Modules 8-13

NIST 5 Functions in the Core Framework

(Describe the five technical elements that are needed for data privacy and security) Detect Respond Recover Identify Protect

Cloud Consumer

A person or organization that maintains a business relationship with, and uses service from, cloud providers.

Vulnerability

A weakness in an organization, IT systems, or framework that can be exploited by a threat Refers to the security flaws in a system that allow an attack to be successful. Vulnerability testing should be performed on an ongoing basis by the parties responsible for resolving such vulnerabilities, and helps to provide data used to identify unexpected dangers to security that need to be addressed. Such vulnerabilities are not particular to technology — they can also apply to social factors such as individual authentication and authorization policies. Testing for vulnerabilities is useful for maintaining ongoing security, allowing the people responsible for the security of one's resources to respond effectively to new dangers as they arise. It is also invaluable for policy and technology development, and as part of a technology selection process; selecting the right technology early on can ensure significant savings in time, money, and other business costs further down the line.

Asymmetric Encryption

Also known as public key cryptography Key pair → one is public the other is private Data encrypted by one key must be decrypted by the other Can use complex algorithms to do this Used for web traffic and emails

Legacy Systems

Cannot be easily migrated to the cloud, and regulatory compliance issues may limit cloud computing usage.

Broad Network Access

Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).

Rapid Elasticity

Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.

5 Major Actors

Cloud consumer Cloud provider Cloud carrier Cloud auditor Cloud broker

IoT Layer Cake

Communications CPU & Memory Sensors & Actuators Power Module

CIA Triad

Confidentiality, Integrity, Availability

Downfalls of SaaS

Dependence on a single vendor Concern about the long-term viability of partner firms Users may be forced to migrate to new versions—possibly incurring unforeseen training costs and shifts in operating procedures Reliance on a network connection—which may be slower, less stable, and less secure Data asset stored off-site—with the potential for security and legal concerns Limited configuration, customization, and system integration options compared to packaged software or alternatives developed in-house The user interface of Web-based software is often less sophisticated and lacks the richness of most desktop alternatives. Ease of adoption may lead to pockets of unauthorized IT being used throughout an organization.

TCP/IP Protocol Suite

Different protocols are used in combinations to do useful things Application protocols: protocols such as email, web, messaging, video conferencing, and video streaming TCP (Transmission Control Protocol) works at both ends of the internet communication to ensure a perfect copy of a message is send. Application protocols rely on TCP IP (Internet Protocol): Routing protocol that is in charge of forwarding and moving packets on the internet Routers: computing data device that connects the networks and exchanges data between them; you have one at home

Internet Layer Cake

Internet applications --> Web, social, video, etc. Internet software and infrastructure --> TCP/IP, Security, etc. Internet access --> 5G, 6G, wifi, cable, etc.

CIA - Integrity

Involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people (for example, in a breach of confidentiality). Version control Some data might include checksums, even cryptographic checksums, for verification of integrity. Backups or redundancies must be available to restore the affected data to its correct state. Twitter CEO's account hacked → integrity because he did not generate those tweets

What is Internet of Things (IoT) and how can it help your business?

IoT enables your organization to analyze and act on data, allowing you to make smart decisions in real-time. With the timely and relevant insights about your business and customers that come with these new sources of data, there's great potential for industries of all kinds—including manufacturing, transportation, energy, agriculture, retail, and government—to operate more efficiently and provide new value to customers by implementing the right IoT solution.

Passwords

Most common: password 12345678 or 123456 qwerty Most password rules are wrong Harder for hackers to break four random words than to use a combination of letters and numbers/symbols

Multifactor Authentication

Password + phone/fingerprint Single factor will rely on one of the above

Cloud Deployment Models

Public Cloud Private Cloud Community Cloud Hybrid Cloud

Deployment Models

Public Cloud Private Cloud Hybrid Cloud Community Cloud

Nonpetya Virus

Ransomware From Ukraine from an accounting software → took over systems worldwide and deleted and encrypted data Mondelez International 2017 → major issue with cybersecurity Companies suffered significant losses from this virus Expected to lose 3% of quarterly sales, but actually ended up losing closer to 5% because of this Merck & Co Another victim 300M in loss

Benefits of cloud services for a new venture

Reduced capital expenditure for hardware and software infrastructure, allowing startups to focus on core business functions. Scalability and flexibility, enabling startups to quickly adapt to changing business needs and growth. Reduced IT maintenance costs, allowing small teams to focus on product development and customer acquisition. Access to enterprise-level security and infrastructure, which may not be affordable for startups to implement on their own.

