Monday, January 9, 2017

The Security of Digital Assistants: Who is Listening?

Brian Silverman
iSOA Sales and Marketing Leader

The Security of Digital Assistants: Who is Listening? 

With the recent advertisements depicting the everyday usefulness of the market’s current digital assistant products, such as Google Home, Apple’s Siri, and Amazon’s Alexa, one could begin to believe that they are now required to complete our daily tasks. Although instructing Google Home to turn on your lights prior to your return home may be convenient, consider the implications of these digital requests and how and where that data is being stored.

Simple voice instructions for common household tasks wouldn’t normally raise any concerns for the average consumer, but consider that law enforcement agencies are now requesting access to said stored data, as described in the linked article, below.

And, while there may be some concerns about retail companies using your request history to “suggest” and target ads to you by analyzing your spending habits, we now can see that this stored data could have a much different life outside the server and intended use. Once Alexa (and other digital assistants) are integrated into our cars and cell phones, the outside world will increasingly gain more information about private citizens. Big Brother is watching.

Risks to our privacy should always be on our minds; the introduction of digital assistants just adds one more avenue to exposure.   Innocent business travel requests, confirming a meeting, or something as seemingly innocuous as having your DA read you an email could expose not only your personal information, but your business information, as well. It is essential to question how our spoken requests are being stored and where and with what type of encryption is being used - your business can depend on its safety.

At iSOA Group, Inc. we think about these things…..

We believe it is essential to look at the gateway connections of our customers’ enterprise for a variety of services. One of the main concerns we see today is hybrid cloud integration - when companies transition their data, applications, and services to the cloud.  As more IOT (Internet of Things) devices and "digital assistants" arrive  in the marketplace, the need to look at the broader network and secured connections has to be a top priority.  To this end, we work with clients to apply best practices in the setup of their gateway hybrid cloud integration framework in order to protect their information security, introducing a trusted, flexible solution to move resources to the cloud, and enable them to drive true digital innovation.

Thursday, November 3, 2016

HAL from 2001: A Space Odyssey is real and his name is Watson!

HAL from 2001: A Space Odyssey is real and his name is Watson!

IBM’s Watson is creating the cognitive enterprise

Matching the value of technology to bring real business value has always been a focus here at iSOA Group. And, what we learned at Worldof Watson Conference at the end October that we no longer have to use imagined images of movie-inspired AI to envision the new cognitive era – these new opportunities are already a reality!

This new era of technology, as discussed by Ginny Rometty, CEO of IBM, during her keynote address on Wednesday of the conference, is transforming industries and our present view of technology.

IBM's Watson has gone from a winning contestant on Jeopardy, to taking its "genius" on the road to learn about the world of service, and that can now:

1) Combine weather data and knowledge of the wear and tear on machinery (such as utility poles) to accurately recommend when to replace them before failure.
2) Read and understand 200 million pages of regulations in minutes to assess and assure your company’s compliance.
3) Help a musician understand a variety of musical genres according to listener preference in order to help guide him in writing a top 10 hit.
4) Continually observe and learn about our world without loss of memory, all the while becoming smarter and providing better guidance to humans.
5) Learn vs being programmed.
6) Help patients predict the occurrence of an asthma attack so that they can take preventative measures.

And it isn't just IBM; Cisco and IBM are teaming up to create smarter meetings. Think about it - Watson helps you schedule your next offer management meeting.  During scheduling, Watson observes you have included “Joe” as a required attendee, but Joe is a procrastinator and never responds to scheduling invitations until the last minute. Seeing this, Watson recommends making Joe optional and suggests the most convenient time.  Or, as the Cisco presenter suggested, what if Watson attends each meeting, listens, learns, and dare I say, remembers the discussion so that we’re assured progress and key milestones are achieved.

This “Augmented Intelligence” system is smart and getting smarter (hopefully not in the direction of  HAL) – but what are YOU doing to take advantage of it?  Are you looking at an API strategy that not only includes your services and external applications, but incorporates new capabilities from Watson and other services to assure your company is leading in innovation? 

