yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Computing
Conference & Expo
November 2-4, 2009 NYC
Register Today and SAVE !..

2008 West
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
Red Hat
The Opening of Virtualization
User Environment Management – The Third Layer of the Desktop
Cloud Computing for Business Agility
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Return on Assests: Bringing Visibility to your SOA Strategy
Managing Hybrid Endpoint Environments
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
How Can AJAX Improve Homeland Security?
Beyond Widgets: What a RIA Platform Should Offer
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
In many cases, the end of the year gives you time to step back and take stock of the last 12 months. This is when many of us take a hard look at what worked and what did not, complete performance reviews, and formulate plans for the coming year. For me, it is all of those things plus a time when I u...
Internet of Things Policies Required By @Vormetric | @ThingsExpo [#IoT]
IoT policies for personal data need to break down into eight key areas

IoT – Enterprise-Ready Policies for Personal Data Required

By Andy Kicklighter

Given the current global furor over continuing data breaches, Edward Snowden disclosures, the hue and cry around NSA data collection from mobile phones and mobile encryption, now is a good time to stop and think before we plunge wholesale into even more extensive collection of personal information from IoT environments and devices.

Think how much worse a breach of data could be if it includes full profiles of people’s movements, actions, eating habits, purchase preferences or even more personal information.  Consider at the same time the potentials for abuse if this information is improperly handled or made available.Io

ClickToTweet: IoT – The need for enterprise ready personal data policies @akicklighter #DefenderOfData

It seems inevitable that legislation will lag our technical capabilities for collection and use of data, but that there will eventually be a reckoning with the public.  Given that coming day, organizations that have put in place the policies and procedures for both the use and safeguarding of data coming in from the coming IoT tsunami will be both better perceived by the public, at an advantage against competitors, while also being ready for regulators. Properly structured policies, followed to the best of ability, will show good faith in preserving public rights and trust.

There will of course need to be variations in policy – Even within a field like healthcare different policies will be required based on data type and usage.  For instance, a patient’s health records as used by a primary care provider, versus data collected by researchers working on lifestyle and experimental studies. In one case permanent storage and protection is required, in the other most people would prefer that personal data is anonymized appropriately and early in the usage process.

From my point of view, these policies need to break down into eight key areas:

  • Collection – What data will you collect?
  • Usage – What you will do with the data?
  • Retention – How long you will keep data?
  • Access – Who will have access to the data?
  • Protection – How will you protect the data from compromise?
  • Opt in/out – How can personal information be deleted if requested? Not collected at all?
  • Breaches – What will you do if the data is exposed outside of your policies?
  • Auditing – How will you verify that you are meeting your policies?

There are plenty of ideas about how to build suitable policy sets – Task a privacy group with creating best practices? Create a new set of ISO or IEEE standards? Start a central clearing house that creates not only privacy policy sets, but administers user’s preferences and can serve them up via the web (think of it as an extension of the “do not call” registry)? But – it’s pretty clear that we’re going to have no such resources any time soon. If your organization is going to be building or using IoT personal data, now, early in the game is the time to set your policies.

To close this out, you’ll find below one sample policy set built using these principles … See what you think.


In this example we’ll use a health and activity monitoring smartwatch with a back end application that tracks and displays activity, pulse rate, sleep patterns, and (just for grins) also feeds back GPS data about where you’ve been, linked back to a mapping function that tracks eateries (You went to Krispy Kreme again? Oh man, you just lost points). You have to register at a portal to be able to use the device, and there is a light yearly fee (allowing them some real tracking of who exactly you might be).

Policy set:

  • Collection – What data will you collect?
    • Your identity, height, weight, build, motion activity, steps, changes in location, pulse rate, depth and type of sleep patterns (list), what commercial food restaurants you visit, duration of stay
  • Usage – What you will do with the data?
    • We will use the data to display your activities and trends on a phone or web application
    • We will use anonymized data (information that does not identify either you, or your locations visited) for aggregated analysis of device usage and effects
  • Retention – How long you will keep data?
    • Full data will be retained for 2 years
    • Anonymized data will be retained for 5 years
  • Access – Who will have access to the data?
    • Full data set: Used for display through an app on your phone or website only, to a person who logs in with your credentials
    • Account information: Customer service personal can see your name and account numbers only
    • Anonymized data: Information collected from the device that does not identify your primary residence, personal identity, or movement patterns can be shared internally for aggregated analysis of trends only
    • Data sharing: We will not share any of your data outside of our organization, including with any affiliated business units. Anonymized data may be retained if our organization is acquired, subject to our retention policy.
  • Protection – How will you protect the data from compromise?
    • We will use secure, encrypted storage on the device
    • We will use industry standard SSL communications to exchange information between device and for display of web information
    • Within our organization’s service – All data will be encrypted, tokenized or masked – With data access policies that correspond to our information access policies implemented as security controls
    • Security personnel with access to policy setting infrastructure – These will undergo periodic financial, criminal and lifestyle audits
    • We will collect information on data access patterns from within our application, and within underlying IT infrastructure and internet access points, and then analyze the results to identify possible threats to your data
  • Opt in/out – How can personal information be deleted if requested? Not collected at all?
    • At any time, you may select information that you do not want collected from the device. A check list of available measurements is available from the application.
    • You may opt out of anonymized data collection at any time in the same way
    • Your account may be deleted, including all sets of information except those relating to your payments, at any time if you chose to stop using the service.
  • Breaches – What will you do if the data is exposed outside of your policies?
    • If we believe that your anonymized data set has been compromised we will notify you in the application, and through your contact information.
    • If your personally identifiable information is lost, we will … (specific breach policy )
  • Auditing – How will you verify that you are meeting your policies?
    • Outside auditors trained to compliance standards …

The post IoT – Enterprise-Ready Policies for Personal Data Required appeared first on Data Security Blog | Vormetric.

Read the original blog entry...

About Vormetric Blog
Vormetric (@Vormetric) is the industry leader in data security solutions that span physical, big data and cloud environments. Data is the new currency and Vormetric helps over 1400 customers, including 17 of the Fortune 30 and many of the world’s most security conscious government organizations, to meet compliance requirements and protect what matters — their sensitive data — from both internal and external threats. The company’s scalable Vormetric Data Security Platform protects any file, any database and any application’s data —anywhere it resides — with a high performance, market-leading data security platform that incorporates application transparent encryption, privileged user access controls, automation and security intelligence.

SOA World Latest Stories
The dynamic nature of the cloud means that change is a constant when it comes to modern cloud-based infrastructure. Delivering modern applications to end users, therefore, is a constantly shifting challenge. Delivery automation helps IT Ops teams ensure that apps are providing an optim...
"We started a Master of Science in business analytics - that's the hot topic. We serve the business community around San Francisco so we educate the working professionals and this is where they all want to be," explained Judy Lee, Associate Professor and Department Chair at Golden Gate...
There is a huge demand for responsive, real-time mobile and web experiences, but current architectural patterns do not easily accommodate applications that respond to events in real time. Common solutions using message queues or HTTP long-polling quickly lead to resiliency, scalability...
We call it DevOps but much of the time there’s a lot more discussion about the needs and concerns of developers than there is about other groups. There’s a focus on improved and less isolated developer workflows. There are many discussions around collaboration, continuous integration a...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is founda...
"CA has been doing a lot of things in the area of DevOps. Now we have a complete set of tool sets in order to enable customers to go all the way from planning to development to testing down to release into the operations," explained Aruna Ravichandran, Vice President of Global Marketin...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)!

Advertise on this site! Contact advertising(at)! 201 802-3021

SYS-CON Featured Whitepapers