Risks Associated with SaaS

Reliance on internet access to use the system System functionality and user interface is predefined and typically difficult to customize Data assets re stored off-site and are under someone else's control (security and legal issues) Timing and extent of changes in the user interface and system functionality are typically not under your control Long term stability and viability of your provider is always a question Ease of adoption means unauthorized systems can popup overnight Vendor lockin and difficulty of moving to a new platform (comparable to any other large software system)

Symmetric Encryption

Shared secret key system Same key used to encrypt and decrypt Key length determines the strength Example: 3DES and IDEA, RC4 and AES

Apps & Disruption

Smartphones have surpassed one billion unit sales per year and are the primary screen for many tasks and services. Most smartphone functionality is delivered via custom apps. Apps offer advantages over packaged software and web-based alternatives, including richer interface options and OS-level integration. Apps can also have disadvantages, such as locking users into a platform and presenting challenges for developers. The app store allows firms to reach millions, but crowded app stores make it difficult for new apps to gain traction. Several billion-dollar firms have leveraged smartphone apps as their only, or primary, interface with consumers. Apps are also available on other platforms, including desktop operating systems, smart watches, and automobiles. While apps lower distribution and maintenance costs compared to packaged software, discovery and consumer awareness can be challenging in a crowded market.

3 Service Models for Cloud Computing

Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Note: XaaS --> can be anything; Mobility as a Service (MaaS) Don't own a car, can use apps for getting around? or Foliage as a Service → collect, preserve, and ship only the finest fall foliage...

Threat

Something that can potentially cause damage to the organization, IT Systems, or framework The source and means of a particular type of attack. A threat assessment is performed to determine the best approaches to securing a system against a particular threat, or class of threat. Penetration testing exercises are substantially focused on assessing threat profiles, to help one develop effective countermeasures against the types of attacks represented by a given threat. Where risk assessments focus more on analyzing the potential and tendency of one's resources to fall prey to various attacks, threat assessments focus more on analyzing the attacker's resources. Analyzing threats can help one develop specific security policies to implement in line with policy priorities and understand the specific implementation needs for securing one's resources.

Cyber Security Requires

Technology (HW and SW) Written procedures and processes People educated on what cyber security is and what it means

Public Cloud

The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.

Domain Name

The name of the network you're trying to connect to

Internet of Things

The term "Internet of Things" is attributed to Kevin Ashton of Procter & Gamble, who in 1999 used the phrase to describe the role of RFID tags in making supply chains more efficient The Internet of Things (IoT) is a name for the aggregate collection of network-enabled devices, excluding traditional computers like laptops and servers. Types of network connections can include Wi-Fi connections, Bluetooth connections, and near-field communication (NFC). IoT includes devices such as "smart" appliances, home security systems, computer peripherals, wearable technology, routers, and smart speaker devices. Transforms wide range of fields (medical, urban planning)To

Facilities Management

This IoT scenario is focused on monitoring your buildings, infrastructure, and other spaces, allowing you to improve energy efficiency, space utilization, productivity, and safety using the data you collect. The insights you gain may help you: Save money by automating lighting or optimizing heating and cooling cycles. Increase employee or occupant satisfaction by keep equipment running or ensuring that supplies are stocked.

Pros of SaaS

Upfront costs of buying and installing software packages are eliminated. Service level agreements (SLAs) are negotiated agreements between vendors and customers. SaaS firms address highly specialized markets or vertical niches. Benefits of SaaS include lower costs, financial risk mitigation, faster deployment times, scalable systems, higher quality and service levels, remote access and availability, and reduced risk of software piracy. Vendors of SaaS products benefit from lower distribution costs, tighter feedback loops, instant deployment of bug fixes and product enhancements, and greater accessibility. SaaS is considered environmentally friendly due to efficient pooling of resources and energy efficiency.

NIST 5 Characteristics of Cloud Computing

1. On demand self service 2. Broad network access 3. Measured service For that website, there was a small charge for having it available on their system, but as far as the usage, you only paid for the measured usage on that website 4. Rapid elasticity 5. Resource pooling Related to rapid elasticity Resources will grow rapidly with the company

Problems with Cloud Services

90% of cloud services don't encrypt data Use of cloud services that aren't officially sanctioned by companies — shadow IT, as some people call it — is growing quickly.

PaaS

The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.

Hybrid Cloud

The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).

Private Cloud

The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.

Hosts Name

The computer you're looking for on that network

Why Open Source?

1. Cost Free alternatives to other software 2. Reliability Open source community → people there to help and provide eyes 3. Security Because so many people use these, security issues come to light faster and can in turn be fixed faster Security focused is also known as "hardened" 4. Scalability Ability to either handle increasing workloads or to be easily expanded to manage workload increases. In a software context, systems that aren't scalable often require significant rewrites or the purchase or development of entirely new systems. 5. Agility and Time to Market Can help skip segments in production, allows products to get to market faster 6. Heartbleed A routine coding error in the widely distributed software opened a hole that could potentially have been used to allow hackers to gather passwords, encryption keys, and other sensitive information, triggering "the largest security breach in the history of the human race." Heartbleed provides a cautionary tale to managers: Just because a tool is used by many doesn't mean one shouldn't audit its software products to understand the strength of support and potential risks associated with use. Vendors who use OSS as part of product offerings may be able to skip whole segments of the software development process, allowing new products to reach the market faster. Often has fewer bugs "Hardened" versions of OSS products often include systems that monitor the integrity of an OSS distribution, checking file size and other indicators to be sure that code has not been modified and redistributed by bad guys who have added a back door, malicious routines, or other vulnerabilities.

