  6. In the Technology stream, the panel on content identification (e.g. via fingerprinting vs. session based watermarking) discussed creation of content aware ecosystems using Automatic Content Recognition
  7. The term ‘Social DRM’ (a buzzword if I ever heard one) is the use of user information to uniquely identify digital content (and to potentially name and shame file sharers), as described by CEO of Icontact. One attendee grilled the presenter about ways and means to crack it! Apparently, the term Social DRM was coined by Bill McCoy at Adobe (now at IDPF), and is really just watermarking content with personally identifiable information
  8. Bill Rosenblatt described LCP (Lightweight Content Protection) for ePub as being somewhere in the middle of the content protection continuum (i.e. between no DRM and very strong DRM). Also, he observed that thepublishing industry stance on DRM is still in flux, and that genres such as (sci-fi, romance, IT) were mainly going DRM-free, whilst other e.g. higher education still used strong DRM to protect content
  9. Finally, my technology stream panel session on Security Challenges of Multi-Platform Content Distribution saw key contributions from experts, with multiple perspectives, from: a Security Consultant (Farncombe), DRM Provider (Nagra), Business PoV (Castlabs) and Content Provider / Owner (Sony Picture Entertainment).

Overall, this was a very good first outing for the Copyright and Technology conference in London. The co- organisers, GiantSteps and MusicAlly, did a great job to pull it off, despite disappointment (by last minute cancellation of a keynote) from the HADOPI Secretary General). I would certainly encourage anyone interested in the opportunities and challenges of content, technology and copyright to attend this conference in future. And yes, Social DRM is my new buzzword of the month!

IT Security: Still Hot & Cloudy!

December 13, 2011 Leave a comment

This a refresh of an older, but still relevant, post I did last year about security and cloud which remains mostly true even today. The origin and subject of the post was from an event on IT security at the BCS Chartered institute for IT which featured 3 speakers on IT Security and Cloud.

I said back then that if I was a betting man, I’d wager the IT security industry was on the brink of a major revolution on the back of the Cloud, and indeed that still appears to be the case today. In fact, the question asked then of how many people in the audience actively used the cloud will have many more hands raised in response, if asked today, mainly because people are much more aware of the cloud then before. Which is not to say that the cloud has completely become front and centre; it still exists rightfully behind the scenes, powering various services that may still be taken for granted by the consumer, however some more recent services are also leveraging increased awareness of cloud by consumers and positioning themselves directly as cloud services. E.g. think Apple’s iCloud or Amazon’s Cloud drive for instance.

But I digress, what’s this got to do with IT Security you ask? The answer is very simple, if the cloud is really a behind-the-scenes enabler, then cloud security should also be behind the scenes right? But I still have this uneasy feeling, that we’ll yet see someone get sued over security breaches emanating from the Cloud. How long will it be before we get cloud compliance and cloud security risk assessment models, regulations and perhaps even exotic insurance policy for Cloud based services? Furthermore, the Internet (and consequently the cloud) is essentially borderless technology, which means that various national and international data governance regimes may have a thing or two to say about where data is stored – assuming it can be found in one place! This could well be a nightmare in the making for eDisclosure and/or eDiscovery.

Finally, apparently some clever Silicon Valley types are actively seeking ways to commoditize the cloud, and cloud based services, such that it can be traded as a financial instrument. Hmmm, now where did we see that one before (does Collateralized Debt Obligation ring a bell)? Suffice it to say there’s a lot of food for thought when it comes to Cloud Security, and far better qualified people than I have pondered, spoken and written about it (e.g. see my  review of an excellent book about Cloud Security), so I shall just leave well enough alone.

To conclude, I dare say that cloud has come a long way since last year, especially in the minds of consumers, and it is looking likely to stay that way for a while yet, or at least until the next big hot topic strikes the zeitgeist. We can only wait and see.

Note: This post is brought to you in partnership with Intel(R) as part of the “Technology in tomorrow’s cloud & virtual desktop” series. For more information please click – HERE

Categories: Cloud, Security Tags: , ,

Digital Content and the Cloud

October 17, 2011 3 comments

This is first in a series of posts about cloud computing and digital content which will look at some of the immediate impact, as well as emerging and potential future trends of digital content in the context of cloud computing.

Digital Content Cloud

Digital Content in Cloud

Once upon a time, it was normal expectation and practice to run a decent-sized content business entirely from your own servers, storage and website. Nowadays this is not necessarily part of the conversation, even for small content businesses, as a result of the pervasive awareness of this thing called cloud and all the benefits it can deliver to the bottom line. The obvious advantages (e.g. scale, flexibility and reach) far outweigh most of the real and perceived disadvantages, but for content businesses, and I mean those businesses that rely on digital assets for their livelihood, this is a critical step with an intolerably high cost of failure.

