What’s our future if we don’t secure IoT devices?

An IT industry analyst article published by SearchITOperations.

When everything from the coffee maker to the manufacturing plant’s robots to the electric grid is connected, shouldn’t security be IT’s primary concern?

Mike Matchett
Small World Big Data

I was recently asked about the most pressing IT challenge in 2018. At first, I was going to throw out a pat answer, something like dealing with big data or finally deploying hybrid cloud architecture. But those aren’t actually all that difficult to pull off anymore.

We should be much more afraid of today’s human ignorance than tomorrow’s AI.

Then I thought about how some people like to be irrationally scared about the future, and bogeyman like artificial intelligence in particular. But AI really isn’t the scary part. It’s the blind trust we already tend to put into black-box algorithms and short-sighted local optimizations that inevitably bring about unintended consequences. We should be much more afraid of today’s human ignorance than tomorrow’s AI.

Instead, what I came up with as the hard, impending problem for IT is how to adequately secure the fast-expanding internet of things. To be clear, I interpret IoT rather broadly to include existing mobile devices — e.g., smartphones that can measure us constantly with multiple sensors and GPS — connected consumer gadgets and household items, and the burgeoning realm of industrial IoT.

The rush to secure IoT devices isn’t just about your personal things, as in the risk of someone hacking your future driverless car. The potential scope of an IoT security compromise is, by definition, huge. Imagine every car on the road hacked — at the same time.

IoT exploits could also go wide and deep. Sophisticated compromises could attack your car, your phone, your home security system, your pacemaker and your coffeepot simultaneously. Imagine every coffee machine out of service on the same morning. We haven’t even begun to outline the potential nightmare scenarios caused by insecure IoT devices. And I sure hope Starbucks is keeping some analog percolators on standby.

If personal physical danger isn’t scary enough, think about the ease with which a single penetration of a key connected system could cause a nationwide or even global disaster. For example, a 2003 cascading power outage that affected over 50 million people in New England was triggered by a single alarm system misconfiguration. An inability to recover or reset something easily at that scale could push one into imagining a truly dystopian future.

Vulnerable with a capital V
What worries me more than the possibility of a large, direct attack is the very real likelihood of slow, insidious, creeping subversion, achieved through IoT device security breaches. And not just by one party or a single bad actor, but by many competing interests and organizations over time — some with supposedly good intentions.

We will make mistakes, take shortcuts and ignore vulnerabilities until it’s too late.

The total IoT attack surface will be too large to keep everything fully secured…(read the complete as-published article there)

SOC, NOC, and Roll – AccelOps Converges Security and Network Ops

(Excerpt from original post on the Taneja Group News Blog)

We are seeing convergence everywhere in IT these days. AccelOps shows how convergence in systems management offers many of the same kinds of values as it does in other areas of IT – leveraged capabilities across formerly silo’d practices, simplified tasks and automation embedding best practices, and ready to roll deployment out of the box. AccelOps has tied security, compliance and network operations together into a one stop SOC and NOC “in a box”.

…(read the full post)

What’s All In That Pile of Big Data – And Our NoSQL Database?

(Excerpt from original post on the Taneja Group News Blog)

It must be about time for Strata again as all the major big data players are busy readying their “Spring Break”  round of announcements. First up, and perhaps addressing the most important aspect of putting big data to work in real corporate IT data centers, is a new security solution from the folks at Dataguise (think “data in disguise”) aimed at NoSQL. 

…(read the full post)

How Delicate is Your Virtual Egg Basket?

An IT industry analyst article published by Virtualization Review.

Server virtualization has taken us to places we’ve never been before, but there is some truth to that old adage about having seen it all before.

article_secure-cloudSome have said there is nothing new under the sun, that it all comes around in circles. We think server virtualization has taken us to places we’ve never been before, but there is some truth to that old adage about having seen it all before. As has happened in many previous technology adoption cycles, first we struggle with assuring sufficient “correctness” and availability, then we work hard to guarantee performance, and as a third act, we have to eventually harden the solution to both internal and external threats.

With virtualization, this cycle is perhaps more acute in that the whole point is to aggregate many clients and users into one cost-efficient shared resource pool. And the corresponding infrastructure convergence of formerly disparate IT silos concentrates the number of subject matter experts and admins while expanding the end-to-end scope and control of this talented remainder.

Security Is the Third Stage

Security should never be an afterthought, but in our rush to get out ahead of the competition — or even just survive economically to play another day — we stand something up as quick as we can just to see if it can be done. Then as we come to rely on it for day-to-day operations, we discover that it matters when it falls over or performs badly.

Enter big systems management corrections with add-on monitoring, automation, and optimization solutions. But security concerns may still seem a vague threat and an acceptable risk until we start really leveraging the new technology for our mission-critical applications — the most vulnerable “eggs” in our portfolio.

Many organizations have reached that third stage in virtualization whether they know it or not.

…(read the complete as-published article there)