yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
Cloud Expo & Virtualization 2009 East
Smarter Business Solutions Through Dynamic Infrastructure
Smarter Insights: How the CIO Becomes a Hero Again
Windows Azure
Why VDI?
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun's Incubation Platform: Helping Startups Serve the Enterprise
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Internet of Things Policies Required By @Vormetric | @ThingsExpo [#IoT]
IoT policies for personal data need to break down into eight key areas

IoT – Enterprise-Ready Policies for Personal Data Required

By Andy Kicklighter

Given the current global furor over continuing data breaches, Edward Snowden disclosures, the hue and cry around NSA data collection from mobile phones and mobile encryption, now is a good time to stop and think before we plunge wholesale into even more extensive collection of personal information from IoT environments and devices.

Think how much worse a breach of data could be if it includes full profiles of people’s movements, actions, eating habits, purchase preferences or even more personal information.  Consider at the same time the potentials for abuse if this information is improperly handled or made available.Io

ClickToTweet: IoT – The need for enterprise ready personal data policies @akicklighter #DefenderOfData

It seems inevitable that legislation will lag our technical capabilities for collection and use of data, but that there will eventually be a reckoning with the public.  Given that coming day, organizations that have put in place the policies and procedures for both the use and safeguarding of data coming in from the coming IoT tsunami will be both better perceived by the public, at an advantage against competitors, while also being ready for regulators. Properly structured policies, followed to the best of ability, will show good faith in preserving public rights and trust.

There will of course need to be variations in policy – Even within a field like healthcare different policies will be required based on data type and usage.  For instance, a patient’s health records as used by a primary care provider, versus data collected by researchers working on lifestyle and experimental studies. In one case permanent storage and protection is required, in the other most people would prefer that personal data is anonymized appropriately and early in the usage process.

From my point of view, these policies need to break down into eight key areas:

  • Collection – What data will you collect?
  • Usage – What you will do with the data?
  • Retention – How long you will keep data?
  • Access – Who will have access to the data?
  • Protection – How will you protect the data from compromise?
  • Opt in/out – How can personal information be deleted if requested? Not collected at all?
  • Breaches – What will you do if the data is exposed outside of your policies?
  • Auditing – How will you verify that you are meeting your policies?

There are plenty of ideas about how to build suitable policy sets – Task a privacy group with creating best practices? Create a new set of ISO or IEEE standards? Start a central clearing house that creates not only privacy policy sets, but administers user’s preferences and can serve them up via the web (think of it as an extension of the “do not call” registry)? But – it’s pretty clear that we’re going to have no such resources any time soon. If your organization is going to be building or using IoT personal data, now, early in the game is the time to set your policies.

To close this out, you’ll find below one sample policy set built using these principles … See what you think.


In this example we’ll use a health and activity monitoring smartwatch with a back end application that tracks and displays activity, pulse rate, sleep patterns, and (just for grins) also feeds back GPS data about where you’ve been, linked back to a mapping function that tracks eateries (You went to Krispy Kreme again? Oh man, you just lost points). You have to register at a portal to be able to use the device, and there is a light yearly fee (allowing them some real tracking of who exactly you might be).

Policy set:

  • Collection – What data will you collect?
    • Your identity, height, weight, build, motion activity, steps, changes in location, pulse rate, depth and type of sleep patterns (list), what commercial food restaurants you visit, duration of stay
  • Usage – What you will do with the data?
    • We will use the data to display your activities and trends on a phone or web application
    • We will use anonymized data (information that does not identify either you, or your locations visited) for aggregated analysis of device usage and effects
  • Retention – How long you will keep data?
    • Full data will be retained for 2 years
    • Anonymized data will be retained for 5 years
  • Access – Who will have access to the data?
    • Full data set: Used for display through an app on your phone or website only, to a person who logs in with your credentials
    • Account information: Customer service personal can see your name and account numbers only
    • Anonymized data: Information collected from the device that does not identify your primary residence, personal identity, or movement patterns can be shared internally for aggregated analysis of trends only
    • Data sharing: We will not share any of your data outside of our organization, including with any affiliated business units. Anonymized data may be retained if our organization is acquired, subject to our retention policy.
  • Protection – How will you protect the data from compromise?
    • We will use secure, encrypted storage on the device
    • We will use industry standard SSL communications to exchange information between device and for display of web information
    • Within our organization’s service – All data will be encrypted, tokenized or masked – With data access policies that correspond to our information access policies implemented as security controls
    • Security personnel with access to policy setting infrastructure – These will undergo periodic financial, criminal and lifestyle audits
    • We will collect information on data access patterns from within our application, and within underlying IT infrastructure and internet access points, and then analyze the results to identify possible threats to your data
  • Opt in/out – How can personal information be deleted if requested? Not collected at all?
    • At any time, you may select information that you do not want collected from the device. A check list of available measurements is available from the application.
    • You may opt out of anonymized data collection at any time in the same way
    • Your account may be deleted, including all sets of information except those relating to your payments, at any time if you chose to stop using the service.
  • Breaches – What will you do if the data is exposed outside of your policies?
    • If we believe that your anonymized data set has been compromised we will notify you in the application, and through your contact information.
    • If your personally identifiable information is lost, we will … (specific breach policy )
  • Auditing – How will you verify that you are meeting your policies?
    • Outside auditors trained to compliance standards …

The post IoT – Enterprise-Ready Policies for Personal Data Required appeared first on Data Security Blog | Vormetric.

Read the original blog entry...

About Vormetric Blog
Vormetric (@Vormetric) is the industry leader in data security solutions that span physical, big data and cloud environments. Data is the new currency and Vormetric helps over 1400 customers, including 17 of the Fortune 30 and many of the world’s most security conscious government organizations, to meet compliance requirements and protect what matters — their sensitive data — from both internal and external threats. The company’s scalable Vormetric Data Security Platform protects any file, any database and any application’s data —anywhere it resides — with a high performance, market-leading data security platform that incorporates application transparent encryption, privileged user access controls, automation and security intelligence.

Latest Cloud Developer Stories
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools availabl...
Financial enterprises in New York City, London, Singapore, and other world financial capitals are embracing a new generation of smart, automated FinTech that eliminates many cumbersome, slow, and expensive intermediate processes from their businesses. Accordingly, attendees at th...
Isomorphic Software is the global leader in high-end, web-based business applications. We develop, market, and support the SmartClient & Smart GWT HTML5/Ajax platform, combining the productivity and performance of traditional desktop software with the simplicity and reach of the ...
92% of enterprises are using the public cloud today. As a result, simply being in the cloud is no longer enough to remain competitive. The benefit of reduced costs has normalized while the market forces are demanding more innovation at faster release cycles. Enter Cloud Native! C...
Where many organizations get into trouble, however, is that they try to have a broad and deep knowledge in each of these areas. This is a huge blow to an organization's productivity. By automating or outsourcing some of these pieces, such as databases, infrastructure, and network...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)!

Advertise on this site! Contact advertising(at)! 201 802-3021

SYS-CON Featured Whitepapers
Most Read This Week