In order to play in this field, content businesses must make it a point to ensure they are well placed and able to handle challenges posed by certain key aspects of doing business in the clouds, so to speak. These include:

  1. Storage – Along with the vast compute power, virtually unlimited storage is one of the key calling cards of the cloud optimist or evangelist. It is a compelling argument but there are still some key operational challenges to be faced in dealing with the vast amount of content stored in the cloud.
  1. Security – Cloud security is a staple topic of criticism by those I would refer to as cloud pessimists, but even now it is still way too early to tell which way the dice will fall on this one
  1. Collaboration – the ability to collaborate over space and time is another key attraction of cloud for content creators, business users and the even consumers (e.g. for User Generated Content)
  1. Intellectual property – The ability to monitor and enforce IP rights is a slow burner of an issue which will only get hotter as the more immediate challenges get resolved
  1. Emerging Usage models – The content industries face a major challenge dealing with constantly changing user needs and behaviours, (e.g. in the social context) resulting in the need for a highly flexible business model to cope with the onslaught; and this in my opinion, is where cloud technologies can really help enable the businesses of tomorrow

These and other related topics will form the main subjects for discussion in my subsequent posts for this series. In the meantime, I’d like to reiterate that the opinions expressed in this post and in the subsequent series of posts (and indeed my entire blog), are strictly mine and do not in anyway reflect the views of my employer, Capgemini, or the BCS Chartered Institute for IT.

DISCLAIMER:  This post is brought to you in partnership with Intel(R) as part of the “Technology in tomorrow’s cloud & virtual desktop” series.

IT Security is Hot & Cloudy!

September 17, 2010 2 comments

Wednesday’s BCS event on IT security certainly made that point on many different levels. If I was a betting man, I’d wager that the IT security industry is on the brink of a major revolution, on the back of that vague and fluffy thing called the Cloud.

Case in point, my question of how many people in the audience actively use the Cloud saw only a pitiful couple of hands raised. However when put in another way, by one of the presenters, i.e. how many people used Android phones for example; a few other hands went up along with looks of dawning comprehension. The Cloud rightfully exists behind the scenes, powering various services that are often taken for granted by the consumer, and the Android example simply confirms that in spite of all the buzz, your common, garden variety, consumer has little understanding or interest in this techie catnip known as cloud computing. And who can blame her, after all was it not the same geeky fads that brought us other similar buzzwords as: Application Service Provider (or ASP), Grid computing, and heck even Web 2.0?

But I digress, what’s this got to do with IT Security you ask? The answer is very simple, if the Cloud is really a behind-the-scenes enabler, then Cloud security should also be behind the scenes; but I get this uneasy feeling in the pit of my stomach (no, not from eating too many nibbles after the event), that it won’t be long before someone gets sued over some security breach emanating from the Cloud. How long before we get Cloud Compliance and Cloud Security Risk Assessment models, regulations and perhaps even some exotic insurance policy for Cloud based services? Furthermore, the Internet (and consequently the Cloud) is essentially borderless technology, which means that various national and international data governance regimes may have a thing or two to say about where data is stored – assuming it can be found in one place!

Finally, we also learnt that some clever Silicon Valley types are actively seeking ways to commoditize The Cloud, and Cloud based services, such that it can be traded as a financial instrument. Now where have we seen that one before – does Collateralized Debt Obligation ring a bell? Suffice it to say there’s a lot of food for thought when it comes to Cloud Security, and far better qualified people than I have pondered, spoken and written about it (e.g. see my  review of an excellent book about Cloud Security), so I shall just leave well enough alone.

Aside from the cloudy issue of cloud security (sic), the event provided many opportunities for attendees to hear and debate other key topics of interest in IT Security, and our four speakers did a great job of keeping people engaged throughout. More information, including presentation slides, can be found on the BCS NLB website.

Categories: BCS, Capgemini, Cloud, Security Tags: , ,

About the Economy, Piracy, Privacy (and Facebook’s Face-ache)

February 22, 2009 Leave a comment

Last week was certainly hectic in the ever-dramatic world of online digital content and personal privacy. Highlights include some events in London; the ongoing Pirate Bay trial; and a major about-face for Facebook. So where to begin…?

