CA API Management, profile picture
Uploaded byCA API Management
PDF, PPTX1,522 views

Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely Leverage IoT

The document discusses the implications of IoT APIs, highlighting their accessibility, affordability, and pervasive nature while addressing the associated security risks. It emphasizes the importance of data management and privacy concerns, urging the necessity for identity control and secure information pathways in an interconnected environment. The document also outlines the role of APIs in modern enterprises, focusing on API management solutions for handling third-party interactions and maintaining security.

Embed presentation

Download as PDF, PPTX
Drones, Phones, and Pwns: The Promise (and Dangers) of IoT APIs © 2014 CA. All rights reserved. <name> <date> Jaime Ryan Senior Director, Product Management & Strategy CA Technologies July 23, 2014
2 © 2014 CA. ALL RIGHTS RESERVED. What does the future hold?
3 © 2014 CA. ALL RIGHTS RESERVED. These ain’t your daddy’s drones
4 © 2014 CA. ALL RIGHTS RESERVED. They’re accessible
5 © 2014 CA. ALL RIGHTS RESERVED. They’re affordable
6 © 2014 CA. ALL RIGHTS RESERVED. They’re powerful
7 © 2014 CA. ALL RIGHTS RESERVED. They’re ubiquitous
8 © 2014 CA. ALL RIGHTS RESERVED. They’re unobtrusive
9 © 2014 CA. ALL RIGHTS RESERVED. What happens when we scale up?
10 © 2014 CA. ALL RIGHTS RESERVED. What can we accomplish now?
11 © 2014 CA. ALL RIGHTS RESERVED. Emergency services
12 © 2014 CA. ALL RIGHTS RESERVED. Emergency services
13 © 2014 CA. ALL RIGHTS RESERVED. Even the innocuous
14 © 2014 CA. ALL RIGHTS RESERVED. Location is important
15 © 2014 CA. ALL RIGHTS RESERVED. Detail is important
16 © 2014 CA. ALL RIGHTS RESERVED. What does this have to do with the Internet of Things?
17 © 2014 CA. ALL RIGHTS RESERVED. Internet
18 © 2014 CA. ALL RIGHTS RESERVED. Things
19 © 2014 CA. ALL RIGHTS RESERVED. WCoT (Word Cloud of Things)
20 © 2014 CA. ALL RIGHTS RESERVED. Dumb Things Collect Data Do Something Quantified Self Track exercise, calories consumed, sleeping habits Suggestion-based fitness Create customized workouts, social running routes, sleep suggestions Surveillance Capture images/video – home, retail, gambling Security Unlock door based on Bluetooth or NFC proximity Agricultural Sensors Track conditions in soil, air, supply chain Industrial Farm Equipment Increase/decrease irrigation, feed, pesticides Smart Parking Record and plot empty parking spaces Connected Meters Email driver when it’s time to pay for more time Disease Tracking Wearables Sensors in underwear, pacemakers, Notification and Medication Administration Remind patient to take medications; notify emergency medical personnel prior to seizure Manage Retail Inventory Location of items in-store, automatically updated inventory Ordering/Loss Prevention Place new order upon low inventory; alert staff if removed from store Energy Usage Tracking Identify power-guzzling appliances, collect meter readings Home Automation Turn on lights, manage AC/heating, regulate power
21 © 2014 CA. ALL RIGHTS RESERVED. Supply Chain
22 © 2014 CA. ALL RIGHTS RESERVED. The evolution of connectivity
23 © 2014 CA. ALL RIGHTS RESERVED. Smart Things  Bridge the gap between dumb things  Allow for human interaction and decision-making  Create/enforce policy - IFTTT  Portal/UI into the world of data  App-based Laptops, desktops, tablets, phones, smartwatches
24 © 2014 CA. ALL RIGHTS RESERVED. What does the architecture look like? Cloud Sensors & Actuators Mobile/App Marketplace Mobile/App Server Gateway Server Gateway Overlapping Domains of Interest (Clustered Graphs) Mobile/App Mobile/App Mobile/App Domain A Domain B Domain C = A ∩ B Domain E = C ∩ …
25 © 2014 CA. ALL RIGHTS RESERVED. Lots of Frameworks
26 © 2014 CA. ALL RIGHTS RESERVED. Lots of Protocols
27 © 2014 CA. ALL RIGHTS RESERVED. Lots of SDKs
28 © 2014 CA. ALL RIGHTS RESERVED. APIs are fundamental to the Internet of Things { “min”: “23C”, “max”: “11C”…}
29 © 2014 CA. ALL RIGHTS RESERVED. How could I get pwned?
30 © 2014 CA. ALL RIGHTS RESERVED. Data exposure
31 © 2014 CA. ALL RIGHTS RESERVED. Of the worst kind
32 © 2014 CA. ALL RIGHTS RESERVED. Cars
33 © 2014 CA. ALL RIGHTS RESERVED. Game consoles
34 © 2014 CA. ALL RIGHTS RESERVED. Facebook
35 © 2014 CA. ALL RIGHTS RESERVED. Phones
36 © 2014 CA. ALL RIGHTS RESERVED. Address Books
37 © 2014 CA. ALL RIGHTS RESERVED. Not just the NSA
38 © 2014 CA. ALL RIGHTS RESERVED. Not even just law enforcement
39 © 2014 CA. ALL RIGHTS RESERVED. What are the concerns? IDENTITY CUSTODY PRIVACY • How do we make sure we retain control? • How do we authenticate ourselves in person and online? • How do we delegate information to interested parties? • Who has our information? • What information do they have? • What do they need? • Who do we trust? Why? • How does information get from one place to another? • Are those pathways secure? • What role do we play?
