IoT security and the world of US medicine

IoT in healthcare faces its fair share of challenges

IoT in healthcare faces its fair share of challenges

Internet of Things security is anything but a homogenous concept. It is, rather, extremely dependent on the type of products being developed and – in many cases – the sort of regulatory restrictions they are subject to.

Of all the sectors where IoT is proliferating, however, it is arguably medical that is the most fraught. In medical IT, developers have to operate in a minefield of intense regulation, life and death safety issues, and an unusually high (and of course very much unwelcome) degree of scrutiny from hackers.

The hacking of medical data is a popular criminal enterprise, particularly in the US, where just last week UCLA Health hospitals say hackers may have accessed personal information and medical records of as many as 4.5 million patients.

However, while no-one would be overjoyed at the thought of something as intimate as their medical records falling into the hands of digital crooks, it is arguably the patient who has the least to worry about here. The main targets of medical data theft are US insurance companies and the institutions that administer Medicare. In the US, patients usually collect medication and leave it to pharmacists to bill the insurance companies.

A single refill for five months’ medication can easily add up to a few thousand dollars, so the rewards for effective fraud – with hackers posing as pharmacists – are large. Insurance companies, of course, foot the bill, while for those impersonated the results can cost time, stress, and in worst case scenarios a potentially dangerous delay in securing their medication.

It’s just one example of why security around medical data – medical IoT’s bread and butter – has to be so tight.

Someone extremely familiar with the territory is Sridhar Iyengar, one of the founders of AgaMatrix. At AgaMatrix, Iyengar  helped develop the first iPhone –connected medical device, a glucose monitor called iBGStar, then a revolutionary innovation for diabetes sufferers.

Nowadays Iyengar’s focus is on Misfit, a wearables company focussing on fitness rather than illness, but he is still deeply involved with issues surrounding IoT, health, and security. In September, he will attend Internet of Things Security conference in Boston as a keynote speaker, where he will draw on his expertise in diabetes to illustrate the wider challenges confronted by developers in the realm of medical IoT.

“The Holy Grail in this world of diabetes is what they call an artificial pancreas,” he says, “meaning that, if you can sense how much glucose is in your blood, you can pump in the right amount of insulin to automatically regulate it. Nobody has made a commercial version of that. Partly because the folks who make a glucose sensor are different to the folks that make the pumps and it has been  difficult for the two to cooperate due to trade secrets and the complexities of sharing the liability of devices from different manufacturers that must work in unison. The patients are left to suffer.”

In one famous incident, this frustrating discontinuity was first overcome by a “citizen scientist,” a father who hacked his diabetic child’s separate devices and was able to link the two together. While this was never marketed, it signalled that the race for a commercially viable artificial pancreas was very much on. However, while no-one would resent such intrepid ingenuity on the part of the “citizen scientist,” Iyengar points out that it is also demonstrates the devices in question were very much hackable.

“If somebody hacks into an insulin pump you could kill someone,” he says. “They overdose, they go into a coma, they die. None of these insulin pump manufacturers are going to open source anything: they can’t, because of the deadly consequences of someone hacking it.”

Ultimately, it will prove an interesting challenge to future regulators to establish precisely where to draw the line on issue such as this. Still, the capacity for others to easily take control of (for instance) a connected pacemaker is bound to generate a degree of concern.

Many of these issues are complicated by existing regulations. The US Health Insurance Portability and Accountability Act (HIPAA) requirements state that medical data can only be shared after it has been completely anonymised, which presents something of a paradox to medical IoT, and frequently requires complex architectures and dual databases, with pointers enabling healthcare professionals to blend the two together and actually make sense of them.

Issues like this mean developers can’t rely on industry standard architectures.

“You can’t rely on this network immune system that exists in the consumer software space where many different parties are vigilant in monitoring breaches and bugs because multiple vendors’ code is used by a product,” says Sridhar, picking an apt metaphor. “If you want to develop security related features you kind of have to do it yourself.”  In turn this means that, if there are breaches, you have to address them yourself. “It raises this interesting dilemma,” he says. “On the one hand the way that software’s written in the medical field, it’s supposed to be more safe. But in some situations it may backfire and the entire industry suffers.”