Let's get smarter together!

Tuesday, June 7, 2016

What is next after Mobile? Smarter cars? Voice Assistants?

Brian Silverman
Senior Solution Consultant

As the USA Today article,   “Smartphones may loosen their grip over family life as voice devices rise” , highlights, there are new technologies that are hot on the heels of smart phones. 

It will be 9 years ago on June 29th that the first iPhone was released.  The smart phone, with its apps and ability to center itself in your hand provided useful information and interaction beyond the basics of phone calls and text messages, and thus changed the world.   Now, there is an app for everything.  An app for tracking your heartbeat, your lost pet, or predicting the weather down to the minute.  There are apps to find the closest restaurant or the nearest dog-friendly hotel. 

Just as the PDA’s (Personal digital assistants) were the invention of their time - remember Palm Pilots? – so have smart phones provided the connections that consumers swear by and are unable to live without. But, do we really have the crystal ball prediction ability to determine what will follow?  Will the next “interface” of choice be speaking to your car, Google Home, or Amazon’s Alexa?  Or will it be a completely new device? All require a well thought out approach to digital innovation in the future.

The good news is that it doesn’t take a psychic for IT professionals and companies to prepare for the next innovation. 

At iSOA Group, we know there are going to be some consistent requirements for the future devices and interfaces to work, including:

1) A consistent approach to communication and the ability to share key information. Whether this data populates to a web page, is a pop up on a smart phone, or is spoken to you through a speaker in your car, having a consistent interface for consumers to connect and communicate with their devices will be a necessity.

2) Integration with your systems of record, , as IBM calls your “business systems”. Turn information into business with your customer.  These new devices and interfaces all need access to common consistent information and consistent methods of interface to execute a business transaction, such as a hotel reservation.

3) A single place for developers, inside and outside your company, to access application information. The how, what and where will need to be leveraged for application information and documentation in order for developers and providers of services to assure success and innovation.

Along with IBM, iSOA knows that API’s (Application Program Interfaces) and a strong consistent framework will support innovation,; to be prepared for any or all opportunities that will provide growth into these new digital opportunities.

Want to know more? The IBM Solution, and iSOA Group, Inc. are leading companies in development of API Frameworks and approaches for digital innovation.

Join me, Brian Silverman, iSOA Group, Inc. Senior Solution Consultant, along with Bill Barrus from IBM, for a webinar on June 16th at 11AM PDT / 2PM EDT.

“Digital Innovation with API’s and IBM’s API Connect” and see a demonstration of the IBM software.  

Friday, May 20, 2016

Stephen Mori  iSOA Security Adviser

Since this is my first post to the ISOA Group blog, a few words of introduction are in order.  First of all, thanks to Bryon and Cheryl for inviting me to join iSOA Group as their new Security Adviser; I will be helping to articulate the development of iSOA Group’s security practice. 

My brief and abbreviated history spans forty years in various technology roles:  systems analyst, coder/developer, software designer, consultant, systems architect and security engineering and management culminating in the role as Autodesk’s first CISO (retired 2012).  Since my retirement I have continued with a few judiciously selected consulting gigs.  Retirement hasn’t allowed me much time for gainful employment.

I look forward to being a regular contributor to this blog; exploring what are hopefully topical issues across security, privacy and trust.  A particular interest of mine is cyber-trust.  There I’ve used “cyber”, now I’ll actively seek to avoid over-using it since others are handling that.  No small part of that interest is how we, as security professionals, bring the same sort of innovation to defending our company and critical assets as the bad guys bring to uncovering new ways of threatening us and our vital information assets.

But, first a look back to set the stage for future entries.  It is 1970 and Willis Ware, early computer scientist and security pioneer, delivers a commissioned report to the Advanced Research Projects Agency - predecessor to DARPA.  Known as the “Ware Report”, officially titled “Security Controls for Computer Systems: Report of the Defense Science Board Task Force on Computer Security”, the report was only recently declassified by the DOD.  Why spend time looking at a 46 year old resource?  Simply because it remains a resource and it helps me make my point about the need for innovation, while respecting history.

