Most parents consider the benefits of leaving an inheritance for their children. It ensures they have a financial cushion and a safety net to fall back on, and may even allow them to make investments of their own, such as buying property. But as any parent who is trying to save money for their children’s future has come to realise, the financial conditions of today are more challenging than ever before. Here are four ways you can help your children become financially stable, instead of passing on financial burdens.
Teach Them Financial Discipline
In the UK, money and earnings are a somewhat taboo subject. But talking to your children about money from an early age has been shown to be influential in how they will handle their finances as they mature.
As the old adage goes, “give a man a fish and you feed him for a day; teach a man to fish and you feed him for a lifetime”. Teaching your children how to be financially responsible will help them use resources to become financially independent and responsible. Leaving an inheritance is more worthwhile if your children know how to spend wisely, invest, and save.
Plan Your Funeral
Another taboo subject, and yet another one that is so important: planning your funeral. You might think that funeral costs can come out of the inheritance, or sale of assets. However, it takes time for these issues to be legally settled, meaning many need to take out loans to cover the cost of a loved one’s funeral. By the time any inheritance comes through, the interest will have racked up and your children might end up with very little.
Avoid this trap by planning your funeral before you pass. Full funeral packages, such as those provided by Golden Charter, let you plan and pay for your funeral. The average cost of funeral expenses in the United Kingdom have risen by more than 90 percent in the last decade. Securing a funeral plan can save you and your family a significant amount of money, as well as easing the stress of funeral planning for those you leave behind.
Proactively monitor your credit cards and outstanding loans. Missing payments and not shopping around for good interest rates are just a few of the mistakes we make that can impact our children when we pass. This will also save you money, which you can add to the inheritance, or use to treat yourself with!
A good money-saving attitude to every day purchases can also ensure there’s more for the inheritance pot, and can be passed on to your children too. For example, choose store brands over premium brands where you can, and plan your grocery shopping to reduce cost and waste. It’s also a good idea to set up a good savings account for your children and encourage them to save regularly.
Perhaps the most effective tool for building wealth is to invest – intelligently, that is. Intelligent investing achieves the balance between maximum capital appreciation and minimum loss potential. If you’re unsure, an initial spend on a good financial adviser can result in reaping greater benefits in the long term.
MidPoint 3.4 code-named "Heisenberg" was released few days ago. This is a sixteenth midPoint release since the project started all these long years ago. MidPoint went a very long way since then.
The Heisenberg release is the best midPoint release yet. We have finished access certification functionality, which makes midPoint the very first open source product to enter the identity governance and compliance playing field. We have also improved midPoint internals to better handle inconsistencies of resource data and we have also made many small internal improvements to increase robustness. This was one of the inspiration for the code-name. Similarly to Heisenberg's uncertainty principle midPoint accepts that there is some degree of uncertainty when it comes to processing of the identity data. It may not be practically possible to always base the decisions on authoritative data. Practical identity management system needs to accept that the identity data are always in a state of flux - and midPoint does just that. And it manages the data reliably even in situations where other systems fail miserably.
So, midPoint now has governance features. This is really big news. Much bigger than you may expect. Why? Because midPoint is a brilliant identity management system. Identity provisioning circulates inside midPoint veins. The release of midPoint 3.4 made the term "closed-loop remediation" obsolete. Any governance decision is immediately reflected into provisioning action because it all happens inside one system. There is no need to painfully integrate provisioning and governance engines any more. MidPoint does it all!
Even though the governance features in midPoint is really a big news, there is even more important improvement in midPoint 3.4: user interface. MidPoint user interface went through a major facelift during last two releases. And the Heisenberg release brings the results. The user interface is much more streamlined, it is consistently color-coded, it is much more user-friendly and it just looks good. See it for yourself:
Even though midPoint currently has the richest user interface among all the open source IDM systems, there are still more user interface improvement planned for the future and usability is one of our big priorities. Usability is something that needs to be continuously improved. And it will. Also there are big plans to expand the governance and compliance features in next midPoint versions. MidPoint is by far the richest open source IDM system and it improves all the time.
The Heisenberg release is without any doubts a major milestone in midPoint history. It comes after long years of a very hard work. But it was worth it. Every second of it. And the midPoint team is very proud of the result. So, just give it a try.
Many of us have been there, that awful moment when it dawns on you that you have a paper due in the coming days, and in our wisdom we opted to go out for those parties and paid no mind at all to our studies. Then after the fun comes the cold hard shock and the realization that within just a few short days you must lash together something passable like perhaps, a research paper. In times like these it’s important to stay calm and get focussed, if this awful fate befalls you then here are some tips to getting that paper completed quickly.
Obviously the basis for any research paper is cold, hard facts, these will be the ammunition that you will use to win this war. The best way to start any research paper is to compile a list of important facts on your subject that you can use, it will then be your responsibility to pad these facts out with conjecture and opinion but it is in the facts that you will find the nucleus of your arguments and propositions.
As with any article writing it is imperative that you have a solid structure to stick to, planning this beforehand will help you greatly during the writing process. Obviously you will require the usual introduction, body and conclusion but you need to think about what those will contain. A good introduction not only introduces the theme of your paper but should also ask questions that will be later discussed. The main body of the piece should include a 2-sided argument and plenty of info to back it up. The conclusion should round the piece off with opinions, answers to the questions asked in the introduction and possibly some open-ended questions to finish with.
If you’re looking for quick fixes then be thankful that you are living in the digital age, a simple search online for your chosen subject will yield thousands of results for you to use in your paper. You can even find research papers that have been written about your subject, these can be like finding treasure as you can paraphrase points that others have already made to fill out your paper. Remember that if you do use the work of others to help you in your time of need that it is essential that you change the wording significantly. If you fail to do this then you may get caught out for plagiarism which will mean that the time that you have spent putting your piece together will be entirely wasted.
If you are truly desperate and simply don’t have sufficient time to complete your paper then you have two options, ask for an extension from your university, perhaps tell a white lie to get this granted or alternatively, you could pay someone to write it for you. There are great websites where you can hire an online essay writer to complete your task for you, simply arm them with the information that they will need and sit back whilst a professional completes your piece for you.
After having a great time at #CISNOLA I recovered a bit. In that time I got a lot of feedback on my micro-keynote on professionalizing the identity management industry. Lots of of very encouraging feedback.
There was a common theme to these conversation – I signed the pledge; so now what happens?
From a long term perspective, I simply don’t know.
On a shorter timeline, here’s what I do know. Kantara is going to leave the pledge page open for a few more weeks. Around July or August, Kantara will convert the pledge list to a working group. This discussion group will explore what a professional organization for our industry should look like. I have recommended that that working group spend the rest of the year identifying what the organization ought to look like, what it should do, what it should not do, etc. My hope is that around the beginning of 2017 the organization gets going in earnest.
Well that seems like a long time to wait you might say. True. But we’ve gone 30 years without a professional organization – 180 more days isn’t going to kill anyone. Having gone through the creation of one organization already, I am in no rush and I think the Kantara leadership is of a similar mindset.
In the meantime, what can you do? Send your colleagues to the Kantara pledge page. Talk with your peers about what you want to see in a professional organization for our industry. Find similar organizations that are doing interesting things and brings those things to the working group when it starts.
Since the rise of the Smartphone you are now able to essential control your life from your pocket, you can manage your bank account, search for things on the internet, find directions, take photos, create projects or video call your international friends and you can do it all on the move. More importantly however is that your smartphone or tablet has become a gaming device that allows you to play games whenever you want, wherever you are. The range of games available is enormous and the best games that have been created for these devices are the ones that you simply can’t leave alone, the games that force you to steal minutes of your day just to play on. Recently I downloaded my favourite game yet, it’s called Colour Switch and when you download it I would advise you to carry your charger wherever you go as your battery will no doubt suffer from the hours of endless fun that you spend playing the game.
The premise of the game is simple, your are playing as a small circle of colour, each time you tap the screen your circle will jump up, it is your jump to keep jumping as high as you can. As you jump you must navigate your way through a series of multicoloured shapes that move, you can only move through the part of the shape that is the same colour as your circle. After you have moved through each shape you will gain a point, in between shapes you will hit a colour changer and once you’ve changed colour you must navigate through the next shape through the part that matches your colour. If you attempt to jump through, let’s say a square, and your little blob is yellow, then you can only jump through the yellow part of the square. If you jump through the wrong colour then it’s game over and you must start again. The aim is to get the highest score possible and you will spend hours trying to beat your old score, if you’re interested then you can play the game here.
I can’t begin to tell you how much time I’ve spent in the last few weeks trying to beat my scores, each time that I think I’m not going to be able to beat it I manage to surpass it, but then I want to beat that score and on I go. I’ve told so many friends about Colour Switch and now we are all trying to beat each other’s scores and sharing it on social media. I love Colour Switch so much, my bus journeys to work fly by with Colour Switch and the same goes for the other Poki games that I’ve found. They are simple, fun, easy to play and far too easy for my to wile away my hours with my phone in my hand, not texting, not on social media, just hooked on these brilliant little games.
One of the best ways to make yourself invaluable at work is to enhance your efficiency. Co-workers and bosses know which employees stand out in terms of getting things done quickly and capably. To excel in your field, your goal is simple: Become the best version of yourself. Fortunately, there are many life hacks that can aid in your endeavor to boost your productivity at work. Start with these five basics.
The act of declining invitations is a skill that’s important to develop. One of the worst situations you can face as a professional is a series of simultaneous deadlines. It’s the byproduct of trying to take on too much. As you try to increase your value to the company, you’ll feel the temptation to agree to every project available. In the process, you’re just as likely to become a detriment to the organization.
A single missed deadline harms multiple parties. Even if your overall percentage of met deadlines is strong, some co-workers will remember you as the person who failed to work in a timely manner on the one you missed. The best way to avoid this is by saying no any time you have a doubt about your current workload or the open project. Your peers will view you as someone with complete awareness of your capabilities.
Focus on Goals
To-do lists are popular for good reason. They help workers break down their daily tasks in itemized fashion. But on occasion, they’re also part of the problem. Anything you don’t include on your to-do list automatically falls by the wayside until you complete the listed tasks. That’s not the best way to demonstrate productivity at your job.
What you should do instead is prioritize goals. Your to-do list represents the minutiae of your daily life. Your goals are something different, and should go beyond your vocation. While they’re broader and harder to pinpoint, you should take the time to do so. Otherwise, you’ll discover that you are spinning your wheels by completing countless pointless tasks. Completing major goals, within and outside of work, will differentiate you from your peers.
Strategists call this the Inbox Zero system. The concept is simple. You might receive urgent emails and recognize that you need to craft a detailed response. Rather than do so immediately, you mark the message as unread, planning to reply in detail later. You might not realize it, but this tactic is a poor strategy for a couple of obvious reasons.
How much time did you just spend reading the email? By delaying reply, will you forget about the message entirely? That’s unlikely. Instead, the query will continue to distract you throughout the work day. You’ll consider then discard various options for reply even as you ostensibly complete other tasks. That’s wasted time, and that’s not even the worst part. You’ll also find yourself distracted, reducing the quality of work on the tasks you complete in the interim. The best thing you can train yourself to do is reply to emails as soon as you get them.
Use Productivity Apps
One of the best ways to improve your workday is by leveraging the power of your smartphone. Tens of thousands of developers constantly work to create and perfect productivity apps. Whatever your profession, others in the field have offered suggestions on improved performance.
You can download apps to take better notes, use Microsoft Office products, optimize your workflow, manage your inbox, and connect you to other experts in your field. You should get in the habit of perusing web sites that rank productivity apps. That way, you’ll always have your choice of the best programs to optimize your work life. You also need the right phone to use them. The Samsung Galaxy S7 has a large HD display, fast processor, and long battery life to help you work on multiple tasks to boost your productivity.
Just Do Something
The final piece of advice is most beneficial when you’re struggling to accomplish anything. Procrastination is the bane of productivity. When you’re sitting at your desk doing nothing, you’re at your worst.
The five-minute rule is the way to overcome what may be your worst habit. The concept is simple. Just do something for five minutes. It doesn’t matter what. As long as you work toward some goal, you’re enhancing your productivity and overcoming sluggishness.
Becoming more productive is a worthy goal. Follow the five tips above, and you’ll soon feel like the best version of yourself.