Challenges of the Metaverse

1. Identity Management: It is difficult to confirm ID in current Web 2.0 apps; with Metaverse, the problem scales up as we expand the use of the products and services; the last thing you want is to create a wild west in Metaverse. 2. Security, Safety, and Privacy (SSP): As devices/people get more connected and collect more data, accelerating the Metaverse expansion at a speed close to the speed of the real universe, privacy, safety, and security concerns will increase too. How companies decide to balance customer SSP with this wealth of Metaverse data will be critical for the future of the Metaverse and, more importantly, customers' trust in the Metaverse and any future X-verse versions. 3. Finance in Metaverse: Using cryptocurrency is a challenge by itself; using it as a way of payment in Metaverse will add more complications to what is still an unregulated payment system, one of the options to overcome this is to consider CBDC (Central Bank Digital Currency) 4. Laws, regulations, and protections: New world and new territory for the law to explore and define the responsible parties and create new regulations to protect everyone using Metaverse, including Intellectual Properties with the newfound businesses like NFTs The emotional and mental impact of living in Metaverse: The same issues of non-stop social media usage and online gaming will transfer to the Metaverse on a large scale with another dimension added with near real-time interactions, this could create a lot of mental issues in the real world, and the line between real and imaginary world will be blurred with actions and words used in both worlds. 5. Standardization of the Metaverse: This is usually one of the toughest parts in the early lifecycle of any new technology as everyone wants to be the "standard" and dominate the market; standards will cover all hardware/software, processes, protocols and make interoperability fundamental to the design and implementation of the Metaverse.

Evolution of IoT

1. The initial focus for the IoT was on the hardware, sensors and systems that Moore's Law made possible. For example, there have been automated internet connected coffee makers for a few years. It was a smart but fairly isolated device and the first one was about 30 years ago 2. Communications and the internet became the focus of IoT as sensors and communications improved, but systems were still disjointed 3. Today, this has morphed even more, and IoT is now data-centric. Today, IoT always includes discussions about the Cloud, Big Data, analytics, machine learning, AI, etc. The challenge of IoT is related to variety, volume, and velocity. Next big thing after social media

Encryption

1000s of years old; first was Caesar's Cypher Symmetric and Asymmetric

On Demand Self Service

A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.

Server Farm

A massive network of computer servers running software to coordinate their collective use. Provide the infrastructure backbone to SaaS and hardware cloud efforts, as well as many large-scale Internet services Require cheap land, low-cost power, and fast fiber-optic connections, and rapid-deployment server farm modules have been developed by major companies like Google, Oracle, Microsoft, IBM, and HP.

Cloud Auditor

A party that can conduct independent assessment of cloud services, information system operations, performance, and security of the cloud implementation. A party that can perform an independent examination of cloud service controls with the intent to express an opinion thereon. Audits are performed to verify conformance to standards through review of objective evidence. A cloud auditor can evaluate the services provided by a cloud provider in terms of security controls, privacy impact, performance, etc. A privacy impact audit can help Federal agencies comply with applicable privacy laws and regulations governing an individual‟s privacy, and to ensure confidentiality, integrity, and availability of an individual‟s personal information at every stage of development and operation

Cloud Provider

A service provider who offers customers storage or software solutions available via a public network, usually the Internet.

Virtualization

A type of software that allows a single computer (or cluster of connected computers) to function as if it were several different computers, each running its own operating system and software. Virtualization software underpins most cloud computing efforts, and can make computing more efficient, cost-effective, and scalable. Creates smaller compartments in memory, allowing organizations to create many virtual computers on a single machine. Increases utilization to 80% or more, reducing hardware, staff, real estate costs, energy consumption, and carbon footprint. Containers are a type of virtualization that allows applications to share an operating system and execute faster, using fewer resources. Docker is widely used in the container space. Allows one computing device to function as many, and can lower a firm's hardware needs, save energy, and boost scalability. VMware is the current leader in virtualization software, but its niche is getting crowded with Microsoft, Dell, Xen, and Docker also offering virtualization software. Can be used to create a firm's own private cloud of scalable assets and can increase data center utilization to 80 percent or more. Also works on the desktop, allowing multiple operating systems to run simultaneously on the same platform.

Cloud Broker

An entity that manages the use, performance and delivery of cloud services, and negotiates relationships between CPs and cloud consumers Service Intermediation: A cloud broker enhances a given service by improving some specific capability and providing value-added services to cloud consumers. The improvement can be managing access to cloud services, identity management, performance reporting, enhanced security, etc. Service Aggregation: A cloud broker combines and integrates multiple services into one or more new services. The broker provides data integration and ensures the secure data movement between the cloud consumer and multiple cloud providers. Service Arbitrage: Service arbitrage is similar to service aggregation except that the services being aggregated are not fixed. Service arbitrage means a broker has the flexibility to choose services from multiple agencies. The cloud broker, for example, can use a credit-scoring service to measure and select an agency with the best score.