40 © 2014 CA. ALL RIGHTS RESERVED. Maintain awareness
41 © 2014 CA. ALL RIGHTS RESERVED. Maintain awareness
42 © 2014 CA. ALL RIGHTS RESERVED. My identities and data
43 © 2014 CA. ALL RIGHTS RESERVED. What steps to take in this new interconnected world?
44 © 2014 CA. ALL RIGHTS RESERVED. APIs are Central to the Modern Enterprise
45 © 2014 CA. ALL RIGHTS RESERVED. An Enterprise API Management Solution Internet of Things Partners/ 3rd-party Developer Community Cloud Services BYOD Sister Company APIs Daughter Company APIs …
46 © 2014 CA. ALL RIGHTS RESERVED. Developer Management Health Tracking Workflow Performance Global Staging Developer Enrollment API Docs Forums API Explorer RankingsQuotas Plans AnalyticsReporting Config Migration Patch Management Policy Migration Operations Management Throttling Prioritization Caching Routing Traffic ControlTransformation Security Interface Management Composition Authentication Single Sign OnAPI KeysEntitlements OAuth 1.x OAuth 2.0 OpenID Connect Identity Management Key Functional Areas of API Management Token Service
47 © 2014 CA. ALL RIGHTS RESERVED. Questions?
Senior Director, Prouct Management & Strategy Jaime.Ryan@ca.com @JRyanL7 https://www.facebook.com/Layer7 linkedin.com/company/ca-technologies ca.com Jaime Ryan
49 © 2014 CA. ALL RIGHTS RESERVED. References  http://techcrunch.com/2014/04/14/google-acquires-titan-aerospace-the-drone-company-pursued-by-facebook/  http://www.cnet.com/news/google-buys-solar-powered-drone-company-titan-aerospace/  http://finance.yahoo.com/news/facebooks-feature-users-thoroughly-creeped-005800620.html  http://www.foxnews.com/leisure/2013/09/04/hackers-find-weaknesses-in-car-computer-systems/  http://www.mirror.co.uk/news/technology-science/technology/spies-can-listen-your-iphone-3670347  http://www.theblaze.com/stories/2013/08/02/report-fbi-can-remotely-turn-on-phone-microphones-for-spying/  http://www.theblaze.com/stories/2011/04/18/can-your-smartphone-use-your-microphone-camera-to-gather-data-yes/  http://www.usatoday.com/story/news/nation/2013/12/08/cellphone-data-spying-nsa-police/3902809/  cow: https://www.flickr.com/photos/julochka/  milk: https://www.flickr.com/photos/crazytales562/  https://security.google.com/settings/security/permissions?pli=1  https://www.facebook.com/help/405183566203254/  http://www.businessinsider.com/facebook-app-privacy-controls-2012-10
50 © 2014 CA. ALL RIGHTS RESERVED. Copyright © 2014 CA. The Nike logo is either a registered trademark or trademark of Nike Corporation in the United States and/or other countries. The Sonos logo is either a registered trademark or trademark of Sonos Corporation in the United States and/or other countries. The Google logo is either a registered trademark or trademark of Google Corporation in the United States and/or other countries. The Facebook logo is either a registered trademark or trademark of Facebook Corporation in the United States and/or other countries. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. Certain information in this publication may outline CA’s general product direction. However, CA may make modifications to any CA product, software program, method or procedure described in this publication at any time without notice, and the development, release and timing of any features or functionality described in this publication remain at CA’s sole discretion. CA will support only the referenced products in accordance with (i) the documentation and specifications provided with the referenced product, and (ii)CA’s then-current maintenance and support policy for the referenced product. Notwithstanding anything in this publication to the contrary, this publication shall not: (i) constitute product documentation or specifications under any existing or future written license agreement or services agreement relating to any CA software product, or be subject to any warranty set forth in any such written agreement; (ii) serve to affect the rights and/or obligations of CA or its licensees under any existing or future written license agreement or services agreement relating to any CA software product; or (iii) serve to amend any product documentation or specifications for any CA software product. THIS PRESENTATION IS FOR YOUR INFORMATIONAL PURPOSES ONLY. CA assumes no responsibility for the accuracy or completeness of the information. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. In no event will CA be liable for any loss or damage, direct or indirect, in connection with this presentation, including, without limitation, lost profits, lost investment, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages.

