the internet of things, big data and the cloud ... · create the internet of your things challenge...
TRANSCRIPT
The Internet of Things, big data and the cloud: implications for privacy and trust
Russell Craig
National Technology Officer, Microsoft NZ
What are we going to talk about?
• What is the Internet of Things?
• What is big data?
• How do they relate to the cloud?
• Privacy Issues – what should we care about/why should we care?
• Enabling trust – the role of the industry
“Connected world solutions
combine sensors and
technologies to enable
objects and infrastructure to
interact with monitoring,
analytics and control systems
over Internet-style networks.”
Source: Forrester
Things Connectivity
Data Analytics
What is the Internet of Things?
Hardware is cheap
Connectivity is pervasive
Development is easy
New Innovative Scenarios
Huge benefits fuel demand
1970 1980 1990 2000 2010
10,000,000,000
1,000,000,000
100,000,000
10,000,000
1,000,000
100,000
10,000
1,000
Transistors
Moore’s Law Metcalf‘s Law Koomey’s Law
1.E+14
1.E+12
1.E+10
1.E+08
1.E+06
1.E+04
1.E+02
1.E+00
Computations
per KWh
1940 20101975
The energy needed for a fixed
computing load falls by a
factor of 100 every decade.
Value of a telecommunications network is
proportional to the square of the number of
connected users of the system (n2).
Over the history of computing hardware, the
number of transistors in a dense integrated
circuit has doubled approx. every two years.
intelligence will become ambient
intelligence from machine learning
What Microsoft Says
9
You have things…
Infrastructure
Things
Transportation
ThingsCitizen
Things
that you get data
from and store…
Cloud Storage
that you derive
insights from…
HDInsight Power BI
that allows you to
do…
Predictive
Maintenance
Command and
Control
Decrease costs through asset
monitoring
Increase revenue through service
improvement
Create additional revenue
streams by monetizing new
opportunities
Make IoT real in your business
Reach new customers
and markets
Improve
customer service
and loyalty Remote
monitoring and
management
10
Enable innovation Transform your businessImprove efficiency
Create the Internet of Your Thingswww.InternetofYourThings.com
CHALLENGE
Fujitsu is the world’s fourth-largest IT services
provider with approximately 162,000 employees in
more than 100 countries and holds about 97,000
patents worldwide. Fujitsu wanted to help dairy
farmers increase production, improve data insights
and transform their business by optimizing the
timing of artificial insemination (AI). It also wanted to
decrease loss through early detection of health
issues.
o Improves calf production up to 31%, with an
average of 12%
o Modernizes data access with mobile phone
alerts, reducing labor costs for monitoring cows
o Transforms herd management by allowing
farmers to increase chances of producing a
male or female calf
o Reduces loss by detecting 8-10 different kinds
of diseases in cattle
BENEFITSSOLUTION
Fujitsu learned from public research that a cow
produces more estrus (goes into heat) 16 hours after
the number of steps increases significantly. The
company created an innovative solution which uses a
rugged pedometer with a five-year battery to
measure the number of footsteps a cow takes, then
sends that data to the cloud for analysis to determine
optimum AI timing and even affect calf gender. In
addition, the patterns of steps can detect disease in
cattle. Alerts are delivered to the farmer’s cell phone.
FUJITSU
The connected cow: Using IoT
to transform cattle production
The Internet of Things – Healthcare
HOSPITALPATIENT HOME OUTPATIENT FACILITY
Connect patient data to contextual
data, so the latest patient data
automatically displays on care
provider devices based on their
location and role.
Transform the vehicle into
a smart environment that
monitors health indicators.
Monitor patient conditions with in-home
medical devices that alert care team staff when
a health event occurs.
Make authorized patient data accessible
from a unified point, enabling a holistic
view of the patient’s journey so providers
can optimize each care interaction.
Integrate data
from existing
and non-
traditional sources
to drive Big Data
analytics, enabling
care process
innovation
and healthcare
transformation.
HEALTHCARE ECOSYSTEMCombine data from various sources
to uncover insights that enable
an enhanced patient journey,
improved operational efficiency,
and better risk management.
Make patient data visible and
actionable in near real-time, enabling
improved outcomes through data-
driven decision making, better
coordination and error reduction.
PHARMACY
GOVERNMENT
RESEARCH
INSURANCE
COMPANIES
DEMOGRAPHICS
WEATHER RETAIL
Enable an interactive experience between
patients and collaborative care teams,
and reduce response times by providing
remote access to the latest patient data.
