Register Here
Delegates
Sponsorship
  Call For Papers
  Hotel Info
Speakers
Schedule
Sponsors
Exhibitors
  Sessions
  Videos
  Power Panels
  Presentations
Untitled Document
2018 Platinum Sponsor

2018 Gold Sponsor

2018 Keynote Sponsor

2018 Tech Sponsor

2018 Pavilion Sponsor

2018 Partners

2018 Exhibitors

Untitled Document
2018 Media Sponsors








Untitled Document
2017 West
Premium Sponsors
Diamond



Platinum
@DevOpsSummit

Bronze










Untitled Document
2017 West
Keynote Sponsor


Untitled Document
2017 West Exhibitors
























@ThingsExpo











Untitled Document
2017 West JETRO ×
Six Prefectures
of Japan
Pavilion Exhibitors



















Untitled Document
2017 West Media Sponsors














Untitled Document
2017 East
Premium Sponsors
Diamond



Platinum
@DevOpsSummit

@DevOpsSummit

Silver
@DevOpsSummit


Bronze










Untitled Document
2017 East Exhibitors
@DevOpsSummit




































Untitled Document
2017 East Media Sponsors
















Untitled Document
   
  Think Big – Now Think Even Bigger
  Join Us at Internet of Things at Cloud Expo, November 11-13,
at the Javits Center!


The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago.

All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades.

With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend Internet of Things at Cloud Expo in New York City. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be!

Delegates to Internet of Things at Cloud Expo will be able to attend eight separate, information-packed tracks:

  • Enterprise Cloud
  • Digital Transformation
  • The API Enterprise | Mobility & Security
  • DevOps | Containers & Microservices
  • Cognitive Computing | AI, ML, DL
  • Big Data | Analytics
  • IoT | IIoT | Smart Cities
  • Hot Topics | FinTech | WebRTC

There are 120 breakout sessions in all, with Keynotes, General Sessions, and Power Panels adding to three days of incredibly rich presentations and content.


We'll see you in New York!



Day 3 Keynote at @ThingsExpo | Chris Matthieu, CTO of Octoblu
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu's platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
  Themes & Topics to Be Discussed

Consumer IoT
• Wearables
• Smart Appliances
• Smart Cars
• Smartphones 2.0
• Automation
• Smart Travel
• Personal Fitness
• Health Care
• Personalized Marketing
• Customized Shopping
• Personal Finance
• The Digital Divide
• Mobile Cash & Markets
• Games & The IoT
• The Future of Education
• Virtual Reality

Enterprise IoT
• The Business Case for
x IoT
• Smart Grids
• Smart Cities
• Smart Transportation
• The Smart Home
• M2M
• Authentication/Security
• Wiring the IoT
• The Internet of
x Everything
• Digital Transformation
x of Enterprise IT
• Agriculture
• Transportation
• Manufacturing
• Local & State
x Government
• Federal Government

IoT Developers | WebRTC Summit
• Eclipse Foundation
• Cloud Foundry
• Linux Containers
• Node-Red
• Open Source Hardware
• Ajax and the IoT
• Leveraging SOA
• Multi-Cloud IoT
• Evolving Standards
• WebSockets
• Security & Privacy
x Protocols
• GPS & Proximity
x Services
• Bluetooth/RFID/etc
• XMPP
• Nest Labs



The Top Keynotes, the Best Sessions, a Rock Star Faculty and the Most Qualified Delegates of ANY Internet of Things Event!


The future of computing lies in these things. As computing takes a much more active role in our lives it will at the same time become much more invisible. Internet of Things Expo will address the challenges in getting from where we are today to this future.
 
The high-energy event is a must-attend for senior technologists from CEOs on down – including CIOs, CTOs, directors of infrastructure, VPs of technology, IT directors and managers, network and storage managers, network engineers, enterprise architects, and communications and networking specialists.




@ThingsExpo Power Panel | The World's Many IoTs: Which Are the Most Important?
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, panelists discussed what things are the most important, which will have the most profound effect on the world, and what should we expect to see over the next couple of years.
Benefits of Attending the Three-Day Technical Program
  LEARNexactly why Internet of Things is relevant today from an economic, business and technology standpoint.
  HEAR first-hand from industry experts the common issues and requirements for creating a platform for the Internet of Things.
  SEE what new tools and approaches the Internet of Things requires.
  DISCOVER how to drive a distributed approach to the Internet of Things, where applications move to the data.
  FIND OUThow the vast volumes of new data produced by the Internet of Things provides a valuable new source of business insight through advanced analytical techniques.
  MASTER how the ongoing development of smart cities, cars, and houses will enhance connectivity infrastructure.
Lunch Power Panel | Microservices & IoT- Moderated by Jason Bloomberg
In this Power Panel at @DevOpsSummit, moderated by Jason Bloomberg, president of Intellyx, panelists Roberto Medrano, Executive Vice President at Akana; Lori MacVittie, Evangelist for F5 Networks; and Troy Topnik, ActiveState's Technical Product Manager; and Otis Gospodnetic, founder of Sematext; peeled away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud environment, and we must architect and code accordingly. At the very least, you'll have no problem filling in your buzzword bingo cards.


