« January 2015 | Main | March 2015 »

February 26, 2015

Why FIDO Will Be Man's Best Friend

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 8:56 AM

There's an emerging user authentication method for the web called FIDO. FIDO stands for Fast IDentity Online, and it portends to revolutionize the way consumers connect with their digital devices. When I say digital devices, I mean all of them. The point of FIDO is that it can leverage any hardware support available on a user device. That even covers things like microphones (via speaker recognition), cameras (via face recognition), fingerprint sensors, and my personal favorite, behavioral biometrics. This last item is a true sign that Artificial Intelligence is already upon us and has so many wonderful applications.

I think FIDO is an authentication method to watch for other reasons as well. For starters, it typically focuses on ease of use, security, and standardization. The primary objective is to enable online services and websites, whether on the open Internet or within enterprises, to leverage native security features of end-user computing devices for strong user authentication. Plus, let's not forget about the effort to reduce the problems associated with creating and remembering many online credentials. I know of no one who doesn't think having to retain multiple passwords is a royal pain!

Here's what the contributors of FIDO propose: First, to separate the user authentication method from the authentication protocol. That's a big step, but it makes an awful amount of common sense. They also propose to define an attestation method in order to proof the FIDO authenticator type to the relying party. That's a fancy way of saying it's an exceptionally secure method of keeping everything safe and preventing information from falling into the wrong hands.

Given this information, the relying party is able to infer the related assurance level. The assurance level can be fed into internal risk management systems. The relying party can then add implicit authentication methods as needed. That means you or your organization can essentially customize the system by making it more secure.

For instance, the FIDO authenticator could be implemented as a software component running on the FIDO user device. It might also be implemented as a dedicated hardware token, such as a smart card or a USB crypto device. It might even be implemented as software that leverages cryptographic capabilities or as software running inside a Trusted Execution Environment (TEE).

The neat features don't stop there. A user could conceivably implement any authentication method. Such methods can be optimized for particular use cases and for the devices they are running on. In some situations, the user authentication method should be non-intrusive, so continuous authentication could be an option. In other situations, a more precise user authentication method might be desirable (especially in corporate settings), so the use of fingerprints or dedicated hardware tokens such as smart cards might be more suitable.

There's no doubting that FIDO could be man's best friend - at least in the cyber-world. We get the convenience of separating user authentication methods and authentication protocols. We as consumers also get a change of the user method that doesn't have any impact on the authentication server. So as long as the assurance level is acceptable in the given context, FIDO can provide great flexibility to users and enterprises.

February 20, 2015

The Way Forward: Stronger Authentication

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 8:23 AM

Strong authentication is the first pillar of trusted networks

Strong authentication is the first pillar of trusted networks

Weren't computers supposed to save us time and add convenience to our lives? Technology was supposed to liberate us. Rather, it appears as though we're becoming beholden to the devices around us because of the pesky password.

Recent findings about passwords and online security certainly indicate that we're trapped in our own devices. Consider these sobering statistics: The average computer user has 25 accounts, uses 6.5 passwords, and logs in eight times a day. So say researchers at Microsoft. Add to this rosy scenario the fact that these days there are so many new types of gadgets. From the perspective of storing and remembering passwords, things aren't so rosy.

A respected technology consultancy, Burnett, conducted an analysis in 2011 that discovered that some 8 million accounts had 10,000 common passwords. A cyber criminal would have have access to 99.8 percent of the accounts, which infers that just 0.2 percent of the users chose strong passwords. Yet in another case, when looking at passwords for banking accounts only, researchers found that 73 percent of users shared their online banking password with at least one non-financial site. So when the non-banking site is hacked, the banking account is threatened, too.

The Burnett study tells us that account hijacking is not new. Attack methods such as phishing, fraud, and exploitation of software vulnerabilities have been around of a while and they still continue to prosper. What absolutely scares me is the fact that a teenage hacker in some eastern European country armed with a run-of-the-mill desktop computer can in theory bring down powerful, multinational companies. It's been done before and, unfortunately, it can happen again.

The culprits? We have ourselves largely to blame for this mess. The plethora of personal digital devices has made us slightly lazy when it comes to doing our part: that is, keeping a tally of many strong passwords. Credentials and passwords are often re-used, which amplifies the impact of such attacks. Another study by Trusteer revealed that more than 45 percent of online transactions fail 'very frequently' or 'frequently' because of authentication problems.

Strong authentication is the first pillar of trusted networks. Identities must be trusted by independent partners. It is the foundation for a more secure network, where all users and all devices are strongly and mutually authenticated in an open, interoperable, and federated environment.