More Related Content

PDF
Adapting to Digital Change: Use APIs to Delight Customers & Win
byCA API Management
 
PDF
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
byCA API Management
 
PDF
5 Steps for End-to-End Mobile Security with Consumer Apps
byCA API Management
 
PPTX
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
byCA API Management
 
PDF
Enabling the Multi-Device Universe
byCA API Management
 
PDF
OAuth in the Real World featuring Webshell
byCA API Management
 
PPTX
Trends in Web APIs Layer 7 API Management Workshop London
byCA API Management
 
PDF
CA API Management: A DevOps Enabler
byRajat Vijayvargiya
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
byCA API Management
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
byCA API Management
 
5 Steps for End-to-End Mobile Security with Consumer Apps
byCA API Management
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
byCA API Management
 
Enabling the Multi-Device Universe
byCA API Management
 
OAuth in the Real World featuring Webshell
byCA API Management
 
Trends in Web APIs Layer 7 API Management Workshop London
byCA API Management
 
CA API Management: A DevOps Enabler
byRajat Vijayvargiya
 

What's hot

PDF
Mastering Digital Channels with APIs
byCA API Management
 
PDF
Single Sign-On for Mobile
byCA API Management
 
PDF
Takeaways from API Security Breaches Webinar
byCA API Management
 
PPTX
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
byCA API Management
 
PDF
Mobile Risk Analysis: Take Your Mobile App Security to the Next Level
byCA Technologies
 
PDF
The API Opportunity: Crossing the Digital Divide
byCA Technologies
 
PDF
Enable Secure Mobile & Web Access to Microsoft SharePoint
byCA API Management
 
PDF
Your New Digital Business & APIs
byCA API Management
 
PDF
5 pillars of API Management
byJames Farley-Sutton
 
PPTX
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
byCA API Management
 
PDF
How to Choose the Right API Management Solution
byCA API Management
 
PDF
Freeing the World from Slow: How Service Virtualization and the Concept of S....
byCA Technologies
 
PDF
Lessons Learned From Four Years of API Management Implementation Success at Unum
byCA Technologies
 
PDF
Enable and Secure Business Growth in the New Application Economy
byCA Technologies
 
