Register Here
Delegates
Sponsorship
  Call For Papers
  Hotel Info
Speakers
Schedule
Sponsors
Exhibitors
  Sessions
  Videos
  Power Panels
  Presentations
Untitled Document
2018 Platinum Sponsor

2018 Gold Sponsor

2018 Keynote Sponsor

2018 Tech Sponsor

2018 Pavilion Sponsor

2018 Partners

2018 Exhibitors

Untitled Document
2018 Media Sponsors








Untitled Document
2017 West
Premium Sponsors
Diamond



Platinum
@DevOpsSummit

Bronze










Untitled Document
2017 West
Keynote Sponsor


Untitled Document
2017 West Exhibitors
























@ThingsExpo











Untitled Document
2017 West JETRO ×
Six Prefectures
of Japan
Pavilion Exhibitors



















Untitled Document
2017 West Media Sponsors














Untitled Document
2017 East
Premium Sponsors
Diamond



Platinum
@DevOpsSummit

@DevOpsSummit

Silver
@DevOpsSummit


Bronze










Untitled Document
2017 East Exhibitors
@DevOpsSummit




































Untitled Document
2017 East Media Sponsors
















Untitled Document
   
  Think Big – Now Think Even Bigger
  Join Us at Internet of Things at Cloud Expo, November 11-13,
at the Javits Center!


The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago.

All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades.

With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend Internet of Things at Cloud Expo in New York City. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be!

Delegates to Internet of Things at Cloud Expo will be able to attend eight separate, information-packed tracks:

  • Enterprise Cloud
  • Digital Transformation
  • The API Enterprise | Mobility & Security
  • DevOps | Containers & Microservices
  • Cognitive Computing | AI, ML, DL
  • Big Data | Analytics
  • IoT | IIoT | Smart Cities
  • Hot Topics | FinTech | WebRTC

There are 120 breakout sessions in all, with Keynotes, General Sessions, and Power Panels adding to three days of incredibly rich presentations and content.


We'll see you in New York!



Day 3 Keynote at @ThingsExpo | Chris Matthieu, CTO of Octoblu
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu's platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
  Themes & Topics to Be Discussed

Consumer IoT
• Wearables
• Smart Appliances
• Smart Cars
• Smartphones 2.0
• Automation
• Smart Travel
• Personal Fitness
• Health Care
• Personalized Marketing
• Customized Shopping
• Personal Finance
• The Digital Divide
• Mobile Cash & Markets
• Games & The IoT
• The Future of Education
• Virtual Reality

Enterprise IoT
• The Business Case for
x IoT
• Smart Grids
• Smart Cities
• Smart Transportation
• The Smart Home
• M2M
• Authentication/Security
• Wiring the IoT
• The Internet of
x Everything
• Digital Transformation
x of Enterprise IT
• Agriculture
• Transportation
• Manufacturing
• Local & State
x Government
• Federal Government

IoT Developers | WebRTC Summit
• Eclipse Foundation
• Cloud Foundry
• Linux Containers
• Node-Red
• Open Source Hardware
• Ajax and the IoT
• Leveraging SOA
• Multi-Cloud IoT
• Evolving Standards
• WebSockets
• Security & Privacy
x Protocols
• GPS & Proximity
x Services
• Bluetooth/RFID/etc
• XMPP
• Nest Labs



The Top Keynotes, the Best Sessions, a Rock Star Faculty and the Most Qualified Delegates of ANY Internet of Things Event!


The future of computing lies in these things. As computing takes a much more active role in our lives it will at the same time become much more invisible. Internet of Things Expo will address the challenges in getting from where we are today to this future.
 
The high-energy event is a must-attend for senior technologists from CEOs on down – including CIOs, CTOs, directors of infrastructure, VPs of technology, IT directors and managers, network and storage managers, network engineers, enterprise architects, and communications and networking specialists.