Cloud Carrier

An intermediary that provides connectivity and transport of cloud services from CPs to cloud consumers. Acts as an intermediary that provides connectivity and transport of cloud services between cloud consumers and cloud providers. Provide access to consumers through network, telecommunication and other access devices. The distribution of cloud services is normally provided by network and telecommunication carriers or a transport agent, where a transport agent refers to a business organization that provides physical transport of storage media such as high-capacity hard drives.

Assign Several Computers to a Host Name...

Because it offers: Load Balancing Distributing a computing or networking workload across multiple systems to avoid congestion and slow performance. Fault Tolerance The ability of a system to continue operation even if a component fails.

Develop and critique the application of cloud-based services to new markets

Benefits: Reduced IT infrastructure costs: Cloud-based services can significantly reduce the upfront costs of IT infrastructure for new ventures, allowing them to focus on their core competencies. Scalability: Cloud services can easily scale up or down, providing businesses with the flexibility to respond to changing market demands. Accessibility: Cloud-based services can be accessed from anywhere with an internet connection, making it easier for businesses to operate remotely or across geographically dispersed locations. Faster deployment: Cloud-based services can be quickly deployed, allowing businesses to bring their products or services to market faster. Security: Cloud service providers often offer advanced security features and regular updates to keep data safe. Risks: Dependence on a third-party provider: Cloud services require businesses to rely on a third-party provider for their IT infrastructure, which can be a risk if the provider experiences downtime or other issues. Data security and privacy concerns: Storing data in the cloud raises concerns about data privacy and security, which can be a particular concern for sensitive industries such as healthcare or finance. Integration challenges: Migrating to the cloud can be a complex process, and integrating existing systems with cloud-based services can be challenging and time-consuming. Limited control: Businesses may have limited control over the cloud infrastructure, including hardware and software configurations, which can limit their ability to customize the services to their specific needs. Hidden costs: Cloud service providers often charge for additional services such as data storage or network usage, which can add up over time and lead to unexpected costs.

CIA - Availability

Best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed and maintaining a correctly functioning operating system environment that is free of software conflicts. Keep upgrades up to date Denial of service attack on many sites on the internet → example of lack of availability

Cloud Auditing

Cloud computing is transforming business IT services, but also poses significant risks that need to be planned for Who is responsible for doing this? Audit the bills → sometimes people pay 200k a month for cloud services There are special audit guidelines for the cloud

Measured Service

Cloud systems automatically control and optimize resource use by leveraging a metering capability1 at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.

Best Practices for CIA Triad

Confidentiality Data should be handled based on their required privacy. Data should be encrypted, with a form of two-factor authentication to reach it. Keep access control lists and other file permissions up to date. Integrity Ensure employees are knowledgeable about compliance and regulatory requirements. Use a backup and recovery software. To Ensure integrity, make use of version control, access control, data logs and checksums. Availability Use preventative measures such as redundancy, failover and RAID. Ensure systems and applications stay updated. Use network or server monitoring systems. In case of data loss, ensure a Data Recovery and Business Continuity plan is in place

Technical Requirements for Secure Systems

Confidentiality (Privacy → encryption, how you keep data private) Authentication (You are who you say you are) Authorization (Once you've identified your identity, what privileges do you have?) Integrity (Validating) Nonrepudiation

Network of networks

Consists of: Local Area Networks (LANs): These are networks that connect devices within a relatively small geographic area, such as a home or office. Wide Area Networks (WANs): WANs are networks that cover larger geographic areas, often spanning multiple cities or even countries. Examples of WANs include the internet backbone, which connects different internet service providers (ISPs) across the world. Metropolitan Area Networks (MANs): MANs are networks that cover a metropolitan area, such as a city or town. Wireless Networks: These are networks that use wireless technologies, such as Wi-Fi, Bluetooth, or cellular networks, to connect devices wirelessly.

Benefits of cloud services for an established enterprise

Cost savings on hardware and software infrastructure, including reduced IT maintenance and support costs. Improved scalability and flexibility, allowing businesses to quickly respond to changing market conditions and customer needs. Access to a wide range of cloud services, including machine learning, artificial intelligence, and analytics, which may not be affordable or feasible for companies to develop in-house. Increased collaboration and productivity, as cloud services enable employees to work remotely and collaborate on projects in real-time.

3 Stages of Data Protection

Data at rest (stored data) Data in transit (being sent over the internet) Data when it is being processed (by a credit card company for example)

Technology Aimed at Protecting Data

Data hashing is a technology that creates a hash, or specific code, to identify a given dataset. → Hashing would prevent data from being changed by an unauthorized third party. Digital watermarks allow data to be tracked. While this approach does not protect the data, it does allow it to be linked back to the individual who placed it on a cloud or at an unsanctioned location, making that person potentially responsible for any consequences to the data's misappropriation.

Security & Privacy are not the same

Data privacy is focused on the use and governance of personal data—things like putting policies in place to ensure that consumers' personal information is being collected, shared and used in appropriate ways. Security focuses more on protecting data from malicious attacks and the exploitation of stolen data for profit. While security is necessary for protecting data, it's not sufficient for addressing privacy.