PDF
Hello, Dishwasher! The Looming Identity Crisis on the Internet of Things
byCA Technologies
 
PDF
CA API Gateway
byJames Farley-Sutton
 
PDF
TechTalk: Accelerate Mobile Development using SDKs and Open APIs With CA API ...
byCA Technologies
 
PPT
SaaS Metrics That Matter | MuleSoft
byMuleSoft
 
PPTX
API Management in Digital Transformation
byAditya Thatte
 
PDF
Go Mobile to Mainframe With CA Gen and CA App Services Orchestrator
byCA Technologies
 
Mastering Digital Channels with APIs
byCA API Management
 
Single Sign-On for Mobile
byCA API Management
 
Takeaways from API Security Breaches Webinar
byCA API Management
 
Truth, Lies & APIs - Ross Garrett, Director Product Marketing, CA Layer 7 @ G...
byCA API Management
 
Mobile Risk Analysis: Take Your Mobile App Security to the Next Level
byCA Technologies
 
The API Opportunity: Crossing the Digital Divide
byCA Technologies
 
Enable Secure Mobile & Web Access to Microsoft SharePoint
byCA API Management
 
Your New Digital Business & APIs
byCA API Management
 
5 pillars of API Management
byJames Farley-Sutton
 
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
byCA API Management
 
How to Choose the Right API Management Solution
byCA API Management
 
Freeing the World from Slow: How Service Virtualization and the Concept of S....
byCA Technologies
 
Lessons Learned From Four Years of API Management Implementation Success at Unum
byCA Technologies
 
Enable and Secure Business Growth in the New Application Economy
byCA Technologies
 
Hello, Dishwasher! The Looming Identity Crisis on the Internet of Things
byCA Technologies
 
CA API Gateway
byJames Farley-Sutton
 
TechTalk: Accelerate Mobile Development using SDKs and Open APIs With CA API ...
byCA Technologies
 
SaaS Metrics That Matter | MuleSoft
byMuleSoft
 
API Management in Digital Transformation
byAditya Thatte
 
Go Mobile to Mainframe With CA Gen and CA App Services Orchestrator
byCA Technologies
 

Viewers also liked

PDF
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
byCA API Management
 
PDF
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
byCA API Management
 
PDF
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
byCA API Management
 
PPTX
API Monetization: Unlock the Value of Your Data
byCA API Management
 
PDF
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
byCA API Management
 
PDF
Api architectures for the modern enterprise
byCA API Management
 
PDF
Value of SOA Governance for Cloud Computing
byCA API Management
 
PDF
Not all XML Gateways are Created Equal
byCA API Management
 
PDF
5 steps end to end security consumer apps
byCA API Management
 
PDF
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
byCA API Management
 
PDF
Layer 7 and Oracle -
byCA API Management
 
PDF
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
byCA API Management
 
PPTX
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
byCA API Management
 
PDF
Reusable APIs
byCA API Management
 
PDF
MuCon 2015 - Microservices in Integration Architecture
byKim Clark
 
PDF
Oracle API Gateway
byRakesh Gujjarlapudi
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
byCA API Management
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
byCA API Management
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
byCA API Management
 
API Monetization: Unlock the Value of Your Data
byCA API Management
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
byCA API Management
 
Api architectures for the modern enterprise
byCA API Management
 
Value of SOA Governance for Cloud Computing
byCA API Management
 
Not all XML Gateways are Created Equal
byCA API Management
 
5 steps end to end security consumer apps
byCA API Management
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
byCA API Management
 
Layer 7 and Oracle -
byCA API Management
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
byCA API Management
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
byCA API Management
 
Reusable APIs
byCA API Management
 
MuCon 2015 - Microservices in Integration Architecture
byKim Clark
 
Oracle API Gateway
byRakesh Gujjarlapudi
 

Similar to Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely Leverage IoT

DOCX
Final Report
bySan Kai Hong
 
PDF
The Internet of Things - 36th International Conference of Privacy and Data Co...
byKate Carruthers
 