@ThingsExpo Power Panel | The World's Many IoTs: Which Are the Most Important?
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, panelists discussed what things are the most important, which will have the most profound effect on the world, and what should we expect to see over the next couple of years.
Benefits of Attending the Three-Day Technical Program
  LEARNexactly why Internet of Things is relevant today from an economic, business and technology standpoint.
  HEAR first-hand from industry experts the common issues and requirements for creating a platform for the Internet of Things.
  SEE what new tools and approaches the Internet of Things requires.
  DISCOVER how to drive a distributed approach to the Internet of Things, where applications move to the data.
  FIND OUThow the vast volumes of new data produced by the Internet of Things provides a valuable new source of business insight through advanced analytical techniques.
  MASTER how the ongoing development of smart cities, cars, and houses will enhance connectivity infrastructure.
Lunch Power Panel | Microservices & IoT- Moderated by Jason Bloomberg
In this Power Panel at @DevOpsSummit, moderated by Jason Bloomberg, president of Intellyx, panelists Roberto Medrano, Executive Vice President at Akana; Lori MacVittie, Evangelist for F5 Networks; and Troy Topnik, ActiveState's Technical Product Manager; and Otis Gospodnetic, founder of Sematext; peeled away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud environment, and we must architect and code accordingly. At the very least, you'll have no problem filling in your buzzword bingo cards.


Addressing Identity in the Digital Economy
Panel tackles how to make mobile devices as secure as they are indispensable

As smartphones have become de rigueur in the global digital economy, users want them to do more work, and businesses want them to be more productive for their employees -- as well as powerful added channels to consumers.

But neither businesses nor mobile-service providers have a cross-domain architecture that supports all the new requirements for a secure digital economy, one that allows safe commerce, data sharing and user privacy.

So how do we blaze a better path to a secure mobile future? How do we make today’s ubiquitous mobile devices as low risk as they are indispensable?

BriefingsDirect recently posed these and other questions to a panel of experts on mobile security: Paul Madsen, Principal Technical Architect in the Office of the CTO at Ping Identity; Michael Barrett, President of the FIDO (Fast Identity Online) Alliance, and Mark Diodati, a Technical Director in the Office of the CTO at Ping Identity. The sponsored panel discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: We're approaching this Cloud Identity Summit 2014 (CIS) in Monterey, Calif. on July 19 and we still find that the digital economy is not really reaching its full potential. We're still dealing with ongoing challenges for trust, security, and governance across mobile devices and network.

Even though people have been using mobile devices for decades—and in some markets around the world they're the primary tool for accessing the Internet—why are we still having problems? Why is this so difficult to solve?

Diodati: There are so many puzzle pieces to make the digital economy fully efficient. A couple of challenges come to mind. One is the distribution of identity. In prior years, the enterprise did a decent job -- not an amazing job, but a decent job -- of identifying users, authenticating them, and figuring out what they have access to.

Once you move out into a broader digital economy, you start talking about off-premises architectures and the expansion of user constituencies. There is a close relationship with your partners, employees, and your contractors. But relationships can be more distant, like with your customers.

Emerging threats

Additionally, there are issues with emerging security threats. In many cases, there are fraudsters with malware being very successful at taking people’s identities and stealing money from them.

Diodati

Mobility can do a couple of things for us. In the old days, if you want more identity assurance to access important applications, you pay more in cost and usability problems. Specialized hardware was used to raise assurance. Now, the smartphone is really just a portable biometric device that users carry without us asking them to do so. We can raise assurance levels without the draconian increase in cost and usability problems.

We’re not out of the woods yet. One of the challenges is nailing down the basic administrative processes to bind user identities to mobile devices. That challenge is part cultural and part technology. [See more on a new vision for identity.]

Gardner: So it seems that we have a larger set of variables, end users, are not captive on network, who we authenticate. As you mentioned, the mobile device, the smartphone, can be biometric and can be an even better authenticator than we've had in the past. We might actually be in a better position in a couple of years. Is there a transition that’s now afoot that we might actually come out better on the other end?

Madsen: The opportunities are clear. As Mark indicated, the phones, not just because of its technical features, but because of the relatively tight binding that users feel for them, make a really strong authentication factor.

Madsen

It's the old trope of something you have, something you know, and something you are. Phones are something you already have, from the user’s point of view. It’s not an additional hard token or hard USB token that we're asking employees to carry with them. It's something they want to carry, particularly if it's a BYOD phone.

