Welcome!

Industrial IoT Authors: Derek Weeks, Yeshim Deniz, Kevin Jackson, Elizabeth White, SmartBear Blog

Related Topics: Industrial IoT

Industrial IoT: Article

Securing and Authenticating SOAP-Based Web Services

Securing and Authenticating SOAP-Based Web Services

If you are implementing a multiuser system, your system will probably have certain attributes. It may be implemented in a distributed fashion and it may have some sort of security model. In its most basic form, such a system can be represented by a straight line on a piece of paper: below the line is the information, content, data (call it what you will); and above the line are the various individuals, groups, and roles that need to work with what is below the line.

We connect clients above the line to the data below it by exposing services that provide access through the line. These services describe the operations that may be performed upon the data. The security model implemented within the service layer determines who may perform those operations and upon which particular bits of data. To the extent that these services are the only way to access the data, our line is now a secure perimeter.

To complete the picture, the services need to be able to identify the clients. Using SOAP to implement these services gives us a number of options, each with its advantages and disadvantages, and each in various stages of development. Basic Authentication and SSL

Apache SOAP 2.1 introduced basic authentication and HTTPS support. The SOAPHTTPConnection object includes two methods, setUserName() and setPassword(), and its send() method uses them to construct an "Authorization" header for the HTTP POST. With this header, the SOAP client will be authenticated against the HTTP daemon receiving the request and, assuming success, the request will be passed off to the SOAP endpoint. Of course, without HTTPS support, the credentials - though base-64 encoded - would be sent in the clear, so be sure to use SSL when using this technique.

Basic authentication is pretty much just that. The weaknesses are well known and, for the most part, come down to the ease with which passwords are compromised, which can be as simple as someone looking over someone else's shoulder.

SOAP Digital Signature
The IBM alphaWorks Web Services Toolkit (WSTK) version 2.3, and Apache AXIS (not yet in first, full release as of this writing) include support for SOAP Digital Signature. (More information can be found at www.w3.org/TR/SOAP-dsig/.) In short, it enables you to digitally sign the body of a SOAP envelope and include the signature information in the envelope header. In order to understand exactly what this does for you, you need to understand, at the highest possible level, what public key cryptography (PKC) does for you.

PKC uses a two-part key system: one part is kept secret and known only to the key owner, and the other part is public and known to everyone. The relationship between the keys is such that it isn't possible (for all practical purposes) to derive one key from the other. Using your public key, people can create encrypted messages that only you can decode.

The second benefit is digital signature. Using your private key, you can sign a block of data - in the case of SOAP digital signatures, the SOAP envelope body. While signing a message does not encrypt it, it does guarantee its integrity. Using your public key, anyone with the signature and an intact copy of the signed message can verify that you signed that message. If either the message or the signature is altered, signature verification will fail. Digital signatures can be used for authentication if the authenticator challenges a client who then signs the challenge and returns it. If the challenge is unique each time (a nonce), the authentication process can't be replayed.

PKC wonks will cringe at the brevity of this explanation, but since numerous books have been written on the topic, we can only recommend that interested readers seek one out. On the other hand, this is sufficient information to determine that SOAP digital signatures, while useful, are not, nor are they intended to be, an authentication mechanism as such. Quoting from the W3C note mentioned earlier:

For example, digital signatures alone do not provide message authentication. One can record a signed message and resend it (replay attack). To prevent this type of attack, digital signatures must be combined with an appropriate means to ensure the uniqueness of the message, such as nonces or time stamps. One way to add this information is to place an extra <http://www.w3.org/2000/09/xmldsig#Object> element that is a child of <http://www.w3.org/2000/09/xmldsig#Signature>.

So, to use SOAP digital signatures as an authenticating mechanism, you must do a bit of work, but it can be done. It's a bit harder than it sounds, since time stamps tend to introduce timing windows, and a nonce-based scheme would make the service request more conversational than you would like. Without modification, SOAP digital signatures will tell you who signed the message, but not who is delivering the message. There is, however, another authentication mechanism based on certificates at our disposal that we have yet to consider.

