Category Archives: Tweet Jam

by The Open Group Blog | March 20, 2013 · 12:18 PM

#ogChat Summary – Business Architecture

By Patty Donovan, The Open Group

The Open Group hosted a tweet jam (#ogChat) to discuss the evolution of Business Architecture and its role in enterprise transformation. In case you missed the conversation, here is a recap of the event.

The Participants

A total of 16 participants joined in the hour-long discussion, including:

Allen Brown, The Open Group (@allenbrownopen)
Blake Kennedy, Costco Wholesale (@blake6677)
Brenda Michelson, Elemental Links (@bmichelson)
Chris Preimesberger, eWEEK (@editingwhiz)
Dana Gardner, ZDNet (@Dana_Gardner)
Dan Schultz, The Hidden Job (@leaderdev)
Dave Hornford, Conexiam (@DaveHornford)
Dave Lounsbury, The Open Group (@Technodad)
David Bryan, UNSW (@dbbnet)
Ed Asuncion, Enterprise Architects (@enterprisearchs)
E.G. Nadhan, HP (@NadhanAtHP)
Emmanuel Williams, CPMS Ltd. (@emmancorps)
Harry Hendrickx, HP (@harryhendrickx)
Hugh Evans, Enterprise Architects (@enterprisearchs)
Kevin Daley, IBM (@kdaley8587)
Martin Gladwell, IBM Global Business Services (@MartinGladwell)
Tom Graves, Tetradian (@tetradian)

The Discussion

Here is a high-level snapshot of yesterday’s #ogChat discussion:

Q1 How do you define #BizArch? #ogChat

While not everyone could agree on a single definition, all agreed that Business Architecture enables operational ease and business model innovation.

@Dana_Gardner: Q1 Aligning the strategies and operational priorities of all a business’s groups along a common, coorindated path. #ogChat #BizArch #EA
@enterprisearchs: Q1 At @enterprisearchs we also believe #BizArch is the design of business to enable business model innovation #ogChat
@bmichelson: #ogchat q1: in reality, business architecture is more the meta model of business, used to understand, measure, deliver capability #BizArch
@MartinGladwell: Q1 Orchestrating the delivery of changes needed to realise the strategy #ogchat

Q2 What is the role of the business architect? What real world #business problems does #BizArch solve? #ogChat

Most agreed that the lines are blurred between the roles of the Business Architect and the Enterprise Architect. Both manage complexity, agility and data proactively within a business or enterprise.

@bmichelson: #ogchat q2: so, I differ here. I think *true* business architect designs the business; in reality, we assign “architect” to business analyst
@Dana_Gardner: Q2 #BizArch allows for managing complexity, fostering agility, makes a data-driven enterprise more able to act in proactive manner #ogChat
@editingwhiz: So much software now is aimed at line-of-business people that acquiring IT business architect creds would be a huge attribute. #ogChat
@MartinGladwell: Q2 Is an MBA an advantage for a BA? Is it necessary? #ogchat
@enterprisearchs: A2 Ensures an org is correctly positioned and the environmental/industry factors are understood in order to achieve its strategy #ogChat
@DaveHornford: Q2: all my answers chase their tails into architecture – what must I have to get what I want – what must change #ogchat #bizarch

Q3 How is the role of the Business Architect changing? What are the drivers of this change? #ogChat #BizArch

Some argued that the role of the Business Architect is not changing at all, but rather just emerging (or evolving?), and that Business Architects are differentiating themselves from other organizational roles. Others argued that the role is changing to accommodate emerging trends and areas of focus (i.e,. customer experience).

@enterprisearchs: A3 Businesses are looking to differentiate, an increased focus on Customer Experience is raising questions on how to increase NPS #ogChat
@blake6677: #ogchat At the core of my Business Architecture practice is business capability modeling
@DaveHornford: Q3 – changing? Is just starting to appear – distinction between architect, strategist, analyst, change leader often hard to see #ogchat

Q4 How does #BizArch differ from #EntArch? #ogChat

Similar to the discussion around question two, most participants agreed that the roles of Business and Enterprise Architects are difficult to separate, while some argued about the differences in scope of the two roles.

@NadhanAtHP: A4: @theopengroup Biz Architecture provides the business foundation for the Enterprise Architecture which is more holistic #ogChat
@DaveHornford: Q4: difference is in scope #BizArch is one of many domains comprising #EntArch #ogchat
@harryhendrickx: Q3 #BizArch evolves towards operational position serving many initiatives. Not sure how practice evolves #ogChat
Len Fehskens: Q4 “There is a lot of confusion about the meanings of #business and #enterprise, and many people use them synonymously” #Len #ogChat
@MartinGladwell @theopengroup Len I think there is no truth of the matter, we must choose to use these terms in a way that advances our common cause #ogchat
@enterprisearchs: A4 In TOGAF ADM we see #BizArch predominantly supporting the prelim and arch vision phases #ogchat

Q5 How can Business Architects and Enterprise Architects work together? #ogChat #BizArch #EntArch

All agreed that Business Architects and Enterprise Architects exist to support one another. When discussing the first step to establishing successful Business Architecture, participants suggested knowing its purpose first, then tapping professional accreditation and community involvement resources second.

@Dave Hornford: Ethnography within the enterprise, it’s ecosystem or both? #ogchat
@Dana_Gardner: Q5 They make each other stronger, and can provide an example to the rest on how these methods and tools can work harmoniously. #ogChat
@bmichelson: “@theopengroup: What is the first step toward establishing a successful #BizArch? #ogChat” < knowing why you want to establish practice
@MartinGladwell: @theopengroup #ogchat professional accreditation, community, role models

Q6 What’s in store for #BizArch in the future? #ogChat

When looking towards the future, panelists suggested erasing ambiguity when it comes to the difference between Business and Enterprise Architects. Others also predicted that the rising demand for Business Architects will spark a need for certification and training programs.

Len Fehskens: Q6 I fear conventional wisdom contradictions and ambiguities will be ‘resolved’ by setting arbitrary distinctions in concrete #Len #ogChat
@Dana_Gardner: Q6 I hope to see more stature given to the role of #BizArch, so that it becomes an executive-tier requirement. #ogChat
@bmichelson: #ogchat q6: learning how to enable continuous change via: visibility, context, correctness & responsiveness #BizArch
@MartinGladwell: Q6 #ogchat We will see information as a design activity not an analysis activity
@enterprisearchs: A6 The demand for #BizArch will generate a need for recognised certification and training #ogChat
@allenbrownopen: Business architecture like other functions such as legal and finance can inform C level decisions, it can’t make them #ogchat

A big thank you to all the participants who made this such a great discussion! Join us for our next tweet jam on Platform 3.0!

Patricia Donovan is Vice President, Membership & Events, at The Open Group and a member of its executive management team. In this role she is involved in determining the company’s strategic direction and policy as well as the overall management of that business area. Patricia joined The Open Group in 1988 and has played a key role in the organization’s evolution, development and growth since then. She also oversees the company’s marketing, conferences and member meetings. She is based in the U.S.

Leave a Comment

Filed under Business Architecture, Tweet Jam

Tagged as business architect, business architects, Business Architecture, enterprise, Enterprise architect, Enterprise Architects, enterprise architecture, ogChat, Tweet Jam

by The Open Group Blog | March 14, 2013 · 5:00 AM

Questions for the Upcoming Business Architecture Tweet Jam – March 19

By Patty Donovan, The Open Group

Earlier this week, we announced our upcoming tweet jam on Tuesday, March 19 at 2:00 p.m. PT/9:00 p.m. GMT/ Wednesday, March 20 at 8:00 a.m. EDT (Sydney Australia), which will examine the way in which Business Architecture is impacting enterprises and businesses of all sizes.

The discussion will be moderated by The Open Group (@theopengroup), and we welcome both members of The Open Group and interested participants alike to join the session.

The discussion will be guided by these six questions:

How do you define Business Architecture?
What is the role of the business architect? What real world business problems does Business Architecture solve?
How is the role of the business architect changing? What are the drivers of this change?
How does Business Architecture differ from Enterprise Architecture?
How can business architects and enterprise architects work together?
What’s in store for Business Architecture in the future?

To join the discussion, please follow the #ogChat hashtag during the allotted discussion time. Other hashtags we recommend you use during the event include:

Enterprise Architecture : #EntArch
Business Architecture: #BizArch
The Open Group Architecture Forum : #ogArch

For more information about the tweet jam, guidelines and general background information, please visit our previous blog post.

If you have any questions prior to the event or would like to join as a participant, please direct them to Rod McLeod (rmcleod at bateman-group dot com), or leave a comment below. We anticipate a lively chat and hope you will be able to join us!

2 Comments

Filed under Business Architecture, Tweet Jam

Tagged as architecture, business, business architects, Business Architecture, business transformation, enterprise, Enterprise architect, enterprise architecture

by The Open Group Blog | March 12, 2013 · 5:00 AM

Business Architecture Tweet Jam – March 19

By Patty Donovan, The Open Group

On Tuesday, March 19 at 2:00 p.m. PT/9:00 p.m. BST/Wednesday, March 20 at 8:00 a.m. EDT (Sydney, Australia), The Open Group will host a tweet jam examining the topic of Business Architecture.