Security Holes in the Mobile World
That Smart Phone application may be robbing you blind

The speed of communication and connectivity today of the smart phone is unparalleled. Even better and faster than the Internet itself, because your phone is always talking to the network, always available and open to receive and send information without you having to dial a number or open a browser.

However, this phenomenal capability also has a dark side. Convenience has a price. The same smart phone that is always connected and serving you content can also be serving you malicious content or stealing from you for someone else. People are buying and downloading applications to their smart phones by the millions. These applications potentially contain code to enable a hacker entry to your phone, access to your address book, identity information and more, where they can cause damage to your device and data. Much like the malicious tool bar on the Internet, an ordinary application can contain code that can damage your phone and wallet.

But it is not just your wallet. How about your company’s?

As more commercial applications develop a mobile interface, they open a new door to the corporate network for hackers.

Security Holes in Mobile World
For many corporate employees today, mobile phones and PDAs have replaced their PCs.

Enterprise users are now using their mobile devices to perform the same functions that they previously performed on their desktop PC. Only now, these tasks can be done from a much smaller device from virtually anywhere at any time. One of the hidden dangers to which people aren’t paying much attention is rogue code infecting mobile phones. That’s unfortunate because although no major incidents have been reported yet, it’s only a matter a time before some serious event occurs.

Depending on the type of application, a piece of malware could cause a phone to dial foreign numbers, make exorbitant text messages, copy keystrokes (key logger) when owners log into their financial institution or cause some other form of disturbance for the end user. It might flood the network with meaningless messages or render the device inoperable, causing increased help desk costs for the carrier, and your phone to be refused service from the cell network. The same criminals spoofing websites in order to gain access to your personal information have figured out that access to enterprise information is far more rewarding. And while major hacks into corporate sites seem like monthly news, mobile device hacks are lurking in the wings.

This is possible, since smart phones today can browse the Internet and download code from many different places. In fact, many carriers offer "download sites" for their customers to use as a one-stop shop. In addition, vendors such as Handango provide applications for many different operating systems. Also, scammers can advertise rogue code and point browsers to their website to trick users into downloading an application that is not legitimate. Consider a phishing attack, for example, where an unsuspecting user receives an email with a link to "update" his bank account info. He is then directed to a rogue website where code can either be silently downloaded or a he is directed to a link to download a game, widget or some other application that looks legitimate but is really malware.

The fact is that mobile phones are here to stay and have become woven into the fabric of corporate information processing. Where once mobile devices existed simply as a phone, they are now very intelligent data devices and are getting smarter and more robust every day. This is a classic case of balancing convenience against absolute security. Security professionals need to consider what steps and policies they can adopt to ensure that the applications being downloaded by employees are safe and do not wind up causing a material information breach. How Vulnerable Are Smartphones? Is there an answer? The answer today is the digital signature that accompanies the application, whereby the developer digitally “signs” the application and a third party that issues the digital signature vouches for the identity of the individual. This is much like a driver’s license, where you can see an individual’s photo and the fact that the license was issued by the state, which acts as the trusted third party. In this way, signed applications and content can be downloaded and we know who signed it and that it has not been tampered with.

One example of this action in the mobile device world is Symbian, the world's most popular mobile operating system, accounting for 50% of smart phone sales. For creating applications on Symbian’s mobile operating system, authors are required to fax identity information (passport, driver’s license, etc.) to confirm they are who they say they are. They must also include information about their business and pay with a credit card. This process is called vetting and is what the trusted third party does to confirm identity.

Interestingly, other mobile operating systems aren’t quite so thorough. In fact, some only require that authors pay a certificate fee with a credit card, which could, of course, be stolen. There is no vetting or trusted third party. Little can be done to identify the perpetrator in such cases.

Beyond this, some operating system manufacturers like Symbian require that code be tested by a third-party test house before it gets signed by recognized commercial certificate authorities. The test house runs code through a battery of tests before it puts a seal of approval on it. Then it passes it back to the commercial certificate authorities to sign before being returned to the developer.