The Initiative for Open Authentication (OATH) is an industry-wide collaboration to develop open reference architecture by leveraging existing open standards for the universal adoption of strong authentication. Besides the OATH Reference Architecture, the industry is busy publishing standards regarding robust protocols and algorithms in the fight against ID theft and cyber-crimes. For example, if an user has authenticated to the first relying party (typically called Identity Provider, IdP), the same authentication can be federated to other relying parties. Popular federation protocols include SAML, OpenID, and OpenID Connect, some of which are concerned with authenticating the so-called first mile, while others concern themselves with the second mile and beyond.

In order to drive adoption of strong authentication across the entire user community -- from corporate employees to Internet users accessing healthcare records to government services -- the industry must collaborate to lower the complexity and the financial barriers of strong authentication. The answer, I think is that open technical standards and deployment profiles that promote interoperable components can go a long way towards becoming powerful tools for lowering complexity and cost. The development of an open and royalty-free specification for strong authentication should be the focus, without compromising security. It's a tough job, but the entire world needs better standards to take us into the next, safe Internet Age (which, I hope, will be more liberating than the one that currently exists).

February 16, 2015

Digital Infrastructure Is The Next Frontier

Posted by Thothathri Visvanathan (View Profile | View All Posts) at 7:50 AM

Let's face it: Digital needs are changing. That's why it's imperative for enterprises to adopt new tools and technologies. Did you know, for example, that by next year some 3 billion consumers, or 45 percent of the world's population, will be using the Internet? It's a staggering number. Smart organizations need to be focused on the power of social media as well as the possibilities that come with ultra-connectivity: the Internet of Things.

To best anticipate and leverage these rapid-fire changes, an organization needs to recognize that there's a paradigm shift occurring in the global marketplace. That means redefining the digital needs of present-day consumers. Doing so will take the right infrastructure and the right software. Internet traffic volumes are estimated to reach 1 zettabyte (yes, zettabyte!) by later this year. Digital consumers are already making 500 million tweets a day, and there exists 1.2 billion monthly active Facebook users. Ask yourself: Is your organization's digital infrastructure and software up to the task of meeting this growing consumer demand?

To make matters even more interesting, consumers don't remain in one place for long. In 2005, for example, there were 167 million fixed Internet connections. By next year, there will be 573 million fixed connections and 2.134 billion mobile connections. What accounts for the lion's share of this meteoric rise? The emerging markets. The West (the countries of the G-20) claimed about a half-billion Internet users in 2005, compared to 238 million Internet users in the developing countries. By later this year, the G-20 countries, which are fairly stagnant as measured by population growth, will have 672 million Internet users. Compare that to the 1.39 billion Internet users in the emerging markets. Then consider the continued population growth of those markets, and it goes a long way in explaining the paradigm shift we are seeing at the moment.

These statistics underscore an even more profound opportunity for enterprises. Not only are there more Internet users. They are more connected to each other than ever before. So the power of digital tools has increased exponentially. I recommend that every consumer-focused organization recognize that digital socializing pays off with new revenue streams. An enterprise should be using customer care to encourage new sales, and social media campaigns can result in peer recommendations and the co-creation of products.

Also invest in mobility. It's already a vital part of the cashless economy. We're seeing the savviest of retailers augment reality to create handheld virtual stores. Then there are non-traditional payment methods like NFC. Indeed, alternate currencies will redefine the global economy. Bitcoin was just the beginning (and an admirable effort, even if it doesn't succeed in the long run).

Changing digital needs shouldn't frighten enterprises into a state of paralysis. Those needs should rather be opportunities. Global corporations should feel liberated by the quest for better and more nimble digital tools. No matter the industry, digital opportunities are coming and it's your organization's responsibility to utilize them to their fullest. For example, instant insights via Big Data analytics lead to fraud detection and enhanced security. Such analytical power can also help with preventive healthcare and to detect and prevent machine breakdowns in manufacturing.

Something else to remember is that everything that is digital is now physical ... and vice versa. The blurring of distinction between online, mobile, and physical channels is resulting in omni-channel integration and an immersive and pervasive multi-channel experience.

So you might be asking yourself: What should organizations focus on when they address digital opportunities? They need to be leveraged from a multi-faceted perspective: your customers, the overall ecosystem, and everything in between, including the enterprise and connected devices. Organizations need to build their digital assets so that they receive information and analytics about customers, suppliers, and feedback loops for building a fully digital enterprise.

There's a flip side to this coin. Enterprises also need to control their digital liabilities. They should have IT systems, processes, and tools that limit certain external flexibilities and can also focus on competing in the new digital era. Make certain that your organization's structures and strategies that are suited for changes in this new business environment.

