Tuesday, June 7, 2016

What is next after Mobile? Smarter cars? Voice Assistants?

Brian Silverman
Senior Solution Consultant

As the USA Today article,   “Smartphones may loosen their grip over family life as voice devices rise” , highlights, there are new technologies that are hot on the heels of smart phones. 

It will be 9 years ago on June 29th that the first iPhone was released.  The smart phone, with its apps and ability to center itself in your hand provided useful information and interaction beyond the basics of phone calls and text messages, and thus changed the world.   Now, there is an app for everything.  An app for tracking your heartbeat, your lost pet, or predicting the weather down to the minute.  There are apps to find the closest restaurant or the nearest dog-friendly hotel. 

Just as the PDA’s (Personal digital assistants) were the invention of their time - remember Palm Pilots? – so have smart phones provided the connections that consumers swear by and are unable to live without. But, do we really have the crystal ball prediction ability to determine what will follow?  Will the next “interface” of choice be speaking to your car, Google Home, or Amazon’s Alexa?  Or will it be a completely new device? All require a well thought out approach to digital innovation in the future.

The good news is that it doesn’t take a psychic for IT professionals and companies to prepare for the next innovation. 

At iSOA Group, we know there are going to be some consistent requirements for the future devices and interfaces to work, including:

1) A consistent approach to communication and the ability to share key information. Whether this data populates to a web page, is a pop up on a smart phone, or is spoken to you through a speaker in your car, having a consistent interface for consumers to connect and communicate with their devices will be a necessity.

2) Integration with your systems of record, , as IBM calls your “business systems”. Turn information into business with your customer.  These new devices and interfaces all need access to common consistent information and consistent methods of interface to execute a business transaction, such as a hotel reservation.

3) A single place for developers, inside and outside your company, to access application information. The how, what and where will need to be leveraged for application information and documentation in order for developers and providers of services to assure success and innovation.

Along with IBM, iSOA knows that API’s (Application Program Interfaces) and a strong consistent framework will support innovation,; to be prepared for any or all opportunities that will provide growth into these new digital opportunities.

Want to know more? The IBM Solution, and iSOA Group, Inc. are leading companies in development of API Frameworks and approaches for digital innovation.

Join me, Brian Silverman, iSOA Group, Inc. Senior Solution Consultant, along with Bill Barrus from IBM, for a webinar on June 16th at 11AM PDT / 2PM EDT.

“Digital Innovation with API’s and IBM’s API Connect” and see a demonstration of the IBM software.  

Friday, May 20, 2016

Stephen Mori  iSOA Security Adviser

Since this is my first post to the ISOA Group blog, a few words of introduction are in order.  First of all, thanks to Bryon and Cheryl for inviting me to join iSOA Group as their new Security Adviser; I will be helping to articulate the development of iSOA Group’s security practice. 

My brief and abbreviated history spans forty years in various technology roles:  systems analyst, coder/developer, software designer, consultant, systems architect and security engineering and management culminating in the role as Autodesk’s first CISO (retired 2012).  Since my retirement I have continued with a few judiciously selected consulting gigs.  Retirement hasn’t allowed me much time for gainful employment.

I look forward to being a regular contributor to this blog; exploring what are hopefully topical issues across security, privacy and trust.  A particular interest of mine is cyber-trust.  There I’ve used “cyber”, now I’ll actively seek to avoid over-using it since others are handling that.  No small part of that interest is how we, as security professionals, bring the same sort of innovation to defending our company and critical assets as the bad guys bring to uncovering new ways of threatening us and our vital information assets.

But, first a look back to set the stage for future entries.  It is 1970 and Willis Ware, early computer scientist and security pioneer, delivers a commissioned report to the Advanced Research Projects Agency - predecessor to DARPA.  Known as the “Ware Report”, officially titled “Security Controls for Computer Systems: Report of the Defense Science Board Task Force on Computer Security”, the report was only recently declassified by the DOD.  Why spend time looking at a 46 year old resource?  Simply because it remains a resource and it helps me make my point about the need for innovation, while respecting history.