Risks of cloud services for a new venture

Dependency on a third-party provider for critical business functions and data storage, which may lead to service disruptions or data loss. Limited control over the infrastructure and security measures, which may pose privacy and security risks for sensitive data. High costs for customized solutions or additional features, which may not be affordable for small startups. Limited integration with existing legacy systems, which may require additional investments and time to migrate to the cloud.

Non Data-Centric Info about IoT

Don't want to have to service them, want the object to know the problem itself and let you know Example: Nest thermostat not working properly, leaves users cold What if a company decides they no longer want to use this device? Security and Privacy Example, unsecure baby monitors Car knows when you gain weight

Cloud Actor Relationships

Example Usage Scenario 1: A cloud consumer may request service from a cloud broker instead of contacting a cloud provider directly. The cloud broker may create a new service by combining multiple services or by enhancing an existing service. In this example, the actual cloud providers are invisible to the cloud consumer and the cloud consumer interacts directly with the cloud broker. Example Usage Scenario 2: Cloud carriers provide the connectivity and transport of cloud services from cloud providers to cloud consumers. As illustrated in Figure 4, a cloud provider participates in and arranges for two unique service level agreements (SLAs), one with a cloud carrier (e.g. SLA2) and one with a cloud consumer (e.g. SLA1). A cloud provider arranges service level agreements (SLAs) with a cloud carrier and may request dedicated and encrypted connections to ensure the cloud services are consumed at a consistent level according to the contractual obligations with the cloud consumers. In this case, the provider may specify its requirements on capability, flexibility and functionality in SLA2 in order to provide essential requirements in SLA1. Example Usage Scenario 3: For a cloud service, a cloud auditor conducts independent assessments of the operation and security of the cloud service implementation. The audit may involve interactions with both the Cloud Consumer and the Cloud Provider.

The Internet

Global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices A network of networks with a couple billion users → these networks are called internet service providers Large national and international ISPs (Internet Service Proviers) as the core networks (the backbone) Regional and smaller ISPs connected to national ISPs They exchange traffic (data packets) with other ISps across peering points (called exchanges) With billions of computers and users connected to customer networks at the outer edge, these networks then connect to an ISP, which then connects to other ISps so that data can flow from my computer to your computer All use the same protocols (software) called TCP/IP protocols, with applications built on this common software The web and all other applications (websites,use the implementation on top of all of the above

Desktop Linux - Why not Successful?

Has not been as successful as Mac OS or Windows due to its limited availability and complexity, leading to higher total cost of ownership and limited desktop application availability. The small user base also makes it less attractive for developers, with incompatibility with Windows applications and other network effect-related issues further hindering its adoption in mature markets. While Linux has been successful in mobile devices and high-end servers, open-source software also has challenges, such as product complexity and support concerns.

Integrity

How do you validate that something hasn't changed? Requires a technology called hashing

Authentication

How does a computer system know if you are who you say you are? Requires 2 parties to have a shared secret (or use another cryptographic technique)

Security Resources

IT US-CERT Coordination Center NIST

How could the presence or lack of net neutrality affect your business?

If net neutrality is present, all internet traffic is treated equally, and there is no discrimination or preference given to specific types of content or websites. This creates a level playing field for all businesses on the internet, regardless of their size or resources. In this scenario, businesses can compete based on the quality of their products or services, without worrying about their ability to access their target audience. However, if net neutrality is not present, internet service providers (ISPs) could potentially favor certain types of content or websites over others, based on their financial interests or other considerations. This could lead to additional fees or obstacles for businesses that rely on high-bandwidth applications, such as streaming video content. It could also give an unfair advantage to large corporations that have the resources to pay for prioritized access to their users.

Internet Economy

Important groups for protocols and standards → no single group manages or controls the internet Ietf (internet engineering task force) is the premier internet standards body, developing open standards Isec (internet society) → the internet is for everyone; provide policy guidance Cost projections looking to go down over time (analogy to Moore's law) Major revenue, however, is very much advertisement driven and has gone up tremendously

What is the Internet of Things used for?

In short, IoT lets you solve your business problems using your own data. The Internet of Things isn't just about connected devices—it's about the information those devices collect and the powerful, immediate insights that can be garnered from that information. These insights can be used to transform your business and lower costs through improvements like reduction of wasted materials, streamlined operational and mechanical processes, or expansion into new lines of business that are only made possible with reliable real-time data. Create a real competitive advantage by using IoT to turn your data into insights and turn those insights into action.