February 13, 2015

How Big Data Is Transforming Finance

Posted by Rajashekara V. Maiya (View Profile | View All Posts) at 7:57 AM

How Big Data Is Transforming Finance
There is so much data that even the savviest global banks don't know quite what to do with all of it

Recently, I was reading about a fascinating new push for graduates with data mining experience in the financial services field. Now here is something the world's big economies should be concentrating on: the science and mining of Big Data. Indeed, the consultancy McKinsey predicts that as soon as 2018 the United States alone could be facing a shortage of up to 190,000 people with data mining experience.

It's not that there aren't plenty of data specialists already. It's just that the amount of data has grown exponentially in the past few years. Think about this: 90% of the data in 2014 was created in the last two years. In 2015, the same amount of data will be created in one year. And in 2020, it will take less than a second! Also, there will be 80 billion sensors in devices and 100 million viral connections per minute by 2020. In fact, there is so much data that even the savviest global banks don't know quite what to do with all of it. What they do know is that hidden in the gigantic haystack are a few priceless needles. They are struggling to find them because if and when they do, their financial services operations will reap the benefits.

In fact, data science is seen more as a strategy than a field of study and/or expertise. That's because big banks are increasingly relying on the right software and those charged with running it to find relevant data among the endless mountains of it and ask pertinent questions, like: How can this data help the enterprise with its mission? Who is in need of a loan? Who might be receptive to applying for a credit card? How can all that data put us at an advantage over the competition?

What we're discovering is that there are a whole new league of young workers who know exactly what 'web scraping' is and how best to leverage it in their respective roles. It's no wonder that LinkedIn, the business networking social media site, ranked data mining as one of the 25 'hottest skills' that helped get people hired last year. I think the rise of data mining is interesting not only for its use in the obvious fields like finance but creative industries where any sort of scientific approach used to be frowned upon.

For example, there's a company called Next Big Sound that uses Big Data to gauge what young people - the ideal music-buying demographic - are wanting in their pop music artists. The company utilizes that data and creates the next batch of music superstars by tailoring their music, appearance, and brand to what its data specialists discover during the analytics process.

The finance and music industries are just a few of many consumer-focused sectors where it pays to know as much about your clientele as possible. And it's not all dollars and cents. There's even a socially focused website called DataKind that is concerned about the common good - it puts data specialists in touch with each other in order to solve pressing social issues. It's reassuring that the next generation of young people are already studying to master the science (and art) of data mining and becoming data specialists.

February 11, 2015

Can Non-Giants Dominate Digital Retailing?

Posted by Amitabh Mudaliar (View Profile | View All Posts) at 9:06 AM

Carl Walderkranz talks about Tictail [Source: https://www.youtube.com/watch?v=FG9gftpfHV4]

You've all read the articles about companies like Amazon.com and Alibaba becoming so large and vast that their retailing tentacles will encircle the earth. No other retailer will be able to challenge their market supremacy because websites like these will grow ever larger. And you remember what your economics professor told you about economies of scale.

Well, I think that one of the advantages of the Internet has been its ability to level the playing field as well as serve as a global platform for enormous retailers. That means smaller retailers with innovative ideas can get those innovations out to the public digitally. What I find particularly interesting is that mobile apps are now the tool of choice for retail innovators who want to grow on a national or global scale and even strike alliances with the huge players like Amazon.

I say this because retailing is more than just selling. It involves marketing, which is a huge hurdle when you're dealing with the Internet. Large retailers can dominate search engines and have the advertising strength to pull consumers in whatever directions they want. There's an ingenious new web-based retailer coming out of Sweden, Tictail.com, which aims to challenge that status quo. The innovation here isn't so much that it's an e-retailing platform but an e-marketing platform as well.

And that's where the magic of crowdsourcing comes in. It's terribly ironic that the same forces that give Amazon.com and Alibaba such global retailing reach are the same ones that give digital entrepreneurs the ability to reach that same kind of audience. The man who created Tictail, a native-born Swede named Carl Waldekranz, created the app to give local vendors their own websites and presence yet harness them all collectively into a one-stop shopping site. He launched Tictail just two years ago and it already boasts 70,000 vendors representing 140 countries.

What the Tictail app does is to enable vendors to monitor their own websites, run their own marketing campaigns, and interact with consumers as though they were independent. But because of crowdsourcing, they're essentially a part of one enterprise that provides them with the digital marketing and retail tools they need to survive in today's marketplace.