PDF
The Internet of Things and You - A Developers Guide to IoT
byJim McKeeth
 
PDF
The Internet of Things and You
byTechWell
 
PDF
Leverege Intro to IOT ebook
byFab Fusaro
 
PDF
Foundational Elements for IoT (1)
byNicolas Delorme
 
PPTX
The internet of things (io t)
byshashankvaidyar2
 
PPTX
The internet of things (io t) : IoT academy
byAnkitThakkar46
 
PDF
Towards a Responsible Internet of Things
byJeff Katz
 
PPTX
OT - How IoT will Impact Future B2B and Global Supply Chains - SS14
byMark Morley, MBA
 
PPTX
IOT – Internet of things.pptx (A Brief Introduction)
bylakshikaworks23
 
PPTX
IOT – Internet of things.pptx A Brief Introduction
bylakshikaworks23
 
PDF
Simon Harrison RWE - Chain of Things 010616 final
bySimon Harrison
 
PDF
WSO2Con EU 2015: IoT in Finance
byWSO2
 
PDF
IoT White Paper
bySageer Mohammad
 
PDF
Successful Industrial IoT Patterns
byWSO2
 
PPTX
How the Internet of Things and 20 billion devices will change your job
byJon Stevens-Hall
 
PDF
Sgcp14phillips
byJustin Hayward
 
PPTX
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
byAbhinav Biswas
 
PDF
Is There An API In That (IoT)?
byProgrammableWeb
 
Final Report
bySan Kai Hong
 
The Internet of Things - 36th International Conference of Privacy and Data Co...
byKate Carruthers
 
The Internet of Things and You - A Developers Guide to IoT
byJim McKeeth
 
The Internet of Things and You
byTechWell
 
Leverege Intro to IOT ebook
byFab Fusaro
 
Foundational Elements for IoT (1)
byNicolas Delorme
 
The internet of things (io t)
byshashankvaidyar2
 
The internet of things (io t) : IoT academy
byAnkitThakkar46
 
Towards a Responsible Internet of Things
byJeff Katz
 
OT - How IoT will Impact Future B2B and Global Supply Chains - SS14
byMark Morley, MBA
 
IOT – Internet of things.pptx (A Brief Introduction)
bylakshikaworks23
 
IOT – Internet of things.pptx A Brief Introduction
bylakshikaworks23
 
Simon Harrison RWE - Chain of Things 010616 final
bySimon Harrison
 
WSO2Con EU 2015: IoT in Finance
byWSO2
 
IoT White Paper
bySageer Mohammad
 
Successful Industrial IoT Patterns
byWSO2
 
How the Internet of Things and 20 billion devices will change your job
byJon Stevens-Hall
 
Sgcp14phillips
byJustin Hayward
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
byAbhinav Biswas
 
Is There An API In That (IoT)?
byProgrammableWeb
 

More from CA API Management

PPTX
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
byCA API Management
 
PPTX
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
byCA API Management
 
PDF
Using APIs to Create an Omni-Channel Retail Experience
byCA API Management
 
PPTX
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
byCA API Management
 
PDF
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
byCA API Management
 
PPTX
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
byCA API Management
 
PPTX
Is there an API in that (IoT)?
byCA API Management
 
PDF
Mapping the API Landscape - Mike Amundsen, Director of API Architecture
byCA API Management
 
PPTX
Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...
byCA API Management
 
PPTX
Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...
byCA API Management
 
PPTX
Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...
byCA API Management
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
byCA API Management
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
byCA API Management
 
Using APIs to Create an Omni-Channel Retail Experience
byCA API Management
 
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
byCA API Management
 
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
byCA API Management
 
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
byCA API Management
 
Is there an API in that (IoT)?
byCA API Management
 
Mapping the API Landscape - Mike Amundsen, Director of API Architecture
byCA API Management
 
Lean API Strategy - Holger Reinhardt, Snr Principal Business Unit Strategy, L...
byCA API Management
 
Your Journey to Agility using APIs - Tyson Whitten, Director of Solutions Mar...
byCA API Management
 
Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...
byCA API Management
 

Recently uploaded

PDF
ENTSO-E's Response to the European Commission Call for Evidence on the Strate...
byReynir Orn Bachmann Gudmundsson
 