OSS Examples

LAMP WordPress—software for running a blog or website, powering about a third of websites. Firefox—a Web browser that competes with Chrome, Safari, and Internet Explorer LibreOffice—a competitor to Microsoft Office Gimp—a graphic tool with features found in Photoshop Shotcut for video editing and Audacity for audio editing Magento—e-commerce software TensorFlow—open source machine learning software Alfresco—collaboration software that competes with Microsoft Sharepoint and EMC's Documentum Marketcetera—an enterprise trading platform for hedge fund managers that competes with FlexTrade and Portware Zimbra—open source e-mail software that competes with Outlook server MySQL, Ingres, and PostgreSQL—open source relational database software packages that go head-to-head with commercial products from Oracle, Microsoft, SAP, and IBM MongoDB, HBase, and Cassandra—nonrelational distributed databases used to power massive file systems (used to power key features on Facebook, Twitter, LinkedIn, and Amazon) SugarCRM—customer relationship management software that competes with Salesforce.com and Siebel Docker-tools for "containerization," an evolution beyond virtualization. Asterisk—an open source implementation for running a PBX corporate telephony system that competes with offerings from Nortel and Cisco, among others Git—version control software, critical to managing most commercial software products. Free BSD and Sun's OpenSolaris—open source versions of the Unix operating system There are thousands of open source products available, covering nearly every software category. Many have a sophistication that rivals commercial software products. Not all open source products are contenders. Less popular open source products are not likely to attract the community of users and contributors necessary to help these products improve over time (again we see network effects are a key to success—this time in determining the quality of an OSS effort). Just about every type of commercial product has an open source equivalent.

Why IoT now?

Moore's law gives incredible computing power Tools/Systems/Cloud Storage, processing, networks Ubiquitous computing Personal, business, M2M, and IoT Information as an Asset Techniques and tools Ability to develop new products and services The above three converge → multiple trends make it now possible to create, collect, and analyze data. The goal is gain benefit from it

How could the presence or lack of net neutrality influence the type of business that uses the internet that you might want to start in a few years?

Net neutrality ensures equal treatment of all internet traffic. Without it, internet service providers could potentially favor certain content or websites, making it harder for small businesses to compete with larger ones. This could affect the type of business you might want to start in the future, depending on whether it relies on high-bandwidth applications or not.

Authorization

Now that I've proven who I am, what privileges do I have? Relates to programs, files, data, etc. you may or may not have access to Are these privileges limited to certain amounts of time?

The Main Pillars of The Metaverse

People: connecting people in more relevant, valuable ways; Data: converting data into intelligence to make better decisions; Processes: delivering the right information to the right person (or machine) at the right time; Things: physical and virtual devices and objects connected to the Internet and each other for intelligent decision-making.

Building Blocks of Security

Physical security for systems and networks Password security for systems and networks Shared secret encryption Public key encryption Hashes, digital signatures, block chain, etc. Firewalls VPN Encryption Proper training and procedures

Server Farm in Pacific Northwest

Potato farms in the Pacific Northwest are being replaced by server farms for cloud computing due to the region's advantageous conditions for massive data installations. Major players in cloud computing have server farms in the region with thousands of processors and massive storage capacity. Cloud vendors are deploying infrastructure worldwide to meet the diverse national laws and industry-specific regulatory environments. Rapid-deployment server farm modules are preconfigured and packed inside shipping containers, allowing data centers to be operational in just a few days. Cloud vendors are the computing industry's best customers, with Microsoft, Google, and Amazon spending billions on cloud infrastructure. Clouds are expected to pop up in unexpected places, with Microsoft scouting locations in Siberia and Google applying to patent a method for floating data centers on an offshore platform powered by wave motions.

Net Neutrality

Principle that internet service proviers (ISP) treat all data on the internet the dame, not discriminate or change differently by user, content, website, platform, application, etc. The term was coined by Columbia Univeritty media law professor Tim Wu in 2003 as an extension of the longstanding concept of a common carrier, which was used to describe the role of telephone systems in the 90s A common carrier is a company that transports goods or people and offers its services to the general public under license or authority provided by a regulatory body

CIA - Confidentiality

Privacy First proposed in 1976 in a study by the U.S. Air Force. Designed to prevent sensitive information from reaching the wrong people while making sure that authorized people can access it Training can help familiarize authorized people with risk factors and how to guard against them. Strong passwords and password-related best practices and information about social engineering methods, to prevent users from bending data-handling rules with good intentions and potentially disastrous results. Encryptions, passwords, two factor authentication Highly sensitive information, only keep a hard copy Facebook → 419M phone numbers leaked → issue of confidentiality

Cloud Computing

Revolution in how computing power is delivered to business Made possible by large scale data centers connected to broadband networks You only pay for what you use Compared to factories at the turn of the century and how they used power Used to use power generators Chicago 1900 → Turbine station made by Edison → cheaper and more reliable and cleaner energy than generators By 1920, most businesses switched over → wall plugs! Economies of scale → more cost effective if it became a general utility, which is the core of what cloud computing provides Cloud computing is way more reliable, safer, etc. than typical IT Infrastructure as a Service (IaaS) → where most businesses will start to use the Cloud; the power station at the core of all cloud models Platform as a Service (PaaS) → makes it easier to collaborate and create apps Software as a Service (SaaS) It is a model for enabling convenient, on demand, network access to a shared pool of configurable computing resources (networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction This cloud model is composed of five essential characterics, three service models, and four deployment models