The report charter was to deal with the risks associated with the rapid growth of “multi-access, resource sharing computer systems”.  Rapid being relative, the authors could not have envisioned today’s democratized Internet, hyper-connected world of social media, computers in the form of watches, tablets, smartphones, let alone IoT enabled appliances; and, of course, virtual servers, Amazon Web Services (AWS), Docker, et al.  That charter remains valid in a world where factors are more connected - many factors faster than real-world 1970.

“Providing satisfactory security controls in a computer system is in itself a system design problem.”  Did Mr. Ware anticipate Agile development methodology, DevOps, and proliferating App Stores?

“A combination of hardware, software, communication, physical, personnel and administrative-procedural safeguards is required for comprehensive security.” Defense-in-Depth, anyone? Implied in the statement are IDS/IPS, Next Gen firewalls, vulnerability management software, SIEM, multi-factor authentication, security awareness, policy and technical controls.

What of Advanced Persistent Threats, intentional and accidental internal threat actors, and (Distributed) Denial of Services?  Systems ought to be “...acceptably resistant to external attack, accidental disclosures, internal subversion and denial of use to legitimate users.” Effectively, this covers anything connected to the Internet with open access to the Web, e-mail, text.

Finally, the report outlined what arguably remains the most common system vulnerabilities:  accidental destruction of data by a system failure, user or administrative error, active attacks that exploit weaknesses in user credentials, or deliberate or accidental flaws in software, “unauthorized entry points...created by a system programmer who wishes to provide a means for bypassing internal security controls...”.  All of which evoke directory attacks, credentials/identity theft, and back doors.

The “Ware Report” pretty much covers the CISO’s world.

So that is my bit of context setting.  Future entries will hearken back to these legacy security issues, but with an updated perspective and current terminology.  My first thought upon reading summaries of the “Ware Report” is the greatest progress we’ve made has been in creating new acronyms.  We need to endeavor to get just as good at developing innovative responses to these classic and evolving threats as we are at simplifying technical jargon.

Monday, April 11, 2016

View from 40,000 Feet: Security is more than just passwords, and locked doors!

Bryon Kataoka, iSOA Group, Inc. CTO and Thought Leader

Security is more than just locking doors and barring the windows, and there is no magic piece of software that will assure IT security.

Companies need to be vigilantly concerned about how they manage security of their most trusted assets, their customers, their intellectual property, their partners and the privacy and well being of their employees.

iSOA Group, Inc. is an officially authorized IBM Security Solutions Partner.  iSOA has always focused on security, as it pertains the edge of the network, XML and Application Firewall, and integration with companies authentication solutions and directories.  Today we are expanding our security focus beyond the edge fo the network including recent certifications in QRadar, IBM's SIEM (Security information and event management) solution.

As I direct my team, as we expand our security focus, we need to keep focused on key challenges:

1) Keeping up with the latest threats and vulnerabilities.  With new threats coming along every day, such as the rise of Ransomware, we as advisors need to be on top of the latest challenges.  There are resources of information, such as IBM's Xforce Report, and most importantly to keep listening to our customers to assure we stay aware and also understand the risk to reward trade offs when making security decisions.

2) The fundamentals of security have not changed.  Protecting access to information, keeping systems up to date, access and authentication, as well as deploying and maintaining anti-virus and network protection solutions continue to be at the core of keeping companies protected.  Many thieves focus on known vulnerabilities of systems that have not been kept up to date, allowing the malicious hacker to access these systems with a known nefarious path to entry.  A study by CSIS stated75% of attacks use publicly known vulnerabilities in commercial software that could be prevented by regular patching” showing that one of the first steps to being secure is to assure these fundamentals are implemented successfully.

