The Internet of Things, big data and the cloud: implications for privacy and trust

The Internet of Things,

big data and the cloud:

implications for privacy

and trust

Russell Craig

National Technology Officer, Microsoft NZ

[email protected]

What are we going to talk about?

•

What is the Internet of Things?

•

What is big data?

•

How do they relate to the cloud?

•

Privacy Issues – what should we care about/why should we care?

•

Enabling trust – the role of the industry

“Connected world solutions

combine sensors and

technologies to enable

objects and infrastructure to

interact with monitoring,

analytics and control systems

over Internet-style networks.”

Source: Forrester

Things

Connectivity

Data

Analytics

Hardware

1970 1980 1990 2000 2010 10,000,000,000 1,000,000,000 100,000,000 10,000,000 1,000,000 100,000 10,000 1,000 Transistors

Moore’s Law

Metcalf‘s Law

Koomey’s Law

1.E+14 1.E+12 1.E+10 1.E+08 1.E+06 1.E+04 1.E+02 1.E+00 Computations per KWh 1940 1975 2010

The energy needed for a fixed

computing load falls by a

factor of 100 every decade.

Value of a telecommunications network is

proportional to the square of the number of

connected users of the system (n2).

Over the history of computing hardware, the

number of transistors in a dense integrated

circuit has doubled approx. every two years.

intelligence

will become ambient

intelligence

from machine learning

What Microsoft Says

9

You have things…

Infrastructure

Things CitizenThings TransportationThings

that you get data

from and store…

Cloud Storage

that you derive

insights from…

HDInsight Power BI

that allows you to

do…

Predictive Maintenance

Command and Control

Decrease costs through asset

monitoring

Increase revenue through service

improvement

Create additional revenue

streams by monetizing new

opportunities

Make IoT real in your business

Reach new customers

and markets

Improve

customer service

and loyalty

Remote

monitoring and

management

Enable innovation

Transform your business

Improve efficiency

Create the Internet of Your Things

www.InternetofYourThings.com

CHALLENGE

Fujitsu is the world’s fourth-largest IT services provider with approximately 162,000 employees in more than 100 countries and holds about 97,000

patents worldwide. Fujitsu wanted to help dairy farmers increase production, improve data insights

and transform their businessby optimizing the timing of artificial insemination (AI). It also wanted to

decrease lossthrough early detection of health issues.

o Improves calf production up to 31%, with an

average of 12%

o Modernizes data access with mobilephone

alerts, reducing labor costs for monitoring cows

o Transformsherd management by allowing

farmers to increase chances of producing a male or female calf

o Reduces loss by detecting 8-10 different kinds

of diseases in cattle

BENEFITS

SOLUTION

Fujitsu learned from public research that a cow produces more estrus (goes into heat) 16 hours after the number of steps increases significantly. The

company created an innovative solution which uses a rugged pedometer with a five-year battery to

measure the number of footsteps a cow takes, then sends that data to the cloud for analysis to determine optimum AI timing and even affect calf gender. In addition, the patterns of steps can detect disease in cattle. Alerts are delivered to the farmer’s cell phone.

FUJITSU

The connected cow: Using IoT

The Internet of Things – Healthcare

HOSPITAL

PATIENT HOME OUTPATIENT FACILITY

Connect patient data to contextual data, so the latest patient data automatically displays on care provider devices based on their location and role.

Transform the vehicle into a smart environment that monitors health indicators. Monitor patient conditions with in-home medical devices that alert care team staff when a health event occurs.

Make authorized patient data accessible from a unified point, enabling a holistic view of the patient’s journey so providers can optimize each care interaction.

Integrate data from existing and

non-traditional sources to drive Big Data analytics, enabling care process innovation and healthcare transformation. HEALTHCARE ECOSYSTEM

Combine data from various sources to uncover insights that enable an enhanced patient journey, improved operational efficiency, and better risk management.

Make patient data visible and actionable in near real-time, enabling improved outcomes through data-driven decision making, better coordination and error reduction.

PHARMACY GOVERNMENT RESEARCH INSURANCE COMPANIES DEMOGRAPHICS WEATHER RETAIL

Enable an interactive experience between patients and collaborative care teams, and reduce response times by providing remote access to the latest patient data.