We've conducted many surveys at Infosys that have shown time and again that digital consumers 1.) prefer to think they've 'discovered' a web retailer and 2.) enjoy supporting mom-n-pop operations. They prefer supporting their local businesses over some faceless global retailer. Little do they know that with an app like Tictail, hundreds of vendors are working together and in sync with each other to mimic the global online retail sites.

A venture capital firm that has backed such innovative enterprises such as Instagram and Kickstarter has provided Tictail a significant cash infusion to do what it needs to advertise on social media sites and offer live chats with consumers. They're also concentrating on another 'must-do' for any digital, consumer-facing business: driving online product reviews. The company seems to have all the bases covered.

The fact that Tictail is such a success proves that software, if leveraged appropriately, can power any business and help even the smallest company take on larger rivals. So before the experts conclude that the retail world will soon by split between Amazon.com and Alibaba, they should consider all the enterprises that are utilizing software to create intelligent apps and seamless customer experiences. The next decade might just see the collective rise of the mom-n-pop store.

February 9, 2015

The Story of Streaming

Posted by Vaibhav Bakre (View Profile | View All Posts) at 7:55 AM

Dish CEO: Sling TV to Complement Dish's Core Business [Source: https://www.youtube.com/watch?v=sRfrejSjgWU]

People under the age of 30 are not big on commitment. I mean, they just don't want to be tied down with anything, be it a music system, a television cable subscription, or even a car. The under-30 crowd prefers paying for those items when they need them - and nothing more. How to explain the rise in popularity of Uber for transportation and Spotify for music?

Now their attention is turning to the media and entertainment industry. You see, affluent, millennial consumers would rather stream shows at their convenience than pay for a subscription that gets them hundreds of channels they know they'll never watch. This is driving a sea change in the entertainment industry, which is slowly moving towards steaming content.

One of the biggest players in this streaming space is Amazon. Its CEO, Jeff Bezos, is intentionally blurring the lines between digital entertainment and all other forms of traditional delivery, whether it's movies or television. Amazon Instant Video, which offers television shows and films for rental and purchase and is free to customers with an Amazon Prime account, is really taking off. Bezos is paying big money to the most famous names in the entertainment world to write, direct, and produce custom programming for Amazon's audience. Instant Video service has also just received a whopping $1.3 billion investment. That level of funding suggests Amazon has a convergence strategy in mind. Amazon is not the only one trying to capture the millennials. Dish's Sling Television is also catching up with Internet TV, offering a whole lineup of cable channels for $20.

The advertising landscape is also going through a paradigm shift. The advertisements for a custom-made show on Prime are directed towards certain customers - those whom Amazon knows are more likely to buy the product right then and there. Viacom, one of the largest broadcasting and cable companies in the world, is changing their traditional business model. Via revenue-sharing agreements, the company is now selling advertising on Twitter and Tumbler, where most its customers frequent. You see, there's something about controlling the content that your customers stream and watch that builds overall familiarity with your brand. It's a comfort level.

A recent study at the University of Missouri found that the typical digital consumer experiences major separation anxiety if he doesn't have his digital device for one day. Just one day! So major, in fact, that the person has trouble making decisions and completing of basic, daily tasks. The study found that people under the age of 30 - consumers who never knew a non-digital world or, more importantly, a non-streaming world - become particularly anxious without their devices because they have a perception that their entire lives are stored on them. Needless to say, the study greatly supports evangelists of wearable computing platforms. Interestingly, wearables, which one needs to 'wear' every day - speaks volumes of 'commitment' in today's day and age!

There's no other way to look at it. The future of Pay TV industry is changing forever and we are going to see many new players bringing in new business models. It will interesting to see how digital entertainment will play out. But, those who make timely business decisions and embrace the 'new' will always stay one step ahead of the competition.

February 5, 2015

Remembering Multiple Passwords is Passé

Posted by Dr. Ashutosh Saxena (View Profile | View All Posts) at 11:21 AM

Remembering Multiple Passwords is Passé
Passwords have become even more difficult to remember and key-in, especially on small and cumbersome keyboards, which are common on mobile devices

Today life does not move without a fast and robust Internet connection. Be it banking, insurance, booking a movie or travel ticket, or shopping, the Internet has become a crucial part of everything we do.

Moreover, the services and demand surrounding the internet are increasing every day on both ends - the providers and the consumers. Of course, it all used to be a lot simpler: Users sat at their desks and navigated the web from their large desktops and laptops. But they've moved en masse from the standardized world of PCs to the fragmented and diverse world of smartphones and tablets. With emerging mobile users and an equally mobile workforce, even applications have become mobile. They are no longer hosted at a centralized datacenter but in the cloud.