35
ComputeData
Storage
Microsoft Azure
Network
Services
App
Services
Cloud is fundamental enabler of IoT and big data
Global Physical
Infrastructure
Stores over 50 trillion objects
Handles on average 127,000 requests/second
Peak of 880,000 requests/second
> 2 billion active directory transactions/day
14
Devices Device Connectivity Storage Analytics Presentation & Action
Event Hubs SQL DatabaseMachine
LearningApp Service
Service BusTable/Blob
Storage
Stream
AnalyticsPower BI
External Data
SourcesDocumentDB HDInsight
Notification
Hubs
External Data
SourcesData Factory Mobile Services
BizTalk Services
{ }
Azure Intelligent Systems Service
Vehicle Tracking Device Cameras Power Meter Load Meter Smoke Fire Alarms Humidity Sensor Flow Meter Occupancy Sensor Temperature Sensor
INTELLIGENT DEVICES Machine Controller
Vehicle Tracking Smart Grid General Equipment Retail Kiosk Fire Detection Healthcare Smart Building Automation Digital Advertising Smart Home Automation
Monitoring
Data collection and alerts
Asset tracking & Geo-fencing
Preventive maintenance
Usage based billing
Remote Access
Securely log into remote devices and products to diagnose issues
Remote servicing - diagnose, and repair problems
Content Distribution
Automate software deployment to assets
Distribute files to devices.Content includes asset-specific files, doc, ads
Microsoft Azure Intelligent Systems Service(s)
Configuration Management
Store and access asset configurations
Compliance Management
Telematics
M2M GatewayNETWORK
Automotive Retail Industrial Healthcare Security & Surveillance Energy Smart Home Smart Cities
Windows I0 IoT
Switching focus: data and analytics
• Gartner identifies “Big Data” and extreme information processing and management, in-memory database management systems and quantum computing as transformational with adoption between 2 and 5 years
• This would also enable enterprises to leverage Predictive Analytics which has already seen greater mainstream adoption combined with cloud computing as transformational in broadening the options in developing and sourcing IT
Humans as data sources
Per person per day (in “golden billion”)
• 50-200 e-mails
• 10-50 voice calls
• 1-100 SMS and twits
• 0.1 blog posts
• 1-20 financial transactions
• 3-30 search requests
• 10-30 articles, read on the
Internet
• 10 audio records
• 30-90 minutes of
TV/Video
• 20-200 appearances in
video monitoring cameras
• 1-100 geospatial “notches”
• 20-200 RFID checks
And at least 4.5 billion of people have at least phones (mostly
wireless)
From The Human Face of Big Data by Rick Smolan. EMC inspired.
World today
…and tomorrow
What should we care about?
1. Get the rules of the game right.
2. Create value by doing.
3. Establish the foundations: value,
inclusion trust and control.
“Our vision: New Zealand is a world leader in the
trusted, inclusive and protected use of shared data to
deliver a prosperous society”
Why should we care?
Big = big opportunityFor governments:
• Budget savings
• Transparency and responsibility
• Real insight into society
• Optimal decisions
Big data = big opportunity
For people:
• Self organization
• Better experiences
• Intelligent environment
• Introspection
Big data = big opportunity
For business:
• Converting products to services
• Expanded value chains
• New business models
• Educated targeting
F r o m P r o d u c t t o S e r v i c e
V = V0 + A∙N + B∙N2
Value for
customer
Imminent
value
Volume
valueNetwork
value
On Premise
Off PremiseBig Data
& BIClients
Employees
Partners
Mobility
&
Connectivity Value
Socialization
of Business
http://www.businesslogicsystems.com/Data%20Management
Big data = big opportunity
For IT industry
• Next chance to change the world
• Step towards internet of everything
• Completely new markets
Big challengeFor people
• New lack of privacy
• Automated justice
• Need to understand
• Risks of:• Re-identification• Re-personalization• Undesirable profiling• False aggregation• Incorrect inferences• Unwanted targeting• Etc.
Joseph Goebbels
Big challenge
For business
• Hard to comply
• Easy to violate
• Unexpected backfire
• Need to defend sourcesTarget Predicts Pregnancy with Big Datahttp://smallbusiness.yahoo.com/advisor/target-predicts-pregnancy-big-data-104057627.html
Why Netflix's Facebook app would be illegalBy Julianne Pepitone @CNNMoneyTech March 27
VPPA arose from strange circumstances surrounding the
failed Supreme Court nomination of Robert Bork. While
Bork's nomination hearings were taking place in 1987, a
freelance writer for the Washington City Paper talked a
video store clerk into giving him Bork's rental history.