So phones, because they're connected mobile computers, make a really strong second-factor authentication, and we're seeing that more and more. As I said, it’s one that users are happy using because of the relationship they already have with their phones, for all the other reasons. [See more on identity standards and APIs.]

Gardner: It certainly seems to make sense that you would authenticate into your work environment through your phone. You might authenticate in the airport to check in with your phone and you might use it for other sorts of commerce. It seems that we have the idea, but we need to get there somehow.

What’s architecturally missing for us to make this transition of the phone as the primary way in which people are identified session by session, place by place? Michael, any thoughts about that?

User experience

Barrett: There are a couple of things. One, in today’s world, we don’t yet have open standards that help to drive cross-platform authentication, and we don’t have the right architecture for that. In today’s world still, if you are using a phone with a virtual keyboard, you're forced to type this dreadful, unreadable tiny password on the keyboard, and by the way, you can’t actually read what you just typed. That’s a pretty miserable user experience, which we alluded to earlier.

Barrett

But also, it’s a very ugly. It’s a mainframe-centric architecture. The notion that the authentication credentials are shared secrets that you know and that are stored on some central server is a very, very 1960s approach to the world. My own belief is that, in fact, we have to move towards a much more device-centric authentication model, where the remote server actually doesn’t know your authentication credentials. Again, that comes back to both architecture and standards.

My own view is that if we put those in place, the world will change. Many of us remember the happy days of the late '80s and early '90s when offices were getting wired up, and we had client-server applications everywhere. Then, HTML and HTTP came along, and the world changed. We're looking at the same kind of change, driven by the right set of appropriately designed open standards.

Gardner: So standards, behavior, and technology make for an interesting adoption path, sometimes a chicken and the egg relationship. Tell me about FIDO and perhaps any thoughts about how we make this transition and adoption happen sooner rather than later?

Barrett: I gave a little hint. FIDO is an open-standards organization really aiming to develop a set of technical standards to enable device-centric authentication that is easier for end users to use. As an ex-CTO, I can tell you the experience when you try to give them stronger authenticators that are harder for them to use. They won’t voluntarily use them.

We have to do better than we're doing today in terms of ease of use of authentication. We also have to come up with authentication that is stronger for the relying parties, because that’s the other face of this particular coin. In today’s world, passwords and pins work very badly for end users. They actually work brilliantly for the criminals.

So I'm kind of old school on this. I tend to think that security controls should be there to make life better for relying parties and users and not for criminals. Unfortunately, in today’s world, they're kind of inverted.

So FIDO is simply an open-standards organization that is building and defining those classes of standards and, through our member companies, is promulgating deployment of those standards.

Madsen: I think FIDO is important. Beyond the fact that it’s a standard is the pattern that it’s normalizing. The pattern is one where the user logically authenticates to their phone, whether it be with a fingerprint or a pin, but the authentication is local. Then, leveraging the phone’s capabilities -- storage, crypto, connectivity. etc. -- the phone authenticates to the server. It’s that pattern of a local authentication followed by a server authentication that I think we are going to see over and over.

Gardner: Thank you, Paul. It seems to me that most people are onboard with this. I know that, as a user, I'm happy to have the device authenticate. I think developers would love to have this authentication move to a context on a network or with other variables brought to bear. They can create whole new richer services when they have a context for participation. It seems to me the enterprises are onboard too. So there's a lot of potential momentum around this. What does it take now to move the needle forward? What should we expect to hear at CIS?

Moving forward

Diodati: There are two dimensions to moving the needle forward: avoiding the failures of prior mobile authentication systems, and ensuring that modern authentication systems support critical applications. Both are crucial to the success of any authentication system, including FIDO.

At CIS, we have an in-depth, three-hour FIDO workshop and many mobile authentication sessions.

There are a couple of things that I like about FIDO. First, it can use the biometric capabilities of the device. Many smart phones have an accelerometer, a camera, and a microphone. We can get a really good initial authentication. Also, FIDO leverages public-key technology, which overcomes some of the concerns we have around other kinds of technologies, particularly one-time passwords.

