The annual Verizon Data Breach Investigation Report  was recently published. The opening statement really tells the story:

Perhaps more so than any other year, the large scale and diverse nature of data breaches and other network attacks took center stage. But rather than a synchronized chorus making its debut on New Year’s Eve, we witnessed separate, ongoing movements that seemed to come together in full crescendo throughout the year. And from pubs to public agencies, mom-and-pops to multi-nationals, nobody was immune. As a result—perhaps agitated by ancient Mayan doomsday predictions—a growing segment of the security community adopted an “assume you’re breached” mentality. (emphasis added)

The post I made a few minutes ago about 94% of healthcare companies suffering a breach is certainly in line with this attitude.

What is one to do?  I liked the way Verizon concluded the report.

We worked with the recently formed Consortium for Cybersecurity Action (CCA) and mapped the most common [VERIS] threat action varieties to their Critical Security Controls for Effective Cyber Defense … Most organizations should implement all 20 of the Critical Security Controls to some level.

The following diagram shows the Critical Security Controls mapped to the top VERIS Threat Actions:

Enterprises must implement comprehensive, end-to-end security.  It’s not easy, but we must do it.

 

 

The most intriguing thing to hit my desk today was the announcement of the new Mammoth service to “save links, add notes, and selectively grab content from multiple webpages into a single, shareable, organizable document.” 

I followed a tweet from @paulmadsen and reserved my name.  You can reserve your name, too, by clicking here, or on the image below.  If you click here and reserve your name, you will be in line to use the service, and I will be one step closer to getting my account activated (I need a couple more friends to click through). We will both be one step closer to testing how to collaborate on Mammoth.  Thanks for clicking!

I do think these guys understand privacy.  See below the image for more …

I like the sound of what they say about security and privacy:

security and privacy are top of our list …

We want to make sure nothing gets leaked unless you specifically expose it to the world. So no, no social networks to login, no weird permissions to manage, no scary dreams of that weird things you like making it out into the world. Its just simple. …

Our entire business is based on your trust – why would we screw with that? To put simply, we don’t have any reason to misuse any information we collect. And we only capture data thats needed to enable a feature for you, nothing else.

Could this be a “personal cloud” that I can really use?  It has my name on it.  It sounds like it will be secure. I look forward to checking it out.  

XRI - An extensible resource identifier (abbreviated XRI) – a scheme and resolution protocol for abstract identifiers compatible with uniform resource identifiers and internationalized resource identifiers, developed by the XRI Technical Committee at OASIS. 

i-name – a human readable XRI intended to be as easy as possible for people to remember and use.

I recently received an email from Drummond Reed with his usual =drummond signature at the bottom.  It made me remember that I had once registered my own ii-name, “=mgd”.  I had never really used it, but still see it as an intriguing concept – my own, persistent identifier that aligns nicely with my Twitter handle, @mgd.  (I still regret that I didn’t register the mgd.com domain when I had a chance.)

So, now =mgd is alive and active, registered at 1id.com.  You can request contact with me by clicking on the =mgd link here or on the =mgd icon in this post or on the sidebar.

I’m still not certain how I’ll use =mgd beyond this, but Drummond told me some interesting things are on the near horizon.

By the way – clicking on my other i-name, =markdixon, will take you to my about.me page.  I’m slowly trying to weave my social media presence together.

Last week, T.Rob Wyatt authored an intriguing post, “Futurist’s Groundhog Day.” I found it by following Phil Windley‘s tweeted recommendation:

Futurist’s Groundhog Day: http://t.co/pq75vMPZsS #vrm

It wasn’t long before Doc Searls tweeted,

The best #VRM post, ever: http://t.co/IiQrMR12Ox, by @tdotrob, honored here: http://t.co/xERNWkA6Sp

I agree that the post addressed the VRM concept very well, but I particularly liked T.Rob’s description about how technology, once broadly accepted, “disappeared into the fabric of life.”

First, a historical observation:

The first electric motors were envisioned to replace steam motors within the same architecture: one big motor, lots of belts and pulleys. But what actually happened was that electric motors disappeared into the fabric of life. There’s one on my wrist as I write this. There are roughly 30 within arm’s reach of my chair. Electric motors are invisible. We don’t think of them as motors, we think of them as a watch, hard drive, CD/DVD player, printer, sprinkler valve, drill, toy, fan, vacuum cleaner, etc.

Next, a prediction:

In the near future a “smart switch” will just be a switch. A “smart” anything will just become that thing and the old version will become a “dumb thing.” The instrumentation will no longer be a novelty but will recede invisibly into the fabric of life. When steam engines were replaced by electric motors, it was hard to imagine a time when motors would fit on your wrist. It’s just as difficult today to imagine why we’d want sensors and actuators in all our devices and objects but let’s table that and stipulate that it happens.