Google facing legal threat from six
European countries over privacyhttp://www.guardian.co.uk/technology/2013/apr/02/google-privacy-policy-legal-threat-europe
Big challenge
For government
• It is hard to be transparent
• It is easy to overuse
• Hard to defend sources
George Orwell, 1984http://budget4me.ru/ob/faces/home
http://online.wsj.com/article/SB10001424052970203391104577124540544
822220.html?mod=googlenews_wsj
http://www.wikileaks.org/
http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html
Big challenge
For IT industry
• Needs new hardware and software architecture to address scale
• Needs to know how to protect customers
• Needs to address extremely complicated usage scenarios
• Risk of over-restrictive regulation
Pro Con
People: collective knowledge
Business: from disordered offerings to quality of life service
Government: know and address real needs of citizens
IT industry: change the world (again?)
People: final lack of privacy
Business: disruptive scenarios
Government: chance to miss everything
loss of trust
IT industry: new approaches to hw and sw
architecture, addressing new challenges
Long term
Q: where do societies need to focus?
A: computational ethics and Big Data
• Benefiting from opportunities and mitigating risks assumes careful handling of
digital assets of high business and personal value, both in known scenarios and in
completely new situations
• To proceed successfully one should follow some sort of fundamental principles –
clear and consistent
“Ethics, also known as moral philosophy, is a branch of philosophy that involves
systematizing, defending and recommending concepts of right and wrong conduct.”
http://www.iep.utm.edu/ethics/
Why ethics?
Big Data and traditional ethics
• Let’s take concepts from traditional ethics and examine how they should
apply to the digital world, and how they evolve under influence of Big
Data capabilities
• Four elements of Big Data Ethics: Identity, Privacy, Ownership, Reputation
• Big Data is ethically neutral
• Personal data – not some specific data, but any data generated in the
course of a person’s activities
• Privacy interests, not always ultimate rights
• A responsible organization is an organization that is concerned both with
handling data in a way that aligns with its values and with being perceived
by others to handle data in such a manner.Kord Davis; Ethics of Big Data -
Balancing Risk and Innovation.
O'Reilly Media, 2012
Big-Data ethics: Privacy
• Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively(wikipedia).
• In 1993, the New Yorker published a cartoon whose caption read: “On the Internet, nobody knows you’re a dog” At the time, this was funny because it was true. Today, in the age of big data, it is not only possible to know that you’re a dog, but also what breed you are, your favorite snacks, your lineage, and whether you’ve ever won any awards at a dog show.
• There are two issues. First, does privacy mean the same thing in both online and offline in the real world? Second, should individuals have a legitimate ability to control data about themselves, and to what degree?
Following Davis Kord. Ethics of Big Data.
Benefits of ethics inquiry
• Faster consumer adoption by reducing fear of the unknown (how
are you using my data?)
• Reduction of friction from legislation from a more thorough
understanding of constrains and requirements
• Increased pace of innovation and collaboration derived from a
sense of purpose generated by explicitly shared values
• Reduced risk of unintended consequences from an overt
consideration of long-term, far-reaching implications of the use of
big-data technologies
Partially following Kord Davis. Ethics of Big Data.
Shorter term: focus on enabling trust
Where do we start?- understand the domain & who is responsible for what.
What should we expect of the cloud industry?- industry is an enabler- all clouds are not equal- public should expect a lot
Microsoft’s approach to trust: building security, privacy, transparency and compliance into the cloud
Cloud is becoming integral to business transformationThe secure pathway to innovation
39
Reshape how you engage with customersStart with a trusted &
resilient foundation
Enable more productive workLeverage economies of
scale and expertise
Drive new and more rapid
sources of innovation
Use the cloud to drive
business strategy
Cybersecurity concerns persistGlobal attacks are increasing and costs are rising
40
Cybercrime extracts between 15% and 20% of the
value created by the Internet.1
Total financial losses attributed to security
compromises increased 34% in 2014.3
In the UK, 81% of large corporations and 60% of small
businesses reported a cyberbreach in the past year.2
Impact of cyber attacks could be as much as $3 trillion
in lost productivity and growth.4
But cloud momentum continues to accelerate
“If you’re resisting the
cloud because of security
concerns, you’re running
out of excuses.”