3) We need to perpetually remind our clients that security is a domain that spans IT as well as physical security.  If we have locked down systems, but people can easily enter and exit the building and possibly data center, our clients are still exposed and have a challenge.  Most threats come from inside, and actually they will take the easiest route to take valued information.  As an example, to be PCI (Payment Card Industry Card Production Standard) Compliant, they have both "IT" requirements as well as physical security requirements for companies to be compliant.

As I mentioned at the beginning of the year, we will use the process of design thinking to help prioritize our focus and help guide our priorities and how we best approach working with customers.  We will continue to use this approach with our customers across our solutions for Integration, API Management, and now Security.

If you would like to know more about the iSOA approach or how we can be of assistance please reach out to me or my Solution Consultant Brian Silverman bsilverman@isoagroup.com or our Customer Service leader Cheryl Bertini at cbertini@isoagroup.com.

Wednesday, March 9, 2016

A View from 40,000 feet: IBM Interconnect 2016 Interesting Turn of Events!

Bryon Kataoka, iSOA Group, Inc. CTO and Though Leader

This year’s IBM InterConnect conference was full of interesting turns of events!  Although I was not a scheduled presenter and ended the conference with what seems to be the “Vegas” flu, there was much to learn and exceptional energy at the conference!

IBM continued its focus on Hybrid Cloud leveraging IBM’s Cloud capabilities, along with key offerings for security, integration and more.  The focus on Hybrid Cloud complemented my presentation at Interconnect in 2015.  I presented with a customer on developing a Hybrid Cloud integration framework, that provides secure integration between cloud based applications and key on-prem solutions.  This was also our focus this year at our Integration Roundtable breakfast.

As far as new announcements, what stood out to me was the new IBM APIM version 5, now called “IBM API Connect”, as well as some of the complementary capabilities announced with IBM’s DataPower 7.5.  IBM is listening to its partners and customers and subsequently delivering on a completely integrated API Management offering that incorporates Strongloop, which IBM acquired in 2015, creating an industry leading API Management solution for the development, management and security of developing and consuming API’s.

I was also impressed with where IBM is going with security.  IBM’s Security portfolio, including QRadar and its XForce security threat intelligence, shows IBM’s strong commitment to security. It was also beneficial to see IBM return to known product names, such as BigFix, as IBM removes the obfuscation that occurred when they originally purchased the product.  Lesson learned, don’t mess with a well known brand name!  

I was so amazed with IBM’s Security direction, that I have directed my team to expand our security focus in 2016 to incorporate some of these key IBM offerings. With these new editions to our portfolio, we can assure our customers that we can deliver the integrated security required into today’s digital age.

Although my week was terminated early by contracting the flu (and darn! I missed out on the Elton John concert), I was still able to present at the DataPower Customer Forum, standing in for a client, and thus making 2016 the 9th year that I have presented at IBM’s conference.

Friday, March 4, 2016

Taming Las Vegas: iSOA's IBM InterConnect 2016 Recap

2016 brought another exciting week at IBM’s Interconnect Conference.  If you were not able to join, let us share what we observed while attending the event of over 20,000 people that spanned across the MGM Hotel and the Mandalay Bay.  

The energy across the conference definitely seemed more electric and connected than in 2015.  There were multiple keynotes and the conference was a great opportunity to see the future of IBM, as well as hear what our customers, partners and IBM colleagues had to share.

Hybrid Cloud leadership was IBM’s mantra from day one and this set the tone for the conference.  IBM announced its BM Cloud and VMWare partnership, as well as expanding its support for Apple’s Swift programming language.   Apple’s VP of Product Marketing, Brian Croll, proclaimed that IBM was already the largest developer of Swift applications and their natural partnership would help move and extend the Swift language to servers everywhere.