The report charter was to deal with the risks associated with the rapid growth of “multi-access, resource sharing computer systems”.  Rapid being relative, the authors could not have envisioned today’s democratized Internet, hyper-connected world of social media, computers in the form of watches, tablets, smartphones, let alone IoT enabled appliances; and, of course, virtual servers, Amazon Web Services (AWS), Docker, et al.  That charter remains valid in a world where factors are more connected - many factors faster than real-world 1970.

“Providing satisfactory security controls in a computer system is in itself a system design problem.”  Did Mr. Ware anticipate Agile development methodology, DevOps, and proliferating App Stores?

“A combination of hardware, software, communication, physical, personnel and administrative-procedural safeguards is required for comprehensive security.” Defense-in-Depth, anyone? Implied in the statement are IDS/IPS, Next Gen firewalls, vulnerability management software, SIEM, multi-factor authentication, security awareness, policy and technical controls.

What of Advanced Persistent Threats, intentional and accidental internal threat actors, and (Distributed) Denial of Services?  Systems ought to be “...acceptably resistant to external attack, accidental disclosures, internal subversion and denial of use to legitimate users.” Effectively, this covers anything connected to the Internet with open access to the Web, e-mail, text.

Finally, the report outlined what arguably remains the most common system vulnerabilities:  accidental destruction of data by a system failure, user or administrative error, active attacks that exploit weaknesses in user credentials, or deliberate or accidental flaws in software, “unauthorized entry points...created by a system programmer who wishes to provide a means for bypassing internal security controls...”.  All of which evoke directory attacks, credentials/identity theft, and back doors.

The “Ware Report” pretty much covers the CISO’s world.

So that is my bit of context setting.  Future entries will hearken back to these legacy security issues, but with an updated perspective and current terminology.  My first thought upon reading summaries of the “Ware Report” is the greatest progress we’ve made has been in creating new acronyms.  We need to endeavor to get just as good at developing innovative responses to these classic and evolving threats as we are at simplifying technical jargon.

Monday, April 11, 2016

View from 40,000 Feet: Security is more than just passwords, and locked doors!

Bryon Kataoka, iSOA Group, Inc. CTO and Thought Leader

Security is more than just locking doors and barring the windows, and there is no magic piece of software that will assure IT security.

Companies need to be vigilantly concerned about how they manage security of their most trusted assets, their customers, their intellectual property, their partners and the privacy and well being of their employees.

iSOA Group, Inc. is an officially authorized IBM Security Solutions Partner.  iSOA has always focused on security, as it pertains the edge of the network, XML and Application Firewall, and integration with companies authentication solutions and directories.  Today we are expanding our security focus beyond the edge fo the network including recent certifications in QRadar, IBM's SIEM (Security information and event management) solution.

As I direct my team, as we expand our security focus, we need to keep focused on key challenges:

1) Keeping up with the latest threats and vulnerabilities.  With new threats coming along every day, such as the rise of Ransomware, we as advisors need to be on top of the latest challenges.  There are resources of information, such as IBM's Xforce Report, and most importantly to keep listening to our customers to assure we stay aware and also understand the risk to reward trade offs when making security decisions.

2) The fundamentals of security have not changed.  Protecting access to information, keeping systems up to date, access and authentication, as well as deploying and maintaining anti-virus and network protection solutions continue to be at the core of keeping companies protected.  Many thieves focus on known vulnerabilities of systems that have not been kept up to date, allowing the malicious hacker to access these systems with a known nefarious path to entry.  A study by CSIS stated75% of attacks use publicly known vulnerabilities in commercial software that could be prevented by regular patching” showing that one of the first steps to being secure is to assure these fundamentals are implemented successfully.

3) We need to perpetually remind our clients that security is a domain that spans IT as well as physical security.  If we have locked down systems, but people can easily enter and exit the building and possibly data center, our clients are still exposed and have a challenge.  Most threats come from inside, and actually they will take the easiest route to take valued information.  As an example, to be PCI (Payment Card Industry Card Production Standard) Compliant, they have both "IT" requirements as well as physical security requirements for companies to be compliant.

