Monday, February 8, 2016

OK 2016 Monkey, Whatcha Got?

The Year of the (Fire) Monkey is upon us and the curious, playful, smart, opportunistic and sometimes mischievous character could influence events throughout 2016. Whether you were born under the symbol or not, Monkeys thrive on challenges and 2016 is sure to bring some obstacles during the year.

2015 (Year of the Sheep) brought us a rash of high profile breaches, a bunch of new IoT devices and wearables, continued, bigger clouds and innovative attacks on vulnerable infrastructures along with the continuous deluge of big data. This is sure to continue as our digital, software-defined lives connect and intersect with the things around us. Organizations will need to extend their risk management focus to areas outside their control like the cloud and social channels but also consider the human element in all this. The new threats and heightened risk may put some companies in peril due to the lack of knowledgeable security IT personnel available.

Mobility, both the state of being and the devices we use, will continue to grow and be an immense enabler and/or inhibitor for organizations. Mobile is not only the new shiny phone you got over the holidays but also all the IoT gadgets looking for a place in our home, offices and bodies…along with how we interact with them as humans. Cutting the cord will mean more than subscribing to some streaming media service but the way of the wireless life. You are now the device, controller and data generator. With that, security challenges like authentication, privacy, malware/data protection, compliance and the management of those services will be paramount. 

And as our lives – personal and professional – continue to be chronicled on the internet, thieves, nation states and activists will continue to be one step ahead probing data and looking for that golden slab of info. Making money, causing disruptions or outright take downs through online attacks are big motivations for those seeking notoriety or simply a big score. But it’s not always from the crook or spy half a globe away. Insider threats, malicious or not, have made the traditional perimeter almost useless.

So while trends like cloud, mobility, IoT and big data will consume IT departments, securing those trends and how they map to business objectives will be the monkey on organizations back for 2016. Let’s try to be intelligent, dignified, clever, optimistic, confident, agile and curious about our challenges or the arrogant, deceptive, reckless and manipulative bad guys will get the best of us.

The 2016 Monkey is here, and we’ll need to handle it with grace.

ps

Related:

Technorati Tags: ,,,,,,

This article originally appeared 1-7-16 on F5.com


Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Friday, February 5, 2016

Five Ways #IamF5



In 2013, F5 Networks was honored by the City of Seattle when the mayor proclaimed February 5 as F5 Day to recognize the contributions of F5 to our community and we’re celebrating in all of our offices around the globe. Check out Celebrating F5 Day in our Newsroom.

I shot this last year in honor of F5 Day and honestly, it's pretty fun. I present to you the 5 Ways I am F5.

Happy F5 Day!

ps

Wednesday, February 3, 2016

The New, Old Kid in Town

For nearly 12 years at F5, I've had only two job titles - Security Systems Architect from 2004-06 and Technical Marketing Manager since 2006. Whenever anyone asks what I do at F5, I typically answer, 'Writer, speaker and video producer,' in that order. Above all, I focused on covering emerging trends within our industry and evangelizing the various solutions - including F5's - to solve some of these challenges.

I am now embarking on my third adventure at F5 - joining the F5 DevCentral team as a Sr. Solution Developer - concentrating my writing, speaking and videos on our amazing community.

DevCentral’s mission is to deliver technical thought leadership to the community through connecting, preparing, and empowering professionals engaged with F5 technologies and I'll be helping develop, test and share technical solutions to some of today's technology challenges. In many ways, my job really doesn't change all that much, except for digging a little deeper into technical solutions and engaging deeper within our community.

Now, I'll be the first to admit that my technical chops have slightly eroded since my SSA days installing FirePass (now our BIG-IP APM) and TrafficShield (BIG-IP ASM) but I'm looking forward to returning to my technical roots exploring and explaining how some of this stuff works in the real world. I'll still write lighter stories about IoT, mobile, cloud and the usual (or unusual) things that interest me along with contributing to DevCentral's already awesome LightBoard Lessons video series and reporting from industry events. If you remember the 'In 5 Minutes' video series, I'm also toying with the idea of resuming that - in LightBoard - so if you got any early requests, let me know.

I published my first blog post ever on DevCentral in 2007 and with over 1000 entries later, including close to 400 videos, I feel like I'm coming home.


ps

Wednesday, January 27, 2016

Backseat Drivers, Your Wish Has Come True

Excuse for speeding 10 years from now: ‘Officer, it was the software.’