What are the others doing?

While Symbian has robust process, technology and rigorous testing programs in place to prevent malicious code from being distributed globally and almost instantaneously, the approaches other large mobile operator providers take vary greatly. Here are a few examples.

  • Blackberry
    According to Research in Motion (RIM), it uses “IT policies, application control policies and code signing to contain malware by controlling third-party application access to the BlackBerry device resources and applications. These containment methods are designed to prevent malware that might gain access to the BlackBerry device.” That said, RIM allows developers to sign applications with keys it issues, which means they can sign whatever they choose without further testing from a testing house. RIM does perform some vetting. Developers have to register with RIM via a form and a $20 credit card payment, but no real ID check is done. This means you can theoretically register with a stolen credit card and publish under a false name. But even if a responsible developer signed code, if the laptop with the key was stolen (and the key was not properly protected), the criminal could access the key and sign code in the future under the responsible developer’s identify.
  • iPhone
    To develop and sell applications for the iPhone, you join the Apple Developer program. With $99, an email address and a credit card that works, you can apply and distribute your applications via the Apple store. So with a stolen credit card and an alternative email address, you can theoretically distribute any application you can create without repercussions.
  • Google
    If security for the Blackberry and iPhone environments is lacking somewhat, it is practically nonexistent with Google. You can create your own certificate, sign the application and add it to the app store. There’s no charge. Anyone with a phony email address can theoretically create a rogue app, sign it and submit it. If you wish to publish to the Android market, there is a registration and signup fee of $25, but this has nothing to do with signing the application. For example, recently someone developed a rogue Android Smartphone phishing application that tried to gain access to consumers’ financial information. Called Droid09, it was launched from the Android Marketplace. Although now removed, it’s a frightening example of how susceptible we are to fraud.

How Can We Better Protect Smart Phones?
So how do we better protect smart phones and their users? Here are a few steps:

Step 1: Make Sure Code Is Signed By Trusted Individuals

The first step in protecting mobile devices is to ensure that digital certificates are used to authenticate downloaded code. A digital certificate is an ID that contains information about the person, machine or program to whom the certificate was issued. Certificates provide you with assurance that what you are about to use comes from a reliable source. In short, a certificate enables digital trust.

If you are a developer, certificates enable you to sign your work and to verify that this program and version of code is the code that you wrote (i.e., it has not been tampered with). Mobile phone code developers use certificates today to ensure programs are valid before being downloaded to literally millions of devices globally.

The good news is that certificates are inexpensive and, in fact, most mobile device suppliers require that all code be signed before it is used. Certificates serve as a deterrent to malicious behavior, since we know both who signed the code and when they signed it. And since authors of malware don’t want this information to be known, protection is enhanced.

Step 2: Vetting

As noted, if a company allows workers to download “unsigned” programs from sites, rogue code could infect the device and then possibly the entire network. Digital signatures are a necessary component of the security solution, but aren’t enough. For example, how do you know that authors of code are who they say they are? In fact, the process of verifying the identity of authors varies widely.

Typically, certificates are issued to developers after an identity check. More thorough organizations use recognized commercial certificate authorities that follow OMTP (Open Mobile Terminal Platform) standards (mobile network operator forum focused on standards) for identity validation and to conduct email address, valid credit card and identity card (passport or drivers license) checks. In addition, these organizations may even translate foreign documents.

Step 3: More Vetting

Properly done, vetting is about tying all the disparate loose ends together to eliminate or make extremely unlikely any mischief. But there’s one more step that is often missing. Some OS vendors provide certificates that sign the code directly to developers. In theory, that’s fine. As long as the developer uses and stores the certificate properly, security directors can sleep at night. But what if that certificate is given to another developer? Or stolen? Or misplaced? Then the entire security process has been compromised. The proper way to ensure security is to maintain the signing key in a portal so that developers must upload their signed code each and every time they create new software. In that way, the portal ensures the security of the signing key and the integrity of the code. Only the portal can sign the code with a key that will allow it to run on the phone. And since criminals don’t like to be identified, it greatly reduces the risk of rogue code.

Another advantage of this approach is that bad applications can be rescinded by revoking the certificate for that application. Because each application has a unique certificate, the revocation of the certificate for one application has no effect on the other applications. If a single certificate, such as the developer certificate, is used for multiple applications, this granular revocation capability is lost.

Enterprises, too, can take a role in ensuring authenticity. For example, some OS providers do not require applications to be signed, but provide tools for enterprises to manage devices on their network. An enterprise could implement a policy that all code be signed before executing on the device.