PDF
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
PPTX
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
PPTX
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
PDF
Dr. Robert Krug - Specializes In Predictive Modeling
byDr. Robert Krug
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PDF
Manage Networking in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
PPTX
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
PDF
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
PDF
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Getting started with Agent Framework.pdf
byNilesh Gule
 
PDF
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
PDF
#MakeAIMatter for HR Professionals | AI Transformation Workshop by Tekdi Tech...
byParth Lawate
 
PDF
MathML Core in WebKit
byIgalia
 
PDF
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
PPTX
A GREEN BUSINESS TOOLKIT FOR EARLY-STAGE ENTREPRENEURS (1).pptx.pptx
bylearnskillsofficial1
 
PPTX
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
PDF
Database Performance at Scale: The TL;DR
byScyllaDB
 
PDF
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
PPTX
AI and Linux in 2025 - Jay LaCroix, Learn Linux TV
byAll Things Open
 
ENTSO-E's Response to the European Commission Call for Evidence on the Strate...
byReynir Orn Bachmann Gudmundsson
 
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
Dr. Robert Krug - Specializes In Predictive Modeling
byDr. Robert Krug
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
Manage Networking in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
Getting started with Agent Framework.pdf
byNilesh Gule
 
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
#MakeAIMatter for HR Professionals | AI Transformation Workshop by Tekdi Tech...
byParth Lawate
 
MathML Core in WebKit
byIgalia
 
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
A GREEN BUSINESS TOOLKIT FOR EARLY-STAGE ENTREPRENEURS (1).pptx.pptx
bylearnskillsofficial1
 
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
Database Performance at Scale: The TL;DR
byScyllaDB
 
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
AI and Linux in 2025 - Jay LaCroix, Learn Linux TV
byAll Things Open
 

Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely Leverage IoT

  • 1.
    Drones, Phones, andPwns: The Promise (and Dangers) of IoT APIs © 2014 CA. All rights reserved. <name> <date> Jaime Ryan Senior Director, Product Management & Strategy CA Technologies July 23, 2014
  • 2.
    2 © 2014 CA.ALL RIGHTS RESERVED. What does the future hold?
  • 3.
    3 © 2014 CA.ALL RIGHTS RESERVED. These ain’t your daddy’s drones
  • 4.
    4 © 2014 CA.ALL RIGHTS RESERVED. They’re accessible
  • 5.
    5 © 2014 CA.ALL RIGHTS RESERVED. They’re affordable
  • 6.
    6 © 2014 CA.ALL RIGHTS RESERVED. They’re powerful
  • 7.
    7 © 2014 CA.ALL RIGHTS RESERVED. They’re ubiquitous
  • 8.
    8 © 2014 CA.ALL RIGHTS RESERVED. They’re unobtrusive
  • 9.
    9 © 2014 CA.ALL RIGHTS RESERVED. What happens when we scale up?
  • 10.
    10 © 2014 CA.ALL RIGHTS RESERVED. What can we accomplish now?
  • 11.
    11 © 2014 CA.ALL RIGHTS RESERVED. Emergency services
  • 12.
    12 © 2014 CA.ALL RIGHTS RESERVED. Emergency services
  • 13.
    13 © 2014 CA.ALL RIGHTS RESERVED. Even the innocuous
  • 14.
    14 © 2014 CA.ALL RIGHTS RESERVED. Location is important
  • 15.
    15 © 2014 CA.ALL RIGHTS RESERVED. Detail is important
  • 16.
    16 © 2014 CA.ALL RIGHTS RESERVED. What does this have to do with the Internet of Things?
  • 17.
    17 © 2014 CA.ALL RIGHTS RESERVED. Internet
  • 18.
    18 © 2014 CA.ALL RIGHTS RESERVED. Things
  • 19.
    19 © 2014 CA.ALL RIGHTS RESERVED. WCoT (Word Cloud of Things)
  • 20.
    20 © 2014 CA.ALL RIGHTS RESERVED. Dumb Things Collect Data Do Something Quantified Self Track exercise, calories consumed, sleeping habits Suggestion-based fitness Create customized workouts, social running routes, sleep suggestions Surveillance Capture images/video – home, retail, gambling Security Unlock door based on Bluetooth or NFC proximity Agricultural Sensors Track conditions in soil, air, supply chain Industrial Farm Equipment Increase/decrease irrigation, feed, pesticides Smart Parking Record and plot empty parking spaces Connected Meters Email driver when it’s time to pay for more time Disease Tracking Wearables Sensors in underwear, pacemakers, Notification and Medication Administration Remind patient to take medications; notify emergency medical personnel prior to seizure Manage Retail Inventory Location of items in-store, automatically updated inventory Ordering/Loss Prevention Place new order upon low inventory; alert staff if removed from store Energy Usage Tracking Identify power-guzzling appliances, collect meter readings Home Automation Turn on lights, manage AC/heating, regulate power
  • 21.
    21 © 2014 CA.ALL RIGHTS RESERVED. Supply Chain
  • 22.
    22 © 2014 CA.ALL RIGHTS RESERVED. The evolution of connectivity
  • 23.
    23 © 2014 CA.ALL RIGHTS RESERVED. Smart Things  Bridge the gap between dumb things  Allow for human interaction and decision-making  Create/enforce policy - IFTTT  Portal/UI into the world of data  App-based Laptops, desktops, tablets, phones, smartwatches
  • 24.
    24 © 2014 CA.ALL RIGHTS RESERVED. What does the architecture look like? Cloud Sensors & Actuators Mobile/App Marketplace Mobile/App Server Gateway Server Gateway Overlapping Domains of Interest (Clustered Graphs) Mobile/App Mobile/App Mobile/App Domain A Domain B Domain C = A ∩ B Domain E = C ∩ …
  • 25.
    25 © 2014 CA.ALL RIGHTS RESERVED. Lots of Frameworks
  • 26.
    26 © 2014 CA.ALL RIGHTS RESERVED. Lots of Protocols
  • 27.
    27 © 2014 CA.ALL RIGHTS RESERVED. Lots of SDKs
  • 28.
    28 © 2014 CA.ALL RIGHTS RESERVED. APIs are fundamental to the Internet of Things { “min”: “23C”, “max”: “11C”…}
  • 29.
    29 © 2014 CA.ALL RIGHTS RESERVED. How could I get pwned?
  • 30.
    30 © 2014 CA.ALL RIGHTS RESERVED. Data exposure
  • 31.
    31 © 2014 CA.ALL RIGHTS RESERVED. Of the worst kind
  • 32.
    32 © 2014 CA.ALL RIGHTS RESERVED. Cars
  • 33.
    33 © 2014 CA.ALL RIGHTS RESERVED. Game consoles
  • 34.
    34 © 2014 CA.ALL RIGHTS RESERVED. Facebook
  • 35.
    35 © 2014 CA.ALL RIGHTS RESERVED. Phones
  • 36.
    36 © 2014 CA.ALL RIGHTS RESERVED. Address Books
  • 37.
    37 © 2014 CA.ALL RIGHTS RESERVED. Not just the NSA
  • 38.
    38 © 2014 CA.ALL RIGHTS RESERVED. Not even just law enforcement
  • 39.
    39 © 2014 CA.ALL RIGHTS RESERVED. What are the concerns? IDENTITY CUSTODY PRIVACY • How do we make sure we retain control? • How do we authenticate ourselves in person and online? • How do we delegate information to interested parties? • Who has our information? • What information do they have? • What do they need? • Who do we trust? Why? • How does information get from one place to another? • Are those pathways secure? • What role do we play?
  • 40.