And further observation about when sensors become ubiquitous:

In the very near future your casual behavior and activities will be trackable with the precision and detail only possible today in the confines of a lab. Every device, object or surface will potentially be a sensor. The physical constraints assumed by the current legal framework and that balanced the power of individuals against corporate and government interest are disappearing. The digital representation of you that was once a rough tile mosaic is coming into focus for vendors and government as a hi-def, crystal image.

In my lifetime, it has been great to see so much technology emerge as novelty and then become commonplace. Think pocket calculators, microwave ovens and mobile phones.  Now, the Internet of Things, including ubiquitous sensors, is emerging.  We can expect IoT to grow, become commonplace and then “recede invisibly into the fabric of life.”

Hence, T.Rob’s challenge:

IoT is coming so embrace it.  It is inevitable and it is closer than you think.  If you start with 50 billion instrumented things (or trillions if you are ambitious) and work backward, what do we need to build to pave the road between here and there?

Exciting stuff.  Just think – every one of those billions of devices will have an identity (or identifier, depending on your point of view).  Sign me up for the journey.

Make no mistake.  I am honored when people choose to endorse me on LinkedIn.  I appreciate them taking a few moments to click the button and send a message my way that they think I have a certain positive capability.  I always try to respond in kind.

However, LinkedIn could certainly take lessons from Connect.me, or better still, use Connect.me, when it comes to vouching for and cataloging a person’s capabilities.  Here are some deficiencies in the LinkedIn approach that are much better implemented in Connect.me:

Whom have I endorsed?  On LinkedIn, I have no way to review the people I have endorsed or what capabilities I have endorsed.  I would really like to step through a list of my contacts, see which ones I have endorsed, and for what.

Who has endorsed me? On LinkedIn, there is no way I have found to review a list of my contacts and know if they have endorsed me or what they have endorsed me for.

In your face, with limited information.  I resent that each time I access LinkedIn, I am presented with a grid of four people, each with one capability, asking for me to endorse them. There are two problems here.  First, I link to endorse people as a conscious action, not upon an impulse.  Second, I should like to consider multiple endorsements of a person, rather than just the one LinkedIn suggests.  This often results in a scattered sequence of individual endorsements, rather than a cohesive set of endorsements.

Ease of use.  When LinkedIn does suggest a person to endorse, I can’t easily go to his or her profile page to do a multiple endorsement set.  I must type in his or her name to reach the profile page.

Well, there my rant.  It’s doubtful that LinkedIn will listen to me … but hopefully they will fix their reputation system just the same.

 

Today, I enjoyed reading T.Rob’s post, “ Do you consider your digital identity a separate self or is it identical to your real-world self?”  I started to respond to his post as a comment, but decided to write the following post.

Back in November, 2005, I began writing a series of posts about “The Identity Map,” which was centered on a concept I called “Core Identity.”

I think this Core Identity concept goes to the heart of what T.Rob discussed – that perhaps:

identities change over time … The one place we make an effort to distinguish between a person’s identities is in the present moment. The T.Rob who exists right now is a multi-faceted, yet unique entity. I participate in many communities across many interests …

I would propose that the core of who we are does not change, but many characteristics, including both physical and mental attributes do change over time. We may possess multiple “digital identities,” or perhaps more specifically, “digital personas,” which are but subsets of the complex core identity and the myriad set of attributes surrounding that core.  I drew this chart in November, 2005:

The remainder of this post comes from a couple of earlier posts - here and here.  Thanks, T.Rob, for triggering these memories.

—-

Core Identity is the essence of who a person is. This unique “Core Identity” can be identified or described by attributes that belong to and describe an individual. Some unique characteristics (e.g. DNA signature, footprint) are immediately measurable at birth. Others change over time.

The attributes that further identify and describe an individual are:

Names. I am known by many names. My given name is Mark. My surname is Dixon. My i-name is MarkDixon.My social security number is [wouldn’t you like to know?]. My kids call me Dad.

Characteristics. I have some measureable characteristics that don’t change – my DNA signature, my fingerprints. Others change over time – height, weight, hair color. Does IQ change? I don’t know.

Relationships. I have relationships with people, institutions and things. I am father to my children, brother to my siblings, husband to my wife. I am an employee of Sun Microsystems and an alumnus of Brigham Young University. I own a Nikon camera. I love Chinese food. I can’t stand professional wrestling.

Roles. The functions I perform in life are roles: Father, husband, Sun Identity Practice Lead, Identity blogger, Church volunteer, registered voter.

Location. When I used to travel every week, I’d tell people I claimed home addresses in Mesa, Arizona and United seat 2B. These are descriptors of physical locations, relative to different known reference points. However, my current location (latitude, longitude, elevation) will vary, dependingon where I am physically located at any moment in time.

Experience. I have experienced many things in the 52+ years of my earthly existence. I have been stabbed by a pitchfork, run for a touchdown, flown around the world and milked a cow (many times). Each experience adds uniqueness to my core identity.

