automatski - the internet of things - security standards
TRANSCRIPT
SECURITY STANDARDSThe Internet of Things – Automatski Corp.
http://www.automatski.comE: [email protected] , Founder & CEO
M:+91-9986574181
E: [email protected] , Director - Sales
M: +91-8884074204
THE CONTEXT
Automatski is an IoT pioneer in many ways…
With its ground up first principles based IoT Scale Platform
With Infinions.io Autonomous Compute Platform ®
Autonomous Machine Consumption Certified ®
But Analyst count more than 180 IoT Platforms across the world
An IoT Platform is a tough sell, even if you are cutting edge
Hence we want to eliminate one more possibility of someone choosing others over us.
The IoT Industry is filled with Paranoia about Security & Privacy concerns
Hence we want to address Security and Privacy even within the foundations and early stages of our Architecture and Existence as a Business
That’s why we are doing this!
FRONT RUNNER
Automatski is a front runner in addressing IoT Security & Privacy concerns, using a combination of
Research
Standard Industry Practices
Software Engineering Principles
Operational Excellence
SAS 70
SAS 70 is the most commonly adopted security standard among cloud service providers.
SAS 70 (Statement on Auditing Standards No. 70) is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) that defines the standards an auditor must employ in order to assess the contracted internal controls of a service organization like a hosted data center, insurance claims processor or credit processing company, or a company that provides outsourcing services that can affect the operation of the contracting enterprise.
PCI DSS
PCI DSS (Payment Card Industry Data Security Standard) standard, a global security standard that applies to all organizations that hold, process or exchange credit card or credit card holder information. The standard was created to give the payment card industry increased controls around data and to ensure it is not exposed. It is also designed to ensure that consumers are not exposed to potential financial or identity fraud and theft when using a credit card.
SARBANES-OXLEY
Sarbanes-Oxley (SOX) is a security standard that defines specific mandates and requirements for financial reporting. SOX spanned from legislation in response to major financial scandals and is designed to protect shareholders and the public from account errors and fraudulent practices. Administered by the SEC, SOX dictates what records are to be stored and for how long. It affects IT departments that store electronic records by stating that all business records, which include e-mails and other electronic records, are to be saved for no less than five years. Failure to comply can result in fines and/or imprisonment.
ISO 27001
ISO 27001 is a standard published in 2005 that is the specification for an Information Security Management System (ISMS). The objective of ISO 27001 is to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving ISMS, which is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes.
SAFE HARBOR
About one-fourth of cloud service providers adhere to Safe Harbor principles, a process for organizations in the U.S. and European Union that store customer data. Safe Harbor was designed to prevent accidental information disclosure or loss.
Companies are certified under Safe Harbor by following seven guidelines:
1. Notice, through which individuals must be informed that their data is being collected and how it will be used;
2. choice, that individuals have the ability to opt out of data collection and transfer data to third parties;
3. onward transfer, or transfer data to third parts that can only occur to organizations that follow adequate data protection principles;
4. security, or reasonable efforts to prevent loss of collected data;
5. data integrity, that relevant data is collected and that the data is reliable for the purpose for which it was collected;
6. access, which gives individuals access to information about themselves and that they can correct and delete it if it is inaccurate;
7. and enforcement, which requires the rules are enforced.
NIST
National Institute of Standards and Technology (NIST) standards, originally designed for federal agencies, emphasize the importance of security controls and how to implement them. The
NIST standards started out being aimed specifically at the government, but have recently been adopted by the private sector as well.
1. NIST covers what should be included in an IT security policy and what can be done to boost security,
2. how to manage a secure environment,
3. and applying a risk management framework.
HIPAA
The HIPAA standard seeks to standardize the handling, security and confidentiality of health-care-related data.
It mandates standard practices for patient health, administrative and financial data to ensure security, confidentiality and data integrity for patent information.
FISMA
FISMA, or the Federal Information Security Management Act, was passed in 2002 and created process for federal agencies to certify and accredit the security of information management systems.
FISMA certification and accreditation indicate that a federal agency has approved particular solutions for use within its security requirements.
COBIT
COBIT, or Control Objectives for Information Related Technology) is an international standard that defines the requirements for the security and control of sensitive data. It also provides a reference framework.
COBIT is a set of best practices for controlling and security sensitive data that measures security program effectiveness and benchmarks for auditing.
The open standard comprises an executive summary, management guidelines, a framework, control objectives, an implementation toolset and audit guidelines.
DATA PROTECTION DIRECTIVE
The Data Protection Directive is a directive adopted by the European Union that was designed to protect the privacy of all personal data collected for or about EU citizens, especially as it relates to processing, using or exchanging that data.
Similar to Safe Harbor in the U.S., Data Protection Directive makes recommendations based on seven principles: Notice, purpose, consent, security, disclosure, access and accountability.
CLOUD SECURITY ALLIANCE - CCM
The largest and arguably most comprehensive player in cloud security standards is the CSA or Cloud Security Alliance. With corporate members including Amazon Web Services, Microsoft, Oracle, RackSpace, RedHat and Salesforce (among dozens more), most blue chip industry cloud services have a stake in the CSA.
The CSA has developed a compliance standard known as the CCM or Cloud Control Matrix. Published in Excel spreadsheet format, the CCM describes over a dozen areas of cloud infrastructure including risk management and security. The CCM goes beyond security itself and includes compliance measures which also address government and legal regulations and hardware architecture.
AUTOMATSKI SECURITY COMPLIANCE ROADMAP
2015• 3rd Product Release• PCI DSS• SAS 70• Safe Harbor
2016• 4th/5th Product Release• Sarbanes-Oxley• ISO 27001• NIST• HIPAA• Cobit• Cloud Security
Alliance -CCM
FISMA N/AData Protection Directive Superceded
THANKYOU!
WHO ARE WE?
10-20+ years of Software Engineering experience each
Global Agile & Technology Consulting, Advisory & Delivery experience of 10-15+ years since Agile and Tech was in Infancy.
The first computers we worked on were Atari and ZX Spectrum ;-) And yes after Basic we went to C/C++ and then straight to Assembly Programming and then -> we began our journey as technologists
Globally Distributed Global & Fortune Company work Experience
Worked with companies like BCG, McKinsey, Fidelity, Tesco, Goldman Sachs…
Long 3-5+ year projects & Over 200+ people globally distributed teams
Led Double Digit Multi-Billion US$ Projects
Blended methodology used comprising of Scrum, XP, Lean and Kanban
From there we rode every wave J2EE, RUP, Six Sigma, CMMI, SIP, Mobile, Cloud, Big Data, Data Science etc…
Individually worked with over 300+ Technologies at a time, literally nothing that scares us
Authors, Speakers, Coach’s, Mentors, Scientists, Engineers, Technologists, Marketing, Sales, HR, Finance…
We are Generalists and we Always start with First Principles.
FURTHER INFORMATION
Please refer to http://automatski.com for more information
Please go through the 2 minute demo, 5 minute demo…
And the showcase section of the website for more information…
Or email us on [email protected]
Or just give us a shout on Linkedin, Facebook, Twitter, Email etc.