PDEC is the Personal Data Ecosystem Consortium based on Silicon Valley. The consortium consists of over 30 start ups focusing on the personal information space. www.pde.cc
Personal.com ( www.personal.com ) has a beta in the market and announced today a connection with Dropbox and Evernote that will see their service used by many more users. Here is a link to an article by Venturebeat http://venturebeat.com/2012/09/11/personal/
Azigo (www.azigo.com ) has released it Beta Vendor relationship Management service that will help you manage your relationships with Vendors as opposed to you being managed by the vendors you deal with. Check out their website and try the beta for yourself.
Great to see some of the PDEC companies getting serious solutions into the market to help us manage our personal information in smart and secure ways.
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Tuesday, September 11, 2012
Thursday, August 18, 2011
Would your loved ones have the information they need if something was to happen to you?
One of the main reasons customers tell us they value myINFOSAFE, is that they know that if something was to happen to them, then their loved ones would be able to access all the information they need, in one secure place. This could be just when you are away from home on business or visiting friends, or could be in the event of a major illness or accident, or in the worst case, when someone passes away.
Just think about the scenario; would they know what insurance cover there is in place, would they know where your Will and other important documents are; do they know the details of your past health. and that of other family members; could they log onto banking websites so they can know what money is available and what bills need to be paid regularly; would they know what investments there and when they mature etc.
We have been researching Wills and estate management situations recently, and not only can it be a stressful and emotional time in dealing with the grief over the loss of a loved one, but it is often an expensive and time consuming process as well. It is clear to us that the process of administering an estate is completed much easier, and significantly less expensively, if relevant up to date information is available.
We encourage our customers to make sure someone you trust knows how to access myINFOSAFE in times of need. This can either be letting someone know where to find the password if needed, or by providing them a copy of myINFOSAFE with your information on a USB stick so that they can access in an emergency. You could even print out the relevant pages from myINFOSAFE and provide it to someone to keep in a safe place for when it is needed.
So take this as a reminder for you to go and check if you have all your personal information up to-date and that some one knows how to access it. It is surprising how key information can change overtime. You will also gain benefit from being able to access the information yourself when you need it.
Just think about the scenario; would they know what insurance cover there is in place, would they know where your Will and other important documents are; do they know the details of your past health. and that of other family members; could they log onto banking websites so they can know what money is available and what bills need to be paid regularly; would they know what investments there and when they mature etc.
We have been researching Wills and estate management situations recently, and not only can it be a stressful and emotional time in dealing with the grief over the loss of a loved one, but it is often an expensive and time consuming process as well. It is clear to us that the process of administering an estate is completed much easier, and significantly less expensively, if relevant up to date information is available.
We encourage our customers to make sure someone you trust knows how to access myINFOSAFE in times of need. This can either be letting someone know where to find the password if needed, or by providing them a copy of myINFOSAFE with your information on a USB stick so that they can access in an emergency. You could even print out the relevant pages from myINFOSAFE and provide it to someone to keep in a safe place for when it is needed.
So take this as a reminder for you to go and check if you have all your personal information up to-date and that some one knows how to access it. It is surprising how key information can change overtime. You will also gain benefit from being able to access the information yourself when you need it.
Friday, July 29, 2011
Are you keeping up with Smart Phones?
Smart Phones are everywhere and they're not just being used to make phone calls. Over 60 per cent of the use of Smart Phones is now for social networking, email, browsing the net, conducting business activity, listening to music, taking pictures and playing games.
This change of use often means there is significant personal information either stored, emitted (e.g. location and usage) or accessible from your Smart Phone. These added functions offer real benefits to users but also risks, not only to the individual, but to businesses. But firstly, what is driving this market growth in Smart Phones?
Apple gave the market a real move-on kick over the last few years with their stylish iPhone range. This has been so succesful that it has helped Apple become the world's second most valuable company behind Exxon. Such market dominance attracts competition though, and we have seen phones using Google's Android operating system recently overtake Apple in terms of devices being shipped. Meanwhile, traditional phone vendors such as Nokia have fallen well behind.
The growth in this market also comes at the expense of the PC market. IDC is telling us that in the fourth quarter of 2010 there were more Smart Phones sold globally than PCs as more people make their phone their primary IT device.
This trend is not abating and we have seen the traditional PC market players realising the importance of the Smart Phone market and start investing to be part of it. For example, HP has recently launched their Veer Smart Phones and Microsoft is attempting to shore up market share by purchasing Skype and has teamed up with Nokia who is now shipping their new phones with the Windows operating system at their core.
Traditional mobile telecommunication carriers are also being impacted. They see the value in their brand diminished by the brand of the device manufacturer and application provider and risk being relegated to providers of core infrastructure bandwidth alone.