Madsen: To that last point Mark, I think FIDO and SAML, or more recent federation protocols, complement each other wonderfully. FIDO is a great authentication technology, and federation historically has not resolved that. Federation didn't claim to answer that issue, but if you put the two together, you get a very strong initial authentication. Then, you're able to broadcast that out to the applications that you want to access. And that’s a strong combination.

Barrett: One of the things that we haven't really mentioned here -- and Paul just hinted at it -- is the relationship between single sign-on and authentication. When you talk to many organizations, they look at that as two different sides of the same coin. So the better application or ubiquity you can get, and the more applications you can sign the user on with less interaction, is a good thing.

Gardner: Before we go a little bit deeper into what’s coming up, let’s take another pause and look back. There have been some attempts to solve these problems. Many, I suppose, have been from a perspective of a particular vendor or a type of device or platform or, in an enterprise sense, using what they already know or have.

We've had containerization and virtualization on the mobile tier. It is, in a sense, going back to the past where you go right to the server and very little is done on the device other than the connection. App wrapping would fall under that as well, I suppose. What have been the pros and cons and why isn’t containerization enough to solve this problem? Let’s start with Michael.

Barrett: If you look back historically, what we've tended to see are lot of attempts that are truly proprietary in nature. Again, my own philosophy on this is that proprietary technology is really great for many things, but there are certain domains that simply need a strong standards-based backplane.

There really hasn't been an attempt at this for some years. Pretty much, we have to go back to X.509 to see the last major standards-based push at solving authentication. But X.509 came with a whole bunch of baggage, as well as architectural assumptions around a very disconnected world view that is kind of antithetical to where we are today, where we have a very largely connected world view.

I tend to think of it through that particular set of lenses, which is that the standards attempts in this area are old, and many of the approaches that have been tried over the last decade have been proprietary.

For example, on my old team at PayPal, I had a small group of folks who surveyed security vendors. I remember asking them to tell me how many authentication vendors there were and to plot that for me by year?

Growing number of vendors

They sighed heavily, because their database wasn’t organized that way, but then came back a couple of weeks later. Essentially they said that in 2007, it was 30-odd vendors, and it has been going up by about a dozen a year, plus or minus some, ever since, and we're now comfortably at more than 100.

Any market that has 100 vendors, none of whose products interoperate with each other, is a failing market, because none of those vendors, bar only a couple, can claim very large market share. This is just a market where we haven’t seen the right kind of approaches deployed, and as a result, we're struck where we are today without doing something different.

Gardner: Paul, any thoughts on containerization, pros and cons?

Madsen: I think of phones as almost two completely orthogonal aspects. First is how you can leverage the phone to authenticate the user. Whether it’s FIDO or something proprietary, there's value in that.

Secondly is the phone as an application platform, a means to access potentially sensitive applications. What mobile applications introduce that’s somewhat novel is the idea of pulling down that sensitive business data to the device, where it can be more easily lost or stolen, given the mobility and the size of those devices.

The challenge for the enterprise is, if you want to enable your employees with devices, or enable them to bring their own in, how do you protect that data. It seems more and more important, or recognized as the challenge, that you can’t.

The challenge is not only protecting the data, but keeping the usage of the phone separate. IT, arguably and justifiably, wants to protect the business data on it, but the employee, particularly in a BYOD case, wants to keep their use of the phone isolated and private.

So containerization or dual-persona systems attempt to slice and dice the phone up into two or more pieces. What is missing from those models, and it’s changing, is a recognition that, by definition, that’s an identity problem. You have two identities—the business user and the personal user—who want to use the same device, and you want to compartmentalize those two identities, for both security and privacy reasons.

Identity standards and technologies could play a real role in keeping those pieces separate.The employee might use Box for the business usage, but might also use it for personal usage. That’s an identity problem, and identity will keep those two applications and their usages separate.

Diodati: To build on that a little bit, if you take a look at the history of containerization, there were some technical problems and some usability problems. There was a lack of usability that drove an acceptance problem within a lot of enterprises. That’s changing over time.

