2016 marked the second consecutive year where OTA was named as an industry sponsor for the RSA Conference. OTA's participation included a range of member and press briefings and activities. Highlights included the RSA member meet-up and "Blended Intelligence" reception at the Contemporary Jewish Museum, organized by IID/Infoblox. In partnership with OTA founding members IID, TRUSTe and ThreatWave, the reception was noted as one of the best RSA events to connect, network and collaborate.
A buzz at the reception was last week's IRS eFile audit , building off of last fall's Presidential Candidate's audit, raising interest for the 2016 Online Trust Audit scheduled for release in June. (Check out the 2016 methodology).
OTA’s morning panel “Diffusing the IoT Time Bomb—Security and Privacy Trust Code of Conduct” drew a packed room with over 150 attendees. Thanks to the efforts of the IoT working group, the panel was a great success, demonstrating OTA's ability to take on hard issues and provide prescriptive and actionable advice. Combined, we are more confident than ever that the IoT Trust Framework and resulting code of conduct will help spur innovation, tame the "IoT Wild West", and most importantly help protect consumers and their data.
The panel and floor questions covered the Framework itself, plus a wide ranging discussion from data minimization, to upgrade/patch responsiveness, to Framework uses in larger and smaller companies, to the practical fact of the Framework being based on established best practices (not a new set of technical standards). Attendee response was extremely positive and discussions continued as many lingered in the hallway after the session.
From the Panel – the importance of the IoT Trust Framework:
“Newcomers who are not technologists will face challenges. As soon as you put a sensor on something, and collect and send data, you are in the data business. Now all the issues of data hygiene and security matter,” remarked Harvey Anderson of AVG Technologies in discussing the rise of IoT into new and varied business sectors where companies may have little experience in privacy and security.
“The OTA Framework provides a list of suggested criteria for organizations to measure against as part of their continuous improvement processes. Applying the relevant criteria may also be useful in evaluating partner relationships. Together, the Framework and Implementation Guide can assist companies in their efforts to improve consumer trust,” said Paul Plofchan of ADT in discussing how established companies can utilize the Framework.
“I’d like to echo data minimization point and with it the need to address local data versus cloud data. The rise in data collection begs the questions of stewardship: how much to keep, how long to retain and where to store. Service providers often see value to customers in collecting and retaining data such as trends over time, but the importance is transparency so customers can decide,” noted Brian Witten of Symantec discussing Framework principles of data stewardship and disclosure.
Many thanks to ADT, AVG Technologies and Symantec for helping bring OTA’s IoT Trust Framework to the forefront of IoT discussions and making this panel such a success!
Cheers from RSA!