To further complicate things, what is available online has exploded with the growth of applications on social networks. Who isn't addicted to Facebook? When such solutions are executed over an insecure open Internet, there are chances of getting trapped. Especially, if the static user identity and associated password are being used frequently by the user as they are simple and easy to use, anywhere and anytime.

However, for certain sensitive applications that need stronger forms of authentication, solutions such as hardware tokens, combined with public key infrastructure (PKI) are used. Such strong authentication methods are complex and costly both from a computational and economical perspective because their use is limited to special cases in enterprise workflow and online banking.

Today, information is disseminated across multiple accounts and interlinked, enabling new kinds of attacks, which are more damaging than the one before. Even when individual applications are secure on a standalone basis, its interaction with interlinked user accounts exposes new and unanticipated weaknesses in the security of these individual applications. Breaches have started to exhibit the domino effect, with each breach contributing to a subsequent one.

Passwords have become even more difficult to remember and key-in, especially on small and cumbersome keyboards, which are common on mobile devices. This further motivates users to memorize one password and reuse the same password everywhere, perpetuating a vicious cycle of weakened security and increased friction in user experience. Higher friction frustrates users and increases failed logins, lowering usage and user engagement. Older forms of strong authentication were not designed to address today's problems either. Diversity in devices, locations, and applications result in a corresponding diversity in authentication use cases. Most strong authentication systems address only a subset of the use cases required by organizations.

I think there's a need, therefore, to have an universal mechanism that can make it feasible to generate dynamic passwords, which in turn can be used every time by the user. If they experience the same ease and convenience without any major external burden, you've just retained another happy customer.

February 3, 2015

Driveables Are Shifting Into High Gear

Posted by Vikram Meghal (View Profile | View All Posts) at 6:38 AM

Why Ford hired an ethicist to deal with driverless cars [Source: https://www.youtube.com/watch?v=ideuxDEFgAg]

It's very curious that two different industry events that happened around the same time told us a lot about our future. I'm speaking of the annual Consumer Electronics Show (CES) that wrapped up in Las Vegas a few weeks ago, as well as the Detroit Auto Show, which also was held in January. Both are eagerly anticipated because vendors show off cool, new products as well as prototypes that might find their way into the market some day.

In Detroit - officially known as the North American International Auto Show - consumers were treated to a host of clean-energy cars that are incredibly fuel-efficient. Automakers are also touting how the materials used to make the interiors of their latest models are made out of recyclable, sustainable materials. These earth-friendly features are a hit with consumers - even those who come to the show to hear the roar of powerful internal combustion engines!

What interested me the most was that Ford displayed as a vendor not only at the Detroit Auto Show but also at the CES in Las Vegas. That should tell you a bit about where the auto industry (and society) is headed. Technologists are predicting that cars will eventually become self-driving mechanisms. Computers on a four-wheeled platform. The same way you tell your laptop or tablet what to do will be how you 'drive' your car. No steering wheel needed. Perhaps just a digital dashboard and a mouse.

For years, automakers had campuses near their corporate headquarters where they encouraged designers and engineers to collaborate and think boldly about the future of the industry. Now they've taken further steps to encourage cultures of innovation. The aforementioned Ford recently opened the Ford Research Lab in Palo Alto, California - in the heart of Silicon Valley - to think less like a car company and more like a technology company, joining many of their competitors like BMW, Mercedes-Benz and Toyota. What's coming down the road are cars that focus on the human-machine interface or HMI.

The new research lab is also dedicated to connectivity and mobility. A Ford spokesman recently said that driveable computing platforms aren't going to be super-expensive features in luxury models but across-the-board offerings. That makes sense, because a young person who buys his or her first car is most likely going to buy an economically priced model, yet he or she will be extremely digitally savvy.

When the former CEO of Ford, Alan Mulally, retired, one of the first things he did was to join the board of directors of Google. Some auto experts were confused by the move. Other who know about the Internet of Things and how it will include connected vehicles weren't surprised at all. The question now is: Will a technology company like Google actually build and market its own car? There already exists a prototype. Or will technologically forward-looking car companies - including Ford and Daimler-Benz, for example - will be able to transform themselves into 21st century digital enterprises? The latter is a challenging proposition for any global company that's been around for a century.

The times ahead are going to be interesting. Will the auto giants successfully transform themselves to be digital technology leaders of tomorrow or will the new age technology giants lead the charge into the cars of tomorrow...

Search InfyTalk

+1 and Like InfyTalk

Subscribe to InfyTalk feed

InfyTalk VBlogs: Watch Now

Infosys on Twitter