Compute

Data

_Storage

Microsoft Azure

Network

Services

App

Services

Cloud is fundamental enabler of IoT and big data

Global Physical

Infrastructure

Stores over 50 trillion objects

Handles on average 127,000 requests/second

Peak of 880,000 requests/second

> 2 billion active directory transactions/day

Devices

Device Connectivity

Storage

Analytics

Presentation & Action

Event Hubs

SQL Database

Machine

_Learning

App Service

Service Bus

Table/Blob

_Storage

Stream

_Analytics

Power BI

External Data

Sources

DocumentDB

HDInsight

Notification

Hubs

External Data

Sources

Data Factory

Mobile Services

BizTalk Services

Azure Intelligent Systems Service

Vehicle Tracking Device Cameras Power Meter Load Meter Smoke Fire Alarms Humidity Sensor Flow Meter Occupancy Sensor Temperature Sensor INTELLIGENT DEVICES _{Machine Controller}

Vehicle Tracking Smart Grid General Equipment Retail Kiosk Fire Detection Healthcare Smart Building Automation Digital Advertising Smart Home Automation

Monitoring

Data collection and alerts Asset tracking & Geo-fencing Preventive maintenance Usage based billing

Remote Access

Securely log into remote devices and products to diagnose issues

Remote servicing - diagnose, and repair problems

Content Distribution

Automate software deployment to assets

Distribute files to devices. Content includes asset-specific files, doc, ads

Microsoft Azure Intelligent Systems Service(s)

Configuration Management

Store and access asset configurations Compliance Management

Telematics

M2M Gateway

NETWORK

[email protected]

Automotive Retail Industrial Healthcare Security & Surveillance Energy Smart Home Smart Cities

Switching focus: data and analytics

•

Gartner identifies “Big Data” and

extreme information processing

and management, in-memory

database management systems

and quantum computing as

transformational with adoption

between 2 and 5 years

•

This would also enable enterprises

to leverage Predictive Analytics

which has already seen greater

mainstream adoption combined

with cloud computing as

transformational in broadening

the options in developing and

sourcing IT

Humans as data sources

Per person per day (in “golden billion”)

•

50-200 e-mails

•

10-50 voice calls

•

1-100 SMS and twits

•

0.1 blog posts

•

1-20 financial transactions

•

3-30 search requests

•

10-30 articles, read on the

Internet

•

10 audio records

•

30-90 minutes of

TV/Video

•

20-200 appearances in

video monitoring cameras

•

1-100 geospatial “notches”

•

20-200 RFID checks

And at least 4.5 billion of people have at least phones (mostly

wireless)

What should we care about?

1. Get the rules of the game right.

2. Create value by doing.

3. Establish the foundations: value,

inclusion trust and control.

“Our vision: New Zealand is a world leader in the

trusted, inclusive and protected use of shared data to

deliver a prosperous society”

Big = big opportunity

For governments:

•

Budget savings

•

Transparency and responsibility

•

Real insight into society

Big data = big opportunity

For people:

•

Self organization

•

Better experiences

•

Intelligent environment

•

Introspection

Big data = big opportunity

For business:

•

Converting products to services

•

Expanded value chains

•

New business models

•

Educated targeting

F r o m P r o d u c t t o S e r v i c e

V = V

₀

+ A∙N + B∙N

2

Value for

customer Imminent value Volume value Network value

On Premise Off Premise Big Data & BI Clients Employees Partners Mobility & Connectivity Value Socialization of Business http://www.businesslogicsystems.com/Data%20Management

Big data = big opportunity

For IT industry

•

Next chance to change the world

•

Step towards internet of everything

•

Completely new markets

Big challenge

For people

•

New lack of privacy

•

Automated justice

•

Need to understand

•

Risks of:

•

Re-identification

•

Re-personalization

•

Undesirable profiling

•

False aggregation

•

Incorrect inferences

•

Unwanted targeting

•

Etc.

Joseph Goebbels

Big challenge

For business

•

Hard to comply

•

Easy to violate

•

Unexpected backfire

•

Need to defend sources

Target Predicts Pregnancy with Big Data

http://smallbusiness.yahoo.com/advisor/target-predicts-pregnancy-big-data-104057627.html

Why Netflix's Facebook app would be illegal

By Julianne Pepitone @CNNMoneyTech March 27 VPPA arose from strange circumstances surrounding the failed Supreme Court nomination of Robert Bork. While Bork's nomination hearings were taking place in 1987, a freelance writer for the Washington City Paper talked a video store clerk into giving him Bork's rental history.