As I mentioned at the beginning of the year, we will use the process of design thinking to help prioritize our focus and help guide our priorities and how we best approach working with customers.  We will continue to use this approach with our customers across our solutions for Integration, API Management, and now Security.

If you would like to know more about the iSOA approach or how we can be of assistance please reach out to me or my Solution Consultant Brian Silverman or our Customer Service leader Cheryl Bertini at

Wednesday, March 9, 2016

A View from 40,000 feet: IBM Interconnect 2016 Interesting Turn of Events!

Bryon Kataoka, iSOA Group, Inc. CTO and Though Leader

This year’s IBM InterConnect conference was full of interesting turns of events!  Although I was not a scheduled presenter and ended the conference with what seems to be the “Vegas” flu, there was much to learn and exceptional energy at the conference!

IBM continued its focus on Hybrid Cloud leveraging IBM’s Cloud capabilities, along with key offerings for security, integration and more.  The focus on Hybrid Cloud complemented my presentation at Interconnect in 2015.  I presented with a customer on developing a Hybrid Cloud integration framework, that provides secure integration between cloud based applications and key on-prem solutions.  This was also our focus this year at our Integration Roundtable breakfast.

As far as new announcements, what stood out to me was the new IBM APIM version 5, now called “IBM API Connect”, as well as some of the complementary capabilities announced with IBM’s DataPower 7.5.  IBM is listening to its partners and customers and subsequently delivering on a completely integrated API Management offering that incorporates Strongloop, which IBM acquired in 2015, creating an industry leading API Management solution for the development, management and security of developing and consuming API’s.

I was also impressed with where IBM is going with security.  IBM’s Security portfolio, including QRadar and its XForce security threat intelligence, shows IBM’s strong commitment to security. It was also beneficial to see IBM return to known product names, such as BigFix, as IBM removes the obfuscation that occurred when they originally purchased the product.  Lesson learned, don’t mess with a well known brand name!  

I was so amazed with IBM’s Security direction, that I have directed my team to expand our security focus in 2016 to incorporate some of these key IBM offerings. With these new editions to our portfolio, we can assure our customers that we can deliver the integrated security required into today’s digital age.

Although my week was terminated early by contracting the flu (and darn! I missed out on the Elton John concert), I was still able to present at the DataPower Customer Forum, standing in for a client, and thus making 2016 the 9th year that I have presented at IBM’s conference.

Friday, March 4, 2016

Taming Las Vegas: iSOA's IBM InterConnect 2016 Recap

2016 brought another exciting week at IBM’s Interconnect Conference.  If you were not able to join, let us share what we observed while attending the event of over 20,000 people that spanned across the MGM Hotel and the Mandalay Bay.  

The energy across the conference definitely seemed more electric and connected than in 2015.  There were multiple keynotes and the conference was a great opportunity to see the future of IBM, as well as hear what our customers, partners and IBM colleagues had to share.

Hybrid Cloud leadership was IBM’s mantra from day one and this set the tone for the conference.  IBM announced its BM Cloud and VMWare partnership, as well as expanding its support for Apple’s Swift programming language.   Apple’s VP of Product Marketing, Brian Croll, proclaimed that IBM was already the largest developer of Swift applications and their natural partnership would help move and extend the Swift language to servers everywhere.

Always eager to connect with our clients and colleagues, the iSOA Team hosted our annual Integration Round-table breakfast, with our own focus on Hybrid Cloud Integration.  We were joined by our good friends from IBM, Jeff Sinason, Certified Architect and Rich Kinard, Worldwide DataPower Sales leader and author! Discussions revolved around how our customers are looking at the cloud, as well as the challenges of integration. 

iSOA Group, Inc. continued our passion for taming IT Anarchy, as shown on our Sons of Anarchy themed iSOA t-shirts.  

For more information please contact Brian at or Chery at .