March 2014 | SafeLogic

Archive for March, 2014

26 Mar 2014

Are We Ready for IoT?

As an industry, we’re not over the hump for mobile security yet. We’ve gone from protecting the device to protecting the app to protecting the data. We’ve come a long way in terms of security for mobility, and we still have a long way to go.

And yet a new challenge looms.

I’m talking about the Internet of Things (IoT).  IoT is a connected, well, everything. Cars, wearables, home automation, industry-specific devices, etc. It will all be connected. The Internet of Things market will be huge. Even data centers are prepping for its rise. Some folks have justifiably begun calling it the Internet of Everything.

So are we ready for IoT? Well, at SafeLogic, we are. Over the next few weeks you’re going to see some new blog posts and an exciting announcement. We’re going to talk about risks, challenges, and solutions. Because after all, we are only as secure as our weakest link.  In IoT, there are so many links that we don’t have a choice – we have to get it right from the start.

BlogFooter_Ray

10 Mar 2014

What a Week: Part Two

Last week, I had the honor of talking security at the first ever Wearables DevCon. After my successful presentation on security in constrained devices at the RSA Conference with Whit Diffie, I was excited to focus specifically on wearables.  It was an excellent show, and I want to summarize a few key points.

WearablesDevCon

This conference was very well attended. I’m not always the best judge of numbers, but there had to be a couple hundred people there easily. It’s very cool to see that kind of energy and traction, especially for a first-time conference.

Consumer vs. Enterprise. That seemed to dominate a lot of hallway discussions. Certain sessions focused on developing wearable apps that consumers would embrace, while others talked about solving challenges in the enterprise. As the race for finding and building the “killer app” for Glass heats up, it’ll be interesting to see in which area it falls. One thing that was accepted across the board:  the wearable and IoT market will be HUGE; it’s just a bit nascent at this point.

There was only one session focused on security. I have to admit, I’m happy that we had a chance to speak at this event. Not just for press or publicity, but because I want to get the community thinking about security from the beginning. It’s not as glamorous as UI design, API leverage, etc., but it needs to be  a core component, especially concerning the enterprise and other data-sensitive verticals.

I really enjoyed my talk, mainly because of the excellent engagement from the audience. It was a very interactive session, and I loved the energy in the room! We talked about compliance, risks, CryptoCompact, the need for security in different verticals, why the wearable market will face challenges when it comes to security, and what we can do about it. We talked about lessons learned from the mobility side and how we can apply them in wearables and IoT early on… before we potentially see a BYOW movement take root.  (Yes, that’s ‘Bring Your Own Wearable’.) We covered a lot of ground in an hour!

Thank you to the conference organizers for putting on a great show and giving us the opportunity to speak. And thanks again to everyone in our session! I’m looking forward to continuing the discussion.

BlogFooter_Ray

3 Mar 2014

What a Week!

On Friday, I headed home.  The lobby at the St. Regis was eerily quiet and the hotel staff looked rather relieved to see all the conventioneers gone.

I learned a few key things at the RSA Conference this year.

RSAConference

1)   Even when Mobile World Congress and HIMSS are scheduled at the same time, we can still get a ridiculous number of security-conscious folks to assemble in San Francisco.

2)   Corporate acquisitions inspire equal parts excited speculation and cynical skepticism.

3)   People are tired of hearing the same spiel from familiar faces, but the new exhibitors got a ton of exposure.

4)   The NSA booth was an extremely popular photo location… and the various “Booth Babes” really weren’t. People seemed to care more about content than flash.

5)   Between the Snowden controversy, RSA-NSA cooperation, and now the Apple TLS/SSL snafu, people just don’t know where to turn.

 

The latter is an issue that will require more attention next week and will be addressed in this space.  Right now, it’s time to decompress and process everything.  The names, the faces, the suggestions and requests for our product roadmap, the potential partnerships – I can’t articulate how excited we are for the coming weeks.  The feedback at the conference was spectacular.

Thanks to all of you who shared your time with us, whether talking on the expo floor, having a drink with us at the SafeLogic hospitality suite at the St. Regis, or even just chatting in the elevator.  We know how valuable every minute is while on site, so thank you.  Your insight and perspective is a huge part of how we continue to refine our roadmap and goals.

If you missed my presentation with Whit Diffie on ‘Crypto for Constrained Devices’, stay tuned for the video on demand.  Or if you are local to the Bay Area, come see my related talk ‘Security Challenges in Wearables’ this Thursday at Wearables DevCon.

Cheers!

BlogFooter_Ray