When I was in college, I would drive the 1040 miles from Marquette Univ. in Milwaukee to my parent’s house in Rhode Island for things like summer vacation and semester break. It seemed to take forever, especially through Pennsylvania where the state speed limit at the time was 55mph. I always tried to complete it straight through yet would inevitably start the head drop and would fall asleep at some rest stop in Connecticut, about 3 hours from my goal. This is back when they still had toll booths on the Connecticut turnpike.

As an adult, my family has driven the 2000 miles from California to Minnesota to visit family. In both instances, I wished I could simply doze off, take a little nap, stay on the road and awake a couple hundred miles closer to the destination. Yes, we alternated drivers but that also meant I wasn’t driving. For some reason, I had a much easier time falling asleep while holding the steering wheel than in shotgun position.

Soon, you just might be able to notch that seat in recline or even stretch out in the back – do I hear third row - while your car continues on its merry way. Deutsche Telekom and Nokia conducted the first demonstration of car-to-car communication over a high speed cellular connection with close to 5G performance. And they did it on the recently inaugurated Digital A9 Motorway Test bed - Germany’s Autobahn. The cars connected over a regular LTE service optimized for rapidly moving vehicles. They used a cellular network since it is already in place and didn’t need to negotiate a digital handshake to connect.

Nokia says that its technology cut the transmission lag time to under 20 milliseconds, versus today’s limit of 100+ milliseconds, give or take. And it is counting the relay time from one car to another, via a central cloud. This was simply a test to see how self-driving cars could communicate while travelling at high speeds. These connected cars will have a lot of data chatter but outside our earshot.
There is also growing attention to automobile vulnerabilities as more of these driverless cars start to appear on our roads. Recorded Future has a great graphic showing some of the attacks and exploits against automakers, vehicles and components since 2010.


Just like our applications, there is a growing list of the types of connected vehicle focused hackers. From researchers to criminals to insiders to competitors and even nation states are all trying to target these vehicles for their own purposes. And they all have their own motives as you can imagine. TechCrunch has an excellent article Connected Car Security: Separating Fear From Fact which digs into the short history of car vulnerability research along with the various players and what they are digging for.

Meanwhile, Ford Motors announced that they will begin testing self-driving cars at a Michigan facility called Mcity. A fake town with stores, crosswalks, street lights and other scale structures to test the software and sensors controlling the car. They’ve also announced that whatever driver data is generated (which can be up to 25GB and hour) is the customer’s data. Ford says they will only share it with the customer’s informed consent and permission.

And lastly, a Google self-driving car was lit-up by a CHiP in Mountain View for going too slow – 24mph in a 35 zone. Too bad no one was at the wheel to sign for the ticket. The officer quickly realized that he pulled over an autonomous car and asked the human passenger about the speed settings while reminding him of the CA Vehicle Code. This model tops out at 25mph for safety reasons and no ticket was issued.

And in the future, remember this: ‘Officer, it was the software.’

ps

Related:



This article originally appeared 11.19.15 on F5.com


Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Wednesday, January 20, 2016

Internet of Insider Threats

Identify Yourself, You Thing!

Imagine if Ben Grimm, aka The Thing, didn’t have such distinctive characteristics like an orange rocky body, blue eyes or his battle cry, ‘It’s Clobberin’ Time!’ and had to provide a photo ID and password to prove he was a founding member of the Fantastic Four. Or if the alien in John Carpenter’s The Thing gave each infected life-form the proper credentials to come and go as they please. Today the things we call ‘Things’ are infiltrating every aspect of society but how do organizations identify, secure and determine access for the 15+ connected chips employees will soon be wearing to the office? And what business value to they bring?

Gartner refers to it as the ‘Identity of Things’ (IDoT) and an extension to identity management that encompasses all entity identities, whatever form those entities take. According to Gartner, IoT is part of the larger digital business trend transforming enterprises. It means that the business, the people/employees and the ‘things’ are all responsible in delivering business value. The critical part is the relationships between or among those participants so the business policies and procedures can reflect those relationships. Those relationships can be between a device and a human; a device and another device; a device and an application or service; or a human and an application or service.

For instance, how does the system(s) know that the wearable asking for Wi-Fi access is the one connected to your wrist? It really doesn’t since today’s Identity and Access Management (IAM) systems are typically people-based and unable to scale as more entities enter the workplace. Not to mention the complexity involved with deciding if the urine powered socks the VP is wearing gets access. The number of relationships between people and the various entities/things will grow to an almost unmanageable point. Could anyone manage a subset of the expected 50 billion devices over the next 4 years? And set policies for data sharing permissions? Not without a drastic change to how we identify and integrate these entities.