Huawei, partners push cloud transformation for financial IT

He: Concentrating on core competencies

He: Concentrating on core competencies

As part of its expansion into IT services and the financial services markets, Chinese telecoms giant Huawei has partnered with 11 banking IT solution providers to establish an open platform ecosystem for the finance industry, reports Banking Technology.

The collaboration was announced during Huawei’s Global Financial Services Industry Summit in Beijing last week. The launch partners are Accenture (China), Beijing Advanced Digital Technology, Beijing Yucheng Technologies, Beiming Software, DHC Software, Deloitte Business Advisory Services, Digital China System Integration Service, First Data, Infosys Technologies, Micro Focus, and Worldline Technologies.

David He, president of marketing and solution sales at Huawei’s Enterprise Business Group, that that Huawei will focus on its core skills as a hardware platform provider, based around its BDII – Business-Driven ICT Infrastructure – approach.

“The new ecosystem is designed to address the IT transformation needs of financial organisations [and] promotes BDII within the financial industry by enabling our partners to focus on their core competencies,” said He. “For example, consulting firms, application vendors, and system integrators will be able to leverage their in-depth understanding and practical experience around industry applications, while Huawei, as a hardware platform provider, will focus on ICT infrastructure.”

Collaboration was one of the main themes of the event. During a keynote presentation, He said that collaboration and joint innovation between banks and vendors is essential to overcome the challenges faced by the financial services industry as it faces the dual threat of new digital and mobile technologies being harnessed by new, agile competitors.

The company also jointly published a white paper, Transformation and Reconstruction of Banks in the Digital Era, with Deloitte. In it, the two companies highlighted the need for banks to implement a digitalisation strategy supplemented by powerful and supportive systems, and IT capability construction.

The white paper argues a key component of the strategy is the transformation of cloud architecture, which enables banks to improve analysis efficiency, lower the cost of operations and innovation, and enhance data storage and disaster preparedness capabilities. In addition, big data strategies enable banks to quickly respond to real-time customer demands by analysing massive volumes of customer data. The transformation from multi-channel to omni-channel systems will also help banks provide consistent and seamless customer experiences.

By launching the open platform ecosystem for the finance industry, Huawei and its partners hope to help financial institutions migrate from closed to open IT architectures and enable enhanced customer experience and convenient service innovations in a safe and reliable operating environment.

As part of the collaboration, Huawei is working with other members of the ecosystem to launch a range of open platform-based solutions for the finance industry, including an online banking cloud (based on private cloud architecture for finance), a credit loan cloud, a direct banking cloud, a micro-and-small-loan service cloud, a core account cloud, a credit card core application cloud, as well as mobile teller and home banking capabilities. These solutions have helped companies including the Spanish Bolsas y Mercados Españoles exchange build a cloud-based equity trading system.

“Huawei facilitates IT architecture transformation within the finance industry by providing highly reliable x86 cluster systems to support core transaction systems, in addition to cloud architecture for finance that supports the transformation of the business and processes of banks,” said Wang Hongfeng, general manager, finance solutions, in Huawei’s EBG.. “Huawei also provides platform resources support through our open labs, innovation centres, authentication centres, and secondary development and remote support. Through cross-practice cooperation, Huawei hopes to speed up the evolution toward open platform architecture in the financial services industry.”

84% of UK CIOs say cloud reduces overall IT control – survey

UK CIOs are concerned cloud adoption is reducing their control over IT

UK CIOs are concerned cloud adoption is reducing their control over IT

A recent survey of 100 UK CIOs suggests close to nine in ten believe unsanctioned use of cloud services has created long term security risks for their organisations, and about 84 per cent believe cloud adoption reduces their organisation’s control over IT more broadly.

The survey, commissioned by Fruition Partners, looks specifically at IT service management (ITSM) trends in large UK companies (organisations with more than 1,000 employees).