SSL with Digital Certificate Authentication
Step 1: An SSL Example
We've already taken a brief look at the authentication support in Apache SOAP 2.1, including the SSL support. If you look at SSLUtils.java, you will find this bit of canonical code:

SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket sslSocket = (SSLSocket)factory.createSocket(host, port);
sslSocket.startHandshake(); return sslSocket;
It's the SSL handshake part that's interesting: it allows the server and client to authenticate each other (typically using PKC), and to negotiate an encryption algorithm and cryptographic keys before the application protocol transmits or receives its first byte of data. Things can go wrong, such as the client and server not having any cipher suites in common, or either the client or server not being able to encrypt at the strength required by the other.

Peer authentication may also be made part of the process - most of us have run into a secure site, the name of which does not agree with its certificate, resulting in a warning from the browser that the site should not be trusted. Both sides of the connection may be subject to peer authentication, and it's this stage that gives us our opening: during this stage, credentials in the form of digital certificates are exchanged.

What is a certificate? As everybody can generate a key pair, there needs to be a process by which a key pair is tied to an identity. This gives rise to the concept of the Certification Authority (CA), which is an external service that verifies your identity and digitally signs your public key. A certificate, in its most basic form, then consists of your key pair, some information about you, such as your name, along with the digital signature of a CA.

For this to work it's critically important that both parties in the authentication process "trust" the CA that signed the certificates that are being exchanged. You trust a CA by putting a copy of the certificate of the CA - minus its private key - into a designated location called the truststore. The decision as to whether a particular certificate passed along during the SSL handshake process should be trusted or not is then made by comparing the certificate of the CA that signed it with the list of trusted CA certificates in the truststore.

Let's start with a simple service request over SSL and see what happens. To do this, you will need a copy of Apache SOAP (we used 2.1) and the Java Secure Socket Extension. (We used version 1.0.2, http://java.sun.com/products/jsse/. It has since been included in JDK 1.4, but it hadn't been fully released at the time of this writing.) Finally, your HTTP server/servlet container combination must support SSL, and later we will require SSL with client authentication through certificates.

Most servers support certificate-based authentication. Apache supports it via a third-party product, Covalent SSL. IIS natively supports static certificate mapping to NT accounts, while in a Windows 2000 environment certificates are managed via Active Directory.

We used Allaire JRun 3 under IIS 5. Enabling the use of SSL with JRun applications under IIS isn't obvious, but it is documented in the Allaire/Macromedia knowledge base. In short, you have to secure the JRun DLL. Looking at the management console for IIS, you will find the JRun DLL in the scripts directory. Right-click over the DLL, select Properties, click on the File Security tab, and find the Secure Communications area (see Figure 1). Once you have installed a certificate on the Web server, clicking on the Edit button will enable you to turn on SSL. Later, we will use the same dialog to turn on client certificate authentication.

If, like us, you have generated your own server certificate using the Windows 2000 Certificate Server, you'll need to tell the client that it can trust the CA that issued that certificate. In our case, that authority was the Windows 2000 Certificate Server, and we simply export a base-64 encoded version of the authority's certificate and add it to the JDK's "cacerts" keystore - the truststore and the default repository for trusted CAs. Assuming the exported certificate was named "server.cer", the following JDK keytool command would add the key to the truststore with the alias "TestCA":

\jdk\bin\keytool -import -file server.cer -keystore \jdk\lib\security\cacerts -storepass changeit -alias TestCA
Answering "yes" to the query to trust the certificate will cause the JDK to "trust" your server.

Now let's see if everything is installed correctly. Compiling the code in Listings 1 and 2, deploying the service, and running the client should yield predictable results. Once you have placed the TestService class file in the SOAP WEB-INF\classes directory (or somewhere else the servlet will find it), you may deploy the service with the following command:

\jdk\bin\java -Djava.protocol.handler.pkgs= com.sun.net.ssl.internal.www.protocol org.apache.soap.server.ServiceManagerClient https://localhost/soap/servlet/rpcrouter deploy TestService.xml
TestService.xml should contain the following:
<isd:service xmlns:isd="http://xml.apache.org/xml-soap/deployment" id="urn:TestService">
<isd:provider type="java" scope="Session" methods="testMethod">
<isd:java class="TestService" static="false"/>
</isd:provider>
<isd:faultListener>
org.apache.soap.server.DOMFaultListener </isd:faultListener>
</isd:service>
The command to run it should look something like this:
\jdk\bin\java -Djava.protocol.handler.pkgs= com.sun.net.ssl.internal.www.protocol -Djavax.net.debug=all TestMain string
Including the debug option causes the various stages of the SSL handshake to be printed out nicely.