Photo by US State Department courtesy CC user Liftarn on Wikimedia Commons
Family holidays can be a lot of fun. There’s the anticipation and excitement of going to a new place and exploring sights and sounds that you’ve never experienced before. To make it even better, you get to take your children with you, and you can have fun discovering all the hidden treasures a new location has to offer.
Unfortunately, some children do not travel well. The thought of traveling, either by plane or by road, for a long period of time, simply terrifies them. Flying can be especially scary for smaller children, who can easily get frightened by the large crowds in airports, as well as the loud strange noises on a plane. If your child suffers from travel anxiety, you know first-hand how stressful and draining it can be for both of you. Traveling can turn your normally serene child into an agitated, fussy, screaming and struggling bundle and this can quickly wear you out.
Sometimes, travel anxiety can catch you unawares. Your child might have been a fantastic traveler previously and only recently became fussier about it. It happens. In spite of all your holiday preparations, travel sickness and anxiety is the one thing you can never predict. The best thing you can do is to have a plan on how to handle the situation should it ever arise.
Here are some tips on how to help children overcome travel anxiety:
Talk about it
Fear of the unknown can be overwhelming for a young child. Talking to them about the trip ahead and what will happen might ease their anxiety. If you are taking a flight, start a fun discussion on planes and how they work. Try to prepare your child by reading books or showing them movies about planes, to prepare them for the trip.
The same applies to a road trip. Discuss the trip with your child and tell them about all the interesting things you’re likely to see on the way. This way, the trip, strange surroundings, sights and sounds won’t come as a complete surprise and they will be able to relax and enjoy it.
Comfort the child
The best way to calm a child down is by comforting them. Once you board the plane, your child might start struggling or crying. You should do everything you can to calm them down and this might include hugging or holding them, singing a song or constantly reassuring them that you’re there and everything is going to be fine. Sometimes, all the child needs is the physical reassurance of your presence.
Learn how to distract them
Parents everywhere will tell you how valuable toys are in distracting their fussy children. The choice of toys, of course, depends on the individual child. When packing for the trip, ensure you include a couple of their favorite toys to bring along with you. Something as simple as fun, rolling kid’s luggage can help increase their excitement and turn the trip from an ordeal into something more enjoyable. Consider packing your child’s toys or clothes in kid’s luggage that looks like cute animals and have them roll it themselves, to help them feel useful during the trip.
Alternatively, you could distract them from their anxiety, using movies or music. Planes these days have inboard movies specifically geared towards children, so ask the flight attendants to show you some. The attendants are also experienced in dealing with anxious children and might have play packages that can help distract them. You can never be certain that these will be provided, so always pack your child’s beloved books or carry their favorite songs on an iPod to use during a trip.
In certain cases, a child’s travel sickness might have an underlying cause, such as hypoglycemia. It might be a good idea to take your child for a checkup prior to a major trip, to get any medical issues out of the way. For example, an ear infection or stomach trouble can worsen your child’s reaction to a trip, and a dose of medication can be of great help. Sometimes doctors can prescribe medicine to help your child calm down during the trip. Parents often have mixed feelings about this, so rely on your discretion to decide whether this is something you want to do.
Traveling with an agitated, wailing child can test the patience of any parent. During such times, it is important to keep calm yourself while reassuring your child. This might not always be easy to do but it helps to know that children often outgrow their travel anxiety. Most even calm down as the excitement of traveling takes over. The best strategy is to be prepared and to keep in mind that the anxiety will soon pass when you arrive at your destination.
We all do our best to be live in harmony with nature. Or at least we try – some don’t, but let’s not waste time with them right now. As technology advances, we now have more ways to reduce our ecological footprint, hoping to leave more of the world as it is today to the generations to come. The most exciting project of them all is the “Zero Waste Sapioponic House” initiated by Adam Kokesh, activist, youtuber and self-published author.
What does “sapioponic” mean?
Sapioponic is a term that I think has much more right to be included in dictionaries like “selfie”. It covers the complete recycling of all waste material resulting from human activity – like the everyday organic waste turned into nutrients for the gardening system, and all energy needs generated using self-sustaining sources. Basically it covers the complete re-use of every waste generated by every human activity within the house.
Zero waste living off the grid
Kokesh’s objective is to build a homestead that can completely cover every need of four people, living completely off the grid. And by “completely”, he means that he won’t rely on outside sources for anything except an internet connection. He will need that if he wants to continue to post YouTube videos or play online slots from time to time.
The house is planned to rely on solar radiation as its source of electricity, and rainwater as its only source of water. All water collected will be used and recycled, except for what evaporates – that is the only waste produced by the house. Heating, if needed, will be realized through passive solar energy and an occasional fire, while cooling will be made with cooling tubes and transom windows.
The water collected will first get into a water organizing module, which will handle its filtering to drinking water quality. The wastewater will be used in a way similar to aquaponic systems, providing nutrients to the planters with live cultures of red worms. The plan is to turn any solid waste into plant food, which in turn becomes human food and leads to the creation of more solid waste. That closes the circuit.
The project is massive, and will take quite some time to complete – up to 9 months, according to The Homestead Guru website. But once completed, it is planned to offer a completely independent way of life for a family of four. Those interested in his progress can follow Kokesh on Twitter, YouTube and various other social media outlets.
An outdoor wedding can be one of the most beautiful ways to get hitched, that is providing that the weather is fair to you of course. Many people opt for this type of wedding or at least an outdoor party to celebrate tying the knot, very often an outdoor wedding can also prove to be less expensive that having one in a hotel or venue as you may only need to pay a small charge for rental of land, the current prices that venues charge can be eye-watering. In order to have your perfect day outdoors there are several things that you will need to consider and here are some tips to help you assess what you need to do in preparation.
First and foremost you are going to need a venue for the party, even if you are blessed with some sunshine during the day, the party will doubtless go on into the night and you’ll need somewhere for that first dance. Marquee and temporary flooring rental really isn’t as expensive as many might think, it isn’t cheap of course but if you search around online you can get some great prices. The same goes for seating, a friend of mine recently held an outdoor wedding and used a company called Race who rented out stackable chairs, these were perfect for when the floor was cleared for dancing.
Weddings are a thirsty affair and the bar is one of the most important things that you’re going to have to consider. If you are working on a budget then a trip to a cash and carry could be just what you need, buy the stuff yourself and simply pay some staff to serve it for you. If you have a little more cash to splash out then there are several catering companies out there who offer bar staff and a fully stocked outdoor bar for your guests, you can even choose a limited selection of wines, spirits and beers for you guests to keep things a little more simple.
Again much of this comes down to budget, if you are working on a budget then it may be time to start asking some friends for favours. Some of the nicest food I’ve had at weddings was self catered, it doesn’t always have to be fancy food with all the trimmings. If however you are happy to splash out then search locally for catering companies, you can sit down with them and discuss the amount of courses and the type of food that you are looking for. One thing to bear in ind if you are going to use outside caterers is that you will naturally be paying for staff, having looked around at prices however, I still believe this to be a cheaper option than what you would pay in a hotel or a licensed venue.
来週6月21日(火) に、メキシコのカンクーンで労働組合諮問委員会フォーラム＠OECD閣僚級会合のデジタル経済に関するTUAC(Trade Union Advisory Council, 労働組合諮問委員会)フォーラムの「Technological Transformation & New Regulatory Models」というパネル・ディスカッションに出演します。
9:30 am to 10:45 am
Technological Transformation & New Regulatory Models
Existing economic and social structures are increasingly affected by digitization: Some for the better (increased internet openness and exchanges) and other for the worse (security and privacy risks, non-shared profits, and the rise in non-standard work). A coherent set of regulatory policies and investment targets is imperative to enable an equitable technological diffusion, while anticipating trends and risks. As such, the risk of a “digital deflation’ is real since companies increasingly encounter pressures on profit margins and rely on short-term financing. At the same time, monopolistic structures are making it difficult for new firms to grow, and leading some to adopt labour-cost saving and high-risk business models, to avoid paying taxes and to seek other legal loopholes. Panelists are invited to discuss the economic and social effects of Internet openness and technological change focusing on:
Value creation in the digital sector
Legal status and taxation
Competitive pressures vs. sustainable business models
Long-term investment vs. Digital Deflation
Moderator: Tim Noonan, Communications Director, ITUC
Catalina Achermann, Expert for telecommunications, digital ecosystems, new technologies, and public policy, CEPAL
Robert T Atkinson, President, Information Technology and Innovation Foundation (ITIF)
Yann Bonnet, General Secretary, Conseil National du Numérique (French Digital Council), France
ITAC Forum at the 2016 OECD Ministerial on the Digital Economy
Tuesday, June 21, 2016
Opening and keynote address
▪ Welcome: Laurent Liscia, CEO and Executive Director, OASIS
▪ Keynote: Jari Arrko, Chair, Internet Engineering Task Force
9:30 am –
Getting the Ball Rolling: IPv6 Adoption Since 2008
The adoption of IPv6 was specifically noted in the Seoul Declaration for the Future of the Internet Economy in 2008. This session will discuss the real-world progress in IPv6 adoption since that event, with a particular focus on the accelerated adoption rates seen in many economies over the last 18 months. Discussants will consider the drivers of IPv6 adoption and the lessons learned in terms of what IPv6 adoption means for Internet growth, openness and competition.
Moderator: Alejandro Pisanty, Academic Computing Services of the National University of Mexico (UNAM)
▪ Geoff Huston, Chief Scientist, APNIC
▪ Adriana Lavandini, Commissioner, Instituto Federal de Telecomunicaciones,
▪ John Brzozowski, Fellow and Chief Architect IPv6, Comcast
▪ Hiroshi Esaki, Professor, Graduate School of Information Science &
Technology, University of Tokyo
Open Standards for an Open Internet of Things
The Internet of Things (IoT) promises to usher in a revolutionary, fully interconnected “smart” world, with relationships between objects, people and their environments becoming more connected and intertwined. The potential ramifications of this are huge, particularly in the areas of: security and privacy; interoperability and standards; legal, regulatory and rights issues; and the
inclusion of emerging economies. IoT involves a complex and evolving set of considerations, including the technology underpinnings to support IoT. We therefore need to be prepared. Stakeholders, including governments, need to think and act strategically together so that the maximum advantage can be derived from this emerging phenomenon. Conversely uncoordinated actions such as on standard setting (by state or private actors) risk undermining trust and understanding of the benefits of the IoT.
The session will address the questions of:
· What is the value of open and voluntary standards in sustaining innovation in this domain?
· What is the economic rationale that goes into choosing between a particular set of competing standards?
· What are possible frameworks and solutions for creating an enabling environment for IoT to flourish as a positive force for inclusive economic and social development?
· Who should take such standards forward?
· With IoT’s multi-faceted nature that allows it to cross over many disciplines and vertical markets, how do stakeholders ensure a path that supports convergence and interoperability?
Moderator: Karen McCabe, Senior Director, Technology Policy and International Affairs, IEEE Standards Association
▪ Monique Morrow, CTO, Evangelist for New Frontiers Development and
▪ Laurent Liscia, CEO and Executive Director, OASIS
▪ David Conrad, Chief Technology Officer, ICANN
▪ Roberto Minerva, Research Coordinator at Telecom Italia Lab; Chair of the
IEEE IoT Initiative
▪ Luis Kun, Prof. of National Security at the
Center for Hemispheric Defense Studies (CHDS) at the National Defense University
The Internet (a global interconnected network of networks) has enabled a global digital economy to flourish. Yet, the same interconnectedness that fosters communication, opportunities, innovation and commerce on a global scale, also means that participation in the global digital economy means global interdependence and shared risk. Therefore, we have a common interest in the security of this shared economic growth resource and a collective responsibility to care for the Internet. Further, the continued effectiveness of the Internet as a driver for a vibrant and sustainable global digital economy also depends on the
Internet being a trusted platform for social interaction and commerce.
As the Internet and its applications become ever more pervasive in our daily lives through the Internet of Things, widespread use of sensors and the digitization of biological traits, collaborative risk-based approaches to Internet security are needed more than ever.
• How can we, as a global community, overcome silo approaches and evolve beyond considering only one’s own security risks?
• How will we share resources to ensure the delivery of a more secure Internet?
• How will we integrate the rights and expectations of users in security solutions?