A week is a long time in politics, and digital content, (so much so that I’ll be proposing a name change for this blog to better reflect its breadth of coverage, but more on that later). Below are just a few of the stuff that went down last week

1. Events galore – Some rather interesting events took place last week in London, and I was fortunate enough to attend the following:

  • First Tuesday at the British Library (Tuesday 17th) – This focused on how to raise money for new ventures even in a recession. Founder and VC, Julie Meyer, spelled it out to attendees in a live interview by FT’s enterprise correspondent, Jonathan Moules.
  • Computer Hacking at BCS London (Wednesday 18th) – In this sold out event, SANS security expert, Jess Garcia, broke down the latest trends in computer hacking and the implications to individuals and businesses.
  • Broadcast Video Expo at Earls Court (Thursday 19th) – ETV’s Adrian Swift noted, in his conference session on emerging media, that the path to the future lay in adopting hybrid models which combine the strengths of both existing and emerging media to reach the target audience.
  • Power of Personal Information at BCS London (Thursday 19th) – In this excellent event, Tom Ilube (Founder & CEO of Garlik), painted a stark picture of just how vulnerable people are with respect to personal information. He encouraged everyone to exercise their rights by making “Subject Access Requests” for all personal information held by organisations with which they have / had some relationship (e.g. energy, telecoms, travel and even the grocery stores with loyalty card schemes)

2. The Pirate Bay trial begins (and IFPI website got hacked) – To some, this is about “piracy on trial”, with promise of major global repercussions, but it is probably more a rerun of the age-old struggle between old & new: mindsets / cultures / business models (i.e. transition & change in general). This one is still ongoing, but it hasn’t disappointed with the expected drama. Check out Wired’s blog for regular updates on the trial.

3. Facebook’s about-face – This is now old news / so yesterday, but one major point of interest is how users can make a very rapid and visible difference to web2.0 services like Facebook. To be fair, Facebook now has a track record for responsiveness (remember the Beacon affair?), but perhaps they really should stop trying to annoy their users in the first place, but what do I know?

4. The ISP’s Dilemma – My latest article, published in last week’s edition of Computing magazine, looks at the potential impact of Digital Britain on UK ISPs

So there you have it, an eventful week indeed. As mentioned previously, I hope to rename this blog to something more in line with its topical coverage of current / emerging trends in content protection, copyright and personal privacy. DRM Blog is just so…, *ahem*, restrictive, so watch this space, and any suggestions are welcome.

——-

Note: This post was previously published on my BCS DRM Blog, where you can find the original post, and reader comments, in the archives.

Tech Predictions 2009: A more sensible approach to de-risking data loss

December 17, 2008 Leave a comment

This is one that should have happened a while back, given that all the technology pieces are in place and readily available, but fear not, 2009 will be the year for comprehensive information rights management. Yes, I said it.


The technologies that can be used to provide persistent protection for enterprise content have existed for several years as a product, or suite of products, known as Enterprise Digital Rights Management (ERM), or more recently Information Rights Management (IRM). Unfortunately, the take-up of these products has not been as robust as might reasonably be expected for such a useful enterprise capability. It quickly became clear that these types of defensive technologies, which do not generate immediate / obvious revenue, are relatively expendable in pursuit of the bottom line. Perhaps, as a consequence, the industry recently underwent consolidation, (mostly through acquisition by larger players), into a handful of information lifecycle management solution providers that offer Enterprise DRM / Information Rights Management solutions among their arsenal of products and capabilities. Key players now include: Adobe, Microsoft, Oracle (via acquisition of Stellent / SealedMedia), EMC (via acquisition of Documentum & Authentica) and Liquid Machines. 

So what has changed, and why should 2009 be any different?

  1. Well for one thing, the frequent reports of data loss incidents mean that the corporate world has had to start looking at ways to prevent future mishaps. However, even current initiatives like wholesale corporate data encryption and data loss prevention strategies are not totally fool proof; therefore many organisations are still likely to need a more effective approach towards managing and securing information, especially one that will work even after data is lost or misplaced.
  2. Secondly, there are signs that ERM vendors are waking up to the key role they have to play in creating the ecosystem of solutions required to tackle data loss issues head-on. For example, some vendors have begun integrating their ERM products with existing Data Loss Prevention systems in order to provide effective control of information, both within and outside the enterprise security perimeter, (i.e. in the Jericho philosophy of deperimeterised security).
  3. Finally, although ERM is a direct offshoot of media Digital Rights Management (DRM), and provides similar capabilities for content control, it is unlikely to face the same fate as the latter, (see more on this from my DRM blog), for the simple reason that they serve very different markets / needs. A recent study of the ERM market shows a steady increase in awareness and adoption by organisations in various sectors like finance, healthcare and IT consulting among others

.In light of the above, I believe it that we shall start to see more examples of holistic security and information management as a major step towards mitigating the risk of data loss. The solutions, like the problems they solve, are not restricted to one product, channel or strategy; therefore it would most likely be achieved via a combination of components that include: ERM / IRM solutions; DLP systems; enhanced Information Security Policies; and the traditional corporate security and perimeter defence mechanisms.

>>===

Note: Originally posted on Capgemini’s Technology blog.  You can see the original post, including comments, at: http://www.capgemini.com/technology-blog/2008/11/help_theres_an_architect_in_th.php