Google facing legal threat from six

European countries over privacy

Big challenge

For government

•

It is hard to be

transparent

•

It is easy to overuse

•

Hard to defend

sources

George Orwell, 1984

http://online.wsj.com/article/SB10001424052970203391104577124540544 822220.html?mod=googlenews_wsj http://www.wikileaks.org/ http://www.washingtonpost.com/ investigations/us-intelligence- mining-data-from-nine-us- internet-companies-in-broad- secret- program/2013/06/06/3a0c0da8- cebf-11e2-8845-d970ccb04497_story.html

Big challenge

For IT industry

•

Needs new hardware and software

architecture to address scale

•

Needs to know how to protect customers

•

Needs to address extremely complicated

usage scenarios

Pro

Con

People:

collective knowledge

Business:

from disordered offerings

to quality of life service

Government:

know and address

real needs of citizens

IT industry:

change the world (again?)

People:

final lack of privacy

Business:

disruptive scenarios

Government:

chance to miss everything

loss of trust

IT industry:

new approaches to hw and sw

architecture, addressing new

challenges

Long term

Q: where do societies need to focus?

A: computational ethics and Big Data

•

Benefiting from opportunities and mitigating risks assumes careful handling of

digital assets of high business and personal value, both in known scenarios and in

completely new situations

•

To proceed successfully one should follow some sort of fundamental principles –

clear and consistent

“Ethics, also known as moral philosophy, is a branch of philosophy that involves

systematizing, defending and recommending concepts of right and wrong conduct.”

http://www.iep.utm.edu/ethics/

Big Data and traditional ethics

•

Let’s take concepts from traditional ethics and examine how they should

apply to the digital world, and how they evolve under influence of Big

Data capabilities

•

Four elements of Big Data Ethics: Identity, Privacy, Ownership, Reputation

•

Big Data is ethically neutral

•

Personal data – not some specific data, but any data generated in the

course of a person’s activities

•

Privacy interests, not always ultimate rights

•

A responsible organization is an organization that is concerned both with

handling data in a way that aligns with its values and with being perceived

by others to handle data in such a manner.

Kord Davis; Ethics of Big Data

-Balancing Risk and Innovation.

Big-Data ethics: Privacy

•

Privacy is the ability of an individual or group to seclude themselves or

information about themselves and thereby

reveal themselves selectively

(wikipedia).

•

In 1993, the New Yorker published a cartoon whose caption read: “

On

the Internet, nobody knows you’re a dog”

At the time, this was

funny because it was true. Today, in the age of big data, it is not only

possible to know that you’re a dog, but also what breed you are, your

favorite snacks, your lineage, and whether you’ve ever won any awards

at a dog show.

•

There are two issues. First, does privacy mean the same thing in both

online and offline in the real world? Second, should individuals have a

legitimate ability to control data about themselves, and to what degree?

Benefits of ethics inquiry

•

Faster consumer adoption by

reducing fear of the unknown

(how

are you using my data?)

•

Reduction of friction from legislation from a

more thorough

understanding

of constrains and requirements

•

Increased pace of innovation and collaboration derived from a

sense of purpose generated by

explicitly shared values

•

Reduced risk of unintended consequences

from an overt

consideration of long-term, far-reaching implications of the use of

big-data technologies

Shorter term: focus on enabling trust

Where do we start?

-

understand the domain & who is responsible for what.

What should we expect of the cloud industry?

-

industry is an enabler

- all clouds are not equal

- public should expect a lot

Microsoft’s approach to

trust: building security,

privacy, transparency and

compliance into the

Cloud is becoming integral to business transformation

The secure pathway to innovation

39

Reshape how you engage with customers

Start with a trusted &

resilient foundation

Enable more productive work

Leverage economies of

scale and expertise

Drive new and more rapid

sources of innovation

Use the cloud to drive

business strategy

Cybersecurity concerns persist

Global attacks are increasing and costs are rising

40

Cybercrime extracts between 15% and 20% of the

value created by the Internet.