Today, Business Architecture is shaping and fostering enterprise transformation initiatives and continuous improvement throughout companies of all sizes. In The Open Group’s 2013 Predictions, Steve Philp, marketing Director for Open CA and Open CITS at The Open Group predicted that Business Architecture would continue to grow in prominence and visibility among executives. According to Steve’s prediction, “there are a number of key technology areas for 2013 where business architects will be called upon to engage with the business such as Cloud Computing, Big Data and social networking.” Steve also predicted that “the need to have competent Business Architects is a high priority in both the developed and emerging markets and the demand for Business Architects currently exceeds the supply.” Steve’s sentiments mirror an industry-wide perspective: It’s certain that Business Architecture will impact enterprises, but to what extent?

This tweet jam, sponsored by The Open Group, will take a step back and allow participants to discuss what the nascent topic of Business Architecture actually means. How is Business Architecture defined? What is the role of the business architect and how does Business Architecture relate to Enterprise Architecture?

Please join us for our upcoming Business Architecture tweet jam where leading experts will discuss this evolving topic.

And for those of you who are unfamiliar with tweet jams, here is some background information:

What Is a Tweet Jam?

A tweet jam is a one hour “discussion” hosted on Twitter. The purpose of the tweet jam is to share knowledge and answer questions on Business Architecture. Each tweet jam is led by a moderator and a dedicated group of experts to keep the discussion flowing. The public (or anyone using Twitter interested in the topic) is encouraged to join the discussion.

Participation Guidance

Whether you’re a newbie or veteran Twitter user, here are a few tips to keep in mind:

Have your first #ogChat tweet be a self-introduction: name, affiliation, occupation.
Start all other tweets with the question number you’re responding to and the #ogChat hashtag.
- Sample: “Q1 Business Architecture has different meanings to different people within my organization #ogChat”
- Please refrain from product or service promotions. The goal of a tweet jam is to encourage an exchange of knowledge and stimulate discussion.
- While this is a professional get-together, we don’t have to be stiff! Informality will not be an issue!
- A tweet jam is akin to a public forum, panel discussion or Town Hall meeting – let’s be focused and thoughtful.

If you have any questions prior to the event or would like to join as a participant, please direct them to Rod McLeod (rmcleod at bateman-group dot com). We anticipate a lively chat and hope you will be able to join!

1 Comment

Filed under Business Architecture, Tweet Jam

Tagged as architecture, big data, business, Business Architecture, business management, cloud, cloud computing, social media, Tweet Jam, Twitter

by The Open Group Blog | January 29, 2013 · 5:00 AM

Protecting Data is Good. Protecting Information Generated from Big Data is Priceless

By E.G. Nadhan, HP

This was the key message that came out of The Open Group® Big Data Security Tweet Jam on Jan 22 at 9:00 a.m. PT, which addressed several key questions centered on Big Data and security. Here is my summary of the observations made in the context of these questions.

Q1. What is Big Data security? Is it different from data security?

Big data security is more about information security. It is typically external to the corporate perimeter. IT is not prepared today to adequately monitor its sheer volume in brontobytes of data. The time period of long-term storage could violate compliance mandates. Note that storing Big Data in the Cloud changes the game with increased risks of leaks, loss, breaches.

Information resulting from the analysis of the data is even more sensitive and therefore, higher risk – especially when it is Personally Identifiable Information on the Internet of devices requiring a balance between utility and privacy.

At the end of the day, it is all about governance or as they say, “It’s the data, stupid! Govern it.”

Q2. Any thoughts about security systems as producers of Big Data, e.g., voluminous systems logs?

Data gathered from information security logs is valuable but rules for protecting it are the same. Security logs will be a good source to detect patterns of customer usage.

Q3. Most BigData stacks have no built in security. What does this mean for securing Big Data?

There is an added level of complexity because it goes across apps, network plus all end points. Having standards to establish identity, metadata, trust would go a long way. The quality of data could also be a security issue — has it been tampered with, are you being gamed etc. Note that enterprises have varying needs of security around their business data.

Q4. How is the industry dealing with the social and ethical uses of consumer data gathered via Big Data?

Big Data is still nascent and ground rules for handling the information are yet to be established. Privacy issue will be key when companies market to consumers. Organizations are seeking forgiveness rather than permission. Regulatory bodies are getting involved due to consumer pressure. Abuse of power from access to big data is likely to trigger more incentives to attack or embarrass. Note that ‘abuse’ to some is just business to others.

Q5. What lessons from basic data security and cloud security can be implemented in Big Data security?

Security testing is even more vital for Big Data. Limit access to specific devices, not just user credentials. Don’t assume security via obscurity for sensors producing bigdata inputs – they will be targets.

Q6. What are some best practices for securing Big Data? What are orgs doing now and what will organizations be doing 2-3 years from now?

Current best practices include:

Treat Big Data as your most valuable asset
Encrypt everything by default, proper key management, enforcement of policies, tokenized logs
Ask your Cloud and Big Data providers the right questions – ultimately, YOU are responsible for security
Assume data needs verification and cleanup before it is used for decisions if you are unable to establish trust with data source

Future best practices:

Enterprises treat Information like data today and will respect it as the most valuable asset in the future
CIOs will eventually become Chief Officer for Information

Q7. We’re nearing the end of today’s tweet tam. Any last thoughts on Big Data security?

It is a big world for big data after all
Expect to see establishment of brokers who aggregate, verify & clean data sets.

Adrian Lane who participated in the tweet jam will be keynoting at The Open Group Conference in Newport Beach next week and wrote a good best practices paper on securing Big Data.

I have been part of multiple tweet chats specific to security as well as one on Information Optimization. Recently, I also conducted the first Open Group Web Jam internal to The Cloud Work Group. What I liked about this Big Data Security Tweet Jam is that it brought two key domains together highlighting the intersection points. There was great contribution from subject matter experts forcing participants to think about one domain in the context of the other.

In a way, this post is actually synthesizing valuable information from raw data in the tweet messages – and therefore needs to be secured!

What are your thoughts on the observations made in this tweet jam? What measures are you taking to secure Big Data in your enterprise?

I really enjoyed this tweet jam and would strongly encourage you to actively participate in upcoming tweet jams hosted by The Open Group. You get to interact with a wide spectrum of knowledgeable practitioners listed in this summary post.

HP Distinguished Technologist and Cloud Advisor, E.G.Nadhan has more than 25 years of experience in the IT industry across the complete spectrum of selling, delivering and managing enterprise level solutions for HP customers. He is the founding co-chair for The Open Group SOCCI project, and is also the founding co-chair for the Open Group Cloud Computing Governance project. Connect with Nadhan on: Twitter, Facebook, LinkedIn and Journey Blog.

2 Comments

Filed under Tweet Jam

Tagged as big data, cybersecurity, data, data processing, data protection, data security, E.G. Nadhan, HP, information security, IT security, private data, security, security management, Tweet Jam

by The Open Group Blog | January 23, 2013 · 5:00 AM

#ogChat Summary – Big Data and Security

By Patty Donovan, The Open Group

The Open Group hosted a tweet jam (#ogChat) to discuss Big Data security. In case you missed the conversation, here is a recap of the event.

The Participants

A total of 18 participants joined in the hour-long discussion, including:

Elinor Mills, former CNET security reporter and current director of content and media strategy at Bateman Group (@elinormills)
Seth Rosenblat, CNET (@b1g1nj4p4n)
CollateBox (@CollateBox)
Chris Preimesberger, eWEEK (@editingwhiz)
Dustin Kirkland, Gazzang (@dustinkirkland)
Gazzang (@gazzang)
E.G. Nadhan, HP (@NadhanAtHP)
Scott Hazdra (@hazmat339)
Dmatriz, Opening Brace (@dmatriz)
Tony Bradley, PC World (@TheTonyBradley)
Walter Paley, Qubole (@Qubole_Walt)
Craig Carpenter, Recommind (@craigcarpenter)
Adrian Lane, Securosis (@adrianlane)
Allen Brown, The Open Group (@allenbrownopen)
Dave Lounsbury, The Open Group (@Technodad)
Jim Hietala, The Open Group (@jim_hietala)
Dana Gardner, ZDNet (@Dana_Gardner)

Q1 What is #BigData #security? Is it different from #data security? #ogChat

Participants seemed to agree that while Big Data security is similar to data security, it is more extensive. Two major factors to consider: sensitivity and scalability.

