Eve Maler, VP Innovation and Emerging Technology, ForgeRock sits down with theCUBE's Jeff Frick at Data Privacy Day 2017.
Passwords are passé, so what can stop privacy disasters in the IoT age?
https://siliconangle.com/2017/01/31/passwords-passe-can-stop-privacy-disasters-iot-age/
How does an application know that users are actually whom they say they are?
The answer in many cases is still: with a password. But the Internet of Things is exposing new problems with this already inadequate method, as the recent Dyn DDoS hacks demonstrated when they took down large swaths of the Internet for many people last October.
Eve Maler, vice president of innovation and emerging technology at ForgeRock Inc., a platform for securing digital identities, thinks some big changes to security architectures and authentication techniques will be needed to avoid data privacy disasters in coming years. She spoke about what’s coming next with Jeff Frick, co-host of theCUBE, SiliconANGLE Media’s mobile live streaming studio.
TheCUBE interviewed Maler and other privacy and security experts at a Data Privacy Day event held by the National Cyber Security Alliance at the San Francisco headquarters of Twitter Inc., a sponsor of the event. Data Privacy Day is an annual celebration to recognize the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty concerning privacy and data protection.
Maler identified the OAuth open standard authentication software — a way for Internet users to allow websites or applications to access their information on other websites without having to give them the passwords — as a promising path forward. Maler said that it’s not so much passwords that are the problem, but the way they are punted around the Internet. OAuth skirts that problem by whittling down the points of access.
Twitter and other high-profile companies use OAuth now, and ForgeRock would like to see this point-to-point, data sharing model spread. “We want to allow every application in the world to be able to do that, not just Google Docs, Google Sheets and so on,” she said.
IoT crackdown
Maler said that IoT is an area crying out for more capable identification technology. She argued that the recent Dyn DDoS hacks were made possible by poorly authenticated devices.
She said that, thankfully, government agencies are finally cracking down on these fault lines in IoT device security, but businesses ultimately need to take charge. “We need to authenticate our devices better, and that’s something manufacturers have to take responsibility for,” she said.
Makers of highly personal devices developing in the Internet of Things need to make sure they keep personal data close to the person. Maler said that in the healthcare field, the people who work on patient security adhere to a principle summed up in the phrase, “No data about me without me.”
She added that this needs be adopted as the creed in IoT data sharing — and not just for blanket permission. Users increasingly want to know more than who has access to their data, but exactly what data and for what purpose. “It’s got to be not just more transparent, but ‘What is it you’re sharing about me?'” she said.
The work to be done now is in binding and unbinding an individual’s identity to a device on one end and a cloud account on another. “So now we are back to having an identity-centric architecture for security and privacy,” she said. She gave the example of a single smart police vehicle that would collect data on different officers through the binding and unbinding of their digital identities to the car.
Maler said that smarter identification could lead to much greater flexibility of security controls. For instance, she said an owner could give someone permission to deliver a package to their car’s trunk but not to drive a car. She said that Airbnb hosts could give guests limited permission to use smart devices in the home while they are away.
Maler also said that companies need to understand that customers asking for more control are not simply shooing them away. “They want share buttons. We saw that with the initial introduction of Care Kit with Apple,” she said, adding that the transparent, person-to-person sharing is what app designers should be aiming for.
Data D-day looming
Maler said companies that do not get more transparent about data-sharing risk big losses in the near future. Regulations such as the General Data Protection Regulation in the EU, she said, are “bearing down on pretty much every multinational, every global enterprise that monitors or sells to EU citizens.”
@ForgeRock @SiliconANGLE theCUBE @theCUBE #theCUBE #WomenInTech #DataPrivacyDay @xmlgrrl
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Data Privacy Day 2017. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For Data Privacy Day 2017
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for Data Privacy Day 2017.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Data Privacy Day 2017. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to Data Privacy Day 2017
Please sign in with LinkedIn to continue to Data Privacy Day 2017. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Eve Maler, ForgeRock | Data Privacy Day 2017
Eve Maler, VP Innovation and Emerging Technology, ForgeRock sits down with theCUBE's Jeff Frick at Data Privacy Day 2017.
Passwords are passé, so what can stop privacy disasters in the IoT age?
https://siliconangle.com/2017/01/31/passwords-passe-can-stop-privacy-disasters-iot-age/
How does an application know that users are actually whom they say they are?
The answer in many cases is still: with a password. But the Internet of Things is exposing new problems with this already inadequate method, as the recent Dyn DDoS hacks demonstrated when they took down large swaths of the Internet for many people last October.
Eve Maler, vice president of innovation and emerging technology at ForgeRock Inc., a platform for securing digital identities, thinks some big changes to security architectures and authentication techniques will be needed to avoid data privacy disasters in coming years. She spoke about what’s coming next with Jeff Frick, co-host of theCUBE, SiliconANGLE Media’s mobile live streaming studio.
TheCUBE interviewed Maler and other privacy and security experts at a Data Privacy Day event held by the National Cyber Security Alliance at the San Francisco headquarters of Twitter Inc., a sponsor of the event. Data Privacy Day is an annual celebration to recognize the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty concerning privacy and data protection.
Maler identified the OAuth open standard authentication software — a way for Internet users to allow websites or applications to access their information on other websites without having to give them the passwords — as a promising path forward. Maler said that it’s not so much passwords that are the problem, but the way they are punted around the Internet. OAuth skirts that problem by whittling down the points of access.
Twitter and other high-profile companies use OAuth now, and ForgeRock would like to see this point-to-point, data sharing model spread. “We want to allow every application in the world to be able to do that, not just Google Docs, Google Sheets and so on,” she said.
IoT crackdown
Maler said that IoT is an area crying out for more capable identification technology. She argued that the recent Dyn DDoS hacks were made possible by poorly authenticated devices.
She said that, thankfully, government agencies are finally cracking down on these fault lines in IoT device security, but businesses ultimately need to take charge. “We need to authenticate our devices better, and that’s something manufacturers have to take responsibility for,” she said.
Makers of highly personal devices developing in the Internet of Things need to make sure they keep personal data close to the person. Maler said that in the healthcare field, the people who work on patient security adhere to a principle summed up in the phrase, “No data about me without me.”
She added that this needs be adopted as the creed in IoT data sharing — and not just for blanket permission. Users increasingly want to know more than who has access to their data, but exactly what data and for what purpose. “It’s got to be not just more transparent, but ‘What is it you’re sharing about me?'” she said.
The work to be done now is in binding and unbinding an individual’s identity to a device on one end and a cloud account on another. “So now we are back to having an identity-centric architecture for security and privacy,” she said. She gave the example of a single smart police vehicle that would collect data on different officers through the binding and unbinding of their digital identities to the car.
Maler said that smarter identification could lead to much greater flexibility of security controls. For instance, she said an owner could give someone permission to deliver a package to their car’s trunk but not to drive a car. She said that Airbnb hosts could give guests limited permission to use smart devices in the home while they are away.
Maler also said that companies need to understand that customers asking for more control are not simply shooing them away. “They want share buttons. We saw that with the initial introduction of Care Kit with Apple,” she said, adding that the transparent, person-to-person sharing is what app designers should be aiming for.
Data D-day looming
Maler said companies that do not get more transparent about data-sharing risk big losses in the near future. Regulations such as the General Data Protection Regulation in the EU, she said, are “bearing down on pretty much every multinational, every global enterprise that monitors or sells to EU citizens.”
@ForgeRock @SiliconANGLE theCUBE @theCUBE #theCUBE #WomenInTech #DataPrivacyDay @xmlgrrl