Knowledge. During my existence, I have amassed much knowledge, some of it shared by many, some of it unique. Both you and I probably know the Pythagorean Theorem. You probably don’t know the names of my kids. I hope you don’t know my blog password.

Reputation. Other people and institutions say things about me, some of it good, some of it bad. The credit bureaus say I have a good credit rating. The DMV say I’m a so-so insurance risk because I’ve had a couple of tickets in the past three years – but they also say I hold a valid drivers license. BYU says I hold a BSEE degree. My wife likes me (and that is what really counts).

 

Ok … just for grins, I expanded the SquareTag Experiment to include two more online things:

• My about.me site
• The new  Discovering Identity Facebook page.

The new orange SquareTag QR codes are courtesy of  QRPhoria.

By the way, I got two new messages today – from Australian and Canada.  Thanks!

A quick report on my little SquareTag blogtagging experiment …

Thanks to all who participated.  I received about 20 responses, from eight states, plus the District of Columbia and Scotland.  I was able to connect with most of the people who responded.  However, since the SquareTag web app wasn’t optimized for collecting contact information, I still don’t know where some respondents were located.  I enjoyed getting geotag information on several responses, but I didn’t receive geotag information on others, presumably since the respondent didn’t approve of sending the location information.

A few other points were interesting:

The attention span of social media users is short.  There were a few respondents each day I announced the experiment on Twitter, but then the response rate quickly fell to zero.

Even though the invitation still remains in the header of my blog, I haven’t received any responses for several days.  That probably means two things: 

• Very few people visit my blog
• Those who do visit aren’t  very interested in an arcane blog tag experiment.

That’s ok.  I am used to living in the long tail.

I want to thank  Phil Windley and a couple of people from his team who helped me. They were very supportive, and I got to understand their intriguing technology platform a bit more.  I will send a few suggestions their way, and hope to stay in close touch as the technology matures.

I plan to keep the SquareTag in the blog header for awhile, to see if someone, on the odd chance, is still interested.  So, if you are so inclined, feel free to scan or click the SquareTag.

I really enjoyed the post  Rohan Pinto tweeted about this morning – Scott Morrison’s “ We can’t let the Internet of Things become the Tyranny of Things.” Scott stated:

My belief is that the Internet of Things (IoT) will succeed or fail based on its capacity for creating its own economy. But counting devices and multiplying by people isn’t quite the right math to satisfy this equation. The real key to IoT success is how open – and more significantly, how accessible – the technology is to independent innovators.

I liked Scott’s examples of bad IoT design …

seemingly every year some earnest manufacturer actually demonstrates yet another realization of this dubious vision, which usually consists of little more than a screen stuck onto the door like some giant fridge magnet. This is IoT designed by a committee …

When I purchased my last TV, I also bought the same manufacturer’s BluRay player in the hope I could get away with one remote and hiding the latter in a closed cabinet. Boy, was I naïve.

… but his good examples were also instructive:

Take a walk into the living room and you will find an excellent example of IoT meeting its potential. IoT done right is the netfNest. A brilliant team of ex-Apple employees found a completely moribund corner of everyday technology and transformed it. They created an irresistible object of desire that quietly adapted a ponderous machine of steel and natural gas into an Internet connected device. It’s brilliant. … 

IoT done right is twiNetflix, an innovator that came up with an open API that allowed all manner of devices to integrate using simple web-based protocols. Netflix could have easily screwed this one up. They might have decided to design arcane, binary protocols optimized to support minimalist devices. Instead, they opted for open and well-documented APIs that leverage existing web understanding. The effect was to make integration accessible instead of intimidating – and in doing so, Netflix tapped into a vast developer population. The result was a Cambrian explosion of applications and devices streaming the service. You would be hard pressed to find a modern TV, disk player, or media streamer that doesn’t now have a Netflix logo somewhere on the box.

Yep, I have a plethora of ways to connect to Netflix at my house. I haven’t yet invested in the four Next thermostats I would need to control the four AC zones in my house, but two of my sons have them.

In closing, Scott challenges us:

It’s time to worry less about trying to make the Internet of Things something different. Instead, we need to focus on making it more of the same, more like, well, the internet. Declare IoT open, base it on APIs, and then step back and watch the engine of Silicon Valley engage.

Well spoken, Scott. And thanks for introducing me to that eminently hashtaggable acronym: #IoT.

Last Friday, I began experimenting with publishing a  Discovering Identity “paper” via the paper.li service.  It was enlightening to learn how to specify sources of information and then see how paper.li drew from those sources to lay out a paper fit for publication.  

I don’t pretend to understand the algorithms they use to select from the hundreds of articles and tweets in the sources I specified, but I will continue to experiment with sources and priorities as I move forward.

I decided to upgrade to the Pro version, which allowed me to tweak the branding a bit.  I decided to use the new Discovering Identity logo that appears on this blog, and the same background color.

You can view the paper at  paper.discoveringidentity.com.  I hope this proves to be a useful addition to my online presence as I try to reignite my personal social media efforts.