The results suggest CIOs are still very concerned a lack of maturity around cloud service management and application support within enterprises is driving more ‘Shadow IT’ in their organisations.

About 60 per cent of respondents said there is an increasing culture of ‘Shadow IT’ in their organisations, and 79 per cent believe there are cloud services in use that IT does now know about.

Over three quarters (78 per cent) of CIOs stated that the rest of the business frequently does not seek their advice when it comes to the procurement of public cloud services, and about one in two CIOs believe their employees are side-stepping their own IT departments and going directly to cloud service providers for application support.

“CIOs need to remember that while the availability of public cloud services may mean they need to provide fewer IT services themselves, it doesn’t reduce the need for the management of those services. In fact, it’s arguable that the need for rigorous management actually increases. Of course you should expect public cloud services to work faultlessly, however you’d be crazy to blindly trust that they will, without managing and monitoring how those services are delivered to the business,” said Paul Cash, managing director of Fruition Partners UK.

Cash explained that regardless of the type of cloud service IT departments should still be managing them internally rather than “handing over all responsibility to cloud providers.”

“CIOs must make it easier for employees in other lines of business to work with the IT department to source the cloud services they want,” he said. “There are simple initial steps they can take to do this, such as creating and publishing a comprehensive service catalogue which is exposed to the entire business. A service catalogue that lists sanctioned public cloud services will reduce the impact of shadow IT and make it far easier for employees throughout the organisation to buy cloud services from the IT department – while ensuring that IT can control and manage the services that are implemented.”

Gartner’s enterprise file sync and share Magic Quadrant offers surprises and opportunities

(c)iStock.com/baranozdemir

Once again, the tea leaves and crystal balls are out at Gartner headquarters as the analyst house looks to predict the shape of the enterprise file sync and share (EFSS) industry. Accellion, Box, Citrix and Syncplicity occupy the top right leaders section in this iteration, while Microsoft, Google and – perhaps surprisingly – Dropbox again sits in the challengers square.

EFSS, as Gartner defines it, is “a range of on-premises or cloud-based capabilities that enables individuals to synchronise and share documents, photos, videos and files across mobile devices, such as smartphones, tablets and PCs.” A total of 16 vendors were included in the report, from over 100 contenders. To make the final cut, companies had to have an offering which hit more than $10 million in revenue for 2014, be sold as a standalone product, and have a presence in at least two geographic regions, with no more than 70% of revenue coming from one region.

The analysts argue today’s EFSS market offers more mature options than ever, through new capabilities for system integration and enhanced content collaboration. The report takes the opportunity to put a few predictions out there – by 2018, it argues, any enterprise content management (ECM) or enterprise mobility management (EMM) offering will embed natively basic EFSS features. It is already interesting to note EMM provider AirWatch by VMware is one of the vendors which made the final report.

One company which made the ‘visionary’ section of the report is Egnyte. For regular readers of this publication, they will know Egnyte as a company which refuses to be rushed in the face of competitors’ IPOs and mammoth venture capital pots. When Egnyte opened up a European branch last year, the company had raised $62.5m in capital – small change compared to Box’s $414m and Dropbox’s $607m at the time. Egnyte CEO Vineet Jain told this reporter he had refused the board’s request to open up to Europe a year earlier, stating “you need to strengthen into a specific territory before you go and fight another war.”

Yet the style seems to work; Egnyte was the only company in the 2015 quadrant which moved into a new space, from niche player to visionary, and, along with Google, was the only vendor to move up and right from the previous year. Jain said: “In the midst of high profile IPOs and increasing consolidation, this space has become hyper-competitive and infrastructure players like VMware and Citrix, as well as collaboration players like Microsoft and Google, are converging on this market.”

He added: “It has become increasingly clear that value-added files services on top of these offerings with a hybrid focus of security and innovation around user experience is the key to survive and win long-term. As the market has continued to evolve, it is clear from Egnyte’s movement into the visionary category that our hybrid, open technology is quickly becoming a preferred solution for the enterprise.”