Always eager to connect with our clients and colleagues, the iSOA Team hosted our annual Integration Round-table breakfast, with our own focus on Hybrid Cloud Integration.  We were joined by our good friends from IBM, Jeff Sinason, Certified Architect and Rich Kinard, Worldwide DataPower Sales leader and author! Discussions revolved around how our customers are looking at the cloud, as well as the challenges of integration. 

iSOA Group, Inc. continued our passion for taming IT Anarchy, as shown on our Sons of Anarchy themed iSOA t-shirts.  

For more information please contact Brian at bsilverman@isoagroup.com or Chery at cbertini@isogroup.com .

Monday, February 8, 2016

iSOA Group, is Controlling IT Anarchy once Again in Las Vegas at IBM's Interconnect 2016 February 21 - 25th

Join Bryon, Cheryl, Peter and Brian as we once again tame the Anarchy of IT in Las Vegas!  (IBM Interconnect 2016)

Announcing iSOA OnDemand Services:  Your iSOA Expert on Call to help you gain the most value from your IBM Software (e.g. DataPower, Integration Broker, WebSphere and MQ).  Helping you with best practices, new features, and helping to solve your challenges with your unique environment.  (please refer to the onsite Interconnect program guide and see our ad on the inside cover)

"Get Fit" With our iSOA IBM Middleware Survey and Drawing for a Fit Bit Blaze Watch: We know you may be faced with certain challenges relating to your particular IBM Middleware solution.   Our Research department is conducting a survey to better understand these challenges, and by completing this quick survey, and you will be entered for a chance to win one of 3 FitBit Blaze watches!

Hybrid Cloud Integration Round Table Breakfast (7am Tuesday February, 23rd):  Join our CTO, Bryon Kataoka and IBM Technical leaders to discuss best practices to developing a Hybrid Cloud Integration framework for your enterprise, leveraging IBM technologies such as DataPower, Cast Iron, and MQ Series.  The iSOA Approach creates a secure and flexible framework that integrates all of an enterprises applications (on premise and cloud) to be more responsive to the needs of your business.  

Education, Networking, and a little socializing:  Find the iSOA team in our T Shirts and hats, and join us in helping to tame the IT Anarchy in Las Vegas and you could win your very own Tame the IT Anarchy tshirt or hat!

Want to know more?, follow us on Facebook and Twitter, or reach out to Brian bsilverman@isoagroup.com  and Cheryl at cbertini@isoagroup.com

Tuesday, February 2, 2016

A View from 40,000 feet and Las Vegas Bound for IBM's Interconnect 2016 Conference

Author: Bryon Kataoka, iSOA Group CTO and Thought Leader

Well it’s that time again.  Time to go to InterConnect 2016 and network with clients, peers and reconnect with some old friends.  It is also a great opportunity to understand the trends, direction and opportunities we are all facing with technology in the New Year.

This year, security is at the top of my mind, and I’m really excited about IBM Security, including offerings such as QRadar to Maas360 to Big Fix to Guardium. You will probably find me at any session that is showcasing these products.    I’m also very interested in StrongLoop and what IBM has planned for its marriage with IBM APIM.  I’m looking forward to announcements in that arena.  There are usually great labs at Interconnect so I hope to attend a few if our schedule permits.

This year I will not be speaking, which is a rarity! I am looking forward to being an attendee and absorbing a lot of new information.  I’m sure there will be many dining opportunities and meetings with clients, but I do plan on using this time wisely and attending what I think will be the important sessions.  I may even schedule a certification test or two.   Nothing like filling your week up to the max!

Once I have my schedule of sessions chosen I’ll post again to let you know what are my recommended sessions.  My team will be tweeting as we progress through the week, so  follow the iSOA Team, to learn where we are at and my thoughts on key takeaways.

What are your hot topics this year?  Any sessions you would recommend to your CTO at 40000 feet?   I and my team hope to see you at Interconnect and have a great 2016!

Bryon Kataoka is the iSOA Group, Inc. CTO sharing his experience as a technical leader for over  20 years.  In his role at iSOA Group, Inc. he is a thought leader as well as a consultant to many companies helping them be successful with their Middleware strategy and implementations.