Cloud Provider Broken into PaaS, IaaS, SaaS

SaaS: Cloud provider deploys, configures, maintains and updates the operation of the software applications on a cloud infrastructure so that the services are provisioned at the expected service levels to cloud consumers. The provider of SaaS assumes most of the responsibilities in managing and controlling the applications and the infrastructure, while the cloud consumers have limited administrative control of the applications. PaaS: Cloud Provider manages the computing infrastructure for the platform and runs the cloud software that provides the components of the platform, such as runtime software execution stack, databases, and other middleware components. Typically also supports the development, deployment and management process of the PaaS Cloud Consumer by providing tools such as integrated development environments (IDEs), development version of cloud software, software development kits (SDKs), deployment and management tools. The PaaS Cloud Consumer has control over the applications and possibly some the hosting environment settings, but has no or limited access to the infrastructure underlying the platform such as network, servers, operating systems (OS), or storage. IaaS: Acquires the physical computing resources underlying the service, including the servers, networks, storage and hosting infrastructure. The Cloud Provider runs the cloud software necessary to makes computing resources available to the IaaS Cloud Consumer through a set of service interfaces and computing resource abstractions, such as virtual machines and virtual network interfaces. The IaaS Cloud Consumer in turn uses these computing resources, such as a virtual computer, for their fundamental computing needs Compared to SaaS and PaaS Cloud Consumers, an IaaS Cloud Consumer has access to more fundamental forms of computing resources and thus has more control over the more software components in an application stack, including the OS and network. The IaaS Cloud Provider, on the other hand, has control over the physical hardware and cloud software that makes the provisioning of these infrastructure services possible, for example, the physical servers, network equipments, storage devices, host OS and hypervisors for virtualization.

Cloud Consumer Broken into PaaS, IaaS, SaaS

SaaS: HR, social networks, financials, content management, CRM, sales, etc. Consumers can be organizations that provide their members with access to software applications, end users who directly use software applications, or software application administrators who configure applications for end users. Billed based on the number of end users, the time of use, the network bandwidth consumed, the amount of data stored or duration of stored data. PaaS: Business intelligence, development & testing, integration, database Consumers can employ the tools and execution resources provided by cloud providers to develop, test, deploy and manage the applications hosted in a cloud environment. PaaS consumers can be application developers who design and implement application software, application testers who run and test applications in cloud-based environments, application deployers who publish applications into the cloud, and application administrators who configure and monitor application performance on a platform. Billed according to, processing, database storage and network resources consumed by the PaaS application, and the duration of the platform usage. IaaS: Storage, CDN, service management, platform hosting, compute, etc. Consumers have access to virtual computers, network-accessible storage, network infrastructure components, and other fundamental computing resources on which they can deploy and run arbitrary software. Billed according to the amount or duration of the resources consumed, such as CPU hours used by virtual computers, volume and duration of data stored, network bandwidth consumed, number of IP addresses used for certain intervals.

Cloudbursting

Scalability solution that uses cloud computing to provide excess capacity during periods of spiking demand. Scalable computing resources can help firms deal with spiking impact from black swan events.

Predictive Maintenance

Similar to remote monitoring, predictive maintenance incorporates machine learning software that analyzes data to predict outcomes and automate actions. Predictive capabilities allow service providers to move beyond the traditional reactive and scheduled maintenance business model and use their data to identify issues before they become critical. This gives technicians the opportunity to intervene before customers even realize there's a problem. Armed with this information, you're able to: -Figure out what mechanical or operational conditions are causing failures or slowdowns. -Better predict what spare parts to keep in your inventory before repair issues arise. -Move beyond a break/fix business model by preventing equipment failures through preventative maintenance.

Why buy over rent?

Some firms may still prefer buying over renting due to Total Cost of Ownership (TCO) and pricing economics.

IaaS

The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).

SaaS

The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user specific application configuration settings.

Community Cloud

The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.

Resource Pooling

The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.

Risk

Threat*Vulnerability*Consequence Possibility that a threat exploits a vulnerability in an asset and causes damage or loss to the asset The likelihood of being targeted by a given attack, of an attack being successful, and general exposure to a given threat. A risk assessment is performed to determine the most important potential security breaches to address now, rather than later. One enumerates the most critical and most likely dangers, and evaluates their levels of risk relative to each other as a function of the interaction between the cost of a breach and the probability of that breach. Analyzing risk can help one determine appropriate security budgeting — for both time and money — and prioritize security policy implementations so that the most immediate challenges can be resolved the most quickly.

Gartner Hype Cycle for the Cloud

Today we are more in the Plataeu of Productivity (seemed to go through trough of disillusionment in 2014)

Formulate a TCO for a cloud-based business application

Upfront costs: This includes the cost of licensing the software, implementing it, and any customization required. Cloud-based applications generally have lower upfront costs than on-premises software because the infrastructure is provided by the cloud service provider. Operating costs: This includes ongoing costs such as the monthly subscription fee, maintenance, and support. Cloud-based applications are generally more cost-effective because they require less hardware, fewer IT staff, and lower energy consumption. Integration costs: If the application needs to be integrated with other systems or data sources, there may be additional integration costs. However, cloud-based applications are generally easier to integrate than on-premises software because they use open APIs. Training costs: If the application requires specialized training, there may be additional costs for training and support. However, cloud-based applications are generally more user-friendly and intuitive than on-premises software, which may reduce the need for extensive training. Migration costs: If the organization is migrating from an existing system, there may be additional costs for data migration and system configuration. However, cloud-based applications are generally easier to migrate than on-premises software because the infrastructure is provided by the cloud service provider.