To talk about what Michael was talking about in terms of the failure of other standardized approaches to authentication, you could look back at OATH, which is maybe the last big industry push, 2004-2005, to try to come up with a standard approach, and it failed on interoperability. OATH was a one-time password, multi-vendor  capability. But in the end, you really couldn’t mix and match devices. Interoperability is going to be a big, big criteria for acceptance of FIDO. [See more on identity standards and APIs.]

Mobile device management

Gardner: Another thing out there in the market now, and it has gotten quite a bit of attention from enterprises as they are trying to work through this, is mobile device management (MDM).  Do you have any thoughts, Mark, on why that has not necessarily worked out or won’t work out? What are the pros and cons of MDM?

Diodati: Most organizations of a certain size are going to need an enterprise mobility management solution. There is a whole lot that happens behind the scenes in terms of binding the user's identity, perhaps putting a certificate on the phone.

Michael talked about X.509. That appears to be the lowest common denominator for authentication from a mobile device today, but that can change over time. We need ways to be able to authenticate users, perhaps issue them certificates on the phone, so that we can do things like IPSec.

Also, we may be required to give some users access to offline secured data. That’s a combination of apps and enterprise mobility management (EMM) technology. In a lot of cases, there's an EMM gateway that can really help with giving offline secure access to things that might be stored on network file shares or in SharePoint, for example.

If there's been a stumbling block with EMM, it's just been that the heterogeneity of the devices, making it a challenge to implement a common set of policies.

But also the technology of EMM had to mature. We went from BlackBerry Enterprise Server, which did a pretty good job in a homogeneous world, but maybe didn't address everybody’s needs. The AirWatchs and the Mobile Irons of the world, they've had to deal with heterogeneity and increased functionality.

Madsen: The fundamental issue with MDM is, as the name suggests, that you're trying to manage the device, as opposed to applications or data on the device. That worked okay when the enterprise was providing employees with their BlackBerry, but it's hard to reconcile in the BYOD world, where users are bringing in their own iPhones or Androids. In their mind, they have a completely justified right to use that phone for personal applications and usage.

So some of the mechanisms of MDM remain relevant, being able to wipe data off the phone, for example, but the device is no longer the appropriate granularity. It's some portion of the device that the enterprise is authoritative over.

Gardner: It seems to me, though, that we keep coming back to several key concepts: authentication and identity, and then, of course, a standardization approach that ameliorates those interoperability and heterogeneity issues. [See more on a new vision for identity.]

So let’s look at identity and authentication. Some people make them interchangeable. How should we best understand them as being distinct? What’s the relationship between them and why are they so essential for us to move to a new architecture for solving these issues? Let’s start with you, Michael.

Identity is center

Barrett: I was thinking about this earlier. I remember having some arguments with Phil Becker back in the early 2000s when I was running the Liberty Alliance, which was the standards organization that came up with SAML 2.0. Phil coined that phrase, "Identity is center," and he used to argue that essentially everything fell under identity.

What I thought back then, and still largely do, is that identity is a broad and complex domain. In a sense, as we've let it grow today, they're not the same thing. Authentication is definitely a sub-domain of security, along with a whole number of others. We talked about containerization earlier, which is a kind of security-isolation technique in many regards. But I am not sure that identity and authentication are exactly in the same dimension.

In fact, the way I would describe it is that if we talk about something like the levels-of-assurance model, we're all fairly familiar with in the identity sense. Today, if you look at that, that’s got authentication and identity verification concepts bound together.

In fact, I suspect that in the coming year or two, we're probably going to have to decouple those and say that it’s not really a linear one-dimensonal thing, with level one, level two, level three, and level four. Rather it's a kind of two-dimensional metric, where we have identity verification concepts on one side and then authentication comes from the other. Today, we've collapsed them together, and I am not sure we have actually done anybody any favors by doing that.

Definitely, they're closely related. You can look at some of the difficulties that we've had with identity over the last decade and say that it’s because we actually ignored the authentication aspect. But I'm not sure they're the same thing intrinsically.