Talk about the Internet of Insider Threats. That's IoIT for those counting.

Gartner suggests that incorporating functional characteristics of existing management systems like IT Asset Management (ITAM) and Software Management Systems (SAM) within the IAM framework might aid in developing a single-system view for IoT. The current static approach of IAM doesn’t take into account the dynamic relationships, which is vital to future IAM solutions. Relationships will become as important as the concept of identity is for IAM in the IDoT, according to Gartner.

My, your, our identities are unique and have been used to verify you-are-you and based on that, give you access to certain resources, physical or digital. Now our identities are not only intertwined with the things around us but the things themselves also need to verify their identity and the relationship to ours.

I can hear the relationship woes of the future:
A: I’m in a bad relationship…
B:Bad!?! I thought you were getting along?
A:We were until access was denied.
B:What are you talking about? You guys were laughing and having a great time at dinner last night.’
A:Not my fiancĂ©…it’s my smart-watch, smart-shoes, smart-socks, smart-shirt, smart-pants, smart-belt, smart-glasses, smart-water bottle, smart fitness tracker and smart-backpack.'
IT said, 'It’s not you, it’s me.'

ps

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Thursday, January 14, 2016

Meet the Sensors

I often write about the Internet of Things, or the soon-to-be-cliché IoT. You know, the smart-fridges, smart-cars, smart-thermostats, healthcare devices, wearables and any of those connected devices that have a sensor, gathers data and reports back to some entity. You are able to control these devices (and see the data) with mobile apps or even your own voice and gestures. They are all the rage and sitting at the top of the Gartner Hype Cycle.

But it’s all the various sensors inside those devices that are doing the actual measuring, calculating, tracking and reporting. Each has its own specialty providing specific functionality. I’ve always wondered about what’s inside some of the wearables let’s take a look at a few.

Have you ever wondered what spins the screen so you’re not looking at an upside down picture? That’s an Accelerometer. It measures orientation and movement. The iPhone was the first to use this back in 2007 and amazement ensued. It can tell the difference between running away from a charging buffalo in Yellowstone verses making faces with a chimp at the zoo. It can also tell if you’re sleeping simply by the fact that you haven’t moved for a while. These are typically used to track step count and how well you’ve rested.

I noted that the accelerometer measures step count but what about those steps up a flight of stairs? Well, that would be the Altimeter. Altimeters measure altitude so it can sense changes in height. In conjunction with the steps the accelerometer counted, the altimeter will add its bits and give you a more accurate calorie count for those fire escape runs. Instead of asking how tall someone is, next time ask ‘What’s your alti?’

And if you’re going to step out for a run, you might want to know if it’ll be sunny or sprinkles during the trek. Often seen as a smaller dial on an outdoor clock but now on wristbands, a Barometer measures atmospheric pressure – the weight of air in the Earth’s atmosphere. It’s used in forecasting the weather and you often hear meteorologists note, ‘There’s a high ridge of atmospheric pressure keeping the rain away.’ At least that’s what they’ve been saying in California about the drought.

So you thought of attempting an Iron Man competition but wondered if your device could differentiate between the swimming, biking and running. You’re in luck if your device has a Gyroscope. Using the Earth’s gravity, it can help determine orientation. The big difference between an accelerometer and a gyroscope is that a gyroscope can also measure rotation or more specifically, the rate of rotation around a particular axis. Gyroscopes take into account the Earth’s gravity and rotation while the accelerometer does not.

If tracking stars for navigation and location like the early Polynesians is not your style, then the ever popular GPS is your tool. Using three satellites to ‘triangulate’ your location, the receiver measures distance to the first satellite. Based on that, you are in a certain sphere location on the planet. It then measures the distance to the second satellite to get another sphere location. Therefore, you must be somewhere on the circle where these two spheres intersect. By using a third satellite reading, the sphere that cuts through the circle of the intersection of the first two spheres narrows your location even more. Now our position is narrowed to two points in space. One of those two points is so absurd and instantly tossed, thus leaving you with an exact location.

There are a bunch of other sensors like Optical Heart Rate Monitors, typically worn on the wrist and it shines a tiny light against your skin to measure the blood pumping through your arm veins. And the various Gesture Tech things that use a little camera to see your hand and body movements to translate that into action on a gaming device, or a drone following your Snake River Canyon jump or even turning up the volume on the TV. It’d be cool to move something out of the way by effortlessly swiping your hand in the air, huh?

Sensors have been all around us for a while but now they are becoming close confidants. We should get to know our new Ohana.

ps

Related

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]