Category: Innovation (technologicallly driven)

Flavours of IoT

In my on-going attempts to get a grip on IoT, I recently developed a first, for me … Being a broadest of classification of IoT deployment, with characteristics yet to work on:

  • B-internal; the ever more intelligent, ever more (visually) surroundings-aware robots in factories, replacing extorted laborers thus taking away the last options to life they had. On the other hand, freeing humanity of toils at last ..? If not when there’s a Hegelian end…
  • B2B; having near-AI ‘machines’ as the new middlemen, if at all or incorporated on the sell- or buy-side.
  • C2B; as with most lifelogging e.g., through wearables. You didn’t really think your health data was for your private consumption, did you!? If so, only as a weak collateral product of insurer’s ever better reasons to turn you down the more you need them. No escape.
  • C-internal; maybe, here and there, with domotics. And with this; will already a blend with the previous, probably.

To which I would then add some form of mapping to the various layers of discourse (as in:
blog-iot-security11
but then, much more stacked with OSI-like layers and elements performing various functions like collection, aggregation, abstraction. Seems relevant to do a risk analysis on all those levels and points/connections.
Yes, it’s rather vague, still. But will work on this; to see whether the classification can shed some light on various speeds of adoption, and where privacy concerns et al. may be worst. Your comments, additions and extensions are much welcomed.

I’ll leave you for now, with:
Photo21b[From an old analog to digital time, still SciFi ..?]

Your info – value

Wanted to post something on the value of information. Then, this came out a couple of weeks ago. By way of some sort of outside-in determinant of the value of (some) information… [Oh and this here, too, even more enlightening but for another discussion]

who-has-your-back-copyright-trademark-header
Which appears to be an updated but much shortened version of what I posted earlier. Players disappeared or doesn’t anyone care anymore about the ones dropped out ..?
Anyway.

Yes I wasn’t done. Wanted to add something about information value within ‘regular’ organisations, i.e., not the ones that live off ripping off people of their personal data for profit as their only purpose with collateral damage functionality to lure everyone, would value the information that they thrive on, by looking inside not circling around the perimeter.
I could see that being established via two routes:

  • The indirect avenue, being the re-build costs; what it would cost to acquire the info from scratch. Advantage: It seems somewhat tractable. Drawback: Much info would be missed out on, in particular the unstructured and intangibly stored. Employee experience …!?
  • The direct alley. Not too blind. But still, hard to go through safely. To take stock of all info, to locate it, tag it, among other things, with some form of revenue-increase value. Advantage: Bottom-up, a lot of fte’s to profit from the Augean labor (Hercules’ fifth). Drawback: the same.

OK, moving on. Will come back to this, later.

Not yet one IoTA; Auditing ‘technology’

[Apologies for the date/time stamp; couldn’t pass.]
First, a pic:
20140226_113554
[Classy classic industrial; Binckhorst]

Recently, I was triggered by an old friend about some speaking engagement of mine a number of years back. As in this deck (in Dutch…).
The point being; we have hardly progressed past the point I mentioned in that, being that ‘we’ auditors, also IT/IS auditors!, didn’t fully adapt to the, then, Stuxnet kind of threats. (Not adopt, adapt; I will be a grammar and semantics n.z. on that.)
As we dwelled in our Administrative view of how to control the world, and commonly though not fully comprehensively, had never learned that the control paradigms there, were but sloppy copies of the control paradigms that Industry had known for a long time already, effectively in the environment of use there. As in this post of mine. Etc.

But guess what – now many years later, we still as a profession haven’t moved past the administrative borders yet. Hence, herewith

A declaration of intent to develop an audit framework for the IoT world.

Yes, there’s a lot of ground to cover. All the way from classification of sensors and networks, up to discussions about privacy, ethics and optimistic/pessimistic (dystopian) views of the Singularity. And all in between that auditors, the right kind, IS auditors with core binary skills and understanding of supra-supra-governance issues, might have to tackle. Can tackle, when with the right methodologies, tools, attitude, and marketing to be able to make a living.

Hm, there’s so much to cover. Will first re-cover, then cover, step by step. All your comments are welcomed already.
[Edited to add: Apparently, at least Checkpoint (of firewall fame oh yes don’t complain I know you do a lot more than that yesterday’s stuff; as here) has some offerings for SCADA security. And so does Netop (here). And of course, Splunk). But admit; that’s not many.]

Clustering the future

Was clustering my themes for the future of this blog. Came up with:
Future trend subjects[Sizes, colours, or text sizes not very reflective of the attention the various subjects will get]
Low sophistication tool, eh? Never mind. Do mind, to comment. On the various things that would need to be added. As yes I know, I have left much out of the picture, for brevity purposes. But will want to hear whether I missed major things before I miss them, in next year’s posts. Thank you!
And, for the latter,
DSCN0924[Bah-t’yó! indeed]

To watch: Firebase

Was tipped via this article. Firebase to be the next thing. Promising, in its a tempo development; seems to be one element of what the world needs right now in terms of moving forward, innovation. Though maybe it may remain out of sight for most consumers, businesses may build a whole new, upgraded set of tools for users on top of this data handling platform.
And be better at using your data than just flat invasive (sic) analysis. The battle field will be compliance with (new) EU privacy regulations. E.g., re transparency of the controllers and processors; that will be a tad more difficult to pull off than now.