Total financial losses attributed to security

compromises increased 34% in 2014.

In the UK, 81% of large corporations and 60% of small

businesses reported a cyberbreach in the past year.

Impact of cyber attacks could be as much as $3 trillion

in lost productivity and growth.

But cloud momentum continues to accelerate

“If you’re resisting the

cloud because of security

concerns,

you’re running

out of excuses.”

“The question is no longer:

‘How do I move to the

cloud?’ Instead, it’s ‘Now

that I’m in the cloud, how

do I make sure I’ve

optimized my investment

and risk exposure?’”

“By 2020 clouds will stop

being referred to as ‘public’

and ‘private’. It will simply

be the way business is

done and IT is provisioned.”

1.2 billion

worldwide users2

300+ million

users per month5

48 million

members in 57 countries4

57%

of Fortune 5004

10,000 new subscribers per week2

3.5 million

5.5+ billion

450+ million

unique users each month6

The Microsoft Trusted Cloud

200+

cloud services,

1+

million servers,

$15B+

infrastructure

investment

1 billion

customers,

20 million

businesses,

90 countries

worldwide

1

Microsoft cloud – a trusted foundation

Privacy and

Control

Security

Transparency

Compliance

Azure Security

Microsoft delivers enterprise cloud services

customers can trust

•

Industry-leading best practices in the design and management

of online services

•

Enhanced security, operational management, and threat

mitigation practices

•

Trustworthy enterprise cloud services

•

Centers of excellence

Infrastructure protection

Azure infrastructure includes hardware, software, networks, administrative and

operations staff, policies and procedures, and the physical data centers that house it all

24 hour monitored

PHYSICAL SECURITY

Centralized

MONITORING AND

ALERTS

Anti-Virus/Anti-Malware

PROTECTION

Red Teaming

PENETRATION

TESTING

FIREWALLS

Update

MANAGEMENT

Network isolation: Blocks

unauthorized users from the

network using a distributed

virtual firewall

Virtual networks:

Customers can connect one

or more cloud services using

private IP addresses.

VPN and ExpressRoute:

Site-to-site and point-to-site

VPNs help enable secure

connections.

Encrypted

communications:

E

ncryption within and

between deployments, and

from Azure to on-premises

datacenters with TLS and

Perfect Forward Secrecy.

Network protection

Azure networking provides the infrastructure necessary to securely connect VMs

to one another and to connect on-premises data centers with Azure VMs.

Identity & access control

Azure enables customers to better control access in a multi-tenant environment

Azure Active Directory (AD)

offers enterprise identity and

access management in the

cloud.

Enterprise cloud directory

Security reports monitor

access patterns that help

identify potential threats.

Access monitoring and

logging

Strong authentication adds an

extra layer of security for user

logins.

Multi-Factor

Authentication (MFA)

Users get a single sign-on option across

multiple applications and services.

Single sign-on

Developers can integrate their app with Azure

AD for single sign-on functionality for their

users.

Integration with customer applications

Privacy

Azure Privacy & Control

Microsoft makes our commitment to the privacy of

our customers a priority with independently audited

policies and practices that include restricting the

mining of Customer Data for advertising or similar

commercial purposes.

Privacy

Trustworthy foundation

Microsoft privacy principles are designed to facilitate the responsible use

of customer data, be transparent about practices, and offer meaningful

privacy choices.

Privacy by

Design

Guidelines that help ensure privacy is applied in the

development and deployment of products and services.

Microsoft

Privacy Standard

Azure uses logical isolation to segregate

each customer’s data from that

of others.

Data segregation

ISO/IEC 27018

Prevents use of customer data for

purposes unrelated to providing the

cloud service.

Prohibits use of customer data for

advertising and marketing purposes

without customer’s express consent.

Microsoft is the first

major cloud provider

to adopt the first

international code of

practice for governing

the processing of

personal information

by cloud service

providers.

Contractual commitments

Adopt ISO/IEC 27018 code of practice

Offer customers E.U. Standard Contractual Clauses that provide

specific contractual guarantees around transfers of personal data

for in-scope services.

Have European data privacy authorities validate that its

enterprise agreement meets EU requirements on international

data transfers

Abide by US-EU Safe Harbor Framework and the US-Swiss Safe

Harbor Program.

