2018 01 smart city symposium - db
•Als PPTX, PDF herunterladen•
1 gefällt mir•530 views
How do trends around experience impact the way software can be used to extract value from smart city infrastructures? What are the security implications and what should you do?
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Ähnlich wie 2018 01 smart city symposium - db
Ähnlich wie 2018 01 smart city symposium - db (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
2018 01 smart city symposium - db
- 1. Going Native Citizens, Smart Cities, & Security January 2018 David Bressler, VP Industry Solutions, API Management @ CA Technologies http://davidbressler.com Smart City value will be realized through software. More software means more value, but also more complexity. Learn how to frame this complexity in order to prevent security from becoming a barrier to citizen engagement.
- 3. This person. This moment. This job.
- 4. The generic play: modernize your application architecture 4
- 5. 5
- 6. 6
- 7. Process Data Event More than data is necessary to create an experience 7 Persona Moment Job
- 10. The Challenge to Secure Smart City Applications: How do I create: • A native security experience that is convenient, frictionless, and makes it fast to add to new security modalities to apps? • Secure enough to meet audits & compliance requirements? • Provides “developer velocity”: maximum value without high costs to develop, operate, or support? Velocity Convenience Security
- 11. Decouple Security from the app silo Take as much authentication, data governance, or security architecture decisions out of the application silo. The developers in that silo may not have anything to do with you.
- 12. 12
- 13. 13
- 14. Benefits and Outcomes: 14 Native security experiences, as they evolve Our voice will authenticate us, when it does, it should be as seamless as FaceID was for TouchID developers Many security use cases ”out of the box” Two factor. Token passing. Others. We’ve seen how two-factor has evolved to bypass SMS weakness; how many still haven’t figured it out? Governed in the platform, not the silo How do we use context and identity to reduce risk? Security officers should decide, implement, and govern. App developers? Let them write apps. Faster/Cheaper to develop Not every developer needs to be a security expert; not every project needs a security implementation timeline. Increased security / identity sophistication because not building on the legacy of desktop security My bank app still “times me out after inactivity” in their mobile app, like I’m in a browser session! How many companies still require regularly changed passwords? If that’s so important, why doesn’t Google/Apple?
- 15. Can our Smart Cities be Healthier Cities? If 20 minutes of exercise, 3x per week improves health outcomes, could I lower insurance rates for people willing to share their smart-bike activity? 15bit.ly/HealthyCiti
- 16. In China people who follow the rules have better credit scores: 16
- 17. VP, Industry Solutions david.Bressler@ca.com David Bressler @djbressler http://davidbressler.com http://linkedin.com/in/djbressler Thank You.
Hinweis der Redaktion
- For most, this is part of the EHR… but modern application design takes a feature of a bigger system and makes it more relevant. In this case, knowing that not everyone is a doctor and may not even know what medications tney take… they do know the shape/color of their pills, so this is designed around those people (that persona!). For anyone that’s booked travel on a corporate travel reservation system or done the resulting expense report – I’m neither travel agent nor accountant. It’s only recently that applications have become easier without deep knowledge of the space. As a user, I struggle with this very problem (with pills). And there are so many who’d benefit, yet it can’t get done? Why? Let’s look at a simpler example… [next]
- This struck me as a great concept. It tells you something useful, makes it actionable, and presents relevant information to make the decision it wants you to do. This is a demonstration of the value we get from breaking down silos – there’s a weather app, a schedule/calendar app, and a health app… like a mash-up, only you can imagine needing many of these apps, native is critical, and you can imagine real use cases requiring identity/security. Idea that this is probably a good example of a non-native app is OK, but… what about Apple Watch notifications (or gathering data)? What about actions… I could schedule that run right from my watch, and just move on. Might I want to share this information with my insurance company to lower my rates? Or capture information to improve city traffic management / parks / congestion? I get the sense that presented with this concept, people would say “yeah we could do that…” but then it’s never prioritized because it’s just a “UI” problem. The ”hard part” is already done – gathering the information and making it available.
- These are informed by Persona, Journey, and Job to come up with an application (and there can be as many as you can deliver, so lots of opportunities as things get connected in smart cities, there’s going to be so much data and so much access to things at the periphery, so technology/software can reach beyond the boundaries of the screen with human input)
- Why is native such a hard idea for big companies to get their heads around? Browsers have trained them in “write once, run everywhere”. And that worked when the computing stack was a PC, and the interaction model was fixed. Now, there are an order of magnitude more devices, and that’s enough for multiple “operating systems to ‘win’”. And, technology is fragmenting as a result. Apple’s AR will not be compatible or evolve at the same cadence as Google’s. What to do? Can talk about voice, and how that will impact things. Is the watch the same as a tablet? What about event-driven applciations (notifications) rather than traditional UI-based applications? Let me say this another way. Snapchat cold not exist on a desktop computer, it just wouldn’t make sense. What other opportunities are we missing because we keep thinking with a desktop mindset… extend that… what are we missing on the watch if we keep thinking it’s an accessory to the phone? Tablet? TV? Whatever’s next?
- Thoughts… On point #3 – can use story of planning a dive and not incorporating risk at every step of the plan, just at the end. For people who didn’t plan that way, they’d look at what I did as impossible. On point #5 – can use story of doctors who used to have x-ray or radiology in house, but specialized places see more, have better experience, and can make investment better than an individual doctor.
- Ask, so is this a citibike app, a cigna app, or a NY app? Who develops it? Who benefits? We need to create a platform for permissionless innovation, and we can’t do that without the right data governance and security. The security technology is there today, it’s just unevenly implemented. Make it easier to do security well by building capabilities into the platform so developers don’t have to do it in the silo, defining repeatable security use cases so that we can deliver the security experience to match the risk, and managing risk actively in the flow of app traffic (what are they trying to do, what is and where is the risk, and should we let them do it).
- If you think my citibike idea is way out there… hello, it’s already happening (granted, in China where we definitely don’t see eye-to-eye on personal data privacy rights… but that’s just an implementation issue).