Conclusion
Most of the major providers don’t currently offer the proper level of security to protect smart phone users from unsavory developers. It will probably take a colossal failure or scam to move some of the more lax mobile operators to more rigorous processes and testing. For the safety of millions of businesses, digital certificates plus comprehensive vetting should be undertaken to protect our networks.

Smart phones are not going away and won’t get dumber. By following these few simple and inexpensive steps – using certificates and proper vetting – consumer and business mobile users can be assured of safe application experiences.

About Dean Coclin
Dean Coclin is VP of Business Development at ChosenSecurity, where he is responsible for fostering industry partnerships, technology alliances and promoting the company's products to system integrators, consulting firms and other partners. He can be reached at dcoclin (at) chosensecurity.com.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Presentation Slides
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights a...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Services at NetApp, described how NetApp de...
IoT & Smart Cities Stories
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.



2016 | 2015 | 2014 | 2013 | 2012
Testimonials
This week I had the pleasure of delivering the opening keynote at Cloud Expo New York. It was amazing to be back in the great city of New York with thousands of cloud enthusiasts eager to learn about the next step on their journey to embracing a cloud-first worldl."
@SteveMar_Msft
 
How does Cloud Expo do it every year? Another INCREDIBLE show - our heads are spinning - so fun and informative."
@SOASoftwareInc
 
Thank you @ThingsExpo for such a great event. All of the people we met over the past three days makes us confident IoT has a bright future."
@Cnnct2me
 
One of the best conferences we have attended in a while. Great job, Cloud Expo team! Keep it going."

@Flexential


Who Should Attend?
Senior Technologists including CIOs, CTOs & Vps of Technology, Chief Systems Engineers, IT Directors and Managers, Network and Storage Managers, Enterprise Architects, Communications and Networking Specialists, Directors of Infrastructure.

Business Executives including CEOs, CMOs, & CIOs , Presidents & SVPs, Directors of Business Development , Directors of IT Operations, Product and Purchasing Managers, IT Managers.

Join Us as a Media Partner - Together We Can Enable the Digital Transformation!
SYS-CON Media has a flourishing Media Partner program in which mutually beneficial promotion and benefits are arranged between our own leading Enterprise IT portals and events and those of our partners.

If you would like to participate, please provide us with details of your website/s and event/s or your organization and please include basic audience demographics as well as relevant metrics such as ave. page views per month.

To get involved, email events@sys-con.com.

@ThingsExpo Blogs
Cloud is the motor for innovation and digital transformation. CIOs will run 25% of total application workloads in the cloud by the end of 2018, based on recent Morgan Stanley report. Having the right enterprise cloud strategy in place, often in a multi cloud environment, also helps companies become a more intelligent business. Companies that master this path have something in common: they create a culture of continuous innovation.
Eric Taylor, a former hacker, reveals what he's learned about cybersecurity. Taylor's life as a hacker began when he was just 12 years old and playing video games at home. Russian hackers are notorious for their hacking skills, but one American says he hacked a Russian cyber gang at just 15 years old. The government eventually caught up with Taylor and he pleaded guilty to posting the personal information on the internet, among other charges. Eric Taylor, who went by the nickname Cosmo the God, also posted personal information of celebrities and government officials, including Michel...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
Digital Transformation Blogs
Crosscode Panoptics Automated Enterprise Architecture Software. Application Discovery and Dependency Mapping. Automatically generate a powerful enterprise-wide map of your organization's IT assets down to the code level. Enterprise Impact Assessment. Automatically analyze the impact, to every asset in the enterprise down to the code level. Automated IT Governance Software. Create rules and alerts based on code level insights, including security issues, to automate governance. Enterprise Audit Trail. Auditors can independently identify all changes made to the environment.
Cloud is the motor for innovation and digital transformation. CIOs will run 25% of total application workloads in the cloud by the end of 2018, based on recent Morgan Stanley report. Having the right enterprise cloud strategy in place, often in a multi cloud environment, also helps companies become a more intelligent business. Companies that master this path have something in common: they create a culture of continuous innovation.
ClaySys Technologies is one of the leading application platform products in the ‘No-code' or ‘Metadata Driven' software business application development space. The company was founded to create a modern technology platform that addressed the core pain points related to the traditional software application development architecture. The founding team of ClaySys Technologies come from a legacy of creating and developing line of business software applications for large enterprise clients around the world.
CloudEXPO.TV
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical Infrastructure as a Service cloud provider but it's been des...
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the...