If you then alter the security on the JRun DLL to require client certificates and run the example again, you should receive an exception and will possibly see the page sent by IIS rejecting the attempt to connect.

If you would like to know more about the nuts and bolts of SSL, the JSSE Guide has an excellent description of how SSL works and what happens during the handshake.

Step 2: Generating a Key
Next create a keystore and a key with which you can experiment. First, generate a key for your client to use in authentication. Something like the following should do the trick and generate a new keystore named "TestClientStore" with a key pair called "TestClientCert":

\jdk\bin\keytool -genkey -keyalg rsa -keystore
TestClientStore -storepass TestStorePass -alias
TestClientCert -keypass TestKeyPass
You will be asked to provide information that identifies you. At this point, TestClientCert is a "self-signed" certificate; in other words, nobody other than you has verified who you claim to be. Thus, to generate a request for your CA to validate your identity and to sign your key (called a PKCS#10 request), type:
\jdk\bin\keytool -certreq -alias TestClientCert -file CertRequest.p10 -keypass TestKeyPass -keystore TestClientStore -storepass TestStorePass
When visiting the Windows 2000 Certificate Authority Web page to request a certificate, you will want to make an "advanced" request for a client certificate, then, "Submit a certificate request using a base-64 encoded PKCS #10 file or a renewal request using a base-64 encoded PKCS #7 file." Submit the file, "CertRequest.p10", download the "CA certification path" to a file called "client.p7b" and run the following to replace your self-signed certificate with the certificate signed by your trusted CA:
\jdk\bin\keytool -import -file client.p7b -keystore TestClientStore -storepass TestStorePass -alias TestClientCert -keypass TestKeyPass
The keystore now contains a key that can be used by your client to authenticate itself. To avoid the complications of Active Directory, you can use static client-certificate mapping on the Web server. To do this, you must export a copy of your public key to a file with the following:
\jdk\bin\keytool -export -keystore TestClientStore -storepass TestStorePass -alias TestClientCert -file client.cer -rfc
The final step in this public key odyssey is to map the key you just exported to a user account. Revisit the secure communications setup for the JRun DLL, enable client-certificate mapping, and then edit the account mappings. Add a mapping, then choose the client certificate you just exported and map it to an account to which you know the password. If you followed the example, the server will trust the client certificate without you telling it to do so explicitly, as the CA that signed it was the same CA that signed the server certificate earlier on.

That was a great deal of cookbook work, so here is a brief account, in more abstract terms, of what you just did:

  • Added your certificate authority's public key to cacerts keystore of trusted CAs in order to "trust" your CA
  • Created a new keystore; keystores are used by Java to hold public and private keys for encryption/decryption and digital signature operations
  • Generated a personal public/private key pair
  • Generated a request for that key to be signed by your CA
  • Had your CA sign that key so the user of the key would be trusted by anyone who trusts the CA
  • Imported the CA response into the keystore
  • Exported the signed public key
  • Mapped the public key to an NT account in IIS

    A similar series of steps would be followed for authenticating any combination of Web servers, servlet containers, and self-run or commercial certificate authorities.