“The question is no longer:
‘How do I move to the
cloud?’ Instead, it’s ‘Now
that I’m in the cloud, how
do I make sure I’ve
optimized my investment
and risk exposure?’”
“By 2020 clouds will stop
being referred to as ‘public’
and ‘private’. It will simply
be the way business is
done and IT is provisioned.”
41
1.2 billion worldwide users2
300+ million users per month5
48 million members in 57 countries4
57% of Fortune 5004
10,000 new subscribers per week2
3.5 million active users4
Online
5.5+ billion worldwide queries
each month3
450+ million unique users each month6
The Microsoft Trusted Cloud
200+ cloud services,
1+ million servers,
$15B+ infrastructure
investment
1 billion customers,
20 million businesses,
90 countries worldwide1
42
Microsoft cloud – a trusted foundation
Privacy and
ControlSecurity Transparency Compliance
43 43
Azure Security
Microsoft delivers enterprise cloud services
customers can trust
• Industry-leading best practices in the design and management
of online services
• Enhanced security, operational management, and threat
mitigation practices
• Trustworthy enterprise cloud services
• Centers of excellence
44
Infrastructure protection
Azure infrastructure includes hardware, software, networks, administrative and
operations staff, policies and procedures, and the physical data centers that house it all
24 hour monitored
PHYSICAL SECURITY
Centralized
MONITORING AND ALERTS
Anti-Virus/Anti-Malware
PROTECTION
Red Teaming
PENETRATION TESTING
FIREWALLSUpdate
MANAGEMENT
45
Network isolation: Blocks
unauthorized users from the
network using a distributed
virtual firewall
Virtual networks: Customers can connect one
or more cloud services using
private IP addresses.
VPN and ExpressRoute: Site-to-site and point-to-site
VPNs help enable secure
connections.
Encrypted
communications:
Encryption within and
between deployments, and
from Azure to on-premises
datacenters with TLS and
Perfect Forward Secrecy.
Network protection
Azure networking provides the infrastructure necessary to securely connect VMs to one another and to connect on-premises data centers with Azure VMs.
46
Identity & access control
Azure enables customers to better control access in a multi-tenant environment
Azure Active Directory (AD)
offers enterprise identity and
access management in the
cloud.
Enterprise cloud directory
Security reports monitor
access patterns that help
identify potential threats.
Access monitoring and
logging
Strong authentication adds an
extra layer of security for user
logins.
Multi-Factor
Authentication (MFA)
Users get a single sign-on option across
multiple applications and services.
Single sign-on
Developers can integrate their app with Azure
AD for single sign-on functionality for their
users.
Integration with customer applications
47
PrivacyAzure Privacy & Control
Microsoft makes our commitment to the privacy of
our customers a priority with independently audited
policies and practices that include restricting the
mining of Customer Data for advertising or similar
commercial purposes.
48
PrivacyTrustworthy foundation
Microsoft privacy principles are designed to facilitate the responsible use
of customer data, be transparent about practices, and offer meaningful
privacy choices.
Privacy by
Design
Guidelines that help ensure privacy is applied in the
development and deployment of products and services.
Microsoft
Privacy Standard
Azure uses logical isolation to segregate
each customer’s data from that
of others.Data segregation
49
ISO/IEC 27018
Prevents use of customer data for
purposes unrelated to providing the
cloud service.
Prohibits use of customer data for
advertising and marketing purposes
without customer’s express consent.
Microsoft is the first
major cloud provider
to adopt the first
international code of
practice for governing
the processing of
personal information
by cloud service
providers.
50
Contractual commitments
Adopt ISO/IEC 27018 code of practice
Offer customers E.U. Standard Contractual Clauses that provide
specific contractual guarantees around transfers of personal data
for in-scope services.
Have European data privacy authorities validate that its
enterprise agreement meets EU requirements on international
data transfers
Abide by US-EU Safe Harbor Framework and the US-Swiss Safe
Harbor Program.
Microsoft
was the first
major cloud
service
provider to…
51
Access controls are verified by independent audit and certifications.
Restricted data access
52
Customer data is only accessed when necessary to support customer’s use of
Azure (e.g. troubleshooting or feature improvement), or when required by law.
When granted, access is controlled and logged.
Strong authentication, including MFA, helps limit access to
authorized personnel only.