Gardner: Interesting. I've heard people say that any high-level security mobile device has to be about identity. How else could it possibly work? Authentication has to be part of that, but identity seems to be getting more traction in terms of a way to solve these issues across all other variables and to be able to adjust accordingly over time and even automate by a policy.

Mark, how do you see identity and authentication? How important is identity as a new vision for solving these problems?

Diodati: You would have to put security at the top, and identity would be a subset of things that happen within security. Identity includes authorization -- determining if the user is authorized to access the data. It also includes provisioning. How do we manipulate user identities within critical systems -- there is never one big identity in the sky. Identity includes authentication and a couple of other things.

To answer the second part of your question, Dana, in the role of identity and trying to solve these problems, we in the identity community have missed some opportunities in the past to talk about identity as the great enabler.

With mobile devices, we want to have the ability to enforce basic security controls , but it’s really about identity. Identity can enable so many great things to happen, not only just for enterprises, but within the digital economy at large. There's a lot of opportunity if we can orient identity as an enabler.

Authentication and identity

Madsen: I just think authentication is something we have to do to get to identity. If there were no bad people in the world and if people didn’t lie, we wouldn’t need authentication.

We would all have a single identifier, we would present ourselves, and nobody else would lay claim to that identifier. There would be no need for strong authentication. But we don’t live there. Identity is fundamental, and authentication is how we lay claim to a particular identity.

Diodati: You can build the world's best authorization policies. But they are completely worthless, unless you've done the authentication right, because you have zero confidence that the users are who they say there are.

Gardner: So, I assume that multifactor authentication also is in the subset. It’s just a way  of doing it better or more broadly, and more variables and devices that can be brought to bear. Is that correct?

Madsen: Indeed.

Diodati: The definition of multifactor has evolved over time too. In the past, we talked about “strong authentication”. What we mean was “two-factor authentication,” and that is really changing, particularly when you look at some of the emerging technologies like FIDO.

If you have to look at the broader trends around adaptive authentication, the relationship to the user or the consumer is more distant. We have to apply a set of adaptive techniques to get better identity assurance about the user.

Gardner: I'm just going to make a broad assumption here that the authentication part of this does get solved, that multifactor authentication, adaptive, using devices that people are familiar with, that they are comfortable doing, even continuing to use many of the passwords, single sign-on, all that gets somehow rationalized.

Then, we're elevated to this notion of identity. How do we then manage that identity across these domains? Is there a central repository? Is there a federation? How would a standard come to bear on that major problem of the federation issue, control, and management and updating and so forth? Let’s go back to Michael on that.

Barrett: I tend to start from a couple of different perspectives on this. One is that we do have to fix the authentication standards problem, and that's essentially what FIDO is trying to do.

So, if you accept that FIDO solves authentication, what you are left with is an evolution of a set of standards that, over the last dozen years or so, starting with SAML 2.0, but then going on up through the more recent things like OpenID Connect and OAuth 2.0, and so on, gives you a robust backplane for building whatever business arrangement is appropriate, given the problem you are trying to solve.

Liability

I chose the word "business" quite consciously in there, because it’s fair to say that there are certain classes of models that have stalled out commercially for a whole bunch of reasons, particularly around the dreaded L-word, i.e, liability.

We tried to build things that were too complicated. We could just describe this grand long-term vision of what the universe looked like. Andrew Nash is very fond of saying that we can describe this rich ecosystem as identity-enabled services and so on, but you can’t get there from here, which is the punch line of a rather old joke.

Gardner: Mark, we understand that identity is taking on a whole new level of importance. Are there some examples that we can look to that illustrate how an identity-centric approach to security, governance, manageability for mobile tier activities, even ways it can help developers bring new application programming interfaces (APIs) into play and context for commerce and location, are things we haven’t even scratched the surface of yet really?

Help me understand, through an example rather than telling, how identity fits into this and what we might expect identity to do if all these things can be managed, standards, and so forth.

Diodati: Identity is pretty broad when you take a look at the different disciplines that might be at play. Let’s see if we can pick out a few.

We have spoken about authentication a lot. Emerging standards like FIDO are important, so that we can support applications that require higher assurance levels with less cost and usability problems.