Though entirely your opinion on this development now being in the hands of Big G.

Anyway, again from here:
Tarrega[How many tourists would see this ..? Tar’ga Catalunya]

Wired / Tired / Expired, November 2014 edition

DSCN1324
[Weirdo’s – closing at 17:00h … doesn’t time melt for this artist, in this country (sic) …?]

Yes here’s the November edition of my Wired / Tired / Expired jargon watch overviews, a mixed bag again:

WIRED TIRED EXPIRED
Yik Yak, Ello, Tsu The other anons (?) Whatsapp et al
As in this, where as only the very old folks remember fubbuk started. And the other ones, here. Already not making it past the tipping point? I mean, where are Whisper / Kik / Telegram / WeChat / Line / Viber / Wicker / Threema / surespot ? And this, as elsewhere on this blog. Mehhh, as in the elsewhere mentioned on the left.
Poodle Beast Heartbleed
Because it’s “not much of an issue” as it affects end point consumers only … OUTRAGE! They are your customers, they are the huge numbers, they are the incapable to cure (also since a fraction of B2C’s doesn’t effing care). If only server-owning companies were the vulnerable, with their very few numbers, their resolution capacity, and their economic interests. Yeah, yeah, working on it. Really? Still?
Taking action Taking symbolic action Taking no action / denying any problems (tie)
E.g., by forking out another $250M, not just peanuts. Because pay the peanuts, get the monkeys. … Or is the previous still only window dressing ..? Maybe some, silent, action might’ve cost much less. Anyway, symbolic action will prove to be the infosec czar’s new clothes. Legally invalid. Demonstrating incapacity to function normally in today’s business world.
Docker Google Docs ‘Private cloud’
Just as in this, and this and this – since the latter two. Into the main stream. Dumb outsourced data center, virtual or not. With all the privacy ramifications, without scalability (!) or efficiencies.
IoT detailing ever further IoT! Mixed up with Wearables et al. Cloud, ROSI etc.etc.
This kind of details … And these. Pls learn to discriminate or you mess up the discussions. Which will be, at all levels of abstraction and everywhere, as under W. Totalitarian Bureaucrat talk.
Not caring
(to be seen)		 Faux 1% philantropy Posing
Hanging out at http://www.beriestain.com/ for example, just among like-minded self-sufficients (for peace of mind, not needing external recognition). Clearly, this. Uggg-gh!

OK, any suggestions for next month’s edition ..?

Flexing work vans

A thought just popped into my mind: If people are expected to be ever more flexible as for place of work, why would we still be tied up in concrete offices ..? Even if we move around, it is from concrete intensive-people-farm to the next, however flexible and nice it all may look. And all the flex space flex rent stuff is similar; tying people up to addresses.

Rather, wouldn’t it be of use if there were another variant suitably professionally organized, I mean not something like this:
resized_Hot_Dog_Van3_Front_Street_West_Toronto_Canada_3_October_2009[Hey, it’s someone’s office …]

But rather something a tiny bit more upmarket. Like:
leather-seat-covers-led-illumination-t5-multivan-vw-business-van-le[or just a little less conspicuous, with more actual desk space, filing possibilities (still, in this time and day), etc., for, probably, some quite a bit more affordable investment money and maybe a little more like above-linked ‘offices’ that this out-of-fashion posh]

So that the great many that aren’t at Queen Bee level that everyone flocks to – i.e., everyone, in the near future, in the flat(ter) network ‘organisations’ – can simply drive to the gathering places (previously known as parking lots) of choice and nearness to whatever client, and hook up the fully-equipped office to some power (charging the car battery and the equipment) and network to just do whatever work needs to be done. Could be downtown, could be at the park or beach front.

Oh well. It was just an idea….

SPICE things up, maturely

Where just about everyone in my Spheres was busy ‘implementing’ (quod non) all sorts of quality ‘assurance’ or ‘control’ (2x quod non) models, in the background there was quite some development in another, related area that may boomerang back into the limelight, for good reason.
First, this:
DSCN8573[Zuid-A(rt)sifyed]

The subject of course regards SPICE, or rather the ISO 15504 that it has turned into. Of the Old School of software development quality improvement era. Now transformed into much more…
In particular, there’s Capabilities instead of ‘maturity levels’.

What more can I add ..? Systematic, rigorous, robust, resistant against commercial panhandling. The intricacies … let’s just point to the wiki page again; ’tis clear enough or you need other instruction…

Lemme just close off with asking you for your experiences with this Standard…?

A simple explanation of Bitcoin “Sidechains”

Noteworthy. In one sense, a dilution. In another, a move to widespread adoption and acceptance. From which, probably, some unforeseeable, maybe even weird, whole new societal developments may spring.
And, for the heck of it:
000013 (7)[Pre-1998 analog to digital, FLlW @ Bear Run obviously]

Maverisk / Étoiles du Nord