    40 © 2014 CA.ALL RIGHTS RESERVED. Maintain awareness
  • 41.
    41 © 2014 CA.ALL RIGHTS RESERVED. Maintain awareness
  • 42.
    42 © 2014 CA.ALL RIGHTS RESERVED. My identities and data
  • 43.
    43 © 2014 CA.ALL RIGHTS RESERVED. What steps to take in this new interconnected world?
  • 44.
    44 © 2014 CA.ALL RIGHTS RESERVED. APIs are Central to the Modern Enterprise
  • 45.
    45 © 2014 CA.ALL RIGHTS RESERVED. An Enterprise API Management Solution Internet of Things Partners/ 3rd-party Developer Community Cloud Services BYOD Sister Company APIs Daughter Company APIs …
  • 46.
    46 © 2014 CA.ALL RIGHTS RESERVED. Developer Management Health Tracking Workflow Performance Global Staging Developer Enrollment API Docs Forums API Explorer RankingsQuotas Plans AnalyticsReporting Config Migration Patch Management Policy Migration Operations Management Throttling Prioritization Caching Routing Traffic ControlTransformation Security Interface Management Composition Authentication Single Sign OnAPI KeysEntitlements OAuth 1.x OAuth 2.0 OpenID Connect Identity Management Key Functional Areas of API Management Token Service
  • 47.
    47 © 2014 CA.ALL RIGHTS RESERVED. Questions?
  • 48.
    Senior Director, ProuctManagement & Strategy [email protected] @JRyanL7 https://www.facebook.com/Layer7 linkedin.com/company/ca-technologies ca.com Jaime Ryan
  • 49.
    49 © 2014 CA.ALL RIGHTS RESERVED. References  http://techcrunch.com/2014/04/14/google-acquires-titan-aerospace-the-drone-company-pursued-by-facebook/  http://www.cnet.com/news/google-buys-solar-powered-drone-company-titan-aerospace/  http://finance.yahoo.com/news/facebooks-feature-users-thoroughly-creeped-005800620.html  http://www.foxnews.com/leisure/2013/09/04/hackers-find-weaknesses-in-car-computer-systems/  http://www.mirror.co.uk/news/technology-science/technology/spies-can-listen-your-iphone-3670347  http://www.theblaze.com/stories/2013/08/02/report-fbi-can-remotely-turn-on-phone-microphones-for-spying/  http://www.theblaze.com/stories/2011/04/18/can-your-smartphone-use-your-microphone-camera-to-gather-data-yes/  http://www.usatoday.com/story/news/nation/2013/12/08/cellphone-data-spying-nsa-police/3902809/  cow: https://www.flickr.com/photos/julochka/  milk: https://www.flickr.com/photos/crazytales562/  https://security.google.com/settings/security/permissions?pli=1  https://www.facebook.com/help/405183566203254/  http://www.businessinsider.com/facebook-app-privacy-controls-2012-10
  • 50.
    50 © 2014 CA.ALL RIGHTS RESERVED. Copyright © 2014 CA. The Nike logo is either a registered trademark or trademark of Nike Corporation in the United States and/or other countries. The Sonos logo is either a registered trademark or trademark of Sonos Corporation in the United States and/or other countries. The Google logo is either a registered trademark or trademark of Google Corporation in the United States and/or other countries. The Facebook logo is either a registered trademark or trademark of Facebook Corporation in the United States and/or other countries. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. Certain information in this publication may outline CA’s general product direction. However, CA may make modifications to any CA product, software program, method or procedure described in this publication at any time without notice, and the development, release and timing of any features or functionality described in this publication remain at CA’s sole discretion. CA will support only the referenced products in accordance with (i) the documentation and specifications provided with the referenced product, and (ii)CA’s then-current maintenance and support policy for the referenced product. Notwithstanding anything in this publication to the contrary, this publication shall not: (i) constitute product documentation or specifications under any existing or future written license agreement or services agreement relating to any CA software product, or be subject to any warranty set forth in any such written agreement; (ii) serve to affect the rights and/or obligations of CA or its licensees under any existing or future written license agreement or services agreement relating to any CA software product; or (iii) serve to amend any product documentation or specifications for any CA software product. THIS PRESENTATION IS FOR YOUR INFORMATIONAL PURPOSES ONLY. CA assumes no responsibility for the accuracy or completeness of the information. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. In no event will CA be liable for any loss or damage, direct or indirect, in connection with this presentation, including, without limitation, lost profits, lost investment, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages.