the future of interaction & its security challenges
DESCRIPTION
Abstract: The past decade has seen the exponential rise of online social media usage. Applications have moved from being client-server to collaborative in nature. The next decade will be witness to a tremendous integration of cyber space with physical systems. While these interaction paradigms open up tremendous possibilities they also open up certain risks. This talk will look at the evolving interaction paradigms and their security challenges. Short Bio: Dr. Sundeep Oberoi is the Global Head for Niche Technology Delivery Group in TCS. The role of the group is to provide delivery in specialized technology like IT Security, RFID sensors and NFC, Web 2.0 technologies, User experience, Collaboration and Unified Communication, Cloud Computing and Next Generation Networks. He also heads the TCS Certifying Authority, which is India's largest issuer of legally valid Digital Certificates. Dr Sundeep Oberoi has authored a book "E-Security and You" explaining the IT Act, 2000 and several other books, conference and journal publications. He holds a PhD in Computer Science from IIT Bombay, an MTech in Computer Science from IIT Delhi and a BTech in Chemical Engineering from IIT Kanpur.TRANSCRIPT
The Future of Interaction & its Security Challenges
Dr. Sundeep Oberoi Talked Delivered at CERC@IIIT-D 25th March 2014
April 2, 14
Evolving Communication Paradigms
1980s Fax Machine
2000 Email
2010 Activity Streams
1960s Telephone
• Always On • Location aware • Real-time • Collaborative
- 2 -
April 2, 14
Interaction Paradigms of the Future
• The “Work Finds the Worker” paradigm
• The “Bits Meet Atoms” paradigm
3
April 2, 14
“WORK FINDS THE WORKER”
4
April 2, 14
Next Generation Operations
- 5 -
The Next Generation Workspace
April 2, 14
Applications are Collaborative
Conferencing
Presence and Messaging
Voice
Unified Communica5on
Collabora5on
Consumer Web Applica5ons
Mobility
Communica5on Enabled Processes
April 2, 14
The Enterprise is Deperimeterised!
Virtualiza5on
Cloud
Conferencing
Presence and Messaging
Voice
Unified Communica5on Collabora5on
Consumer Web Applica5ons
Mobility
Communica5on Enabled Processes
Leveraging IP network for communica5on
Enterprise Applica5ons
- 7 -
April 2, 14
Work Finds the Worker
Log-in
Retrieves
ERP
CRM
Workflow
Collaboration
Work Lists
Unified Communication Fabric
Work List Router
Unified Communication Fabric
Collaborative Mesh apps
Integrated Messaging
Voice Enablement Services
Multi-modal Conferencing
Pull
Push
April 2, 14
“BITS MEET ATOMS”
9
April 2, 14
Internet
Mobile Internet
Internet of Things
Smart Grid
Integrated Vehicle Management
Track and Trace
Browser Apps
Enablement of Enterprise Apps to Integrate with
“Things”
• Billions of devices & sensors coming online • Real world entities being controlled and managed over the wire
The Cyber Physical Continuum
April 2, 14
THE SECURITY CHALLENGES
11
April 2, 14
Data Protection – Challenges
Insiders & business partners are responsible
for 43% of security breaches
- 12 -
April 2, 14
Identity is the new perimeter
• Identity Management – Interoperable identities – Strong authentication – Authentication of devices – Authentication of data
• Authentication to mobile devices • The mobile device as an authenticator • National Identities • The role of biometrics • The role of Digital Signatures
13
April 2, 14 14
Application Security Challenges
Next Gen App Characteristics
• Agility to respond to business changes
• Alignment with Business Landscape
• Increased consumption by addressing user expectation
• Enhanced offline operational capability
• Architectural Flexibility • Enhanced user control on
Application Life cycle
Enhanced Security Need
• High Vulnerabilities reported in Web technologies increasing the risk
• Sheer size and rate of change requires continuous monitoring of application changes and Security ingrained in Application Delivery cycle
Technology Landscape
• Standard Web technologies in Dominant mode
• Enterprise Extensions , Mashups, Unified Communication using these technologies at the backend through host of emerging technologies and custom built Integration layers
• Focus on delivering the functionality rather on Patching Security Vulnerabilities
April 2, 14
Accountability – The Grand Challenge
People and organizations should not have to give up the benefits of using information appropriately in powerful networked systems in order to avoid the harms that result when the same information is used inappropriately. - Joan Feigenbaum
For too long, our approach to information protection policy has been to seek ways to prevent information from escaping beyond appropriate boundaries, then wring our hands when it inevitably does. - “Information Accountability“ by Weitzner, Abelson, Berners-Lee, Feigenbaum, Hendler, and
Sussman
When information has been used, it should to possible to determine what happened, and to pinpoint use that is inappropriate. - Daniel J. Weitzner
Transaction Speed
Wide Geographic
Spread
Ease of Information
Flow
Identification and
Authentication
Ease of Tampering of
Electronic Records
Limited Capture of
Actions
Associating the Physical Persona to the
Electronic Persona
Data Integrity Mechanisms
Allowing only authorised actions, and associating the
Electronic Persona with all important actions
Manageability
Even narrow windows
exploitable
Data Protection
Thank You