A difficult trend to ignore is the API-first development modality. We're talking about things like OAuth and OpenID Connect. Both of those are very important, critical standards when we start talking about the use of API- and even non-API HTTP based stuff.

OpenID Connect, in particular, gives us some abilities for users to find where they want to authenticate and give them access to the data they need. The challenge is that the mobile app is interacting on behalf of a user. How do you actually apply things like adaptive techniques to an API session to raise identity assurance levels? Given that OpenID Connect was just ratified earlier this year, we're still in early stages of how that’s going to play out.

Gardner: Michael, any thoughts on examples, use cases, a vision for how this should work in the not too distant future?

Barrett: I'm a great believer in open standards, as I think I have shown throughout the course of this discussion. I think that OpenID Connect, in particular, and the fact that we now have that standard ratified, [is useful]. I do believe that the standards, to a very large extent, allow the creation of deployments that will address those use-cases that have been really quite difficult [without these standards in place].

Ahead of demand

The problem that you want to avoid, of course, is that you don’t want a standard to show up too far ahead of the demand. Otherwise, what you wind up with is just some interesting specification that never gets implemented, and nobody ever bothers deploying any of the implementations of it.

So, I believe in just-in-time standards development. As an industry, identity has matured a lot over the last dozen years. When SAML 2.0 came along in Shibboleth, it was a very federation-centric world, addressing a very small class of use cases. Now, we have a more robust sets of standards. What’s going to be really interesting is to see, how those new standards get used to address use cases that the previous standards really couldn’t?

I'm a bit of a believer in sort of Darwinian evolution on this stuff and that, in fact, it’s hard to predict the future now. Niels Bohr famously said, "Prediction is hard, especially when it involves the future.” There is a great deal of truth to that.

Gardner: Hopefully we will get some clear insights at the Cloud Identity Summit this month, July 19, and there will be more information to be had there.

I also wonder whether we're almost past the point now when we talk about mobile security, cloud security, data-center security. Are we going to get past that, or is this going to become more of a fabric of security that the standards help to define and then the implementations make concrete? Before we sign off, Mark, any last thoughts about moving beyond segments of security into a more pervasive concept of security?

Diodati: We're already starting to see that, where people are moving towards software as a service (SaaS) and moving away from on-premises applications. Why? A couple of reasons. The revenue and expense model lines up really well with what they are doing, they pay as they grow. There's not a big bang of initial investment. Also, SaaS is turnkey, which means that much of the security lifting is done by the vendor.

That's also certainly true with infrastructure as a service (IaaS). If you look at things like Amazon Web Services (AWS). It is more complicated than SaaS, it is a way to converge security functions within the cloud.

You may also be interested in:

About Dana Gardner
At Interarbor Solutions, we create the analysis and in-depth podcasts on enterprise software and cloud trends that help fuel the social media revolution. As a veteran IT analyst, Dana Gardner moderates discussions and interviews get to the meat of the hottest technology topics. We define and forecast the business productivity effects of enterprise infrastructure, SOA and cloud advances. Our social media vehicles become conversational platforms, powerfully distributed via the BriefingsDirect Network of online media partners like ZDNet and IT-Director.com. As founder and principal analyst at Interarbor Solutions, Dana Gardner created BriefingsDirect to give online readers and listeners in-depth and direct access to the brightest thought leaders on IT. Our twice-monthly BriefingsDirect Analyst Insights Edition podcasts examine the latest IT news with a panel of analysts and guests. Our sponsored discussions provide a unique, deep-dive focus on specific industry problems and the latest solutions. This podcast equivalent of an analyst briefing session -- made available as a podcast/transcript/blog to any interested viewer and search engine seeker -- breaks the mold on closed knowledge. These informational podcasts jump-start conversational evangelism, drive traffic to lead generation campaigns, and produce strong SEO returns. Interarbor Solutions provides fresh and creative thinking on IT, SOA, cloud and social media strategies based on the power of thoughtful content, made freely and easily available to proactive seekers of insights and information. As a result, marketers and branding professionals can communicate inexpensively with self-qualifiying readers/listeners in discreet market segments. BriefingsDirect podcasts hosted by Dana Gardner: Full turnkey planning, moderatiing, producing, hosting, and distribution via blogs and IT media partners of essential IT knowledge and understanding.