Microsoft

was the first

major cloud

service

provider to…

Access controls are verified by independent audit and certifications.

Restricted data access

52

Customer data is only accessed when necessary to support customer’s use of

Azure (e.g. troubleshooting or feature improvement), or when required by law.

When granted, access is controlled and logged.

Strong authentication, including MFA, helps limit access to

authorized personnel only.

Law enforcement requests

The Law Enforcement Request Report discloses

details of requests every 6 months.

Microsoft doesn’t provide any government with

direct or unfettered access to Customer Data.

Microsoft only releases specific data

mandated by the relevant legal demand.

If a government wants customer data it

needs to follow the applicable legal process.

Microsoft only responds to requests for specific

accounts and identifiers.

Microsoft does not

disclose Customer Data

to law enforcement

unless as directed by

customer or required by

law, and will notify

customers when

compelled to disclose,

unless prohibited by law.

Customer Data

54

When a customer utilizes Azure, they retain exclusive ownership of their data.

Control over

data location

Customers choose data location and

replication options.

Role based

access control

Tools support authorization based on a user’s role,

simplifying access control across defined groups of users.

Encryption key

management

Customers have the flexibility to generate and manage

their own encryption keys.

Control

Data protection

Azure provides customers with strong data protections – both by default and as

customer options

55

Data isolation

Logical isolation segregates each customer’s data from that of others is enabled by default.

In-transit data protection

Industry-standard protocols encrypt data in transit to/from outside components, as well as data in transit internally by default.

Data redundancy

Customers have multiple options for

replicating data, including number of copies and number and location of replication data centers.

At-rest data protection

encryption options for virtual machines and storage.

Encryption

Data encryption in storage or in transit can be deployed by the customer to align with best practices for ensuring confidentiality and integrity of data.

Data destruction

Strict standards for overwriting storage resources before reuse and the physical destruction of decommissioned hardware are by default.

Cloud Transparency

Microsoft helps enable customer control over

Customer Data by providing transparency into where

it is stored, who can access it, and how Microsoft

helps secure it, with accessible tools and

straightforward language.

Data storage and use

57

Customers

know where and

how their data is

stored and used

Customers control where Customer Data is stored

Microsoft doesn’t use Customer Data for advertising

Microsoft doesn’t share Customer Data with our advertiser-supported services or

mine it for marketing

Microsoft uses Customer Data only to provide the services,

including purposes compatible with providing the services.

Customers may delete Customer Data

or leave the service at any time

Security practices

Build security into software code (SDL)

Ensure Azure infrastructure is resilient to

attack

Safeguard user access to Azure

environment

Keep customer data secure through

encrypted communications

Customer

knows how

we help

secure their

data

Microsoft and compliance

Microsoft invests heavily in the development of

innovative compliance technology, processes and

integration in Azure. The Microsoft compliance

framework for online services maps controls to

multiple regulatory standards, which helps drive the

design and building of services that meet today’s

high level of security and privacy needs.

Azure Compliance

Microsoft’s security

compliance program includes

rigorous testing, the

implementation of best

practices, and many other

functions to achieve

certificates and attestations.

Azure meets a

broad set of

international,

regional, and

industry-specific

compliance and

regulatory

standards.

Compliance framework

Microsoft maintains a

team of experts focused

on ensuring that Azure

meets its own

compliance obligations,

which helps customers

meet their own

compliance requirements.

Compliance

certifications

Compliance strategy

helps customers address

business objectives and

industry standards &

regulations, including

ongoing evaluation and

adoption of emerging

standards and practices.

Continual evaluation,

benchmarking, adoption,

test & audit

Ongoing verification by

third party audit firms.

Independent verification

Microsoft shares audit

report findings and

compliance packages

with customers.

Access to audit reports

Prescriptive guidance on

securing data, apps, and

infrastructure in Azure

makes it easier for

customers to achieve

compliance.

Best practices

Extensive experience and credentials

2012

2011

2010

2013

2014

2015

Partnering with industry leaders

Extensive experience in

security compliance

assessments for both

U.S. and global

government customers

Promoting a

standards-based approach to cloud

compliance

Proposing clear

principles for reform of

government surveillance