• How will we collaborate to empower e-entrepreneurs and SMEs to effectively contribute to the overall security risk management of the Internet?
Building on the OECD Recommendation on Digital Security Risk Management for Economic and Social Prosperity, this session will highlight real world examples of collaborative approaches to strengthen the security of the Internet and its use, identify economic impediments to deployment of Internet security solutions, and suggest ways forward so that the Internet’s full potential can be realised.
Moderator: Robin Wilton, Technical Outreach for Identity and Privacy, Internet Society
Last week, we took a look at the challenges faced by “traditional IAM” vendors as they try to move into the customer identity space. Such vendors offer web access management and federation packages that are optimized for LDAP/AD and aimed at employees. Now we should contrast that with the new players in this realm and explore how they’re shaping the debate—and growing the market.
Beyond Security with the New IAM Contenders: Leveraging Registration to Build a More Complete Customer Profile
So let’s review the value proposition of the two companies that have brought us this new focus on customer identity: Gigya and Janrain. For these newcomers, the value is not only about delivering security for access or a better user experience through registration. They’re also aimed at leveraging that registration process to collect data for a complete customer profile, moving from a narrow security focus to a broader marketing/sales focus—and this has some consequences for the identity infrastructure and services needed to support these kind of operations.
For these new contenders, security is a starting point to serve better customer knowledge, more complete profiles, and the entire marketing and sales lifecycle. So in their case it is not only about accessing or recording customer identities, it’s about integrating and interfacing this information into the rest of the marketing value chain, using applications such as Marketo and others to build a complete profile. So one of the key values here is about collecting and integrating customer identity data with the rest of the marketing/sales activities.
At the low level of storage and data integration, that means the best platform for accomplishing this would be SQL—or better yet, a higher-level “join” service that’s abstracted or virtual, as in the diagram below. It makes sense that you’d need some sort of glue engine to join identities with the multiple attributes that are siloed across the different processes of your organization. And we know that LDAP directories alone, without some sort of integration mechanism, are not equipped for that. In fact, Gigya, the more “pure play” in this space, doesn’t even use LDAP directories; instead, they store everything in a relational database because SQL is the engine for joining.
So if we look at the customer identity market through this lens of SQL and the join operation, I see a couple of hard truths for the traditional IAM folks:
First, if we’re talking about using current IAM packages in the security field for managing customer access, performance and scalability are an issue due to the “impedance” problem. Sure, your IAM package “supports” SQL but it’s optimized for LDAP, so unless you migrate—or virtualize—your customers’ identity from SQL to LDAP in the large volumes that are characteristic of this market, you’ll have problems with the scalability and stability of your solution. (And this does not begin to cover the need for flexibility or ease of integration with your existing applications and processes dealing with customers).
And second, if you are looking at leveraging the customer registration process as a first step to build a complete profile, your challenge is more in data/service integration than anything else. In that case, I don’t see where there’s a play for “traditional WAM” or “federation” vendors that stick to an LDAP model, because no one except those equipped with an “unbound” imagination would use LDAP as an engine for integration and joining…
The Nature of Nurturing: An Object Lesson in Progressive, Contextual Disclosure
Before we give up all hope on directories (or at least on hierarchies, graphs, and LDAP), let’s step beyond the security world for a second and look at the marketing process of nurturing prospect and customer relationships. Within this discipline, a company deals with prospects and customers in a progressive way, guiding them through each stage of the process in a series of steps and disclosing the right amount of information within the right context. And of course, it’s natural thatsuch a process could begin with the registration of a user.
We’ll step through this process in my next post, so be sure to check back for more on this topic…
In part 1 of my blog post expanding on my Cloud Identity Summit talk on Invisible Identity, I proposed ‘The 4 Core Principles of Invisible Identity‘ that ensure that security and usability stay in a symbiotic partnership for an organization. I believe that adopting the concept of Invisible Identity will be vital to securing people in the digital age. But while security and usability are the two main goals of Invisible Identity, there is a third aspect to consider, and that is privacy.
It is obvious that Invisible Identity relies quite a bit on data collection mechanics – whether it be attribute, environmental, biometric or behavioral data. And it generates a bunch of data as well, what Stephen Wilson calls synthetic personal data. While the privacy wonk in me squirms uncomfortably when exploring this topic, the pragmatist in me understands that in this age of customer analytics, targeted marketing, and increased sensitivity to fraud and insider threats, this sort of monitoring and data collection is here to stay. So the real question is, how can we give people the plums they want without asking them to sacrifice their freedom?
It is my opinion that there are 3 things that really need to happen in order for Invisible Identity to balance security and usability with privacy needs.
Respect the User
The first goes back to the Invisible Identity principle of Respect the User. People know there is no such thing as magic. And nothing will lose you their trust faster than turning into Big Brother. Which is why creating the framework for Invisible Identity must start with an application of Privacy by Design and fighting the desire to over-identify. The More you Know may be a good PSA line for NBC, but it isn’t a good motto for security professionals.
And as I mentioned in my previous post, giving people visibility and choice is crucial. Incorporating good notice and consent mechanisms will not only create a better relationship with them, but will inevitably lead to fewer people working around the security mechanisms because of a general sense of mistrust.
IDaaS and Identity Services
The second is the emergence of IDaaS and Security-oriented Identity Services. We’re talking about a lot of very sensitive data here, and there are very few enterprises in this world that can take on the burden of assembling the infrastructure needed to do these identity operations at scale while also doing a good job of protecting the data. For everyone else, I say there’s no point in doing it yourself. Or as Ian would say, don’t be a toxic waste farmer.
Protecting this data really well is crucial to protecting people’s privacy and maintaining their trust in your business. And the big identity providers and IDaaS players will almost always do a better job of protecting the data, creating scalable and secure APIs and services that you can leverage, and continuously enhancing it. I refer you to my CIS talk from a few years ago called ‘IDaaS. The Now Big Thing.‘
The third part is gonna come from an architectural innovation that we are on the cusp of. As the compute power in our mobile devices and endpoints increases dramatically, I believe that we’re gonna reach the point where a lot of the continuous authentication, authorization and data analytics can be and will be done right on the device itself, avoiding the need to have all that data transmitted over the internet and aggregated in a single place in the cloud/data center, where it is a magnet to identity thieves and hackers.
We see some of this already with the way secure elements are used to store biometric data locally, and share only the results of the evaluation with the services relying on it. I think this will be a different way of doing distributed yet consistent security that is going to be a boon to the scalability, usability and, most importantly, privacy of these security solutions.
I will note here that at their WWDC keynote yesterday, Apple execs talked about incorporating on-device intelligence into iOS (and I’ll guess other product lines eventually) going forward. Given that I gave my talk a full week ahead of this, I am going to go ahead and give myself some prescience points. Take that, Madsen.
I thought I'd go and try and find the location both of the battle and exactly where the container is going to be sited. It turns out the Beanfield was cut in half by the building of the A303 dual carriageway and the small lane the convoy was forced down is now a dead end. But in the process I found a wonderful image of exactly where the container is going on google streetview. It looks like some squaddies in a tank have stopped for a full english in the middle of some J.G.Ballard-ian dystopian landscape that just needs a couple of hundred police in fluorescent jackets to be part of the show.
It's not about Boris's hair or Farage's latest craziness.
It's not about Turkey joining the EU or some mythical tide of immigrants stealing our jobs and our benefits.
It's not about EU bureaucracy
It's not about saving or killing the NHS
It's about a high-stakes, power grab by all the usual suspects.
Don't give it to them.
ps. The link between climate change denial and GMO promotion is wierd. You'd think if you denied science in one place you'd mistrust it in others. But of course it's never about the science. It's about regulatory capture by big business.
ForgeRock University, the award-winning technical training division of ForgeRock, has today released the first integrated training curriculum for identity to deliver world-class skills to today’s identity experts. Identity management success requires professionals who can prove their mastery with the tools and techniques of identity and access management, which are critical for today’s organizations.
Identity and Access Management skills are critical to the success of digital identity solutions using the ForgeRock Identity Platform™ and our goal at ForgeRock University is to educate the identity workforce of the future. With our certification program we can provide real proof to employers that individuals understand and are well prepared to work with the technologies involved in deploying ForgeRock solutions.
Creating a true integrated curriculum takes significant effort from a wide range of experts. Here at ForgeRock, that process began one year ago with a series of in-depth job task analysis events where – together with technical consultants, product management, partners and engineering – the critical factual and procedural knowledge tenets for expertise in ForgeRock™ technologies was established. The output from these sessions was captured as detailed front-end analysis documents, which drove the remainder of the curriculum development process.
A minimum of two person-years of effort goes into each course that is created, with extensive labs, course books with over 700 pages of detailed technical content, and in-depth technical environments being created by a team of curriculum development experts based around the world. For example, the course team involved in creating the Deploying ForgeRock Access Management course are located in locations as diverse as Stavanger, Norway; Bristol, UK; Vancouver, Oregon; and San Francisco, California – a truly global effort.
The courses released last week include: Deploying ForgeRock Access Management (FR-420), ForgeRock Access Management – Customization and APIs (FR-421), Implementing ForgeRock Identity Management, and ForgeRock Directory Services Administration, Maintenance and Tuning (FR-462).
In addition, the ForgeRock™ Certified OpenAM Specialist exam will be refreshed shortly, in line with the curriculum updates. To release a completely refreshed curriculum in one go is a significant milestone for any vendor, so it is a great step forward for ForgeRock. To register on the new classes please visit the ForgeRock University site.
Since I first left public service last year and then returned, I have been regularly asked about my perspective on the state of the U.S. Government's public facing shared service infrastructure for identity services. For a long time, I have lacked the words given my past investments of time, energy and emotion in those efforts.
Almost 4 years ago I wrote a post titled ‘The Epic Hacking of Mat Honan and Our Identity Challenge‘. In it I examined how hackers exploited the ways in which our online accounts are daisy chained together through poor password recovery and KBA based systems to systematically take over Mat Honan’s digital life.
4 years later, much has changed and yet much remains the same. The hacking today of racial justice activist DeRay Mckesson is a clear example of that. Much like in the Mat Honan case, the hackers had a clear objective – getting control of his Twitter account. To do so they followed the same process of working backwards to the root in the daisy chain of account recovery systems to take it over. But the differences illustrate very clearly one of the main issues we continue to have – our authentication systems are still woefully inadequate when faced with even a slightly motivated hacker.
[Image of DeRay from NY Times]
There are some things of note here: The hackers didn’t get DeRay’s password from the recent password troves that were the MySpace, LinkedIn or Twitter breaches. By all measures, DeRay had done everything that we ask people to do – set a good password, and activated the additional security protection of two-factor authentication on his accounts, which in all these systems is based on SMS-based OTP (sending a time limited numeric code to a registered mobile phone that must be entered in addition to the password). It is the exact same protection I have set up on all these systems. The difference between me and DeRay is that DeRay is a high profile target, and therefore worth the still relatively minor effort the hackers went through – a plan that required hijacking his mobile number in order to take over his accounts.
Anatomy of the Hack
[The following is based on what I know so far, and details may emerge/change.]
The hackers basically wanted to make sure that any text messages sent to DeRay’s phone number would get sent to a device they had instead of the phone DeRay has. To do this they called up customer service at Verizon, DeRay’s mobile provider, passed the KBA-based identity verification process, and then got customer service to reset the registered SIM information on DeRay’s mobile account to the one in the device they had. How did they pass identity verification? They knew the last 4 digits of DeRay’s social security number, something that has become incredibly easy to figure out thanks to the many breaches like the Anthem breach, or you could just calculate it.
Once they had their own device receiving texts, they essentially had control of DeRay’s second factor. Which still leaves the first factor – the password. Once again, password recovery processes to the rescue. Or in this case, the opposite of rescue.
The password recovery process for Twitter, when provided with the Twitter handle and the phone number, will show something like “Email a link to email@example.com”. So the hackers would still need to have access to DeRay’s email. The following tweet from DeRay indicates that his email was hacked too.
So one could deduce that the hackers first took over his email accounts so they could receive the password reset link that Twitter sent out. But how did they get into his email accounts? While this information hasn’t been released yet, I would guess using the hijacked phone number. In other words, they probably initiated a password recovery flow on the email account, and all they needed to reset the password was the OTP sent by text message to the phone number associated with the email address, which they now controlled.