    Note that you may be able to simplify things a little bit in certain situations:

  • If you are using the services of a commercial CA, the first step may not be necessary, as the cacerts keystore is installed with a set of vendor certificates that are trusted by default. Also note that nothing prevents you from bypassing the cacerts keystore altogether and storing all your public and private keys in one keystore. (See the comment in the TrustManager initialization routine in Listing 2.)
  • If you already have a signed certificate available, for example one managed by Netscape Navigator or Internet Explorer, you don't need to generate an extra one. Simply export that certificate along with its private key to a PKCS#12 file to disk, and have that file act as your keystore. This works because JSSE has basic support for keystores of type pkcs12.
Finally, when running in a Windows 2000 environment, you can dynamically map client requests to Active Directory user accounts. The only hurdle to overcome in this scenario is that the PKCS#10 requests need to have additional parameters meaningful only to Active Directory and the Windows authentication subsystem - something beyond the scope of this article.

Step 3: Adding Certificate Authentication to SOAP
Next you must modify SSLUtils.java to use your key during socket creation. The goal here is to create an SSLSocketFactory that will create sockets that will use your key for authentication during the handshake process. This involves a bit more canonical code that, like SSLUtils.java, can be found in the JSSE samples. To compile and test the changes, you'll need to unpack the SOAP JAR and sources.

Be sure to remove the SOAP JAR from your CLASSPATH and anywhere else you might find it, such as the lib\ext directory of the JDK or JRE you're using, while simultaneously making sure the servlet container can still find it. The modified org.apache.soap.util.net.SSLUtils is in Listing 3. Place it in the correct directory and recompile. Also, uncomment the lines in TestMain.java designated for Step 3.

If all is well, and you broke the example by requiring client certificates as suggested at the end of Step 1, the example should start working again.

How? Well, looking at the enableCerts() method that has been added to SSLUtils, you can see how the SSLSocketFactory is set up. The first step gets an instance of an SSLContext that implements the TLS protocol (Transport Layer Security - more info at ftp://ftp.isi.edu/in-notes/rfc2246.txt).

Next, the code gets a KeyManagerFactory and a keystore. The keystore instance is used to load the keystore created in Step 2. Then, to make explicit what's happening, the code gets an instance of the default TrustManager pointing to the default CA trust keystore cacerts. Note, though, that the default trust manager provides only very basic X.509-based certification path validity checking; it does not, for instance, check for certificates that have been revoked.

Then the KeyManagerFactory is initialized with the keystore, passing along the passphrase to use with the keys in the keystore. That's right - when using the default KeyManagerFactory, all keys in a given keystore that will be used for authentication must use the same passphrase. The code then initializes the SSLContext with the KeyManagers derived from the KeyManagerFactory and the TrustManager from above, and then gets an SSLSocketFactory from the context.

It seems like a lot of magic words, but in the end, you've added certificate-based authentication with about 10 lines of code. If the client, using a socket created by this factory, is challenged to authenticate during the handshake, the SSLSocketFactory will request an appropriate key from the KeyManagers to complete that portion of the handshake. Appropriate in this context means any certificate on the client that has been signed by a CA trusted by the server; if more than one client certificate fits the bill, the default KeyManager will simply pick the first one available.

This will provide you with perimeter security. For finer control, you'll need to get the client's identity back to the services. To do this, we refer you to Mark Moore's article in the premier issue of Web Services Journal: "Sending Out-of-Band Messages to SOAP-Based Web Services." The technique described extends the SOAP RPCRouterServlet servlet to add information to an InheritableThreadLocal, making it accessible to the service. In this case, you would want to include the value of HttpServletRequest.getRemoteUser() to the ServiceContext described in that article.

A Note About Performance
Why is it so slow? Well, there are a number of things going on. First, just cranking up the JVM can take a while. Also, the first time you create a socket, a java.security.SecureRandom object must be generated. That takes time, but it's only once. One way to avoid that is to generate one ahead of time, and supply it as the third argument to the SSLContext.init() method. The nature of this example does not allow that particular optimization.

Finally, HTTPS is simply going to be slower than an HTTP connection - establishing a connection takes time, as does encrypting the ongoing traffic. If you believe connection setup represents a significant impact on the performance of your system, you may want to investigate getting rid of the overhead of setting up a connection for every request by implementing HTTP "keep-alive". Since SOAP sends an HTTP version of "1.0", you would need to send a header in the form "Connection: keep-alive".