For CTERA Networks, making its debut on the quadrant as a niche player having only pushed out its first EFSS release in 2012, it’s a different story but the mood is still one of celebration. In a blog post, CTERA SVP marketing Jeff Denworth wrote: “There’s no denying the EFSS market is a hot space. With nearly 150 vendors that are tracked by IT analysts, Gartner had their work cut out for them narrowing their focus on the companies that have the right combination of product vision and execution.

“To realise the accomplishment of making it onto this list among our viable competitors after arriving on the scene as much as seven years after our peers, well…CTERA is proud to say we’re doing something right,” he added.

For Box, firmly positioned in the leaders’ section again, it was business as usual. “This is a highly competitive and fast-growing market, as nearly every business in the world is looking for technology to power new ways of working to increase productivity and collaboration across their organisation,” said Box SVP and general manager of enterprise Whitney Bouck in a statement.

“Our leadership position in this magic quadrant demonstrates that cloud-only technologies are able to meet the most stringent security needs of larger and heavily regulated enterprises across all industries, while also providing a platform for enterprise content collaboration, business processes and workflow support.”

Naturally, the full report digs very deep down and contains insights, strengths, and weaknesses over each vendor selected. Brian Clendenin, writing for IT World Canada and a former Gartner employee, argues you should always speak with the analysts who conducted the research, as well as looking out for the cautions which relate to stability issues, for instance, based on customer preferences. If you see them, he argues, remember the vendors always offer the best customers to the analysts.

Disclaimer: CloudTech’s copy of the Gartner EFSS report was obtained through Egnyte.

A New Age ‘Power Panel’ at @ThingsExpo | #IoT #M2M #InternetOfThings

The Internet of Things is not only adding billions of sensors and billions of terabytes to the Internet. It is also forcing a fundamental change in the way we envision Information Technology. For the first time, more data is being created by devices at the edge of the Internet rather than from centralized systems. What does this mean for today’s IT professional?
In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists addressed this very serious issue of profound change in the industry.

read more

The CIO P (Chief Information Security Protection) Factor By @ABridgwater | @CloudExpo #Cloud

It’s easy to invent additional C-suite job title designations. We might conjure up Chief Data Analytics-Insight Officer (CDAIO – pronounced “see-day-oh”) for example.
Equally, we can see that the role of the CIO quickly gained additional layers some time ago – and we now see the CSO (Chief Security Officer) quite commonly being ranked as the CIO’s right hand man or woman.

read more

[slides] Understanding FedRAMP By @AbelSussman | @CloudExpo #Cloud

FedRAMP is mandatory for government cloud deployments and businesses need to comply in order to provide services for federal engagements.
In his session at 16th Cloud Expo, Abel Sussman, Director for Coalfire Public Sector practice, reviewed the Federal Risk and Authorization Management Program (FedRAMP) process and provided advice on overcoming common compliance obstacles.
Abel Sussman is the Director for Coalfire Public Sector practice. For more than 18 years, Abel has been helping organizations implement new systems and transform stagnant programs. He is a nationally recognized industry expert and has presented on information security and cloud computing for the FBI, DHS, and DoD.

read more

Go & Java SDKs from @ProfitBricksUSA | @DevOpsSummit #Cloud #DevOps

«The new SDKs for Go and Java are yet another addition to our growing support for our DevOps community,» said Achim Weiss, Co-founder and CEO of ProfitBricks. «Since the launch of ProfitBricks’ DevOps Central, the productivity of the DevOps community remains a top priority for our development team. We’ve built a strong foundation for our DevOps Central users, and intend on continuing this momentum as the year progresses.»

read more

[session] DevOps State of Mind By @RedHatNews | @DevOpsSummit #DevOps #PaaS #Jenkins #Kubernetes #Docker

Rapid innovation, changing business landscapes, and new IT demands force businesses to make changes quickly. The DevOps approach is a way to increase business agility through collaboration, communication, and integration across different teams in the IT organization.
In his session at DevOps Summit, Chris Van Tuin, Chief Technologist for the Western US at Red Hat, will discuss:
The acceleration of application delivery for the business with DevOps

read more