Having control of the email account, they were now able to initiate the password recovery flow on Twitter, which sent a password reset link to the email account, which they were able to use to change the password and verify the changed password using the OTP they received by text message. And there you have it – one pwned high profile Twitter account.
What Does This Attack Reveal?
The factors we rely on to verify identity are (still) useless
It may be a better security question than “What is your aunt’s maiden name?”, but last 4 digits of social security number is definitely not enough to verify someone’s identity over the phone. It’s far too easy to search for, buy on the dark web, or socially engineer and phish someone’s personal information now. And SSN can just be calculated. KBA is deader than a Norwegian Blue.
As long as passwords are the first and main factor in authentication, the password recovery process is going to continue to be the weakest link in the entire connected web of our digital lives.
2FA that relies on SMS-based OTP is already defunct
Google knows this, and have published a paper with their research findings on this. Banks already don’t consider SMS-based OTP good enough. Maybe it’s time for everyone else to move on too.
CTA: Make Invisible Identity Happen
This is such a clear example of why we need to built the Invisible Identity platform I presented at the Cloud Identity Summit. At its center, Invisible Identity relies on Continuous Authentication. Would this attack have worked if the Verizon identity verification flow for something as significant as resetting the SIM included an email verification link or, better yet, a voice biometric? What if Twitter relied on a combination of soft tokens and passive factors like geolocation and device fingerprinting? This hack wasn’t a simple phishing hack. It required effort from the hackers – to get the SSN info and to hijack the mobile number. But would adding continuous authentication into the mix have made the barrier too high for their tastes?
4 years ago, the hack of Mat Honan wasn’t a drive-by. It wasn’t a password discovered in the massive password dumps that was used by a script going around trying to lock accounts up for a small ransom. Mat was targeted, and in the aftermath of the attack, he put in place additional protections on his accounts – the kind DeRay had on his. DeRay was a responsible and smart account owner that did all the right things – including setting up 2FA in the systems. And yet it didn’t help. 4 years on, things should be a lot better.
I gave an invited presentation on OpenID Certification at the 2016 Cloud Identity Summit (CIS) this week. I used the presentation as an opportunity to inventory what we’ve achieved with the certification program since its launch in April 2015, and while the numbers are impressive in and of themselves (90 profiles certified for 28 implementations by 26 organizations, with new certifications in May by Clareity Security, Auth0, and Okta), there’s a deeper impact that’s occurring that the numbers don’t tell.
The new thing that’s happening this year is relying parties are explicitly asking identity providers to get certified. Why? Because certified implementations should “just work” – requiring no custom code to integrate with them, which is better for everyone. This network effect is now in play because it provides business value to all the participants.
While I’ve spoken about certification about 10 times since the launch, this presentation is different because it tells this new story that’s playing out in the marketplace. Check it out in PowerPoint or PDF.
Franklin’s fascination with electricity is the one of the reasons he is a personal hero to me. I share his interest in electricity, but I was able to learn about it in safer environment.
Another, more significant reason Benjamin Franklin is a hero to me was his commitment to the cause of Freedom. He is the only one of the Founding Fathers who signed all four documents fundamental to the creation of the U.S.: the Declaration of Independence (1776), the Treaty of Alliance with France (1778), the Treaty of Paris (1783), which established peace with Great Britain, and the U.S. Constitution (1787).
A print of one of my favorite paintings by Del Parson hangs in our living room. Entitled “The Old Man Wept,” it depicts Benjamin Franklin shedding a tear as he signs the Constitution of the United States.
Malta is a fantastically diverse and unique set of islands located off the coast of Sicily. Over the years, the numerous cultures, ethnicities and people who have called the island home and left their mark on the way of life there, have meant there’s no shortage of variety for things to do and see.
Due to its strategic location, just off the coast of mainland Europe, Malta has seen many different invaders set foot upon its shores, and the ruins of these many individual civilizations has made the country an ideal stop for all history buffs.
The famed Megalithic temples are UNESCO heritage sites that are loved by all visitors. The seven structures, in total, are scattered across the three islands and show how architectural practices progressed and developed throughout the country’s prehistoric age.
Due to its proximity to the highly religious Southern European countries, Malta is a notably Catholic place. Particularly in the older generations, this belief system has an incredible influence on the culture, art and architecture of the archipelago.
St Johns Cathedral is a beautiful example of this. Designed by architect, Gerolamo Cassar, built during the 1500’s and revamped during the Baroque period, the site is dripping in color, beauty and elegance, all created to celebrate the country’s religious idols.
Photo: Jesús Pérez Pacheco
Maltese food is not something that is well-known, or easily found, worldwide. However, you don’t have to be on the islands for long to realize what a beautiful, fresh, mouthwatering cuisine is on offer.
The Sunday fish market at Marsaxlokk is an essential place to stop to try the local fish soup, Aljotta, pretty much as soon as the ingredients have been plucked out of the water. Heading further inland, the Rampila, in capital city Valletta, is a fantastic spot to taste some of the best local delicacies.
Alongside its cultural charm, Malta is also, geographically, one of the most spectacular destinations in this region. Surrounded by deep blue oceans, with luscious greenery and fascinating rock formations, any trip to Malta should involve immersing yourself in some of the islands’ most beautiful natural landmarks.
The Azure Window, the Inland Sea and Fungus Rock are world famous geographical attractions and located within a short distance of each other. The former, a rock shaped arch sticking out into the ocean, is a must-see site. The inland sea – which can only be accessed through a tunneling cave – is a place or pure amazement and the fungus rock is a 60-meter high giant, miraculously covered with a charming medicinal flower.
Finally, any trip to Malta would be wasted without taking some time out to relax and enjoy the peaceful summer sun. Due to its island formation, the country is home to an incredible number of spectacular beaches.
Photo: Creative commons
Ringed by rocks and protected from strong currents, the Blue Lagoon is by far the best spot for swimming. The Golden Bay offers visitors a long stretch of golden sands, and the Fomm ir-Riħ is the most secluded, for those looking for peace and quiet – however it does require quite a trek to get there.
Any visit to Malta is sure to be a brilliant experience, but by following this itinerary you can be sure to make the most of your trip and see all the this beautiful country has to offer. If you have any more suggestions for must-see things to do on this islands, be sure to leave a comment below and share your ideas with fellow travelers.
A great football (soccer) team deserves a great kit (jersey) but just because you deserve something doesn’t always mean you will get it. Sometimes great teams get terrible kits or terrible teams get great kits. Here are some football kits that will leave you saying “no, no, no!” as well as some that will leave you saying “goal!!!” Check out the best and worst new football kits 2016.
The Worst While the the football kits of the team’s in this years Euro Cup (as seen in the infographic) don’t all have great kits; they are no wear near some of the worst of all time. Check out the usually stylish French national team’s football kits from 1996 and 2008, not eye-pleasing at all. Even there latest 2016 kit looks like something out of a comic-book movie more than a football pitch. Another mishap from a nation known for fashion is Italy’s 2012 kit. This uniform was needlessly busy and though only 4 years old, seems incredibly dated today. Remember even a good team can win with a bad kit.
The Best France’s 2012 kits gave a very Parisian vibe, with horizontal stripes so quintessentially French. Italy’s 1996 kits brought us a touch of class with polo-esque collars, though decisive many fins miss this unique addition. Germany’s 2012 football kits were also a big hit with the fans, the colors of the german flag were represented as thin diagonal lines. Often using the colors of a flag can be gaudy and overdone but the german subtlety paid of here.
The games are expesnive more than just the kits. take a look at the infographic below and tell us what you think the best and worst new football kits 2016 are.
The Cloud Identity Summit is underway here in New Orleans, and it’s off to a great start. The organizers have done a wonderful job again, and with so much great content, the hardest thing is choosing which of the many interesting talks to go to.
My talk is already done (it’s oddly liberating to not be obsessing over my deck), and I’ve been blown away by the positive response I’ve gotten. And I’m not referring to the usual reaction to the inside jokes baked into the photoshops supporting my deck. I’ve had a few people tell me they really enjoyed my talk while passing me in the halls or at the dinner line. Even Bob said that he really liked it, and that means a lot.
Now I haven’t reached Glazerian levels of simulcast-iness where I can tweet comments on my talk while on stage, and immediately publish the text when I step off it. But I’m really proud of this talk because of what I conceived of while going through the process of putting it together. My initial abstract was built around some simple but important points I wanted to make about Identity at the nexus of Security and Usability. As I put the talk together, a lot of the disparate ideas and concepts I’ve had in my head sort of coalesced into what I ended up calling the 4 Core Principles of Invisible Identity. And instead of waiting for the video to be published, I figured I’d blog about it to generate some feedback and comments, especially since live tweeting was down (beyond the snark).
What is Invisible Identity?
Invisible Identity is an architectural and functional imperative to make identity simply disappear from people’s sight, moving instead into background as a silent protector and enabler. No more in-your-face interrupts, challenges and form-after-form-after-form. It relies on passive capabilities, like biometric and behavioral authentication, rules-based provisioning and more. But figuring out which technologies to use, and how to use them, needs to be more science than art, and looking at the implementations out there that are successful led me to realize that there are 4 core principles that every organization, small or large, can apply to create their invisible identity approach.
The 4 Core Principles of Invisible Identity
Following these principles will enable organizations to ensure that their identity-based security solution never loses focus on the symbiotic partnership between security and usability – whether they are starting with the most basic technologies that they will then grow over time, or whether they are revamping or evolving their large and existing infrastructure.
In the identity community, we all understand Context to essentially mean everything we can know about the identity of a person/thing – their static attributes, the dynamic environmental information about them (like device information, geolocation, or how they chose to authenticate), historical information about what they did, and when (a lot of this is being combined into what is being called end-user behavior analytics).
But I’m going to propose that we need to slightly alter the definition of context from being about the identity to being about the transaction. So in addition to all that information about the identity, it should include information about the transaction – its nature, frequency, risk analysis, impact. It should also include information about the relationship between the identity actor and the transaction – for example, is this a repeat transaction, an occasional or a one-off, and how does that fit into the overall nature of this transaction.
This changes context from being something normally relegated to the moment of first authentication to something that ebbs and flows and permeates every interaction between the person and the service.
And that goes hand in hand with being adaptive. Because once you understand how context is constantly changing, you can create security that adjusts to the demands of the situation and is right-sized instead of being onerous. It’s how you end up incorporating progressive profiling into your system, collecting data only as required, and even discarding it when no longer needed. It’s how JIT provisioning becomes a mandate, reducing data sprawl and minimizing the risk exposure of both the people and the enterprise. It’s how you can do step up authentication when the risk of the situation demands it, but also being able to choose the right kind of mechanism as justified by the particular risk – like PIN vs biometric.
Being adaptive forces you to be multi-factor and omni-channel, but also keeps you from being all the factors all the time. Or only one time. And it also forces you to think through your failure conditions and create backup or alternative flows (for example, switching to a voice-based system when interacting with a person that doesn’t have a smartphone).
Calm Technology is something that many of you may not be familiar with. We’re all familiar with the notion that a good design allows people to accomplish their goals in the least amount of moves. Calm technology allows them to do the same thing with the least amount of their attention. It’s a User Experience principle for technology that gets out of the way and lets the person do what they were trying to do.
Consider the example of making a purchase using a wearable like the Apple Watch, and imagine that the wearers authenticity is communicated based on the band incorporating a contact biometric like heartbeat (as offered in the Nymi band) instead of having to enter a PIN. There are a myriad of ways we can tap into (terrible pun intended) people’s other senses and technologies, and use mechanisms such as haptic feedback or biometrics to layer extra security into activities without introducing more friction.
Respect the User
And last, but certainly not least, Respect the User. As someone that has consciously tried to drop the term “user” and switch to person, I use it here to make a point. Too often we forget that we’re dealing with humans (in product management specs, we use “actor” and “user stories”, which tends to dehumanize them at the very beginning).
We should be treat them as a partner in the security process. After all, most of the time, they’re just trying to do something you want them to do. So making them endure an inordinately painful flow and taking an adversarial approach to them is inherently counterintuitive. But we’ve been conditioned to think that way. Understand that it isn’t that users don’t want security. It’s that they have a instinctive way of mapping the level of security controls they must endure to the level of risk they perceive in what they are doing, and will naturally reject a mismatch. Understanding that human factor is key.