Assuming your Web server supports HTTP 1.1 (where keep-alive is implicit) or the keep-alive header with HTTP 1.0, you will be able to get a persisted connection to the server and reuse the socket that has already been set up. The hard part is altering HTTPUtils to take advantage of this persisted connection. If HTTPUtils used a java.net.HttpURLConnection, you might have gotten this for free, though this incurs other challenges - the handling of the HTTP error code 500, which is used by SOAP, being one of them.

As it is, HTTPUtils opens and closes a fresh socket every time and implements the POST as custom code, making the implementation of keep-alive not as straightforward as you might hope.

Terra Firma
You will certainly find opportunities to extend this basic example to suit your own requirements, but this should provide you with the grounding you need to get started. In addition to keep-alive, which has already been discussed, obvious enhancements would also include making the key alias and passphrase connection-based, perhaps using the existing setUserName() and setPassword(), and adding a setAuthenticationType().
We hope your interest is piqued to learn more about public key cryptography and its use in building secure systems. The subject area is deep and your planning will benefit from an understanding of the tools at your disposal. Though not yet mature, the technology is there to build robust and secure SOAP-based Web services.

The views and opinions are those of the authors and do not necessarily represent the views and opinions of KPMG LLP.

More Stories By Mark Moore

Mark Moore is currently an independent consultant. Previously, he was
Chief Architect for KPMG International's Global Knowledge Exchange,
deploying knowledge sharing capabilities to 80,000 KPMG employees in more
than 40 countries. He has been designing and developing web-based knowledge
management and collaborative solutions for the last six years.

More Stories By Adrian Turtschi

Adrian Turtschi is a software architect with KPMG's Global Knowledge Exchange in Boston. He is
interested in questions of interoperability and cross-platform development. He is currently working
on an authentication and authorization scheme for KPMG International.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
SYS-CON Events announced today that EnterpriseTech has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. EnterpriseTech is a professional resource for news and intelligence covering the migration of high-end technologies into the enterprise and business-IT industry, with a special focus on high-tech solutions in new product development, workload management, increased effi...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
SYS-CON Events announced today that SourceForge has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SourceForge is the largest, most trusted destination for Open Source Software development, collaboration, discovery and download on the web serving over 32 million viewers, 150 million downloads and over 460,000 active development projects each and every month.
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists looked at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deliver...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA
SYS-CON Events announced today that CHEETAH Training & Innovation will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CHEETAH Training & Innovation is a cloud consulting and IT training firm specializing in improving clients cloud strategies and infrastructures for medium to large companies.
SYS-CON Events announced today that TMC has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo and Big Data at Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Global buyers rely on TMC’s content-driven marketplaces to make purchase decisions and navigate markets. Learn how we can help you reach your marketing goals.
SYS-CON Events announced today that Conference Guru has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organi...
"MobiDev is a Ukraine-based software development company. We do mobile development, and we're specialists in that. But we do full stack software development for entrepreneurs, for emerging companies, and for enterprise ventures," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
When growing capacity and power in the data center, the architectural trade-offs between server scale-up vs. scale-out continue to be debated. Both approaches are valid: scale-out adds multiple, smaller servers running in a distributed computing model, while scale-up adds fewer, more powerful servers that are capable of running larger workloads. It’s worth noting that there are additional, unique advantages that scale-up architectures offer. One big advantage is large memory and compute capacity...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Datanami has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datanami is a communication channel dedicated to providing insight, analysis and up-to-the-minute information about emerging trends and solutions in Big Data. The publication sheds light on all cutting-edge technologies including networking, storage and applications, and thei...
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Published in Silicon Valley, Silicon India magazine is the premiere platform for CIOs to discuss their innovative enterprise solutions and allows IT vendors to learn about new solutions that can help grow their business.
The Internet giants are fully embracing AI. All the services they offer to their customers are aimed at drawing a map of the world with the data they get. The AIs from these companies are used to build disruptive approaches that cannot be used by established enterprises, which are threatened by these disruptions. However, most leaders underestimate the effect this will have on their businesses. In his session at 21st Cloud Expo, Rene Buest, Director Market Research & Technology Evangelism at Ara...