SECURITY STANDARDSThe Internet of Things – Automatski Corp.

http://www.automatski.comE: Aditya@automatski.com , Founder & CEO

M:+91-9986574181

E: Shubhadeep.dev@automatski.com , Director - Sales

M: +91-8884074204

THE CONTEXT

Automatski is an IoT pioneer in many ways…

With its ground up first principles based IoT Scale Platform

With Infinions.io Autonomous Compute Platform ®

Autonomous Machine Consumption Certified ®

But Analyst count more than 180 IoT Platforms across the world

An IoT Platform is a tough sell, even if you are cutting edge

Hence we want to eliminate one more possibility of someone choosing others over us.

The IoT Industry is filled with Paranoia about Security & Privacy concerns

Hence we want to address Security and Privacy even within the foundations and early stages of our Architecture and Existence as a Business

That’s why we are doing this!

FRONT RUNNER

Automatski is a front runner in addressing IoT Security & Privacy concerns, using a combination of

Research

Standard Industry Practices

Software Engineering Principles

Operational Excellence

SAS 70

SAS 70 is the most commonly adopted security standard among cloud service providers.

SAS 70 (Statement on Auditing Standards No. 70) is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) that defines the standards an auditor must employ in order to assess the contracted internal controls of a service organization like a hosted data center, insurance claims processor or credit processing company, or a company that provides outsourcing services that can affect the operation of the contracting enterprise.

PCI DSS

PCI DSS (Payment Card Industry Data Security Standard) standard, a global security standard that applies to all organizations that hold, process or exchange credit card or credit card holder information. The standard was created to give the payment card industry increased controls around data and to ensure it is not exposed. It is also designed to ensure that consumers are not exposed to potential financial or identity fraud and theft when using a credit card.

SARBANES-OXLEY

Sarbanes-Oxley (SOX) is a security standard that defines specific mandates and requirements for financial reporting. SOX spanned from legislation in response to major financial scandals and is designed to protect shareholders and the public from account errors and fraudulent practices. Administered by the SEC, SOX dictates what records are to be stored and for how long. It affects IT departments that store electronic records by stating that all business records, which include e-mails and other electronic records, are to be saved for no less than five years. Failure to comply can result in fines and/or imprisonment.

ISO 27001

ISO 27001 is a standard published in 2005 that is the specification for an Information Security Management System (ISMS). The objective of ISO 27001 is to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving ISMS, which is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes.

SAFE HARBOR

About one-fourth of cloud service providers adhere to Safe Harbor principles, a process for organizations in the U.S. and European Union that store customer data. Safe Harbor was designed to prevent accidental information disclosure or loss.

Companies are certified under Safe Harbor by following seven guidelines:

1. Notice, through which individuals must be informed that their data is being collected and how it will be used;

2. choice, that individuals have the ability to opt out of data collection and transfer data to third parties;

3. onward transfer, or transfer data to third parts that can only occur to organizations that follow adequate data protection principles;

4. security, or reasonable efforts to prevent loss of collected data;

5. data integrity, that relevant data is collected and that the data is reliable for the purpose for which it was collected;

6. access, which gives individuals access to information about themselves and that they can correct and delete it if it is inaccurate;

7. and enforcement, which requires the rules are enforced.

NIST

National Institute of Standards and Technology (NIST) standards, originally designed for federal agencies, emphasize the importance of security controls and how to implement them. The

NIST standards started out being aimed specifically at the government, but have recently been adopted by the private sector as well.

1. NIST covers what should be included in an IT security policy and what can be done to boost security,

2. how to manage a secure environment,

3. and applying a risk management framework.

HIPAA

The HIPAA standard seeks to standardize the handling, security and confidentiality of health-care-related data.

It mandates standard practices for patient health, administrative and financial data to ensure security, confidentiality and data integrity for patent information.

FISMA

FISMA, or the Federal Information Security Management Act, was passed in 2002 and created process for federal agencies to certify and accredit the security of information management systems.

FISMA certification and accreditation indicate that a federal agency has approved particular solutions for use within its security requirements.

COBIT

COBIT, or Control Objectives for Information Related Technology) is an international standard that defines the requirements for the security and control of sensitive data. It also provides a reference framework.

COBIT is a set of best practices for controlling and security sensitive data that measures security program effectiveness and benchmarks for auditing.

The open standard comprises an executive summary, management guidelines, a framework, control objectives, an implementation toolset and audit guidelines.

DATA PROTECTION DIRECTIVE

The Data Protection Directive is a directive adopted by the European Union that was designed to protect the privacy of all personal data collected for or about EU citizens, especially as it relates to processing, using or exchanging that data.

Similar to Safe Harbor in the U.S., Data Protection Directive makes recommendations based on seven principles: Notice, purpose, consent, security, disclosure, access and accountability.

CLOUD SECURITY ALLIANCE - CCM

The largest and arguably most comprehensive player in cloud security standards is the CSA or Cloud Security Alliance. With corporate members including Amazon Web Services, Microsoft, Oracle, RackSpace, RedHat and Salesforce (among dozens more), most blue chip industry cloud services have a stake in the CSA.

The CSA has developed a compliance standard known as the CCM or Cloud Control Matrix. Published in Excel spreadsheet format, the CCM describes over a dozen areas of cloud infrastructure including risk management and security. The CCM goes beyond security itself and includes compliance measures which also address government and legal regulations and hardware architecture.

AUTOMATSKI SECURITY COMPLIANCE ROADMAP

2015• 3rd Product Release• PCI DSS• SAS 70• Safe Harbor

2016• 4th/5th Product Release• Sarbanes-Oxley• ISO 27001• NIST• HIPAA• Cobit• Cloud Security

Alliance -CCM

FISMA N/AData Protection Directive Superceded

THANKYOU!

WHO ARE WE?

10-20+ years of Software Engineering experience each

Global Agile & Technology Consulting, Advisory & Delivery experience of 10-15+ years since Agile and Tech was in Infancy.

The first computers we worked on were Atari and ZX Spectrum ;-) And yes after Basic we went to C/C++ and then straight to Assembly Programming and then -> we began our journey as technologists

Globally Distributed Global & Fortune Company work Experience

Worked with companies like BCG, McKinsey, Fidelity, Tesco, Goldman Sachs…

Long 3-5+ year projects & Over 200+ people globally distributed teams

Led Double Digit Multi-Billion US$ Projects

Blended methodology used comprising of Scrum, XP, Lean and Kanban

From there we rode every wave J2EE, RUP, Six Sigma, CMMI, SIP, Mobile, Cloud, Big Data, Data Science etc…

Individually worked with over 300+ Technologies at a time, literally nothing that scares us

Authors, Speakers, Coach’s, Mentors, Scientists, Engineers, Technologists, Marketing, Sales, HR, Finance…

We are Generalists and we Always start with First Principles.

FURTHER INFORMATION

Please refer to http://automatski.com for more information

Please go through the 2 minute demo, 5 minute demo…

And the showcase section of the website for more information…

Or email us on aditya@automatski.com

Or just give us a shout on Linkedin, Facebook, Twitter, Email etc.