And your biggest allies are transparency and choice. People will make tradeoffs and even accept higher levels of scrutiny/friction at the right points, IF they understand the benefits but more importantly, IF they understand their protections. The biggest challenge with Invisible Identity is battling the so-called creepiness factor. It’s why employees refuse to install MDM apps, or why many consumers prefer to create yet-another-account instead of using social login. And you have to understand the line between delight and overreach, because nothing will lose you a person’s trust faster than an unexpected outcome or unpleasant surprise, even if it is to their benefit. This is why security and user experience need to have equal standing at the design table.
Hope this made sense. I’d love to hear your feedback, so please leave comments here or on twitter.
In my next post stemming from CISNOLA talk, I’ll touch on the topic of Privacy in the world of Invisible Identity.
A strong brand can be the secret to firms’ long-term success and it’s something that virtually all businesses strive for. However, succeeding in cultivating a positive image can prove tricky. To help you achieve this, here are three tips that should make building your brand easier.
1. Create the perfect persona for your business
Firstly, think carefully about what exactly you want your brand to say. The process of creating a persona for your company shouldn’t be rushed. By taking your time and really analysing your options, you can ensure you put in place robust foundations for your firm’s image moving forward. Your brand should connect with your target audience, differentiate you from your competitors and accurately reflect the nature of the products or services you’re selling. It can help to think of your brand as a person with its own set of purposes, values and beliefs. To help you fine tune your image, consider conducting market research to see what really matters to your customer base.
2. Be consistent
Consistency is key when you’re showcasing your brand. Once you’ve decided on everything from your logo and company colours to your marketing tone of voice, it’s vital that you apply this to all aspects of your business. For example, if you’re personnel are in customer-facing roles, you may benefit from providing them with branded company clothing. It’s now easy to order high-quality uniforms finished with your firm’s name and logo. You may opt for screen printed garments or perhaps embroidered designs would work better. Clothing suppliers Fire Label point out that an embroidered company tagline or logo is a durable option and it can be ideal for firms looking to cement their image as well-established and reputable.
Your branding should extend to your premises too. Making sure your offices, retail spaces or other buildings are suitably designed and decorated will help to reinforce your image. The same principle applies to your website, packaging, marketing material and even to seemingly minor details like your letterheads. By being meticulous like this and echoing your brand throughout all aspects of your company, you can strengthen your image.
3. Never let your standards slip
Building up a positive persona as a company can take years of dedication and skill, but the reputation of even the most respected businesses can be severely tarnished in an instant as a result of poor customer service. In the age of social media, where disgruntled consumers can share their experiences with millions at the touch of a button, there is no room for substandard service. If you want to protect the reputation you’ve worked so hard to earn, you’ll need to ensure you’re always at the top of your game.
This means making sure your employees all have the necessary training and understand the significance of providing the best service. It also means not overreaching yourself as a company. When you make promises to customers, whether it’s about the quality of products or services or the timeframe you can deliver them in, they must be achievable.
Building a strong brand image doesn’t happen overnight, but if you take tips like these into consideration, you stand a good chance of earning the respect and loyalty of consumers.
As the legacy Sun product has reached its end of life, many companies are looking at migrating from Sun Directory Server Enterprise Edition [SunDSEE] to ForgeRock Directory Services, built on the OpenDJ project.
Several of our existing customers have already done this migration, whether in house or with the help of partners. Some even did the migration in 2 weeks. In every case, the migration was smooth and easy. Regularly, I’m asked if we have a detailed migration guide and if we can recommend tools to keep the 2 services running side by side, synchronized, until all apps are moved to the ForgeRock Directory Services deployment.
I’m always looking for other approaches to try on this, so totally game to hear if you have special magic ones.
This resonates with me because my focus right now is on how the XDI semantic data interchange protocol can give us a new form of messaging that we’ve never had before—something that gives us new and better ways of handling messages that either email or texting give us today.
There’s no sign of lofts losing popularity any time soon, with more and more house-owners choosing to “move up” rather than move house. This is especially the case around London and the South East of England, where property prices often make a move to a bigger house impossible.
Property prices in the fashionable parts of London are stable right now, it’s outer London and the commuter belt where values are rising. People in these areas want good transport links, good schools and a good return on their investment. It’s this last reason that makes loft conversions so popular – they add up to a third more living space to a house for a fraction of the cost of moving. The average loft conversion in Muswell Hill costs £40,000, whereas moving from a three to a four-bedroomed house can cost three times as much.
Latest trends in loft conversions
Fashions come and go in the loft conversion market, but a definite grower is the eco-friendly conversion, as people aim to add environmental as well as financial value to their homes. Let’s have a look at some other popular trends for 2016.
Environmentally-conscious loft conversions
It’s great news that oil and gas prices are at their lowest in years and look set to drop even further, but people still want more green energy and efficiency in their homes. People understand that these fossil fuels aren’t going to last for ever and so are choosing to future-proof their homes in any way they can. They also want to be as efficient as possible.
In the UK, electricity is generated from coal, gas or oil (although oil accounts for only around 1% of the nation’s power). Gas and electricity are also the main means of heating the UK’s homes and the fact that a quarter of a home’s heat is lost through the roof and loft shows how much energy is being wasted. Turning a loft space into an insulated living space isn’t just good for the family, it’s good for the planet.
Making a loft work for the planet
From 2016 onwards, more and more loft conversions will involve solar panels and solar water heaters, as well as eco-friendly building materials and thermal efficiency measures like effective insulation.
More lofts will become dwellings
A combination of high tuition fees, high rents and a competitive job market means that more and more millennials are staying with their parents for longer or coming home after university to save for a house deposit. In the 1970s just under half of the 18-34 age group was married and living in their own homes; now it’s just one-fifth. This means that home extensions and loft conversions will increasingly need to ensure that adult children will have independence and privacy while living with the ‘rents.
All mod cons
There will be more loft conversions built that include kitchens and bathrooms as well as living spaces so that cash-strapped millennials aren’t under their parents’ feet as they try to find their own.
Fifty one years ago, on June 3, 1965, Edward H. White became the first American to walk in space. As pilot for the Gemini 4 mission, Ed White was able to step outside the Gemini capsule for 21 minutes, tethered to the spacecraft but propelled about by a hand held jet-propulsion gun.
I remember how fantastic that seemed to my young boy mind way back then. It is still pretty cool to think about it now.
Twenty-seven years ago today, on June 3, 1989, government officials in the People’s Republic of China authorized its soldiers and tanks to reclaim Beijing’s Tiananmen Square from protesting students and others seeking democratic reform. By nightfall on June 4, Chinese troops had forcibly cleared the square, killing hundreds and arresting thousands of demonstrators and suspected dissidents.
During this time, a graduate student from China was working at the same company where I was employed. I witnessed him using the Internet to exchange messages with freedom-loving compatriots all over the world. He was somewhat frightened that the Chinese government would discover what he was doing and harm his family back in China, so he asked me to not tell others what he was doing at that time.
As I watched what he was doing, I realized what a powerful force global electronic communications could be in the support of personal freedom. I’m sure the tremendous advances in personal freedom that have occurred in China since that time are due at least in part, to interpersonal communications via the Internet. If people can communicate, it is really difficult for governments to suppress them and deny freedom.
Most of us are all familiar with the concept of bots – those small chunks of software designed to perform simple, automated tasks. It’s commonly…
The post Good bots vs. bad bots appeared first on Highlight.
In April, the EU signed into law the General Data Protection Regulation (GDPR) that will significantly change how companies use personal data in their testing…
The post Three reasons why data masking can’t completely protect your data appeared first on Highlight.
If you’ve followed my last few blog posts, you may have noticed the topic of usability in security pop up quite a bit. I’ve said in the past that usability issues in security should be considered vulnerabilities, because they create attack vectors in the form of user errors, exploits and workarounds. The idea was captured in this slide I presented at the 2014 Cloud Identity Summit quoting Eve Maler.
I’ve continued to explore this topic since, and I’ll be presenting my thoughts on the subject at the Cloud Identity Summit next week. The theme of the conference is “r/evolution of security: it Starts With identity“, covering the relationship between identity and security in various arenas – IoT, privacy, customer-business interactions, blockchain (drink), cloud.
One of those arenas is usability. And my talk (“Invisible Identity, or How to Delight People & Secure Users” on Mon, Jun 6 at 5:25pm in Studio 1/2) will be about using identity to bring the traditionally competing concerns of security and usability together. In it, I’ll define an emerging concept called Invisible Identity, a term Ian Yip coined last year that neatly captured the modalities and architectures I’ve been investigating and building the last few years. I’ll present the four architectural principles that, when applied to the identity and security technologies of today, make Invisible Identity a reality and such a game changer for IT-Sec. I’ll provide some examples of how it is already being used by some forward thinking organizations, and show how some common security use cases benefit in both the security and usability dimensions when sent through the Invisible Identity transmogrifier.
And if that isn’t incentive enough for you to ditch the other tracks and come to my talk, I promise to continue my CIS tradition of nerdy humor and badly-done photoshops roasting the identerati (check out the video of my talks from previous CIS’ to get a sense of what you’re in for). It is the last slot of day 1 after all, so I need a way to jolt some energy into the crowd before everyone heads off for an evening in New Orleans. And you won’t want to miss what I’ll be wearing.
I love to go to CIS. The identity community isn’t huge, and it’s always a pleasure to spend time with like-minded people – the Ping guys do a great job in creating an environment that is conducive both of serious work and relaxed personal catch-up with friends and colleagues of so many years. Plus, for CIS 2016 my long face is actually in the conference banner – which is totally awesome. Thank you Andre!
As usual, Azure AD is going to be have substantial representation.
Alex will have a keynote on Tuesday at 12:30
Wednesday afternoon I’ll drive a 3 hours master class on Azure AD for developers – I’ll cover broad vision, web development and multi platform device development.
We’ll have a booth for the entire duration of the conference – I am looking forward to chat with you about how you use identity in your apps. We might even have few copies of this bad boy
That’s it. If you are coming at CIS and want to arrange a meeting, hit me up on twitter. See you next week in New Orleans!
Sometimes, I get impatient with the pace of progress in the Identity industry in general and certain companies in particular. Yesterday, I listened to a presentation where the speaker was extolling the virtues of thinking of Identity and Access Management as an enabler for Digital Transformation, not just a defensive protector of data and systems. He spoke as if this were a startling new concept.
I looked back in my blog and found a couple of entries that show at least some of us considered Identity to be a key business enabler a decade ago:
Viewing Identity Management as a business enabler rather than just a cost-reduction vehicle or compliance assistant allows us to think beyond the constraints of how we do business now. Just think of how many more customers you could serve, how many more services you could deliver and how many more partner relationships you could leverage if you knew that identities of all participants were highly secure but highly connectable!
Identity is an essential, core enabler of online business. Identity must not be an afterthought, a necessary evil, or a function forced by government regulation. It is more properly recognized as a key business enabler. The modern business paradigm of delivering highly personalized service to individual consumers demands that Identity is at the core of the business process.
It is a concept that is still valid today. I’m glad to see more folks are catching on.
This specification defines an API that enables web pages to access WebAuthn compliant strong cryptographic credentials through browser script. Conceptually, one or more credentials are stored on an authenticator, and each credential is scoped to a single Relying Party. Authenticators are responsible for ensuring that no operation is performed without the user’s consent. The user agent mediates access to credentials in order to preserve user privacy. Authenticators use attestation to provide cryptographic proof of their properties to the relying party. This specification also describes a functional model of a WebAuthn compliant authenticator, including its signature and attestation functionality.
This specification is derived from the November 12, 2015 member submission of FIDO 2.0 Platform Specifications. Content from the three submitted specifications has been merged into a single Web Authentication specification, also incorporating changes agreed to by the Web Authentication working group. The working group intends to continue making timely progress, planning to publish a Candidate Recommendation by September 2016.
New York in May – you couldn’t ask for a better location or better weather to kick off the 2016 ForgeRock Identity Summit series. Or a better venue, for that matter. Guastavino’s Bridgemarket is a historic event space situated under the 59th Street Bridge (formally the Ed Koch Queensboro Bridge) on the east side of Manhattan. It’s a dramatic setting with soaring granite arches and vaulted tile ceilings that are the trademark of Rafael Guastavino Moreno, the famed Spanish architect who also contributed design elements to the Boston Public Library, San Francisco’s Grace Cathedral, and many landmark buildings in New York, including Carnegie Hall and Grand Central Station.
Guastavino’s was the site for our main event Business Track day on Thursday, May 26th, but we actually got started the day before with our Tech Day event at the Renaissance 57 Hotel in midtown. This was an afternoon of deep dives into best practices and how-to instructional presentations on getting the most out of ForgeRock solutions. Among the highlights:
Jamie Nelson, Senior VP of Engineering, gave an overview of the ForgeRock Identity Platform, with insights into ForgeRock’s overall engineering strategy, CREST and HTTP framework, APIs, audit framework and common services. Jamie proceeded to give updates on the latest developments with the core four modules in the ForgeRock platform: Access Management, Identity Gateway, Identity Management and Directory Services.
Warren Strange, Director of Customer Engineering, provided an overview of ForgeRock’s emerging DevOps / Cloud strategy. As many ForgeRock customers are seeking cloud-based approaches to digital security, our engineering groups are responding with offerings that are optimized for environments including Cloud Foundry, Azure, AWS and OpenStack. Warren also described how ForgeRock is now accommodating developers who work with container-oriented technologies such as Kubernetes and Docker.
Victor Aké, Co-Founder and VP of Innovation, gave a talk, Authorization for the Modern World, which reviewed the central importance of digital identity to life today. Victor’s presentation touched on many technical aspects of the ForgeRock platform – policy enforcement, role-based access control (RBAC), OAuth and UMA, most notably – but was notable for putting these technologies and approaches into the larger context of how individuals and organizations interact online through all kinds of digital devices.
Finally, Product Management Director Ludovic Pouitou presented on Best Practices for API Security, providing an overview of our Identity Gateway product. Ludo’s talk covered policy management, traffic throttling, OAuth2, border enforcement, monitoring and auditing. He also delved into how API security measures can inform monetization strategies.
On Thursday, CEO Mike Ellis kicked off our Business Track event with a brief “state-of-the-union” overview of what’s been happening at ForgeRock while the assembled customers, partners, friends and family finished off their morning coffee from the buffet breakfast downstairs. Mike stayed onstage to host the main event of the morning: a wide-ranging discussion on cybersecurity with Suzanne Kelly, former intelligence correspondent at CNN and now-CEO at The Cipher Brief, and Fran Moore, retired senior executive with the Central Intelligence Agency and Vice President at The Cipher Brief. Kelly launched The Cipher Brief to provide relevant analysis of news and events that helps readers accurately anticipate and safely navigate the complex, unstable, global security environment, and that theme underpinned the discussion. During the discussion Kelly asserted that assessing and understanding cyberthreats has mostly been perceived as a governmental issue, but that going forward must be an imperative for both public and private entities. Moore amplified that line of reasoning, pointing out that many of the highest-profile data breaches in recent years came about not through sophisticated IT techniques, but through simple social engineering methods usually involving phishing emails. “Behavioral change regarding cyberthreats cannot be legislated,” she noted. The Q&A session following was newsworthy in that Moore, a CIA veteran with 32 years of service, said she is not in favor of the government having a “backdoor” capability to access encrypted data from secured smartphones or other devices, saying “I understand the argument for one, and could perhaps be convinced otherwise, but I don’t see the need at this point.”
Other highlights from Business Track day:
Eve Maler, VP of innovation and emerging technology, presented on User Managed Access, an emerging identity standard that promises to provide a secure, consent-based data sharing framework for the emerging regulatory environment.
Matt Devost from Accenture, who helps large international companies to identify and manage dynamic threats in complex operational environments, briefed the conference on the emerging threats and vectors that are putting critical infrastructure at risk.
Ashely Stevenson, identity technology director, gave an overview of ForgeRock’s continuous security technology, pointing out that digital identity plays a unique role in any organization’s technology stack because it’s as important to the user experience as it is to security.
John Barco, Allan Foster and Daniel Raskin provided an overview of ForgeRock’s approach to identity in the cloud, the essential point being that ForgeRock is making it possible to port identity capabilities across proprietary cloud architectures. To date, developers have largely been constrained to using the limited (very limited!) identity capabilities baked in to each environment.
James Ashfield from Capital One described how his organization is pursuing a digital transformation initiative to streamline operations and improve customer service.
Finally, CEO Mike Ellis hosted a roundtable panel with Jeff Bagby from Thomson Reuters, Dan Blum from KuppingerCole, and Dean Morstad from MoneyGram. It was a balanced discussion, global in scope as Dan provided some insights into recent developments with European data privacy legislation, including the GDPR. Jeff described how with a growing proportion of Thomson Reuters’ business involving data sharing through APIs, identity and access management has become a critical enabling technology for the global publisher. Dean was able to provide insight into the other side of the identity coin, explaining that with MoneyGram’s agent-based organization, a powerful but flexible identity infrastructure makes it possible to maintain a secure and frictionless user experience.
Looking for a truly unique vacation destination? Jakarta can provide a once in a lifetime place for a perfect holiday. Whether you are turning a business trip into a vacation, passing through on your tour of Java, or heading specifically for a good time in Jakarta. Here are some tips for vacationing in Jakarta, Indonesia’s capitol city.
Stay Cool Jakarta is well known for its oppressive heat. The vacationer in the know, has many tools at their disposal to beat the heat. One good way is to plan your day around temperatures. This means heading out to do your shopping early in the morning or after sunset, this is the way locals have done it for centuries. Some folks like to enjoy a nap in the hot afternoons, perhaps in an air conditioned room in a great hotel in Jakarta. Jakarta’s chic and comfortable Kosenda Hotel is one of our favorites for a heat-beating nap. If you prefer to go out in the height of the heat, maybe one of Jakarta’s water parks would be a good way to stay cool? The Snow Bay water park is winter themed, complete with artificial snow-capped mountains. Another popular water park is Pondok, which features massive speed slides and inner tube attractions. If you prefer shopping to cannonballs; Jakarta’s malls are usually air conditioned paradises and always a popular way to beat the heat for locals and foreigners alike.
Fill Your Belly at the Markets Jakarta is world renown for its unique and delicious cuisine and one of the best ways to experience as much as possible (and believe us, you want to!) is at one of the city’s many markets. It is a good idea to bring along some friends that way you can share your treats without getting too full. A few must try dishes are the deceptively simple and delicious satay, meat on a stick has never tasted so good. The national dish of rendang, a thick beef curry is also a must tray in Jakarta. No trip to Indonesia’s capitol would be complete without trying martabak, available in both sweet and savory varieties, it is basically varying types of bread wrapped around a filling, those fillings are ranging from egg to durian. Yes, we said durian, if you are not familiar with Indonesia’s most famous fruit, loved or hated by millions it is definitely worth a taste. Jakarta is a foodie paradise that is why sampling as much food as you can is one of our top tips for vacationing in Jakarta.
Though it may sound like common sense, staying cool and sampling good food is key to enjoying your trip to Jakarta. Follow our top tips for vacationing in Jakarta and rest assured you and your family will have a wonderful time exploring Indonesia’s massive, hectic, and beautiful mega capitol.
The Banking and Insurance sectors are very active in its pursuit of faster and less costly solutions to their largely legacy transaction processing infrastructures; blockchain-based distributed ledger technology is at the forefront of a number of new initiatives being investigated and prototyped.
A growing number of broad blockchain initiatives have attracted Venture Capital and Corporate financial investments. Some of these initiatives are:
R3, a distributed ledger provider and consortium of banks, the foundation members being Barclays, BMO Financial Group, Credit Suisse, Commonwealth Bank of Australia, HSBC, Natixis, Royal Bank of Scotland, TD Bank, UBS, UniCredit and Wells Fargo. They are each connected on an R3-managed private peer-to-peer distributed ledger, underpinned by Ethereum technology and hosted on a virtual private network in Microsoft Azure, the public cloud platform offering “Blockchain as a Service” (BaaS) in an accelerated development environment.
Bank Santander has established a subsidiary, Santander Innovations, to assist FinTech companies grow from a seed stage through to a more mature stage, including support for innovative blockchain solutions with the “DL Challenge” to encourage and support early stage startups using distributed ledger technologies.
IBM and Samsung have jointly developed the Autonomous Decentralised Peer-to-Peer Telemetry (ADEPT) proof-of-concept to validate the feasibility of both implementing the foundational functions of a decentralised Internet of Things (IoT) and enabling device autonomy in IoT transactions and marketplaces. IBM has also launched Cloud services to help developers build and manage blockchain networks.
BNP Paribas and SmartAngels are building a distributed ledger that will permit private companies to issue securities on the primary market and give investors access to a secondary market using blockchain technology.
Asset and value management, contracts, regulation - Many areas of the financial market could clearly benefit from distributed ledger technology. The following are just some examples:
Distributed ledger asset registries could be deployed to manage virtually any asset class (e.g. shipping vessels, aircraft, automobiles etc.) and provide a complete unalterable audit trail of ownership, maintenance and valuation from manufacture right through to disposal.
Intra Group Payments
Banks are exploring the use of distributed ledgers to move money country to country across their own networks for faster processing and lower costs.
Cross Border Payments
The current process for cross-border payments relies on intermediaries (correspondent banks) before reaching the ultimate physical location. The process is slow with expensive customer fees and bank risks due to weaker banking standards in some jurisdictions. The blockchain offers new possibilities, with no geographical borders, middlemen or opacity that has plagued legacy cross-border payments, with the added benefits of fast processing and the potential for lower fees.
Securities Issuance and Settlement
The Securities Exchange Commission has approved the issue of public securities via blockchain-based technology. This signals a significant shift in the way financial securities will be traded in the future. Electronic dealing systems have transformed front office trades to virtually instantaneous but the actual swapping of payments can still take days, creating risk in the banking system. Leading financial institutions including Barclays PLC, CitiGroup, Goldman Sachs and UBS are looking to blockchain technology to substantively instantly settle securities without the risks associated with traditional settlement methods.
Banks are investigating the use of blockchain for collateralized trading markets including OTC derivatives, repo and securities lending. Collateral Management is a critical topic because of the volumes of business and the new regulations being introducing increased are increasing complexities. A number of organisations including BNP Paribas, Deutsche Bank, SIX Securities and the Depository Trust and Clearing Corporation (DTCC) are looking to blockchain as a possible solution, some are running proof-of-concepts to see if such a solution is scalable and how such a solution could be integrated into their core infrastructures.
Syndicated Lending solutions are being trialled. The current settlement time for a syndicated loan is around 20 days, heavily paper-based, manually driven involving many spreadsheets and phone calls. Turning a syndicated loan into a Smart Contract will reduce manual labour as all information is recorded digitally on the distributed ledger, removing the need for reconciliation and corporate actions can be performed automatically, reducing back-office workloads.
The blockchain could become a platform for trade surveillance as the focus shifts to the front office and sell-side firms using blockchain derived metadata to benchmark normal trading patterns for individuals or traders. Trading surveillance traditionally focussed on monitoring equities but MiFID II regulations in Europe is extending coverage to other asset classes such as fixed income, foreign exchange, OTC markets, dark pools and internalised flows and cross-asset surveillance.
Peer-to-Peer Insurance Platforms
Distributed ledger technology could support the rise of peer-to-peer insurance platforms and contribute to enabling self and mutual risk management frameworks. Distributed mutualisation combined with the ‘wisdom of crowds’ could support efficient claim management and fraud reduction. Insurance companies’ role could potentially evolve from that of risk handlers to one of risk management advisors. Blockchain-based insurance solutions could in theory blossom into fully funded blockchains. Premiums would be paid and recorded on the blockchain, and claims payments and surplus distributions would equally be paid through the blockchain. Prescribed rules and scripts, under certain conditions, would lock and unlock funds.
The blockchain can facilitate the setup and management of insurance contracts using Smart Contracts technology to ensure data accuracy, correct payment and settlement of premiums, brokerage, commissions and claims. All parties to a contract will have access to identical exposure data which will resolve existing data quality issues and help to leverage better modelling models to measure aggregate exposures and to make capital allocation decisions.
Microinsurance is sometimes made prohibitively expensive due to the costs of collecting underwriting data and administering claims. Often underwriters and actuaries have to travel into the field to perform these tasks, and this increases the expense ratios of companies to a point where they cannot be profitable. Using blockchain based decentralized consensus, they can employ individuals within community based insurance programs to perform these tasks. By collecting and submitting data which is then sent to either the policy activation or claim payment mechanism of a Smart Contract, underwriters and adjusters and their associated costs are removed from the process thus dramatically increasing the viability and profitability of the insurance program.
By its nature a blockchain is an unaltered chronological record of transaction history, delivered in a fully transparent and accessible form. Many regulatory processes require a document to have gone through certain states before any given state (e.g. AML, KYC, KYCC processes). Recording these state changes in the blockchain conclusively demonstrates compliance with these processes without the need of an intermediary. This could be extended to include proof-of-audit/control whereby each new version of a document could be denoted to have changed according to a defined set of rules. The result of these rules-based processes could potentially dramatically reduce the cost of governing regulatory compliance.
The bottom line is that there exist plenty of interesting opportunities and rewarding business models for blockchain-based distributed ledger technology in the Banking and Insurance Industries. While many already thought the internet and the cloud to be the last real revolutionary technical inventions, both will soon be at least equally complemented – if not surpassed - by the blockchain, making digital transactions of next to all kinds much more secure and reliable. The soil is just getting prepared. Worldwide.
For a long time, IT risks have been widely ignored by business people, including Corporate Risk Officers (CROs) and C-level management. This has changed recently with the increasing perception of cyber-security risks. With the move to the IoT (Internet of Things) or, better, the IoEE (Internet of Everything and Everyone), we are beginning upon a new level.
When a company starts selling and deploying connected things, this also raises product liability questions. Obviously, goods that are connected are more in danger than goods that aren’t. Connecting things creates a new type of product liability risk, by creating a specific attack surface over the Internet. Thus, when enthusiastically looking at the new business potential of connecting things, organizations must also analyze the impact on product liability. If things go really wrong, this might put the entire organization at risk.
Product security inevitably becomes a #1 topic for any organization that starts selling connected things. These things contain some software – let’s call this a “thinglet”. It’s not an app with a user interface. It is a rather autonomous piece of code that connects to apps and to backend services – and vice versa. Such thinglets must be designed following the principles of Security by Design and Privacy by Design. They also must be operated securely, including a well thought-out approach to patch management.
It’s past time for vendors to analyze the relationship of the IoEE, product security, and product liability risks.
Sounds like “security as the notorious naysayer”? Sounds like “security kills agility”? Yes, but only at first glance. If you use the security argument for blocking innovation, then security stays in its well-known, negative role. However, as I have written in a recent post (and, in more details, in some other posts linked to that post), security and privacy, if done right, are an opportunity not a threat. Security by Design and Privacy by Design drive Agility by Design. A shorter time-to-market results from consequently following these principles. If you don’t do so, you will have to decide between the security risk and the risk of being too late – but only then. Security done right is a key success factor nowadays.
Smartphones have become so popular over the past decade that it can seem impossible to go without one. You can use a smartphone for many things, from basic communication purposes to helping your business run smoothly when you are out of the office. Dropping a phone and cracking a screen is an unfortunate event that many people have experienced. Other than ruining your day, a cracked phone screen can be a hassle to deal with and may cause your phone to no longer work correctly.
An Ounce of Prevention….
Learn how to protect your smartphone before it becomes damaged. Some ways to protect your phone are better than others, and it’s helpful to research different products before you buy them. Glass screen protectors, such as the tempered glass screen protector iPhone 6. Adding an extra layer of tempered glass protects your screen without making it hard to use your phone.
Repairing the Cracked Screen
If your phone doesn’t have insurance and if you’re not due for an upgrade, you’ll either have to deal with the screen being cracked or fix it. If you don’t have any experience with repairing a cracked screen yourself, you should leave it up to the professionals because it’s easy to cause more damage when trying to repair it. Most places that sell cell phones will repair them as well with a fee.
Helpful During Travel
Smartphones come in handy for many reasons, especially during travel. There are numerous apps you can download to make your trip go smoothly, including Uber for finding rides to your desired destinations and Get Your Guide app for finding ways to save money. Some apps are helpful for organizing flights, reserving hotels, learning the language, keeping track of finances, and downloading maps. It’s easy to get lost in a new place, and when you’re traveling, the last thing you want to do is get lost. Use your smartphone to tell you your exact location and give you directions to where you need to go.
Important for Business
Having a smartphone is a great way to keep your business well-organized with apps that help you manage your finances, making to-do lists, making and sharing spreadsheets, exporting timesheets, and organizing conversations. With business apps, you can also have tools handy for project management, set productivity goals, and sharing files with your contacts. It’s easy to keep your business well-organized with a smartphone because everything is right at your fingertips.
Gives You Many Options for Staying Connected
Phones are not just for calling people anymore; there are numerous communication options available to make things more convenient for you. Instead of just talking on the phone, you can text, email, video chat, message on social media accounts, and much more. With a smartphone, you can get news instantly, weather updates when you’re out, and share photos and videos with many people at once. You can also have entertainment at your fingertips with the best game apps and entertainment apps.
Many people’s lives revolve around their smartphone because of how important they are for staying organized and connected. It can seem like an impossible task to go for a prolonged period without using your smartphone. Take necessary steps to make sure your smartphone is protected in case you drop it. A cracked screen is very unfortunate and can be costly to repair. With the right protection, such as an extra layer of tempered glass, your phone will be much more protected.
This afternoon, I read a recently released Verizon report, “State of the Market: Internet of Things 2016.” It provides a quick, but fascinating read about Internet of Things market forces, real-life industry adoption, key trends and real-world successes. The report states:
The Internet of Things (IoT) is much more than the result of seemingly fragmented and complex technologies smashed together … forward-thinking business and public sector leaders, as well as consumers and developers, are turning to the Internet of Things to address some of society’s most pressing social, economic and business challenges.
Five macro trends— data monetization, consumer expectations, the regulatory landscape, network connectivity/IoT platforms and security—are helping to speed IoT adoption and deliver measurable results across several industries and sectors.
Verizon believes we just completed the year where IoT graduated from the neat new idea stage to mainstream adoption:
In our view, 2015 was the year IoT gained legitimacy. Businesses moved beyond a “start small think big” mindset. Today, they’re building IoT into future strategies and business models. Companies across all industries now have IoT squarely on their radar.
In 2015, the emphasis of startup capital began to favor enterprise focused IoT businesses over consumer applications in a big way, and the trend appears to be accelerating:
According to analysis conducted by our venture capital (VC) arm, Verizon Ventures, we estimate that consumer IoT startups raised 15% more VC funding than enterprise-focused startups in 2014. However, in 2015, roles seemed to have reversed with enterprise outpacing consumer by around 75%. In 2016, we believe the enterprise will continue that trend, but by a much larger order of magnitude—roughly 2 – 3 times more than consumer.
The sheer size of the potential IoT market continues to boggle my mind. The following chart shows a few big numbers that barely scratch the surface of the potential for IoT growth.
Of the many potential IoT areas of emphasis, the Verizon report specifically addresses four:
Automotive: Connection, convergence, convenience and the connected car
Agriculture: Farming with precision
Smart Cities: Making communities smart and sustainable
Energy: Providing real-time energy insight.
Of these, the closest one to my heart is Farming with Precision – quite a big step from the old farm where I grew up, where adjusting irrigation meant installing canvas dams in ditches and using a shovel to channel water down the correct rows in a field:
Industry experts have quipped that the agriculture industry is proof that soon, every company will be an IoT business.
One of the biggest trends in farming today is precision agriculture, the practice of sensing and responding to variable soil, moisture, weather and other conditions across different plots. Farmers are deploying wireless sensors and weather stations to gather real-time data about things such as how much water different plants need and whether they require pest management or fertilizer
Using this data, growers can customize growing processes. Indeed, one of the biggest benefits IoT offers farmers is the ability to gather much more granular data about smaller parcels of land. With site-specific data, growers can then optimize growing conditions on a plot-by-plot basis, boosting yields, improving quality and cutting costs in the process.
Again, the numbers are immense:
The total market size for digital precision agriculture services is expected to grow at a compound annual growth rate of 12.2% between 2014 and 2020, to reach $4.55 billion.
Security, is, of course, of critical importance across many facets of the IoT landscape.
The sheer volume of IoT devices constantly producing communications, require careful security and privacy considerations. There is no current IoT protection framework that’s ahead of the implementation of this technology. The industry is keeping up with the development of technology by looking to the rising threat vectors—some old, some new—that will impact deployments and ongoing operations. Authentication of critical data, and baseline triggers for action are the emerging security focus.
The bottom line?
Innovation, productivity and value will thrive as private companies and the public sector both come to the inevitable conclusion that IoT is imperative to delivering the integrated, easy to use and sustainable products and services demanded by an increasingly mobile, tech-savvy 21stcentury society.
No single company or country can realize the full promise of IoT on its own. We believe collaboration, experimentation and openness will:
Create cleaner cities
Deliver better healthcare
Make transportation systems safer
And make the digital world work better for consumers and citizens.
We live in an exciting world, at an exciting time. Hang on for the ride!
It isn't. That's how it is. Why? Take any study describing potential information security threats. What do you see among the top threats there? Take another study. What do you see there? Yes. That's the one. It is consistently marked as one of the most serious threats in vast majority of studies published for (at least) last couple of decades. Yet it looks like nobody really knows what to do about this threat. So, who is this supervillain? He's right under your nose. It is the insider.
It all makes perfect sense. The employee, contractor, partner, serviceman - they all are getting the access rights to your systems easily and legally. But, do you really know who has access to what? Do you know that the access is still needed? Maybe this particular engineer was fired yesterday, but he still has VPN access and administration rights to the servers. And as he might not be entirely satisfied by the way how he has left the company the chances are he is quite inclined to make your life a bit harder. Maybe leaking some of the company records to which he still has the access would do the trick? It certainly will. And who is the one to blame for this? Is the security officer doing his job properly? Do we know who has access to what right now? Do we know if the access is legal? Are we sure there are no orphaned accounts? Are we sure there are no default or testing accounts with trivial passwords? Can we disable the accounts immediately? Maybe we can disable password authentication, but are you sure that there is no other way around that? What about SSH keys? What about email-based or help-desk password resets?
If you do not have good answers to these questions then your information security is quite weak. I'm sorry. That's how it really is. Do you remember that weakest link idiom that is taught in every information security training? Now you know where your weakest link is.
But what to do about it? Obviously, you need to manage the access. So maybe the Access Management (AM) software can help here? Actually, the primary purpose of Access Management software is not security. The AM purpose is to make user's life easier by implementing convenience mechanisms such as single sign-on (SSO). Yes, AM might improve the authentication by adding a second factor, making the authentication adaptive and so on. But that won't help a bit. Authentication is not your problem. The insider already has all the credentials to pass the authentication. He got the credentials legally. So even the strongest authentication mechanism in the world will do absolutely nothing to stop this attack. No, authentication is not the problem and therefore Access Management is not going to make any significant difference.
The root of the problem is not in authentication, authorization, encryption or any other security buzzword. It is plain old management issue. The people have access where they should not have access. That's it. And what turns this into a complete disaster is lack of visibility: the people responsible for security do not know who has access to what. Therefore improvements in "information security proper" are not going to help here. What needs to be improved is the management side. Management of the identities and access rights. And (surprise surprise) there is a whole field which does right that: Identity Management (IDM).
Therefore there is no real security without Identity Management. I mean it. And I've been telling this for years. I though that everybody knows it. But obviously I was wrong. So recently I have been putting that openly in my presentations. But still everybody is crazy about deploying Access Management, SSO and OpenID Connect and OAuth and things like that. And people are surprised that it costs a fortune an yet it will not bring any substantial security improvement. Don't get me wrong, I'm not telling you that the AM technologies are useless. Quite the contrary. But you need to think how to manage them first. Implementing SSO or OAuth without identity management is like buying a super expensive sport car with an enormous engine but completely forgetting about steering wheel.
Don't make such dangerous and extremely expensive mistakes. Think about identity management before heading full speed into the identity wilderness.
