Today marks a milestone in the history of KuppingerCole, since today is the day we welcome the youngest member of our team. Did I say “young”? Sorry, wrong word. Of course he isn’t really the oldest – that’s still me. But he ain’t exactly no spring chicken, either.
I’m talking about Craig Burton, of course. Yes, that Craig Burton. The guy who founded The Burton Group. The same guy who almost single-handedly defined what it means to be an analyst in the Identity & Access Management workplace. The one of the leading lights in our industry, grayest of “eminence gris” in a field where graying temples and even manes of white are becoming increasingly common.
Craig left the company that still bears his name quite awhile before they were acquired by Gartner, and he has spent most of his time working as a private consultant, at the same time performing the heartrending duties of a son during the final years of terminally ill parents. He is now a free agent once again, and he is eager to explore the future of an IT industry that he sees as becoming increasingly identity-aware in ways that many of us still can’t really imagine. His first post on his new KuppingerCole blog is entitled “The Living Web” and explores how the “Internet of Things” will change our lives perhaps more profoundly than the original World Wide Web.
“Silicon-based lifeforms” is a term Ray Bradbury might have used to great effect. “Invasion of the Sand Beings” would have made a great sci-fi title. Just imagine the film trailer: “They’re awesome! They’re everywhere! They’re made of silicon! They’re indestructable!”
So imagine my surprise hearing what seemed at first to be a level-headed CEO explaining to me that his company, Venafi, is in the business of supplying “ID badges for silicon-based lifeforms” Okay, Venafi has its headquarters in a Salt Lake City suburb named, of all things, Sandy, but this surely is a pun too far, isn’t it?
No joke, though. Jeff Hudson sees certificates as the best, or at least the most pervailent way of giving identity to the machines that run our IT systems – and increasingly the world. Read the rest of this entry »
Almost two years ago, I blogged about a conversation I had with Martin (“Tall Martin”) Buhr about Cloud Security. At the time, he was the European head of Amazon’s Web Services, and he has recently moved on to Nimbula (“the Cloud Operating System company”) as head of sales and business development, but his words came back to me during an analyst panel at RSA Conference in SFO, where I shared the rostrum with Eric Maiwald of Gartner and Jonathan Penn of Forrester and during which we touched on regulation issues that could block the development of Cloud Computing.
In Europe, the case is very clear: The European Data Protection Directive only allows personal data to be transferred to so-called “third countries” if that country provides an adequate level of protection. The most prominent third country is, of course, the United States which chooses for reasons we needn’t get into here to refuse individuals the right to control their personal data the way Europeans can.
In the age of packet switching, nobody can be sure some piece of information won’t make a hop over to New York or San Francisco on its way from, say, London to Frankfurt. That is the charm and the wonder of TCP/IP, that data will always find a workaround if some part of the net is blocked, clogged or restricted. The original scenario, of course, was a Russian attack on the U.S. military’s communications infrastructure, and the thing data packets were supposed to get around were gaping, radioactive holes in the ground where major U.S. cities (and telephone hubs) once stood.
Thankfully, the clear and present danger of such doomsday scenarios has faded somewhat, but the principle behind TCP/IP remains: It is almost impossible to restrict the flow of data anywhere in the world, short of shutting down the entire Internet, as the authorities in Egypt and Iran have done, or erecting gigantic electronic barriers like the Great Firewall of China.
Since in the age of Cloud Computing, nobody really know where on earth their data are at any given moment (that’s the charm of Cloud Computing, after all!), any European CEO who allows personal data about customer or employees to be stored in the Cloud can be seen as having one foot in jail. Let an auditor or a police investigator find that data residing outside the physical boundaries of the EU, then the CEO’s number is up. And he can’t pass the buck on to his CIO, because managerial liability doesn’t work that way. It’s his call, and if he didn’t keep his CIO on a leash, then tough luck!
More than 250.000 people have watched “ethical hacker” Chris Paget cruising the streets of San Francisco gathering RFID data from the new U.S. PASS cards and “enhanced” chipped drivers licenses. All it took him about $250 for a scanner and an antenna, as well as a piece of software he downloaded from the Internet. The new “e-passports” are now mandatory for U.S. citizens entering the United States from Canada, Mexico, Bermuda and the Caribbean, though conventional passports will be accepted as long as they are valid. Paget was able to read and clone the information of the chips within minutes. While only tag numbers were intercepted, not the personal data on the chip, this is enough to identify and track individuals, which brings us a step closer to my favorite nightmare scenario: As I leave the airport in, say, Tunis or Cairo on my way to a nice sunny vacation I am picked up and followed by jihadists bent on killing any American capitalist swine they can find.
This may not be news to most of us, but what struck me was a comment by Gigi Zenk, a spokeswoman for the Washington state Department of Licensing, quoted in today’s edition of the “International Herald Tribune”, who believes that “Americans aren’t that concerned about RFID” in a time when “tracking an individual is much easier through a cellphone.”
Is this simply a brainless bureaucrat talking twaddle, or is she being cynical? Then again, maybe she has a point: If people did care a lot about “little brother”, as the global surveillance web is now being referred to, wouldn’t they do something about it? Like switch off their mobiles?There have been rpeorts of German tax dodgers being caught because they said they were at home when in fact their phones were in the offices of a bank in Zurich.
In Germany, supposedly a country obsessed with privacy concerns and boasting the strictest data protection laws on the planet, a law calling for issuing RFID-enabled passports passed with hardly a murmur, and they are now gearing up to issue each and every one of their 80-some million citizens a mandatory personal ID card that will also carry a chip.
Maybe cynicism does help. How about this: If everybody is naked, nobody will be bothered by nakedness. Just blend in with the crowd. Implant an RFID chip in every forehead. There’s safety in numbers, after all. Or then again, maybe not…
I know it’s funny, but in fact it’s me, by far the oldest guy at KCP, who is actually the greatest fan of Twitter. Perhaps if you don’t have as much time left to waste as some of my younger colleagues you learn to appreciate abbreviation.
Anyway, the European Identity Conference which ended yesterday here in Munich produced a bumper crop of Tweets which I have been browsing through this morning at my leisure (first time in a week I’v had any), and I thought I would share a few with those of you who do not yet fully appreciate just how powerful this new medium actually is.
Summing up of a large multinational conference like EIC running over many days and featuring some of the finest speakers in the industry, and doing this in a format that restricts the writer to 140 characters max, is a challenge, of course, but many of those present not only rose to it, but proved themselves past masters of terse, to-the-point, no nosense (well actually, sometimes a bit of nonsense) communication.