Presentation Slides
Most of us already know that adopting new cloud applications can boost a business’s productivity by enabling organizations to be more agile ...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Services at NetApp, described how NetApp de...
IoT & Smart Cities Stories
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in development and launches of disruptive technologies to create new market opportunities as well as enhance enterprise product portfolios with emerging technologies. His most recent venture was Octoblu, a cross-protocol Internet of Things (IoT) mesh network platform, acquired by Citrix. Prior to co-founding Octoblu, Chris was founder of Nodester, an open-source Node.JS PaaS which was acquired by AppFog and ...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...



2016 | 2015 | 2014 | 2013 | 2012
Testimonials
This week I had the pleasure of delivering the opening keynote at Cloud Expo New York. It was amazing to be back in the great city of New York with thousands of cloud enthusiasts eager to learn about the next step on their journey to embracing a cloud-first worldl."
@SteveMar_Msft
 
How does Cloud Expo do it every year? Another INCREDIBLE show - our heads are spinning - so fun and informative."
@SOASoftwareInc
 
Thank you @ThingsExpo for such a great event. All of the people we met over the past three days makes us confident IoT has a bright future."
@Cnnct2me
 
One of the best conferences we have attended in a while. Great job, Cloud Expo team! Keep it going."

@Flexential


Who Should Attend?
Senior Technologists including CIOs, CTOs & Vps of Technology, Chief Systems Engineers, IT Directors and Managers, Network and Storage Managers, Enterprise Architects, Communications and Networking Specialists, Directors of Infrastructure.

Business Executives including CEOs, CMOs, & CIOs , Presidents & SVPs, Directors of Business Development , Directors of IT Operations, Product and Purchasing Managers, IT Managers.

Join Us as a Media Partner - Together We Can Enable the Digital Transformation!
SYS-CON Media has a flourishing Media Partner program in which mutually beneficial promotion and benefits are arranged between our own leading Enterprise IT portals and events and those of our partners.

If you would like to participate, please provide us with details of your website/s and event/s or your organization and please include basic audience demographics as well as relevant metrics such as ave. page views per month.

To get involved, email events@sys-con.com.

@ThingsExpo Blogs
ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of computational needs for many industries. Their solutions provide benefits across many environments, such as datacenter deployment, HPC, workstations, storage networks and standalone server installations. ICC has been in business for over 23 years and their phenomenal range of clients include multinational corporations, universities, and small businesses.
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San Francisco which creates an "Outcomes-Centric Business Analytics" degree." Bill Schmarzo, author ...
Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes. We are offering early bird savings on all ticket types where you can save significant amount of money by purchasing your conference ti...
Digital Transformation Blogs
Organize your corporate travel faster, at lower cost. Hotailors is a next-gen AI-powered travel platform. What is Hotailors? Hotailors is a platform for organising business travels that grants access to the best real-time offers from 2.000.000+ hotels and 700+ airlines in the whole world. Thanks to our solution you can plan, book & expense business trips in less than 5 minutes. Accordingly to your travel policy, budget limits and cashless for your employees. With our reporting, integrations and real-time analytics, you can easily control your travel policy, reduce spendings and i...
Crosscode Panoptics Automated Enterprise Architecture Software. Application Discovery and Dependency Mapping. Automatically generate a powerful enterprise-wide map of your organization's IT assets down to the code level. Enterprise Impact Assessment. Automatically analyze the impact, to every asset in the enterprise down to the code level. Automated IT Governance Software. Create rules and alerts based on code level insights, including security issues, to automate governance. Enterprise Audit Trail. Auditors can independently identify all changes made to the environment.
DevOpsSUMMIT at CloudEXPO, to be held June 25-26, 2019 at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Among the proven benefits, DevOps is correlated with 20% faster time-to-market, 22% improvement in qua...
CloudEXPO.TV
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical Infrastructure as a Service cloud provider but it's been des...
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the...