Risks of cloud services for an established enterprise

Vendor lock-in, where it may be difficult to switch to a new provider due to dependencies on specific cloud services or data formats. Compliance and regulatory risks, as cloud providers may be subject to different regulations or data privacy laws in different regions. Loss of control over IT infrastructure and security, which may be unacceptable for companies with highly sensitive or confidential data. Risks of service disruptions or outages, which may cause significant financial losses or reputational damage.

The Cloud

Very large computer/data centers Using the internet to access the Cloud When we use the Cloud (for the most part) we don't typically buy a program forever → just pay for what you are using/time you are using it

Wearable Technology

Wearable technology is evolving into an important category of the Internet of things, with life-changing applications in medicine and other fields. Also known as wearables, the growth of mobile networks, high-speed data transfer, and miniaturized microprocessors have enabled the development of this technology. These technologies may be worn, embedded in fabric or accessories, or tattooed directly onto the skin. Wearable technology can be said to have existed since eyeglasses were first developed in the 13th century. Timepieces small enough to be worn have been around since about 1500. But modern wearable technology is defined as incorporating a microprocessor and an internet connection. There have been some flops, too, notably Google Glass. The Internet-connected eyeglasses may yet re-emerge for specialized uses but they most definitely did not make it as a fashion accessory. The focus in the development of wearable technology now appears to be moving from consumer accessories to more specialized and practical applications. Microchip implants are now being used to replace keys and passwords. Embedded in a fingertip, the chips use near-field communication (NFC) or radio-frequency identification (RFID) and are similar to the chips used to track lost pets.

Zero-Rating

Zero rating is a practice where internet service providers (ISPs) exempt certain types of content or services from counting towards a user's data cap or limit. AT&T is a major ISP in the United States that has implemented zero rating for certain services, such as its own streaming video service, DIRECTV. With AT&T's zero rating policy, users can stream DIRECTV without it counting towards their data limit. This can be seen as a benefit for customers who use the service frequently, as they can save on data costs. However, the downside is that other streaming video services, such as Netflix or Hulu, would count towards the data limit, potentially leading to additional fees or charges for users who use those services frequently. Critics of zero rating argue that it violates the principles of net neutrality by giving preferential treatment to certain types of content or services. They also argue that it can harm competition by making it harder for smaller or competing services to gain a foothold in the market. However, supporters of zero rating argue that it can benefit consumers by providing them with free or discounted access to certain services.

Make, buy, or rent software?

case-by-case basis Competitive Advantage: Unique processes, procedures, or technologies create differentiating competitive advantage. Functions not good candidates for outsourcing or replacing with packaged software. Amazon, Netflix, and Dell developed proprietary systems for critical functions. Security: Unacceptable risks associated with packaged software, OSS, cloud solution, or outsourcing vendor. Solution must be sufficiently secure and reliable. Trustworthiness of vendor with code, data, procedures, and way of doing business. Noncompete provisions and on-site auditing policies for off-site work. Legal and Compliance: Prohibitions on using technologies and compliance requirements for deploying products or services. Laws requiring firms to record and reproduce electronic communications. Legal deserves a seat in systems planning meetings. Skill, Expertise, and Available Labor: Sufficiently skilled technologists and experienced with new technology. Costs of allocating staff away from existing projects. Cost: Cost-effective choice for the firm. Costs of labor, consulting, security, operations, licensing, energy, and real estate. Consider aggregate spending and potential cost variations over time. Time: Time to build, test, and deploy the system. Vendor Issues: Reputable and financially sound vendor. Guaranteed service levels and reliability. Provisions in place in case of vendor failure or acquisition. Vendor certification for quality, trust, and reliability by standards organizations like the Carnegie Mellon Software Institute.

Metaverse

etaverse: A Different Perspective Author Neal Stephenson is credited with coining the term "metaverse" in his 1992 science fiction novel "Snow Crash" He envisioned lifelike avatars who live in realistic 3D buildings and other virtual reality environments. Metaverse is another name for the Internet of Everything (IoE), a concept started in the early 2000s, leading to the Internet of Things (IoT) and its applications a scaled-down version of the IoE Since then, various developments have made milestones on the way toward a real Metaverse, an online virtual world that incorporates augmented reality (AR), virtual reality (VR), 3D holographic avatars, video, and other means of communication As the Metaverse expands, it will offer a hyper-real alternative world or what Comic fans call the parallel universe. The Metaverse "is bringing together people, processes, data, and things (real and virtual) to make networked connections more relevant and valuable than ever before-turning information into actions that create new capabilities, richer experiences, and unprecedented economic opportunity for businesses, individuals, and countries" In simple terms, the Metaverse is the intelligent connection of people, processes, data, and things It describes a world where billions of objects have sensors to detect, measure, and assess their status, all connected over public or private networks using standard and proprietary protocols