Access is revoked as soon as it’s no longer needed.
Law enforcement requests
The Law Enforcement Request Report discloses
details of requests every 6 months.
Microsoft doesn’t provide any government with
direct or unfettered access to Customer Data.
Microsoft only releases specific data
mandated by the relevant legal demand.
If a government wants customer data it
needs to follow the applicable legal process.
Microsoft only responds to requests for specific
accounts and identifiers.
Microsoft does not
disclose Customer Data
to law enforcement
unless as directed by
customer or required by
law, and will notify
customers when
compelled to disclose,
unless prohibited by law.
53
Customer Data
54
When a customer utilizes Azure, they retain exclusive ownership of their data.
Control over
data location
Customers choose data location and
replication options.
Role based
access control
Tools support authorization based on a user’s role,
simplifying access control across defined groups of users.
Encryption key
management
Customers have the flexibility to generate and manage
their own encryption keys.
Control
over data destruction
Deletion of data on customer request and on contract
termination.
Data protection
Azure provides customers with strong data protections – both by default and as
customer options
55
Data isolation
Logical isolation segregates each customer’s
data from that of others is enabled by default.
In-transit data protection
Industry-standard protocols encrypt data in
transit to/from outside components, as well as
data in transit internally by default.
Data redundancy
Customers have multiple options for
replicating data, including number of copies
and number and location of replication data
centers.
At-rest data protection
Customers can implement a range of
encryption options for virtual machines and
storage.
Encryption
Data encryption in storage or in transit can be
deployed by the customer to align with best
practices for ensuring confidentiality and
integrity of data.
Data destruction
Strict standards for overwriting storage
resources before reuse and the physical
destruction of decommissioned hardware are
by default.
Cloud Transparency
Microsoft helps enable customer control over
Customer Data by providing transparency into where
it is stored, who can access it, and how Microsoft
helps secure it, with accessible tools and
straightforward language.
56
Data storage and use
57
Customers
know where and
how their data is
stored and used
Customers control where Customer Data is stored
Microsoft doesn’t use Customer Data for advertising
Microsoft doesn’t share Customer Data with our advertiser-supported services or
mine it for marketing
Microsoft uses Customer Data only to provide the services,
including purposes compatible with providing the services.
Customers may delete Customer Data
or leave the service at any time
Security practices
Build security into software code (SDL)
Ensure Azure infrastructure is resilient to
attack
Safeguard user access to Azure
environment
Keep customer data secure through
encrypted communications
Customer
knows how
we help
secure their
data
58
Microsoft and compliance
Microsoft invests heavily in the development of
innovative compliance technology, processes and
integration in Azure. The Microsoft compliance
framework for online services maps controls to
multiple regulatory standards, which helps drive the
design and building of services that meet today’s
high level of security and privacy needs.
59
Azure Compliance
Microsoft’s security
compliance program includes
rigorous testing, the
implementation of best
practices, and many other
functions to achieve
certificates and attestations.
Azure meets a
broad set of
international,
regional, and
industry-specific
compliance and
regulatory
standards.
60
Compliance framework
Microsoft maintains a
team of experts focused
on ensuring that Azure
meets its own
compliance obligations,
which helps customers
meet their own
compliance requirements.
Compliance
certifications
Compliance strategy
helps customers address
business objectives and
industry standards &
regulations, including
ongoing evaluation and
adoption of emerging
standards and practices.
Continual evaluation,
benchmarking, adoption,
test & audit
Ongoing verification by
third party audit firms.
Independent verification
Microsoft shares audit
report findings and
compliance packages
with customers.
Access to audit reports
Prescriptive guidance on
securing data, apps, and
infrastructure in Azure
makes it easier for
customers to achieve
compliance.
Best practices
61
Extensive experience and credentials
62
Operations
Security
Assurance
HIPAA/
HITECH
CJISSOC 1
201220112010
SOC 2
FedRAMP
P-ATO
FISMA
ATO
UK G-Cloud OFFICIAL
2013 2014 2015
ISO/IEC
27001:2005
CSA Cloud
Controls
Matrix
PCI DSS
Level 1
AU IRAP
Accreditation
Singapore
MCTS
ISO/IEC
27018EU Data
Protection
Directive
CDSA
Partnering with industry leaders
Extensive experience in
security compliance
assessments for both
U.S. and global
government customers
Promoting a standards-
based approach to cloud
compliance
Proposing clear
principles for reform of
government surveillance
63