Editor's note: As we wind down to the end of 2015, Constellation Research Insights is taking a look back at the year's highlights with perspective from each member of the analyst team. In this installment, we check in with Constellation VP and principal analyst Steve Wilson on a busy year for security.
What was the most important industry event for security this year?
Wilson: The Cloud Identity Summit (CIS) in La Jolla (San Diego). This annual event for identity management professionals has come to be a reliable predictor of the future. Every year there is a certain theme that emerges, often in the corridors, like "ambient" authentication (tricks that allow computers to know the user has remained in control) or the Attributes Push (it's not who you are but what you are that really matters online). This year the CIS emergent theme was Internet of Things and privacy. Every session touched on privacy. Technologists are really beginning to grasp their role in protecting and championing privacy.
For 2016 I am honoured to have been named a CIS conference Track Owner, organising and chairing a whole privacy track.
What was your most ambitious or important piece of security research in 2015?
Wilson: My biggest piece of research was how to decouple identity from devices in the Internet of Things. If we're not careful, everything people do with their smart devices—and pretty soon all devices will be "smart"— is going to be automatically broadcast by those devices out into the ether, and along with that will be our identity data. We won't leave neat little "digital breadcrumbs" but great big personal data contrails.
The answer is to build new identity and privacy layers into the Internet stack. My research explained the Digital Identity Stack, and used the classic example of an Internet connected care service to explore how to better ration out out valuable personal data to the stakeholders who have legitimate interests in it and who are hopefully acting in our interests.
Point us to your favorite blog posts from this year.
Wilson: I did a series of blogs on the "Right to be Forgotten" that I was proud of, with unusual analyses, and they have helped cement Constellation as a Silicon Valley firm with a sophisticated handle on privacy. Lots of international commentators are watching us now and respecting a technological angle on privacy innovation.
Ed: Go here, here and here for Steve's blog series.
What do you consider to be the major security news events of 2015?
Wilson: The European Court of Justice finally ruled that the special US Privacy Safe Harbour is invalid. This was a special deal (really a cheat) that gave many American businesses a free pass, an end run around standard data privacy obligations. Now they have to treat European citizen data with the same care and attention everyone else does. And instead of the sky falling, we see US cloud superpowers sucking it up and building decent infrastructure on the Continent.
BlackBerry continued to be the quiet achiever in IoT security, with a coordinated series of mostly low-key but very strategic acquisitions, and then of course the big news: buying Good Technology.
Reprints
Reprints can be purchased through Constellation Research, Inc. To request official reprints in PDF format, please contact Sales.