@dustinkirkland At the core it’s the same – sensitive data – but the difference is in the size and the length of time this data is being stored. #ogChat
@jim_hietala Q1: Applying traditional security controls to BigData environments, which are not just very large info stores #ogChat
@TheTonyBradley Q1. The value of analyzing #BigData is tied directly to the sensitivity and relevance of that data–making it higher risk. #ogChat
@AdrianLane Q1 Securing #BigData is different. Issues of velocity, scale, elasticity break many existing security products. #ogChat
@editingwhiz #Bigdata security is standard information security, only more so. Meaning sampling replaced by complete data sets. #ogchat
@Dana_Gardner Q1 Not only is the data sensitive, the analysis from the data is sensitive. Secret. On the QT. Hush, hush. #BigData #data #security #ogChat
- @Technodad @Dana_Gardner A key point. Much #bigdata will be public – the business value is in cleanup & analysis. Focus on protecting that. #ogChat

Q2 Any thoughts about #security systems as producers of #BigData, e.g., voluminous systems logs? #ogChat

Most agreed that security systems should be setting an example for producing secure Big Data environments.
@dustinkirkland Q2. They should be setting the example. If the data is deemed important or sensitive, then it should be secured and encrypted. #ogChat
@TheTonyBradley Q2. Data is data. Data gathered from information security logs is valuable #BigData, but rules for protecting it are the same. #ogChat
@elinormills Q2 SIEM is going to be big. will drive spending. #ogchat #bigdata #security
@jim_hietala Q2: Well instrumented IT environments generate lots of data, and SIEM/audit tools will have to be managers of this #BigData #ogchat
@dustinkirkland @theopengroup Ideally #bigdata platforms will support #tokenization natively, or else appdevs will have to write it into apps #ogChat

Q3 Most #BigData stacks have no built in #security. What does this mean for securing #BigData? #ogChat

The lack of built-in security hoists a target on the Big Data. While not all enterprise data is sensitive, housing it insecurely runs the risk of compromise. Furthermore, security solutions not only need to be effective, but also scalable as data will continue to get bigger.

@elinormills #ogchat big data is one big hacker target #bigdata #security
- @editingwhiz @elinormills #bigdata may be a huge hacker target, but will hackers be able to process the chaff out of it? THAT takes $$$ #ogchat
- @elinormills @editingwhiz hackers are innovation leaders #ogchat
- @editingwhiz @elinormills Yes, hackers are innovation leaders — in security, but not necessarily dataset processing. #eweeknews #ogchat
@jim_hietala Q3:There will be a strong market for 3rd party security tools for #BigData – existing security technologies can’t scale #ogchat
@TheTonyBradley Q3. When you take sensitive info and store it–particularly in the cloud–you run the risk of exposure or compromise. #ogChat
@editingwhiz Not all enterprises have sensitive business data they need to protect with their lives. We’re talking non-regulated, of course. #ogchat
@TheTonyBradley Q3. #BigData is sensitive enough. The distilled information from analyzing it is more sensitive. Solutions need to be effective. #ogChat
@AdrianLane Q3 It means identifying security products that don’t break big data – i.e. they scale or leverage #BigData #ogChat
- @dustinkirkland @AdrianLane #ogChat Agreed, this is where certifications and partnerships between the 3rd party and #bigdata vendor are essential.

Q4 How is the industry dealing with the social and ethical uses of consumer data gathered via #BigData? #ogChat #privacy

Participants agreed that the industry needs to improve when it comes to dealing with the social and ethical used of consumer data gathered through Big Data. If the data is easily accessible, hackers will be attracted. No matter what, the cost of a breach is far greater than any preventative solution.

@dustinkirkland Q4. #ogChat Sadly, not well enough. The recent Instagram uproar was well publicized but such abuse of social media rights happens every day.
- @TheTonyBradley @dustinkirkland True. But, they’ll buy the startups, and take it to market. Fortune 500 companies don’t like to play with newbies. #ogChat
- @editingwhiz Disagree with this: Fortune 500s don’t like to play with newbies. We’re seeing that if the IT works, name recognition irrelevant. #ogchat
- @elinormills @editingwhiz @thetonybradley ‘hacker’ covers lot of ground, so i would say depends on context. some of my best friends are hackers #ogchat
- @Technodad @elinormills A core point- data from sensors will drive #bigdata as much as enterprise data. Big security, quality issues there. #ogChat
@Dana_Gardner Q4 If privacy is a big issue, hacktivism may crop up. Power of #BigData can also make it socially onerous. #data #security #ogChat
@dustinkirkland Q4. The cost of a breach is far greater than the cost (monetary or reputation) of any security solution. Don’t risk it. #ogChat

Q5 What lessons from basic #datasecurity and #cloud #security can be implemented in #BigData security? #ogChat

The principles are the same, just on a larger scale. The biggest risks come from cutting corners due to the size and complexity of the data gathered. As hackers (like Anonymous) get better, so does security regardless of the data size.

@TheTonyBradley Q5. Again, data is data. The best practices for securing and protecting it stay the same–just on a more massive #BigData scale. #ogChat
@Dana_Gardner Q5 Remember, this is in many ways unchartered territory so expect the unexpected. Count on it. #BigData #data #security #ogChat
@NadhanAtHP A5 @theopengroup – Security Testing is even more vital when it comes to #BigData and Information #ogChat
@TheTonyBradley Q5. Anonymous has proven time and again that most existing data security is trivial. Need better protection for #BigData. #ogChat

Q6 What are some best practices for securing #BigData? What are orgs doing now, and what will orgs be doing 2-3 years from now? #ogChat

While some argued encrypting everything is the key, and others encouraged pressure on big data providers, most agreed that a multi-step security infrastructure is necessary. It’s not just the data that needs to be secured, but also the transportation and analysis processes.

@dustinkirkland Q6. #ogChat Encrypting everything, by default, at least at the fs layer. Proper key management. Policies. Logs. Hopefully tokenized too.
@dustinkirkland Q6. #ogChat Ask tough questions of your #cloud or #bigdata provider. Know what they are responsible for and who has access to keys. #ogChat
- @elinormills Agreed–> @dustinkirkland Q6. #ogChat Ask tough questions of your #cloud or #bigdataprovider. Know what they are responsible for …
@Dana_Gardner Q6 Treat most #BigData as a crown jewel, see it as among most valuable assets. Apply commensurate security. #data #security #ogChat
@elinormills Q6 govt level crypto minimum, plus protect all endpts #ogchat #bigdata #security
@TheTonyBradley Q6. Multi-faceted issue. Must protect raw #BigData, plus processing, analyzing, transporting, and resulting distilled analysis. #ogChat
@Technodad If you don’t establish trust with data source, you need to assume data needs verification, cleanup before it is used for decisions. #ogChat

A big thank you to all the participants who made this such a great discussion!

3 Comments

Filed under Tweet Jam

Tagged as big data, Cloud Security, cybersecurity, data, data loss prevention, data processing, data protection, data security, information security, IT security, private data, security, security management, security standard, Tweet Jam, Twitter

by The Open Group Blog | January 17, 2013 · 5:00 AM

Questions for the Upcoming Big Data Security Tweet Jam on Jan. 22

By Patty Donovan, The Open Group

Last week, we announced our upcoming tweet jam on Tuesday, January 22 at 9:00 a.m. PT/12:00 p.m. ET/5:00 p.m. BST, which will examine the impact of Big Data on security and how it will change the security landscape.

Please join us next Tuesday, January 22! The discussion will be moderated by Dana Gardner (@Dana_Gardner), ZDNet – Briefings Direct. We welcome Open Group members and interested participants from all backgrounds to join the session. Our panel of experts will include:

Elinor Mills, former CNET reporter and current director of content and media strategy at Bateman Group (@elinormills)
Jaikumar Vijayan, Computerworld (@jaivijayan)
Chris Preimesberger, eWEEK (@editingwhiz)
Tony Bradley, PC World (@TheTonyBradley)
Michael Santarcangelo, Security Catalyst Blog (@catalyst)

Dave Lounsbury, The Open Group (@Technodad)
Jim Hietala, The Open Group (@jim_hietala)

The discussion will be guided by these six questions:

What is #BigData security? Is it different from #data #security? #ogChat
Any thoughts about #security systems as producers of #BigData, e.g., voluminous systems logs? #ogChat
Most #BigData stacks have no built in #security. What does this mean for securing BigData? #ogChat
How is the industry dealing with the social and ethical uses of consumer data gathered via #BigData? #ogChat #privacy
What lessons from basic data security and #cloud #security can be implemented in #BigData #security? #ogChat
What are some best practices for securing #BigData? #ogChat

To join the discussion, please follow the #ogChat hashtag during the allotted discussion time. Other hashtags we recommend you use during the event include:

Information Security: #InfoSec
Security: #security
BYOD: #BYOD
Big Data: #BigData
Privacy: #privacy
Mobile: #mobile
Compliance: #compliance

For more information about the tweet jam, guidelines and general background information, please visit our previous blog post: http://blog.opengroup.org/2013/01/15/big-data-security-tweet-jam/

1 Comment

Filed under Tweet Jam

Tagged as big data, cybersecurity, data, data governance, data protection, data security, information security, IT security, security, security management, Tweet Jam, Twitter

by The Open Group Blog | January 15, 2013 · 5:00 AM

Big Data Security Tweet Jam

By Patty Donovan, The Open Group

On Tuesday, January 22, The Open Group will host a tweet jam examining the topic of Big Data and its impact on the security landscape.

Recently, Big Data has been dominating the headlines, analyzing everything about the topic from how to manage and process it, to the way it will impact your organization’s IT roadmap. As 2012 came to a close, analyst firm, Gartner predicted that data will help drive IT spending to $3.8 trillion in 2014. Knowing the phenomenon is here to stay, enterprises face a new and daunting challenge of how to secure Big Data. Big Data security also raises other questions, such as: Is Big Data security different from data security? How will enterprises handle Big Data security? What is the best approach to Big Data security?

It’s yet to be seen if Big Data will necessarily revolutionize enterprise security, but it certainly will change execution – if it hasn’t already. Please join us for our upcoming Big Data Security tweet jam where leading security experts will discuss the merits of Big Data security.

Please join us on Tuesday, January 22 at 9:00 a.m. PT/12:00 p.m. ET/5:00 p.m. GMT for a tweet jam, moderated by Dana Gardner (@Dana_Gardner), ZDNet – Briefings Direct, that will discuss and debate the issues around big data security. Key areas that will be addressed during the discussion include: data security, privacy, compliance, security ethics and, of course, Big Data. We welcome Open Group members and interested participants from all backgrounds to join the session and interact with our panel of IT security experts, analysts and thought leaders led by Jim Hietala (@jim_hietala) and Dave Lounsbury (@Technodad) of The Open Group. To access the discussion, please follow the #ogChat hashtag during the allotted discussion time.

And for those of you who are unfamiliar with tweet jams, here is some background information:

What Is a Tweet Jam?

A tweet jam is a one hour “discussion” hosted on Twitter. The purpose of the tweet jam is to share knowledge and answer questions on Big Data security. Each tweet jam is led by a moderator and a dedicated group of experts to keep the discussion flowing. The public (or anyone using Twitter interested in the topic) is encouraged to join the discussion.

Participation Guidance

Whether you’re a newbie or veteran Twitter user, here are a few tips to keep in mind:

Have your first #ogChat tweet be a self-introduction: name, affiliation, occupation.
Start all other tweets with the question number you’re responding to and the #ogChat hashtag.
- Sample: “Q1 enterprises will have to make significant adjustments moving forward to secure Big Data environments #ogChat”
- Please refrain from product or service promotions. The goal of a tweet jam is to encourage an exchange of knowledge and stimulate discussion.
- While this is a professional get-together, we don’t have to be stiff! Informality will not be an issue!
- A tweet jam is akin to a public forum, panel discussion or Town Hall meeting – let’s be focused and thoughtful.

1 Comment

Filed under Tweet Jam

Tagged as big data, compliance, cybersecurity, data security, Dave Lounsbury, enterprise, enterprise IT, information security, IT security, Jim Hietala, ogChat, privacy, security, security compliance, security management, Tweet Jam, Twitter

by The Open Group Blog | December 14, 2012 · 9:07 AM

#ogChat Summary – 2013 Security Priorities

By Patty Donovan, The Open Group

Totaling 446 tweets, yesterday’s 2013 Security Priorities Tweet Jam (#ogChat) saw a lively discussion on the future of security in 2013 and became our most successful tweet jam to date. In case you missed the conversation, here’s a recap of yesterday’s #ogChat!

The event was moderated by former CNET security reporter Elinor Mills, and there was a total of 28 participants including:

Chris Silva, Altimeter Group (@802dotchris)
Chris Lockhart, Booz & Company (@chrisonea)
Chris, BSides Dallas (@syntaxerr66)
Dark Reading (@DarkReading)
Kelly Jackson Higgins, Dark Reading (@kjhiggins)
Mikko Hypponen, F-Secure (@mikko)
Davi Ottenheimer, FlyingPenguin (@daviottenheimer)
Framehawk (@Framehawk)
Jay Fry, Framehawk (@jayfry3)
Ian E. Savage, McAfee (@iesavage)
Mandiant (@Mandiant)
Richard Bejtlich, Mandiant (@taosecurity)
Dave Lounsbury, The Open Group (@Technodad)
Jim Hietala, The Open Group (@jim_hietala)
Perimeter E-Security (@PerimeterNews)
Andrew Jaquith, Perimeter E-Security (@arj)
Andrew Barratt, PTP Consulting (@andrew_barratt)
Andrew Wild, Qualys (@AWildCSO)
JadedSecurity, security blogger (@jadedsecurity)
Josh D, security blogger (@iam_joshd)
Robin Robins, security marketing consultant (@azrobinr)
SearchCIO.com (@enterpriseCIO)
Trustwave (@Trustwave)
Ryan Barnett, Trustwave (@ryancbarnett)
Nicholas Percoco, Trustwave (@c7five)
Dana Gardner, ZDNet (@Dana_Gardner)

Here is a high-level snapshot of yesterday’s #ogChat:

Q1 What’s the biggest lesson learned by the security industry in 2012? #ogChat

The consensus among participants was that 2012 was a year of going back to the basics. There are many basic vulnerabilities within organizations that still need to be addressed, and it affects every aspect of an organization.

@Dana_Gardner Q1 … Security is not a product. It’s a way of conducting your organization, a mentality, affects all. Repeat. #ogChat #security #privacy
@Technodad Q1: Biggest #security lesson of 2102: everyone is in two security camps: those who know they’ve been penetrated & those who don’t. #ogChat
@jim_hietala Q1. Assume you’ve been penetrated, and put some focus on detective security controls, reaction/incident response #ogChat
@c7five Lesson of 2012 is how many basics we’re still not covering (eg. all the password dumps that showed weak controls and pw choice). #ogChat

Q2 How will organizations tackle #BYOD security in 2013? Are standards needed to secure employee-owned devices? #ogChat

Participants debated over the necessity of standards. Most agreed that standards and policies are key in securing BYOD.

@arj Q2: No “standards” needed for BYOD. My advice: collect as little information as possible; use MDM; create an explicit policy #ogChat
@Technodad @arj Standards are needed for #byod – but operational security practices more important than technical standards. #ogChat
@AWildCSO Organizations need to develop a strong asset management program as part of any BYOD effort. Identification and Classification #ogChat
@Dana_Gardner Q2 #BYOD forces more apps & data back on servers, more secure; leaves devices as zero client. Then take that to PCs too. #ogChat #security
@taosecurity Orgs need a BYOD policy for encryption & remote wipe of company data; expect remote compromise assessment apps too @elinormills #ogChat

Q3 In #BYOD era, will organizations be more focused on securing the network, the device, or the data? #ogChat

There was disagreement here. Some emphasized focusing on protecting data, while others argued that it is the devices and networks that need protecting.

@taosecurity Everyone claims to protect data, but the main ways to do so remain protecting devices & networks. Ignores code sec too. @elinormills #ogChat
@arj Q3: in the BYOD era, the focus must be on the data. Access is gated by employee’s entitlements + device capabilities. #ogChat
@Technodad @arj Well said. Data sec is the big challenge now – important for #byod, #cloud, many apps. #ogChat
@c7five Organization will focus more on device management while forgetting about the network and data controls in 2013. #ogChat #BYOD

Q4 What impact will using 3rd party #BigData have on corporate security practices? #ogChat

Participants agreed that using third parties will force organizations to rely on security provided by those parties. They also acknowledged that data must be secure in transit.

@daviottenheimer Q4 Big Data will redefine perimeter. have to isolate sensitive data in transit, store AND process #ogChat
@jim_hietala Q4. 3rd party Big Data puts into focus 3rd party risk management, and transparency of security controls and control state #ogChat
@c7five Organizations will jump into 3rd party Big Data without understanding of their responsibilities to secure the data they transfer. #ogChat
@Dana_Gardner Q4 You have to trust your 3rd party #BigData provider is better at #security than you are, eh? #ogChat #security #SLA
@jadedsecurity @Technodad @Dana_Gardner has nothing to do with trust. Data that isn’t public must be secured in transit #ogChat
@AWildCSO Q4: with or without bigdata, third party risk management programs will continue to grow in 2013. #ogChat

Q5 What will global supply chain security look like in 2013? How involved should governments be? #ogChat

Supply chains are an emerging security issue, and governments need to get involved. But consumers will also start to understand what they are responsible for securing themselves.

@jim_hietala Q5. supply chain emerging as big security issue, .gov’s need to be involved, and Open Group’s OTTF doing good work here #ogChat
@Technodad Q5: Governments are going to act- issue is getting too important. Challenge is for industry to lead & minimize regulatory patchwork. #ogChat
@kjhiggins Q5: Customers truly understanding what they’re responsible for securing vs. what cloud provider is. #ogChat

Q6 What are the biggest unsolved issues in Cloud Computing security? #ogChat

Cloud security is a big issue. Most agreed that Cloud security is mysterious, and it needs to become more transparent. When Cloud providers claim they are secure, consumers and organizations put blind trust in them, making the problem worse.

@jadedsecurity @elinormills Q6 all of them. Corps assume cloud will provide CIA and in most cases even fails at availability. #ogChat
@jim_hietala Q6. Transparency of security controls/control state, cloud risk management, protection of unstructured data in cloud services #ogChat
@c7five Some PaaS cloud providers advertise security as something users don’t need to worry about. That makes the problem worse. #ogChat

Q7 What should be the top security priorities for organizations in 2013? #ogChat

Top security priorities varied. Priorities highlighted in the discussion included: focusing on creating a culture that promotes secure activity; prioritizing security spending based on risk; focusing on where the data resides; and third-party risk management coming to the forefront.

@jim_hietala Q7. prioritizing security spend based on risks, protecting data, detective controls #ogChat
@Dana_Gardner Q7 Culture trumps technology and business. So make #security policy adherence a culture that is defined and rewarded. #ogChat #security
@kjhiggins Q7 Getting a handle on where all of your data resides, including in the mobile realm. #ogChat
@taosecurity Also for 2013: 1) count and classify your incidents & 2) measure time from detection to containment. Apply Lean principles to both. #ogChat
@AWildCSO Q7: Asset management, third party risk management, and risk based controls for 2013. #ogChat

A big thank you to all the participants who made this such a great discussion!

1 Comment

Filed under Tweet Jam

Tagged as 2013, big data, BYOD, cloud, cloud computing, Cloud Security, cybersecurity, data security, information security, IT security, ogChat, OTTF, security, Security Forum, security management, supply chain, Supply Chain Security, Tweet Jam, Twitter

by The Open Group Blog | December 3, 2012 · 5:00 AM

Questions for the Upcoming 2013 Security Priorities Tweet Jam – Dec. 11

By Patty Donovan, The Open Group

Last week, we announced our upcoming tweet jam on Tuesday, December 11 at 9:00 a.m. PT/12:00 p.m. ET/5:00 p.m. BST, which will examine the topic of IT security and what is in store for 2013.

Please join us next Tuesday, December 11! The discussion will be moderated by Elinor Mills (@elinormills), former CNET security reporter, and we welcome Open Group members and interested participants from all backgrounds to join the session. Our panel of experts will include:

Chris Silva, Altimeter Group (@802dotchris)
Kelly Jackson Higgins, Dark Reading (@kjhiggins)
Roger Grimes, InfoWorld (@rogeragrimes)
Tony Bradley, PCWorld (@TheTonyBradley)
Andrew Jaquith, Perimeter E-Security (@arj)
Richard Bejtlich, TaoSecurity (@taosecurity)
Nicholas Percoco, Trustwave (@c7five)
Dana Gardner, ZDNet (@Dana_Gardner)
John Fontana, ZDNet (@JohnFontana)
Dave Lounsbury, The Open Group (@Technodad)
Jim Hietala, The Open Group (@jim_hietala)

The discussion will be guided by these seven questions:

What’s the biggest lesson learned by the security industry in 2012? #ogChat
How will organizations tackle #BYOD security in 2013? Are standards needed to secure employee-owned devices? #ogChat
In #BYOD era, will organizations be more focused on securing the network, the device, or the data? #ogChat
What impact will using 3rd party #BigData have on corporate security practices? #ogChat
What will global supply chain security look like in 2013? How involved should governments be? #ogChat
What are the biggest unsolved issues in cloud computing security? #ogChat
What should be the top security priorities for organizations in 2013? #ogChat

To access the discussion, please follow the #ogChat hashtag during the allotted discussion time. Other hashtags we recommend you use during the event include:

Information Security: #InfoSec
Security: #security
BYOD: #BYOD
Big Data: #BigData
Privacy: #privacy
Mobile: #mobile
Supply Chain: #supplychain

For more information about the tweet jam topic (security), guidelines and general background information on the event, please visit our previous blog post: http://blog.opengroup.org/2012/11/26/2013-security-priorities-tweet-jam/

Leave a Comment

Filed under Tweet Jam

Tagged as 2013, Altimeter Group, big data, BYOD, cybersecurity, Dark Reading, data security, information security, InfoWorld, IT security, Mobile, ogChat, PC World, privacy, security, Supply Chain Security, Tao Security, The Open Group, Trustwave, Tweet Jam, Twitter, ZDNet

by The Open Group Blog | November 26, 2012 · 5:00 AM

2013 Security Priorities – Tweet Jam

By Patty Donovan, The Open Group

On Tuesday, December 11, The Open Group will host a tweet jam examining the topic of IT security and what is in store for 2013.

2012 was a big year for security. Congress debated cybersecurity legislation in the face of attacks on vulnerabilities in the nation’s critical infrastructure systems; social networking site LinkedIn was faulted for one of the largest security breaches of the year; and global cyber espionage was a trending topic. With the year coming to a close, the big questions on peoples’ minds are what security issues will dominate headlines in 2013. In October, Gartner predicted that by 2014, employee-owned devices will be infected with malware at more than double the rate of corporate-owned devices, and by 2017, 40% of an enterprise’s contact information will have been leaked into Facebook through the use of mobile device collaboration applications. These predictions only touch the tip of the iceberg for security concerns in the coming year.

Please join us on Tuesday, December 11 at 9:00 a.m. PT/12:00 p.m. ET/5:00 p.m. GMT for a tweet jam that will discuss and debate the mega trends that will shape the security landscape in 2013. Key areas that will be addressed during the discussion include: mobile security, BYOD, supply chain security, advanced persistent threats, and cloud and data security. We welcome Open Group members and interested participants from all backgrounds to join the session and interact with our panel of IT security experts, analysts and thought leaders. To access the discussion, please follow the #ogChat hashtag during the allotted discussion time.

And for those of you who are unfamiliar with tweet jams, here is some background information:

What Is a Tweet Jam?

A tweet jam is a one hour “discussion” hosted on Twitter. The purpose of the tweet jam is to share knowledge and answer questions on a chosen topic. Each tweet jam is led by a moderator and a dedicated group of experts to keep the discussion flowing. The public (or anyone using Twitter interested in the topic) is free (and encouraged!) to join the discussion.

Participation Guidance

Whether you’re a newbie or veteran Twitter user, here are a few tips to keep in mind:

Have your first #ogChat tweet be a self-introduction: name, affiliation, occupation.
Start all other tweets with the question number you’re responding to and the #ogChat hashtag.
- Sample: “Q1 The biggest security threat in 2013 will continue to be securing data in the cloud #ogChat”
Please refrain from product or service promotions. The goal of a tweet jam is to encourage an exchange of knowledge and stimulate discussion.
While this is a professional get-together, we don’t have to be stiff! Informality will not be an issue!
A tweet jam is akin to a public forum, panel discussion or Town Hall meeting – let’s be focused and thoughtful.

Patricia Donovan is Vice President, Membership & Events, at The Open Group and a member of its executive management team. In this role she is involved in determining the company’s strategic direction and policy as well as the overall management of that business area. Patricia joined The Open Group in 1988 and has played a key role in the organization’s evolution, development and growth since then. She also oversees the company’s marketing, conferences and member meetings. She is based in the U.S.

1 Comment

Filed under Cybersecurity, Tweet Jam

Tagged as big data, BYOD, cyber business risk, cyberattacks, cybercrime, cybersecurity, Open Group, security, social media, The Open Group, Tweet Jam, Twitter

by The Open Group Blog | October 24, 2012 · 9:39 AM

Key Concepts Underpinning Identity Management

By Ian Dobson, The Open Group

Having trust in the true Identity of who and what we connect with in our global online world is vital if we are to have confidence in going online to buy and sell goods, as well as sharing any confidential or private information. Today, the lack of trust in online Identity forces organizations to set up their own identity management systems, dishing out their own usernames and passwords/PINs for us. The result is that we end up having to remember (or write and keep in a secret place) typically well over 50 different online identities, which poses a large problem since our online identities are stored by many organizations in many places that are attractive targets for identity thieves.

Online identity is important to all users of computing devices. Today, our mobile phones are powerful computers. There are so many mobile apps available that phones are no longer primarily used to make phone calls. The Internet connects us to a global online world, so we need a global online identity ecosystem that’s robust enough to give us the confidence we need to feel safe and secure online. Just like credit cards and passports, we need to aim for an online identity ecosystem that has a high-enough level of trust for it to work worldwide.

Of course, this is not easy, as identity is a complex subject. Online identity experts have been working on trusted identities for many years now, but no acceptable identity ecosystem solution has emerged yet. There are masses of publications written on the subject by and for technical experts. Two significant ones addressing design principles for online identity are Kim Cameron’s “Laws of Identity“, and the Jericho Forum’s Identity Commandments.

However, these design principles are written for technical experts. Online identity is a multi-million dollar industry, so why is it so important to non-techie users of online services?

What’s In It For Me?
Why should I care?
Who else has a stake in this?
What’s the business case?
Why should I control my own identity?
Where does privacy come in?
What’s the problem with current solutions?
Why do identity schemes fail?
What key issues should I look for?
How might a practical scheme work?

This is where the Jericho Forum® took a lead. They recognized the need to provide plain-language answers to these questions and more, so that end-users can appreciate the key issues that make online identity important to them and demand the industry provide identity solutions that make then safe and secure wherever they are in the world. In August 2012, we published a set of five 4-minute “Identity Key Concepts” videos explaining in a non-techie way why trusted online identity is so important, and what key requirements are needed to create a trustworthy online identity ecosystem.

The Jericho Forum has now followed up by building on the key concepts explained in these five videos in our “Identity Commandments: Key Concepts” guide. This guide fills in the gaps that couldn’t be included in the videos and further explains why supporting practical initiatives aimed at developing a trusted global identity ecosystem is so important to everyone.

Here are links to other relevant identity publications:

Laws of Identity: http://www.identityblog.com/?p=354

Identity Commandments: https://www2.opengroup.org/ogsys/jsp/publications/PublicationDetails.jsp?publicationid=12677

Identity Key Concepts videos: https://collaboration.opengroup.org/jericho/?gpid=326

Identity Commandments: Key Concepts: https://www2.opengroup.org/ogsys/jsp/publications/PublicationDetails.jsp?publicationid=12724

Ian Dobson is the director of the Security Forum and the Jericho Forum for The Open Group, coordinating and facilitating the members to achieve their goals in our challenging information security world. In the Security Forum, his focus is on supporting development of open standards and guides on security architectures and management of risk and security, while in the Jericho Forum he works with members to anticipate the requirements for the security solutions we will need in future.

Leave a Comment

Filed under Identity Management

Tagged as Identity, Identity Commandments, Identity Key Concepts videos, Identity Management, Internet, Jericho Forum, Kim Cameron, Laws of Identity, Mobile, mobile apps, mobile device, online identity, PIN

by The Open Group Blog | September 25, 2012 · 10:38 AM

#ogChat Summary – The Future of BYOD

By Patty Donovan, The Open Group

With over 400 tweets flying back and forth, last week’s BYOD Tweet Jam (#ogChat) saw a fast-paced, lively discussion on the future of the bring your own device (BYOD) trend and its implications in the enterprise. In case you missed the conversation, here’s a recap of last week’s #ogChat!

There were a total of 29 participants including:

Isabela Abreu, The Open Group Brazil (@4ALAbreu)
Eric Andersen, IBM (@eric_andersen)
John Arnold, Capgemini (@jarnold30)
Charlie Bess, HP (@cebess)
James Bourne, Enterprise Apps News (@AppsTechNews)
Keith Braswell, IBM (@KeithBraswell)
Colin Browning, IDG (@crbrowning)
Geoff Brunkhorst, Be The Match (@gbrunkhorst)
Homero Padilla Cano, Arca Continental (@zerkhufu)
CMO Blog (@mobilityofficer)
Bob Egan, The Sepharim Group (@bobegan)
Thomas Fischer, Security Architect (@FVT)
Galen Gruman, InfoWorld (@MobileGalen)
IBM Mobile (@IBMmobile)
IBM WebSphere France (@WebSphereFrance)
IDG Tech Talk (@IDGTechTalk)
Vishwas Manral, LinkSmart Technologies (@vmanral)
Jon Moger, Juniper (@JonMoger)
Pigeonholes App (@PigeonholesApp)
SearchCIO.com (@enterpriseCIO)
SearchSOA (@SearchSOA)
Dave Sherman, Sierranet Partners (@RUmobile)
Chris Silva, Altimeter Group (@802dotchris)
Christian Verstraete, HP (@christianve)
Andrew Wild, Qualys (@AWildCSO)
Tiffany Winman, IBM (@TiffanyWinman)
Jim Hietala, The Open Group (@jim_hietala)
Dave Lounsbury, The Open Group (@technodad)
Diane MacDonald, The Open Group (@dianedanamac)

Here is a high-level a snapshot of yesterday’s #ogChat:

Q1 What are the quantifiable benefits of BYOD? What are the major risks of #BYOD, and do these risks outweigh the benefits? #ogChat

Participants generally agreed that the main risk of BYOD is data security and benefits include cost and convenience.

@MobileGalen Data policy is core because that’s where the real value is in business. Affects access and intrusion/hacking of course secondarily #ogChat
@technodad Q1 #BYOD transcends time/space boundaries – necessary for a global business. #ogChat
@AWildCSO Q1 Risks: Risk to integrity and availability of corporate IT systems – malware into enterprise from employee owned devices #ogChat

Q2 What are the current security issues with #BYOD, and how should organizations go about securing those devices? #ogChat

The most prominent issue discussed was who owns the responsibility of security. Many couldn’t agree on whether responsibility fell on the user or the organization.

@AWildCSO Q2: Main issue is the confidentiality of data. Not a new issue, has been around a while, especially since the advent of networking. #ogChat
@cebess .@ MobileGalen Right — it’s about the data not the device. #ogChat
@AppsTechNews Q2 Not knowing who’s responsible? Recent ITIC/KnowBe4 survey: 37% say corporation responsible for #BYOD security; 39% say end user #ogChat
@802dotchris @MobileGalen there’s definitiely a “golden ratio” of fucntionality to security and controls @IDGTechTalk #ogChat
@MobileGalen #ogChat Be careful about looking for mobile mgmt tools as your fix. Most are about disablement not enablement. Start w enable, then protect.

Q3 How can an organization manage corporate data on employee owned devices, while not interfering with data owned by an employee? #ogChat

Most participants agreed that securing corporate data is a priority but were stumped when it came to maintaining personal data privacy. Some suggested that organizations will have no choice but to interfere with personal data, but all agreed that no matter what the policy, it needs to be clearly communicated to employees.

@802dotchris @jim_hietala in our research, we’re seeing more companies demand app-by-app wipe or other selective methods as MDM table stakes #ogChat
@AppsTechNews Q3 Manage the device, manage & control apps running on it, and manage data within those apps – best #BYOD solutions address all 3 #ogChat
@JonMoger @theopengroup #security #ogChat #BYOD is a catalyst for a bigger trend driven by cultural shift that affects HR, legal, finance, LOB.
@bobegan I am a big believer in people, and i think most employees feel that they own a piece of corporate policy #ogChat
@mobilityofficer @theopengroup Q3: Sometimes you have no choice but to interfere with private data but you must communicate that to employees #ogChat

Q4 How does #BYOD contribute to the creation or use of #BigData in the enterprise? What role does #BYOD play in #BigData strategy? #ogChat

Participants exchanged opinions on the relationship between BYOD and Big Data, leaving much room for future discussion.

@technodad Q4 #bigdata created by mobile, geotgged, realtime apps is gold dust for business analytics & marketing. Smart orgs will embrace it. #ogChat
@cebess .@ technodad Context is king. The device in the field has quite a bit of contextual info. #ogChat
@bobegan @cebess Right, a mobile strategy, including BYOD is really about information supply chain managment. Must include many audiences #ogChat

Q5 What best practices can orgs implement to provide #BYOD flexibility and also maintain control and governance over corporate data? #ogChat

When discussing best practices, it became clear that no matter what, organizations must educate employees and be consistent with business priorities. Furthermore, if data is precious, treat it that way.

@AWildCSO Q5: Establish policies and processes for the classification, ownership and custodianship of information assets. #ogChat
@MobileGalen #ogChat: The more precious your info, the less avail it should be, BYOD or not. Use containered apps for sensitive, local access for secret
@JonMoger @theopengroup #BYOD #ogChat 1. Get the right team to own 2. Educate mgmt on risks & opps 3. Set business priorities 4. Define policies

Q6 How will organizations embrace or reject #BYOD moving forward? Will they have a choice or will employees dictate use? #ogChat

While understanding the security risks, most participants embraced BYOD as a big trend that will eventually become the standard moving forward.

@technodad Q6 We’ve been here before with personal computing – ultimately the enterprise will adapt to #BYOD. #ogChat
@bobegan @theopengroup In the short term, BYOD is a big deal because its calms the masses insatiable appetite for a good Ux that IT missed #ogChat
@christianve @4ALAbreu @bobegan @MobileGalen 100% security does no longer exist unfortunately, so it becomes risk mgmt and all are responsible #ogChat

A big thank you to all the participants who made this such a great discussion!

Leave a Comment

Filed under Tweet Jam

Tagged as big data, Bring Your Own Device, BYOD, data security, HP, IBM, information management, information security, Mobile, mobile device, ogChat, security, The Open Group, Tweet Jam, Twitter

by The Open Group Blog | September 14, 2012 · 2:09 AM

Questions for the Upcoming BYOD Tweet Jam – Sept. 18

By Patty Donovan, The Open Group

Earlier this week, we announced our upcoming tweet jam on Tuesday, September 18 at 9:00 a.m. PT/12:00 p.m. ET/5:00 p.m. BST, which will examine the topic of Bring-Your-Own-Device (BYOD) and current approaches to managing it.

Please join us next Tuesday! We welcome Open Group members and interested participants from all backgrounds to join the session and interact with our panel of experts, including:

Chris Silva, Altimeter Group (@802dotchris)
Kristin Bent, CRN (@kristin_bent)
Galen Gruman, InfoWorld (@MobileGalen)
James Bourne, Enterprise Apps News (@AppsTechNews)
Maziar Janbeglou, University of Auckland (@Mazkopolo)
Dave Lounsbury, The Open Group (@Technodad)
Jim Hietala, The Open Group (@jim_hietala)

To access the discussion, please follow the #ogChat hashtag during the allotted discussion time. Other hashtags we recommend you using include:

BYOD: #BYOD
Mobile: #mobile
Social Media: #socialmedia
Smartphone: #smartphone
iPhone: #iPhone
Apple: #Apple
Android: #Android (Twitter Account @Android)
Tablet: #tablet
iPad: #iPad
Security: #security
Big Data: #BigData
Privacy: #privacy
Open Group Conference, Barcelona: #ogBCN

and below is the list of the questions that will guide the hour-long discussion:

What are the quantifiable benefits of BYOD? What are the major risks of #BYOD, and do these risks outweigh the benefits? #ogChat
What are the current security issues with #BYOD, and how should organizations go about securing those devices? #ogChat
How can an organization manage corporate data on employee owned devices, while not interfering with data owned by an employee? #ogChat
How does #BYOD contribute to the creation or use of #BigData in the enterprise? What role does #BYOD play in #BigData strategy? #ogChat
What best practices can orgs implement to provide #BYOD flexibility and also maintain control and governance over corporate data? #ogChat
How will organizations embrace or reject #BYOD moving forward? Will they have a choice or will employees dictate use? #ogChat

For more information about the tweet jam topic (BYOD), guidelines and general background information on the event, please visit our previous blog post: http://blog.opengroup.org/2012/09/10/the-future-of-byod-tweet-jam/

Leave a Comment

Filed under Tweet Jam

Tagged as big data, Bring Your Own Device, BYOD, data security, Mobile, mobile device, ogChat, privacy, security, social media, Tweet Jam

by The Open Group Blog | September 10, 2012 · 8:54 AM

The Future of BYOD – Tweet Jam

By Patty Donovan, The Open Group

On Tuesday, September 18, The Open Group will host a special tweet jam to examine the topic of Bring-Your-Own-Device (BYOD) and current approaches to managing it.

With the number of mobile devices expected to exceed the number of people on earth by the end of this year, the concept of BYOD, has reached a fever pitch. There are several forces driving the BYOD phenomenon. Most notably, the Consumerization of IT has shifted hardware provisioning power away from IT departments to individual employees, who often now have better devices and software at home than they do at work. By using their own devices and software tools—whether superior or preferred—they can conceivably be more productive and save their employers money by not needing to invest in new hardware themselves.

Companies large and small are trying to figure out how to support the BYOD demands of workers without it becoming detrimental for their business. While the benefits of BYOD seem clear to many business decision makers – happier, more productive employees, lower hardware costs, etc. – the trend has created a new set of issues for IT and compliance professionals. These include managing the devices, dealing with a variety of platforms, software and applications, as well as the glut of Big Data that they create, and addressing issues surrounding device security and employee privacy/data ownership.

Please join us on Tuesday, September 18 at 9:00 a.m. PT/12:00 p.m. ET/5:00 p.m. BST for a tweet jam that will discuss current approaches to managing BYOD. We welcome Open Group members and interested participants from all backgrounds to join the session and interact with our panel of experts. To access the discussion, please follow the #ogChat hashtag during the allotted discussion time.

And for those of you who are unfamiliar with tweet jams, here is some background information:

What Is a Tweet Jam?

A tweet jam is a one hour “discussion” hosted on Twitter. The purpose of the tweet jam is to share knowledge and answer questions on a chosen topic. Each tweet jam is led by a moderator (Dana Gardner) and a dedicated group of experts to keep the discussion flowing. The public (or anyone using Twitter interested in the topic) is free (and encouraged!) to join the discussion.

Participation Guidance

Whether you’re a newbie or veteran Twitter user, here are a few tips to keep in mind:

Have your first #ogChat tweet be a self-introduction: name, affiliation, occupation.
Start all other tweets with the question number you’re responding to and the #ogChat hashtag.
- Sample: “Q4 BYOD poses a lot of interesting questions regarding data ownership, especially within the enterprise #ogChat”
Please refrain from product or service promotions. The goal of a tweet jam is to encourage an exchange of knowledge and stimulate discussion.
While this is a professional get-together, we don’t have to be stiff! Informality will not be an issue!
A tweet jam is akin to a public forum, panel discussion or Town Hall meeting – let’s be focused and thoughtful.

1 Comment

Filed under Tweet Jam

Tagged as Bring Your Own Device, BYOD, Mobile, Mobile Cloud, mobile device, security, Tweet Jam, Twitter

by The Open Group Blog | August 14, 2012 · 8:30 AM

Challenges to Building a Global Identity Ecosystem

By Jim Hietala and Ian Dobson, The Open Group

In our five identity videos from the Jericho Forum, a forum of The Open Group:

Video #1 explained the “Identity First Principles” – about people (or any entity) having a core identity and how we all operate with a number of personas.
Video #2 “Operating with Personas” explained how we use a digital core identifier to create digital personas –as many as we like – to mirror the way we use personas in our daily lives.
Video #3 described how “Trust and Privacy” interact to provide a trusted privacy-enhanced identity ecosystem.
Video #4 “Entities and Entitlement” explained why identity is not just about people – we must include all entities that we want to identify in our digital world, and how “entitlement” rules control access to resources.

In this fifth video – Building a Global Identity Ecosystem – we highlight what we need to change and develop to build a viable identity ecosystem.

The Internet is global, so any identity ecosystem similarly must be capable of being adopted and implemented globally.

This means that establishing a trust ecosystem is essential to widespread adoption of an identity ecosystem. To achieve this, an identity ecosystem must demonstrate its architecture is sufficiently robust to scale to handle the many billions of entities that people all over the world will want, not only to be able to assert their identities and attributes, but also to handle the identities they will also want for all their other types of entities.

It also means that we need to develop an open implementation reference model, so that anyone in the world can develop and implement interoperable identity ecosystem identifiers, personas, and supporting services.

In addition, the trust ecosystem for asserting identities and attributes must be robust, to allow entities to make assertions that relying parties can be confident to consume and therefore use to make risk-based decisions. Agile roots of trust are vital if the identity ecosystem is to have the necessary levels of trust in entities, personas and attributes.

Key to the trust in this whole identity ecosystem is being able to immutably (enduringly and changelessly) link an entity to a digital Core Identifier, so that we can place full trust in knowing that only the person (or other type of entity) holding that Core Identifier can be the person (or other type of entity) it was created from, and no-one or thing can impersonate it. This immutable binding must be created in a form that guarantees the binding and include the interfaces necessary to connect with the digital world. It should also be easy and cost-effective for all to use.

Of course, the cryptography and standards that this identity ecosystem depends on must be fully open, peer-reviewed and accepted, and freely available, so that all governments and interested parties can assure themselves, just as they can with AES encryption today, that it’s truly open and there are no barriers to implementation. The technologies needed around cryptography, one-way trusts, and zero-knowledge proofs, all exist today, and some of these are already implemented. They need to be gathered into a standard that will support the required model.

Adoption of an identity ecosystem requires a major mindset change in the thinking of relying parties – to receive, accept and use trusted identities and attributes from the identity ecosystem, rather than creating, collecting and verifying all this information for themselves. Being able to consume trusted identities and attributes will bring significant added value to relying parties, because the information will be up-to-date and from authoritative sources, all at significantly lower cost.

Now that you have followed these five Identity Key Concepts videos, we encourage you to use our Identity, Entitlement and Access (IdEA) commandments as the test to evaluate the effectiveness of all identity solutions – existing and proposed. The Open Group is also hosting an hour-long webinar that will preview all five videos and host an expert Q&A shortly afterward on Thursday, August 16.

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

1 Comment

Filed under Identity Management, Uncategorized

Tagged as cybersecurity, EA, EA framework, Enterprise architect, enterprise architecture, Enterprise Transformation, id management, Identity, Identity Management, information security, information technology, Jericho Forum, Jim Hietala, The Open Group

by The Open Group Blog | August 13, 2012 · 12:31 PM

WEBINAR: The Jericho Forum Presents Identity Key Concepts

By Ian Dobson, The Open Group

On Thursday, August 16 at 8:00 a.m. PT/ 4:00 p.m. BST/5:00 p.m. CET, identity management experts will host a webinar to discuss the key concepts in identity management today.

The Jericho Forum recently published a video series that looked at the topics of “Identity First Principles,” “Operating with Personas,” “Trust and Privacy” and Entities and Entitlement. The fifth and final video will be released on Tuesday, August 14 and will examine the global identity ecosystem and the key challenges that need to be solved in order to realize it.

During the hour-long webinar, the panel will preview these five short videos, which explain in cartoon-style why “identity” is important to everyone – eBusiness managers, eCommerce operations and individual eConsumers – and how to safeguard our ability to control and manage our own identity and privacy in cyberspace. Then, a panel Q&A will discuss the need as to why every online user needs an identity ecosystem that satisfies our Jericho Forum Identity Commandments. The webinar will also coincide with the second day of the inaugural NSTIC Identity Ecosystem Steering Group meeting in Chicago on August 15-16, in which The Open Group will be a strongly supportive participant.

The webinar panel is made up of the following members and advocates of the Jericho Forum:

Guy Bunker, Jericho Forum Steering Committee member
Ian Dobson, The Open Group
Jim Hietala, The Open Group
Dazza Greenwood, MIT Media Labs
Paul Simmonds, Jericho Forum founding member
Andrew Yeomans, Jericho Forum founding member

To register for the webinar please visit: https://opengroupevents.webex.com/ec0606l/eventcenter/enroll/join.do?confViewID=1002904418&theAction=detail&confId=1002904418&path=program_detail&siteurl=opengroupevents

Here are some additional resources on the topic of identity management that were developed around The Open Group conference in Washington, D.C.:

2 Comments

Filed under Identity Management

Tagged as cybersecurity, id management, Identity Management, security, The Open Group, webinar

by The Open Group Blog | August 7, 2012 · 12:30 AM

Entities and Entitlement – The Bigger Picture of Identity Management

By Jim Hietala and Ian Dobson, The Open Group

In the first of these five identity videos from the Jericho Forum, a forum of The Open Group, we explained the “Identity First Principles” – about people (or any entity) having a core identity, and how we all operate with a number of personas. In the second “Operating with Personas” video, we explained how we use a digital core identifier to create digital personas –as many as we like – to mirror the way we use personas in our daily lives. And in the third video we described how “Trust and Privacy” interact to provide a trusted privacy-enhanced identity ecosystem.

In this fourth “Entities and Entitlement” video, we explain the bigger picture – why identity is not just about people. It’s about all things – we call them “entities” – that we want to identify in our digital world. Also, an identity ecosystem doesn’t stop at just “identity,” but additionally involves “entitlement” to access resources.

In our identity ecosystem, we define five types of “entity” that require digital identity: people, devices, organizations, code and agents. For example, a laptop is a device that needs identity. Potentially this device is a company-owned laptop and, therefore, will have a “corporate laptop” persona involving an organization identity. The laptop is running code (we include data in this term), and this code needs to be trusted, therefore, necessitating both identity and attributes. Finally there are agents – someone or something you give authority to act on your behalf. For example, you may give your personal assistant the authority to use specified attributes of your business credit card and frequent flyer personas to book your travel, but your assistant would use their identity.

Identity needs to encompass all these entities to ensure a trusted transaction chain.

All entities having their identity defined using interoperable identifiers allows for rich risk-based decisions to be made. This is “entitlement” – a set of rules, defined by the resource owner, for managing access to a resource (asset, service, or entity) and for what purpose. The level of access is conditioned not only by your identity but is also likely to be constrained by a number of further security considerations. For example your company policy, your location (i.e., are you inside your secure corporate environment, connected via a hotspot or from an Internet café, etc.) or time of day.

In the final (fifth) video, which will be released next Tuesday, August 14, we will examine how this all fits together into a global Identity ecosystem and the key challenges that need to be solved in order to realize it.

1 Comment

Filed under Identity Management

Tagged as Entitlement & Access commandments, Ian Dobson, IdEA, Identity, identity ecosystem, Identity Key Concepts videos, Identity Management, Jericho Forum, Jim Hietala, The Open Group

by The Open Group Blog | July 31, 2012 · 9:11 AM

Trust and Privacy – In an Identity Management Ecosystem

By Jim Hietala and Ian Dobson, The Open Group

In the first of these five identity videos from the Jericho Forum, a forum of The Open Group, we explained the “Identity First Principles” – about people (or any entity) having a core identity, and how we all operate with a number of personas. In the second “Operating with Personas” video, we explained how creating a digital core identifier from your (real-world) core identity must involve a trusted process that is immutable (i.e. enduring and unchangeable), and how we can create digital personas –as many as we like – to mirror the way we use personas in our daily lives.

This third video explains how trust and privacy interact to provide a trusted privacy-enhanced identity ecosystem:

Each persona requires only the personal information (attributes) it needs it assert what a relying party needs to know, and no more. For example, your “eGovernment citizen” persona would link your core identifier to your national government confirmation that you are a citizen, so if this persona is hacked, then only the attribute information of you being a citizen would be exposed and nothing else. No other attributes about you would be revealed, thereby protecting all your other identity information and your privacy.

This is a fundamental difference to having an identity provider that maintains a super-store containing all your attributes, which would all be exposed if it was successfully hacked, or possibly mis-used under some future change-of-use marketing or government regulatory power. Remember, too, that once you give someone else, including identity providers, personal information, then you‘ve given up your control over how well it’s maintained/updated and used in the future.

If a relying party needs a higher level of trust before accepting that the digital you is really you, then you can create a new persona with additional attributes that will provide the required level of trust, or you can supply several of your personas (e.g., your address persona, your credit card persona and your online purchasing account persona), which together provide the relying party with the level of trust they need. A good example of this is buying a high-value item to be delivered to your door. Again, you only have to reveal information about you that the relying party requires. This minimizes the exposure of your identity attributes and anyone’s ability to aggregate identity information about you.

In the next (fourth) video, which will be released next Tuesday, August 7, we will look at the bigger picture to understand why the identity ecosystem needs to be about more than just people.

Leave a Comment

Filed under Identity Management

Tagged as Entitlement & Access commandments, Ian Dobson, IdEA, Identity, Identity Key Concepts videos, Identity Management, Jericho Forum, Jim Hietala, The Open Group

by The Open Group Blog | July 24, 2012 · 12:30 AM

Real-world and Online Personas – From an Identity Management Perspective

By Jim Hietala and Ian Dobson, The Open Group

In the first of the five identity videos from the Jericho Forum, a forum of The Open Group, we explained the “Identity First Principles” – about people (or any entity) having a core identity, and how we all operate with a number of personas that should be under our control using the principle of primacy, i.e., giving you the ability to control the information about your own identity. You may, of course, decide to pass that control on to some other identity management party.

In this second “Operating with Personas” video, we explain how creating a digital core identifier from your (real-world) core identity must involve a trusted process that is immutable, enduring and unchangeable.

We then describe how we need to create digital personas to mirror the way we use personas in our daily lives – at work, at home, handling our bank accounts, with the tax authority, at the golf club, etc. We can create as many digital personas for ourselves as we wish and can also create new personas from existing ones. We explain the importance of the resulting identity tree, which only works one-way; to protect privacy, we can never go back up the tree to find out about other personas created from the core identifier, especially not the real-world core identity itself. Have a look for yourself:

As you can see, the trust that a relying party has in a persona is a combination of the trust in its derivation from an immutable and secret core identifier – its binding to a trusted organizational identifier, and its attribute information provided by the relevant trusted attribute provider.

In the next (third) video, which will be released next Tuesday, July 31, we will see how trust and persona interact to provide a privacy-enhanced identity ecosystem.

Leave a Comment

Filed under Identity Management

Tagged as Entitlement & Access commandments, Ian Dobson, IdEA, Identity, Identity Key Concepts videos, Identity Management, Jericho Forum, Jim Hietala, The Open Group

by The Open Group Blog | July 18, 2012 · 1:52 PM

Understanding the Importance of Identity

By Jim Hietala and Ian Dobson, The Open Group

In May 2011, the Jericho Forum, a forum of The Open Group, published its Identity, Entitlement & Access (IdEA) commandments, which specified 14 design principles that are essential for identity management solutions to assure globally interoperable trusted identities in cyberspace. These IdEA commandments are aimed at IT architects and designers of both Identity Management and Access Management systems, but the importance of “identity” extends to everyone – eBusiness managers, eCommerce operations, and individual eConsumers. In order to safeguard our ability to control and manage our own identity and privacy in online activities, we need every online user to support creating an Identity Ecosystem that satisfies these IdEA commandments.

We’re proud to announce that the Jericho Forum has created a series of five “Identity Key Concepts” videos to explain the key concepts that we should all understand on the topics of identity, entitlement, and access management in cartoon-style plain language.

The first installment in the series, Identity First Principles, available here and below, starts the discussion of how we identify ourselves. The video describes some fundamental concepts in identity, including core identity, identity attributes, personas, root identity, trust, attribute aggregation and primacy. These can be complex concepts for non-identity experts However, the cartoons describe the concepts in an approachable and easy-to-understand manner.

The remaining videos in the series cover the following concepts:

Video 2 – Operating with Personas
Video 3 – Trust and Privacy
Video 4 – The Bigger Picture, Entities and Entitlements
Video 5 – Building a Global Ecosystem

These identity cartoon videos will be published on successive Tuesdays over the next five weeks, so be sure to come back next Tuesday!

1 Comment

Filed under Identity Management

Tagged as Entitlement & Access commandments, IdEA, Identity, Identity Key Concepts videos, Identity Management, Jericho Forum, The Open Group

Category Archives: Tweet Jam

#ogChat Summary – Business Architecture

Questions for the Upcoming Business Architecture Tweet Jam – March 19

Protecting Data is Good. Protecting Information Generated from Big Data is Priceless

Questions for the Upcoming Big Data Security Tweet Jam on Jan. 22

Big Data Security Tweet Jam

Questions for the Upcoming 2013 Security Priorities Tweet Jam – Dec. 11

Key Concepts Underpinning Identity Management

#ogChat Summary – The Future of BYOD

The Future of BYOD – Tweet Jam

Challenges to Building a Global Identity Ecosystem

WEBINAR: The Jericho Forum Presents Identity Key Concepts

Entities and Entitlement – The Bigger Picture of Identity Management

Trust and Privacy – In an Identity Management Ecosystem

Real-world and Online Personas – From an Identity Management Perspective

Understanding the Importance of Identity

Subscribe

Tweet Tweet!

Blogroll

Visit us on LinkedIn!

Tag Cloud

Archived posts

Follow “The Open Group Blog”

Category Archives: Tweet Jam

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Share this post:

Like this:

Subscribe

Blogroll

Visit us on LinkedIn!

Tag Cloud

Archived posts

Follow “The Open Group Blog”