This growth in Smart Phones is attracting significant investment. On a recent trip to Silicon Valley, I saw this first hand when I learnt that one leading venture capital firm alone, Kleiner Perkins, has a US$400 million fund for iPhone apps as well as a US$400 million fund for Android. That level of investment will drive better applications for the user and will further accelerate growth in sales of Smart Phones.
One result of this massive growth is the "consumerisation" of IT. What this means is that new information technology emerges first in consumer markets and then spreads into businesses and not the other way around as we have seen in the past. We find that often our home based IT equipment and services are both more capable and less expensive than what is provided in the workplace.
At the recent Net Hui, I facilitated a session around "The changing face of the internet - Mobile and Security". Over a hundred people were in the session and the core of the discussion centred around two things, the desire of people to increasingly bring their own technology into the work place and the need for increased security on mobile devices.
Consumerisation is fuelling tension between the traditional business model of providing staff a corporate phone and controlling the use of the device and the information on it via corporate policies and you wanting to Bring Your Own Device or Technology (BYOD or BYOT) to the workplace.
We discussed this at length at the NetHui session and it was clear that many users were being forced to carry at least two cell phones, which is not ideal. Some organisations (mainly smaller ones) had already moved to allow staff to have their own devices. However, all agreed that there needs to be a clear policy within organisations to explaining to staff what the rules are regarding their Smart Phone use in either scenario.
This is not simple though, and there are many real issues that need to be considered. What happens when a device is lost? If it is, is the business able to direct that all information, including personal data, is wiped from the phone?
What happens to company information on the phone when the user leaves the company? What behaviour can the business expect from the staff member on the device to ensure the reputation of the business is not impacted?
Who shares the cost for the device? Should the company be able to restrict access to certain sites the user wants to use on the device? Who is responsible for keeping the phones operating system up to date with security patches?
I cannot provide answers to all of these questions here. Each organisation needs to do this for itself based on its own position. It is clear that many businesses are having to update their mobile phone and security policies and there is an opportunity for collaboration here to help each other and avoid us all having to reinvent the wheel.
The NetHui provided an online forum for discussion on this topic that will be left open until the next Hui. I encourage all of you who are interested or concerned about this area to make use of the forum to post your thoughts, questions, and provide answers if you can. You can even post copies of policies that are working for your organisation or those that are not.
What is the long term solution then? Maybe we can look to the wider market where we are seeing function move from the end user devices up into the cloud, enabling use of the utility scale that offers lower price, improved security and simplified management. Will we see the same happen with Smart Phones? Will that mean we will see Smart Phones become less smart over time and become just a mobile access point to services in the cloud? This way, personal and business applications could be accessed from different cloud based services, making them easier to turn off and on as the needs of the user, and who they work for, changes.
This change of use often means there is significant personal information either stored, emitted (e.g. location and usage) or accessible from your Smart Phone. These added functions offer real benefits to users but also risks, not only to the individual, but to businesses. But firstly, what is driving this market growth in Smart Phones?
Apple gave the market a real move-on kick over the last few years with their stylish iPhone range. This has been so succesful that it has helped Apple become the world's second most valuable company behind Exxon. Such market dominance attracts competition though, and we have seen phones using Google's Android operating system recently overtake Apple in terms of devices being shipped. Meanwhile, traditional phone vendors such as Nokia have fallen well behind.
The growth in this market also comes at the expense of the PC market. IDC is telling us that in the fourth quarter of 2010 there were more Smart Phones sold globally than PCs as more people make their phone their primary IT device.
This trend is not abating and we have seen the traditional PC market players realising the importance of the Smart Phone market and start investing to be part of it. For example, HP has recently launched their Veer Smart Phones and Microsoft is attempting to shore up market share by purchasing Skype and has teamed up with Nokia who is now shipping their new phones with the Windows operating system at their core.
Traditional mobile telecommunication carriers are also being impacted. They see the value in their brand diminished by the brand of the device manufacturer and application provider and risk being relegated to providers of core infrastructure bandwidth alone.
This growth in Smart Phones is attracting significant investment. On a recent trip to Silicon Valley, I saw this first hand when I learnt that one leading venture capital firm alone, Kleiner Perkins, has a US$400 million fund for iPhone apps as well as a US$400 million fund for Android. That level of investment will drive better applications for the user and will further accelerate growth in sales of Smart Phones.
One result of this massive growth is the "consumerisation" of IT. What this means is that new information technology emerges first in consumer markets and then spreads into businesses and not the other way around as we have seen in the past. We find that often our home based IT equipment and services are both more capable and less expensive than what is provided in the workplace.
At the recent Net Hui, I facilitated a session around "The changing face of the internet - Mobile and Security". Over a hundred people were in the session and the core of the discussion centred around two things, the desire of people to increasingly bring their own technology into the work place and the need for increased security on mobile devices.
Consumerisation is fuelling tension between the traditional business model of providing staff a corporate phone and controlling the use of the device and the information on it via corporate policies and you wanting to Bring Your Own Device or Technology (BYOD or BYOT) to the workplace.
We discussed this at length at the NetHui session and it was clear that many users were being forced to carry at least two cell phones, which is not ideal. Some organisations (mainly smaller ones) had already moved to allow staff to have their own devices. However, all agreed that there needs to be a clear policy within organisations to explaining to staff what the rules are regarding their Smart Phone use in either scenario.
This is not simple though, and there are many real issues that need to be considered. What happens when a device is lost? If it is, is the business able to direct that all information, including personal data, is wiped from the phone?
What happens to company information on the phone when the user leaves the company? What behaviour can the business expect from the staff member on the device to ensure the reputation of the business is not impacted?
Who shares the cost for the device? Should the company be able to restrict access to certain sites the user wants to use on the device? Who is responsible for keeping the phones operating system up to date with security patches?
I cannot provide answers to all of these questions here. Each organisation needs to do this for itself based on its own position. It is clear that many businesses are having to update their mobile phone and security policies and there is an opportunity for collaboration here to help each other and avoid us all having to reinvent the wheel.
The NetHui provided an online forum for discussion on this topic that will be left open until the next Hui. I encourage all of you who are interested or concerned about this area to make use of the forum to post your thoughts, questions, and provide answers if you can. You can even post copies of policies that are working for your organisation or those that are not.
What is the long term solution then? Maybe we can look to the wider market where we are seeing function move from the end user devices up into the cloud, enabling use of the utility scale that offers lower price, improved security and simplified management. Will we see the same happen with Smart Phones? Will that mean we will see Smart Phones become less smart over time and become just a mobile access point to services in the cloud? This way, personal and business applications could be accessed from different cloud based services, making them easier to turn off and on as the needs of the user, and who they work for, changes.
Sunday, July 17, 2011
Is Anyone Safe in Cyberspace?
I have just read the US Department of Defense (DoD) Strategy for Operating in Cyberspace (July 2011). Within the document it is states that the "DoD networks are probed millions of time every day, and successful penetrations have led to the loss of thousands of files from U.S. networks and those of U.S. allies and industry partners". If the DoD cannot protect its information in cyberspace who can?
It is great to see that the DoD recognises the pervasiveness of technology in our lives today and that we are dependent on technology to run critical infrastructure (e.g. Transportation, Communication), to facilitate trade and for markets to operate.
Balancing this need for security and protection, is the reliance on the inherent openness of cyberspace to enable "new forms of entrepreneurship, advances in technology, the spread of free speech, and new social networks that drive our economy and reflect our principles".
This openness means that "the Internet was designed to be collaborative, rapidly expandable, and easily adaptable to technological innovation. Information flow took precedence over content integrity; identity authentication was less important than connectivity."
It is great to see the DoD making such a policy available in a transparent way, sharing their thinking and recognition of this issue so that we can all work together to resolve the issues that the Internet presents while protecting the opportunities it presents.
Perhaps the most unexpected comment for me was the recognition that the threat to Intellectual Property is seen as the most pervasive threat today and seen as more important than the threat to critical infrastructure - "Every year an amount of intellectual property larger than that contained in the Library of Congress is stolen from networks maintained by US businesses, Universities, and Government Departments and Agencies." Clearly information is power and businesses and economies rely on managing and protecting protect such information for their survival just as we as individuals need to manage and control our own personal information in the cyberworld we live in.
Here is the link to the document if you are interested - It is only about 12 pages long and very readable. DoD - Strategy for Operating in Cyberspace
Monday, June 13, 2011
Privacy of Personal Information
How private is information you post on the internet? Is it more secure than if you store that information on your PC?
The reality is that information can be very secure or very insecure on both platforms.
In regards to the Web, I found a helpful view in David Siegel's book "PULL". He states that there are three basic levels to the Web and area findable by public search engines like Google and Bing.
The Public Web which we normally see when searching and browsing for information online.
The Deep Web which includes large data repositories that public search engines usually do not see. E.g. Craigslist, Grainger etc.
The Private Web which we can only get access to if we qualify or have access rights. E.g. Corporate intranets or subscription based services. Again, this information is not searchable by public search engines.
So your data is more secure in the private web than the public web, but, in all these systems there are people that have the ability to access your information if they wish to. There is always a systems administrator or similar with super admin rights to each database and can just about always get to see what data is stored anywhere.
On your PC you may think your data is safe, but there are two main ways that people can gain access to information on your PC.
Remotely - If your PC is connected to the internet, even if you have firewall protection or security software, there are ways that people can gain access to your PC and search your information.
Physically - If someone gains physical access to your PC, and even if your PC is password protected, people who know how can access your PC and search your information. This can also be that case if they get hold of any of your back up devices for your PC.
On either platform the best way to ensure that your data is not compromised is to have it encrypted with a strong cryptographic key that is kept confidential (and separated from any systems administrator). This way, even if information is found it cannot be read or understood as all the information is encoded using this key.
The cracking of a strong encryption key of about 192 or 256 bits is considered infeasible.
So, be careful what you do with your information. If you want it shared then that is fine. If you want it safe and protected, encrypt it – end of story.
The reality is that information can be very secure or very insecure on both platforms.
In regards to the Web, I found a helpful view in David Siegel's book "PULL". He states that there are three basic levels to the Web and area findable by public search engines like Google and Bing.
The Public Web which we normally see when searching and browsing for information online.
The Deep Web which includes large data repositories that public search engines usually do not see. E.g. Craigslist, Grainger etc.
The Private Web which we can only get access to if we qualify or have access rights. E.g. Corporate intranets or subscription based services. Again, this information is not searchable by public search engines.
So your data is more secure in the private web than the public web, but, in all these systems there are people that have the ability to access your information if they wish to. There is always a systems administrator or similar with super admin rights to each database and can just about always get to see what data is stored anywhere.
On your PC you may think your data is safe, but there are two main ways that people can gain access to information on your PC.
Remotely - If your PC is connected to the internet, even if you have firewall protection or security software, there are ways that people can gain access to your PC and search your information.
Physically - If someone gains physical access to your PC, and even if your PC is password protected, people who know how can access your PC and search your information. This can also be that case if they get hold of any of your back up devices for your PC.
On either platform the best way to ensure that your data is not compromised is to have it encrypted with a strong cryptographic key that is kept confidential (and separated from any systems administrator). This way, even if information is found it cannot be read or understood as all the information is encoded using this key.
The cracking of a strong encryption key of about 192 or 256 bits is considered infeasible.
So, be careful what you do with your information. If you want it shared then that is fine. If you want it safe and protected, encrypt it – end of story.
Wednesday, May 25, 2011
What is our identity in the digital world?
As with any new system, it will evolve over time and hopefully improve the way it operates. The Internet has evolved primarily by the construction of individual websites that view the people they interact with as "their" customers and so have set up userID's and passwords to let users enter "their"system.
Of course as more and more websites have been built we the users have had to have more and more UserID's and Passwords the we have to remember to enter each website we want to make use of. Of course each website has different rules and processes for setting userID's and passwords. Some ask you to use your email address, some ask for a unique identifier for you that may not be able to be your name. The passwords can be short or long, capitalised, include symbols etc. which makes it impossible to have the same password (not that we should be using the same password should we).
What we need to evolve to is the Internet seeing individuals as real people who need to access more than one site. This is where the Open ID was formed. The Open ID allows you to use an existing account to sign into multiple websites, without needing to create new passwords.
Click here to find out more about Open ID http://openid.net/get-an-openid/what-is-openid/
More and more websites are adopting Open ID or something like it, including some of the big players like Google and Yahoo. This will help users have a better experience on the Internet over time. Bring it on!
Please let me know if you have used Open ID of something similar and let me know if it is improving the experience on the Internet or if it is creating issues for you.
Saturday, January 8, 2011
How private is our personal information?
We have all heard about Wikileaks. I noticed this article today that made me think about all personal information stored on the web in cloud based solutions that you may think is private and secure but can be clearly accessed under legal process as required.
http://nz.news.yahoo.com/a/-/world/8615201/u-s-orders-twitter-to-hand-over-wikileaks-records/
We considering this as part of the design of myINFOSAFE. If we were ever asked to provide details of account codes and encryption keys for customers by the court, we would have to do this. But we could not provide any of the customers personal information stored in myINFOSAFE as we do not have access to it as it is stored locally on the users PC and is protected by a password that we do not know. (assuming the user has changed it from the default). The customer has control of their information and they can protect it, back it up or delete it in any way they want.
It makes you think that while there are many benefits of cloud based systems there are weaknesses that you need to be aware of in relation to your personal information.
Look forward to some discussion on this please.
http://nz.news.yahoo.com/a/-/world/8615201/u-s-orders-twitter-to-hand-over-wikileaks-records/
We considering this as part of the design of myINFOSAFE. If we were ever asked to provide details of account codes and encryption keys for customers by the court, we would have to do this. But we could not provide any of the customers personal information stored in myINFOSAFE as we do not have access to it as it is stored locally on the users PC and is protected by a password that we do not know. (assuming the user has changed it from the default). The customer has control of their information and they can protect it, back it up or delete it in any way they want.
It makes you think that while there are many benefits of cloud based systems there are weaknesses that you need to be aware of in relation to your personal information.
Look forward to some discussion on this please.
Subscribe to:
Posts (Atom)