A couple weeks ago, just as we were busy running our European Identity & Cloud Conference, we’ve got news from IBM announcing the company’s foray into the area of Cognitive Security. And, although I’m yet to see their solution in action (closed beta starts this summer), I have to admit I rarely feel so excited about news from IT industry.
First of all, a quick reminder: the term “cognitive computing” broadly describes technologies based on machine learning and natural language processing that mimic the functions of human brains. Such systems are able to analyze vast amounts of unstructured data usually inaccessible to traditional computing platforms and not just search for answers, but create hypotheses, perform reasoning and support human decision making. This is really the closest we have come to Artificial Intelligence as seen in science fiction movies.
Although the exact definition of the term still causes much debate among scientists and marketing specialists around the world, cognitive computing solutions in the form of specialized hardware and software platforms have existed for quite some time, and the exponential growth of cloud computing has been a big boost for their further development. In fact, IBM has always been one of the leading players in this field with their Watson platform for natural language processing and machine learning.
IBM Watson was initially conceived in 2005 as a challenge to beat human players in the game of Jeopardy, and its eventual victory in a 2011 match is probably its best publicized achievement, but the platform has been used for a number of more practical applications for years, including business analytics, healthcare, legal and government services. The company continues to build an entire ecosystem around the platform, partnering with numerous companies to develop new solutions that depend on unstructured data analysis, understanding natural language and complex reasoning.
In the hindsight, the decision to utilize Watson’s cognitive capabilities for cyber security application seems completely reasonable. After all, with their QRadar Security Intelligence Platform, IBM is also one of the biggest players in this market, and expanding its scope to incorporate huge amounts of unstructured security intelligence makes a lot of sense. By tapping into various sources like analyst publications, conference presentations, forensic reports, blogs and so on, cognitive technology will provide security analysts with new powerful tools to support and augment their decision making. Providing access to the collective knowledge from tens of thousands sources constantly adapted and updated with the newest security intelligence, Watson for Cyber Security is supposed to solve the biggest problem IT security industry is currently facing – a dramatic lack of skilled workforce to cope with the ever growing number of security events.
Naturally, the primary source of knowledge for Watson is IBM’s own X-Force research library. However, the company is now teaming with multiple universities to expand the amount of collected security intelligence to feed into the specialized Watson instance running in the cloud. The ultimate goal is to unlock the estimated 80% of all security intelligence data, which is currently available only in an unstructured form.
It should be clear, of course, that this training process is still work in progress and by definition it will never end. There are also some issues to be solved, such as obvious concerns about privacy and data protection. Finally, it’s still not clear whether this new area of application will generate any substantial revenue for the company. But I’m very much looking forward to seeing Watson for Cyber Security in action!
By the way, I was somewhat disappointed to find out that Watson wasn’t actually named after Sherlock Holmes’ famous friend and assistant, but in fact after IBM’s first CEO Thomas Watson. Still, the parallels with “The Adventure of the Empty House” are too obvious to ignore :)
Everyone has free time, even the most busiest of businessmen still have a few minutes to kill while in a taxi or on an airplane. In fact, it’s important for your brain to take a break from hyper focusing on work and school. So, check out this post for a few ideas on how you can spend those extra seconds, minutes or hours giving your brain a rest, but at the same time enjoying yourself.
Checkout some fun online games.
First there was Snood, then there was Angry Birds, and now there is Slither.io. There are a wealth of free fun online games you can spend your extra minutes enjoying on your mobile or your computer.
Enjoy some exercise
If the thought of stepping into a gym makes you sweat even before going, then consider some other forms of exercise that might be more enjoyable for you. Head to the park with a co-worker and throw around a Frisbee, go for a bike ride or even walk the steps at your home or job to burn some extra calories for the day.
Learn a new language
There are a wealth of great online programs to learn a new language at your own pace and in your own time. Rosetta Stone is one program for the computer, which while not cheap, has great reviews. A free alternative is Duolingo which you can download on your phone.
Call a family member
People are busy these days and often forget to keep in contact with their loved ones and closest friends. Phone your grandmother, a cousin, an aunt or uncle. They will be pleased to hear from you and you’ll also kill sometime spending it with someone you care about.
I’ll have to paraphrase since the talk was almost a year ago. But Sachs said something like “Identity is really hard. Leave it to the professionals.” Essentially he was advocating for the use of Google or a SaaS identity provider–or, in other words, he was saying that identity is too difficult for the masses.
Gluu is not anti-SaaS. In many situations we recommend SaaS providers like Okta to organizations that do not have the economies of scale to operate their own identity service. We also do not under-estimate the capabilities required to run a robust identity and access management service.
Nor are we anti-Google. We frequently point to Google as having the best consumer identity platform on the planet (note: consumer, not enterprise). From a usability perspective they have gotten so many things right; support for strong authentication is excellent; obviously it scales. And Google is on the cutting edge of new security paradigms–for example, their tight integration of identity with document sharing is wonderful.
But the idea that an identity platform is too hard or even inefficient for most organizations to operate is not accurate either.
As Google can probably attest, excellence at identity is a competitive advantage. The future of many organizations hinges on their ability to adapt to the digital revolution that is underway. If your organization’s capability to secure digital assets is constrained by a third party, will that impact the ability to innovate new products, services, and business relationships? What’s more important: top line growth or cost savings?
SaaS, like any utility, is made possible by two things: capital and established operating process. It’s the latter that presents a potential conflict of interest for the utility. The biggest cost for a SaaS identity provider is people. To achieve maximum profitablity, the best strategy is to reduce the support surface area.
Innovation is not always in the interest of enterprise SaaS providers. Supporting the latest and greatest technology is risky–if something fails, a SaaS provider may have to continue to support it for years (as long as some of their customers are still using it). This creates an atmosphere of extreme risk-aversion when it comes to enhancements. But for your organization to succeed, you may need to push the technology envelope.
Anything that is unfamiliar is hard. Is identity hard, or just unfamiliar?
I remember attending Microsoft seminars years ago about how to deploy a Kerberos server. Why is no similar effort underway to evangelize the adoption of OpenID Connect providers? All of a sudden it’s just too hard? Or, is it that operating an OpenID Provider is a valuable trade secret that will no longer be shared with the public because the monthly fee business model is more profitable?
A quick look at Google search trends shows that at the very least OpenID Connect is suffering from under promotion. Even though the OpenID Connect specification was finalized more than two years ago, and is a far more useful standard than OpenID 1 or OpenID 2 ever were, there was more general interest in OpenID 10 years ago than there is for OpenID Connect today–or ever:
I love utilities as much as the next person. I am not going to suggest that you build your own electricity plant to power your factory. But it’s important that we not dumb-down the security capabilities of our organizations–in fact, we should be doing the exact the opposite. Only then will we be able to build a new secure, inter-connected digital society.
Recently I authored a paper and presented a "brighttalk" on the same topic: "Threat Centric IAM". Both the paper and the tech talk was well received by at least 12+ CISO's I had met. Quite often they came back to me with more people, process and governance related questions to this approach, hence this blog entry. One of the interesting trends in enterprises, that I have witnessed in the past few years is a CISO organization that is folding the IAM resources under the CISO as opposed to having IAM resources distributed within IT and related groups. In the past IAM folks with expertise in Authentication, SSO, IDM provisioning and externalized fine grained access (entitlement developers), have been in IT organization that run IT support services or within Application Development teams. With the technology trend moving towards Cloud adoption by IT and SAAS models by application groups and given that IAM is a key control amongst all security controls, and its significance, in terms of addressing Compliance Reporting, IAM teams are getting folded within the CISO organizations as a new parallel pillar. This is further necessitated with the Mobile and IOT trends as a business enabler. This to us is a reflection of the increased significance given to IAM by the CISO organization and the recognition that IAM is a critical core control for all distributed security controls (intra and inter enterprise). It is also helping in terms of leveraging resource expertise across an entire enterprise, as Authentication is a Service that gets reused and so is IDM provisioning as a service and Authorization as an externalized enterprise wide entitlement service that can integrate into Risk Systems (for risk based access), etc. This is a welcome development as the IAM team works closely with Security Architecture and Engineering while modernizing and maturing its IAM Programs (via Standards interfaces and policy compliance) driven by requirements coming from Risk Management and Compliance teams. In addition, the IAM team has opportunities now to partner with Security operations and the cyber security team to work on “threat modeling” of the AS-IS IAM footprints and also drive towards “Threat Centric IAM” –integrating the Threat Intelligence and recommended coarse of actions (STIX COA) into IAM controls one step at a time. This can include threat intelligence integration into IAM vetting/proofing processes, IAM provisioning processes, authentication and multi factor authentication processes, network admission control processes, cloud access security brokers and enterprise fine grained access controls, including data base firewalls and DLP systems. Folding the IAM team under the CISO org chart allows for these two pillars to collaborate more extensively moving forward to realize higher levels of maturity as described in the “Threat Centric IAM” paper. Good to see a blog on CISO mind map… 11 functional domains highlighted here are collapsed into 5 organizational pillars, in my blog.
FinTechの３本柱の１つとして注目されるAPIですが、特に欧州ではPayment Service Directive 2で銀行が2017年末までに金融API提供を義務付けられたことに伴い、とてもホットな話題になっています。日本ではまだまだブロックチェインの後塵を配していますが、まだまだリサーチ・プロジェクトと言っても良いブロックチェインに比べて、金融APIは喫緊の課題です。
こうした中で、金融APIをメインに取り扱う、「Open Data in Finance」というカンファレンスが、欧州金融の中心地・ロンドンで６月１４日、１５日の２日間にわたって行われます。６月１４日はワークショップで、メインのカンファレンスは６月１５日です。到底力不足ながら、不詳、わたくし、Nat Sakimura が、カンファレンスを通じたChair を拝命しております。
プログラムは、こちらのページ（Agenda）からご覧いただけますが、The Open Banking Standard のステアリング・コミッティのチェアの Open Data Institute の CEO の Gavin Starks とバークレイズ銀行のManaging DirectorのMatt Hammerstein の Armchair Chatに始まり、多くの有識者たちによるパネル・ディスカッションやラウンドテーブルを聞くことができ、欧州における金融APIの「今」を知るための貴重な機会となろうかと思います。
Mit der steigenden Nachfrage von Unternehmen nach engerer Kommunikation und Kollaboration mit externen Partnern und Kunden wächst auch der Bedarf an professionellem Web Access Management und Identity Federation. Geeignete Lösungen ermöglichen sichere Zugänge von und auf externe Systeme, auch aus der Cloud. Um die Vielzahl an Anforderungen für eine sichere Kommunikation und Kollaboration erweiterter und vernetzter Unternehmen nahezu lückenlos mit IT abzudecken und gleichzeitig agil zu bleiben, sind Standardinfrastrukturen notwendig.
The German ZVEI (Zentralverband Elektrotechnik- und Elektroindustrie), the association of the electrical and electronic industries, and the VDI (Verein Deutscher Ingenieure), the association of German engineers, has published a concept called RAMI (Referenzarchitekturmodell Industrie 4.0). This reference architecture model has a length of about 25 pages, which is OK. The first target listed for RAMI 4.0 is “providing a clear and simple architecture model as reference”.
However, when analyzing the model, there is little clearness and simplicity in it. The model is full of links to other norms and standards. It is full of multi-layer, sometimes three-dimensional architecture models. On the other hand, the model doesn’t provide answers on details, and only a few links to other documents.
RAMI 4.0 e.g. says that the minimal infrastructure of Industry 4.0 must fulfill the principles of Security-by-Design. There is no doubt that Industry 4.0 should consequently implement the principles of Security-by-Design. Unfortunately, there is not even a link to a description of what Security-by-Design concretely means.
Notably, security (and safety) are covered in a section of the document spanning not even 1% of the entire content. In other words: Security is widely ignored in that reference architecture, in these days of ever-increasing cyber-attacks against connected things.
RAMI 4.0 has three fundamental faults:
It is not really concrete. It lacks details in many areas and doesn’t even provides links to more detailed information.
While only being 25 pages in length and not being very detailed, it is still overly complex, with multi-layered, complex models.
It ignores the fundamental challenges of security and safety.
Hopefully, we will see better concepts soon, that focus on supporting the challenges of agility and security, instead of over-engineering the world of things and Industry 4.0.
Planet Identity is an aggregation of public weblogs related to Identity
The opinions expressed in those weblogs and hence
this aggregation are those of the original authors.