• IoT security still comes up as the number one deterrent to IoT adoption, year after year (after year!).
• While point solutions abound, the complex supplier ecosystem coupled with the diversity of IoT use cases and device types makes this a hard nut to crack.
Considering the fact that every survey ever conducted among enterprises over the last five years about IoT has shown that the number one barrier to adoption is lack of security, we would have expected the supplier ecosystem to finally “fix” this problem once and for all. But instead, with the advent of massive proliferation of IoT devices upon us, coupled with an occasional high-profile breach, enterprises are more cautious than ever and rightly so. Continue reading “IoT Security is Still a Major Barrier to Adoption”→
• Connected cars are vulnerable to the same threats facing any Internet user or device
• Deutsche Telekom proposes its Car SOC to the industry, but as of today no one is responsible for protecting drivers from cyber attacks
Connected cars, like anything else using the Internet, are exposed to a range of vulnerabilities most drivers dare not even contemplate. Even without being connected, the digital technology in place is at risk from attackers, whether through the cloning of remote control key entry and engine starting, or from malware introduced to internal systems via infected diagnostic tools at the local garage. Continue reading “Deutsche Telekom’s Car SOC is Ready to Protect Drivers—Is the Auto Industry?”→
Google has at last launched its Android for Work program, prioritizing Android devices within the workplace through the separation of personal and professional data profiles.
But don’t look for Google to secure this data on its own; instead customers can look to partners AirWatch, MobileIron, SAP, Soti, MaaS360, Citrix, and others for full bore data security in the workplace.
Forget the Apple iOS and Google Android user wars. It doesn’t matter which one wins a user’s heart. In the enterprise, any enterprise willing to embrace the BYOD mindset, such questions just don’t matter. What’s important is the ability to make manageable and secure whatever crazy device users decide to bring into the workplace. But that’s never been an easy proposition. Continue reading “Google’s New “Android for Work” Program Actually Puts BYOD to Work”→
The growing use of encryption, especially in smartphones, gives privacy controls back to end users, much to law enforcement’s chagrin.
The backlash against government snooping is just getting started, and it will only get louder with time and a potential defining event that will spur widespread calls for reform.
The government met last month with Apple executives to talk about the new encryption technology used in Apple IOS 8 and now Google’s Android Lollipop release that can block government access to information on smartphones, even if law enforcement has a court order. IOS 8 encrypts all data on the device and passcode protects it. Data can’t be accessed without the passcode, which Apple does not have access to. The Justice Department, FBI, NSA and others are demanding access; the industry is saying customers demand their privacy. Who’s right? The widely used WhatsApp chat service also just significantly upgraded its encryption. I think the government over-reached (especially with the NSA’s Prism program) and failed to understand the gathering backlash created by the Snowden leaks, and the high tech industry, including Apple, is seeing a negative impact on business as a result of lost customer trust. Continue reading “The Pendulum’s Swing Back to Privacy is Just Getting Started”→
The NSA leaks have created new opportunities for non U.S.-based cloud providers.
Developing people and political skills among IT security pros is equally as important as developing technical skills, but it is often overlooked.
I had the good fortune to attend the CISO Forum in London this week and as usual it offered a lively discussion of critical security concerns faced by enterprises, governments and non-profits. Topics covered long running themes such as how to define, measure and manage risk; how to communicate the value of and need for information security to the C-Suite and board; how getting the basics right is difficult for most organizations; the security skills shortage; the need to provide agile security and more. Continue reading “Notes from the Front Line: CISOs Share their Problems and Prescriptions”→
Asian governments are evolving their approach to managing PII data through legislative frameworks.
Data privacy rules are converging across the region, but the onus for protection still rests squarely with the enterprise.
A fully realized cloud infrastructure promises server, storage and applications (along with all their data) floating in a glorious OpEx soup. Managed from afar, provisioned in minutes, flexible and scalable – there is little to dislike. However, for enterprises operating in multiple jurisdictions in Asia, data protection remains a key issue in planning deployments of cloud solutions. Continue reading “PII in the Sky – A Cloudy Outlook”→
The disclosure of the devastating Heartbleed bug – two years in the wild – illustrates how much the technology industry under-invests in software integrity.
Bug bounty programs spur greater participation in vulnerability research, and those who benefit most directly from open source software should contribute to an open source bug bounty program.
Unless you’ve taken a holiday from the connected world, you probably know by now about the Heartbleed bug. And if you’re a CSO or CISO, you’ve most likely seen plenty of suggestions on how to respond to the threat posed by this extremely risky and widespread vulnerability. Although the effort to address the problem is not quite as Herculean, it struck me that the response to the Heartbleed bug needs to be nearly as widespread as the effort to fix the date problem at the turn of the 21st century. Estimates that I saw about how widespread OpenSSL use is suggest that as much as 66% of all the websites across the globe use OpenSSL, and some reports suggested that the technology is embedded in a wide variety of network infrastructure devices, including routers, WLAN controllers, firewalls and more. But while enterprises had plenty of advance notice to address the date problem leading up to the year 2000, web site operators and technology vendors need to move with the utmost urgency to patch this flaw and clean up the mess created by this “catastrophic” vulnerability. It shouldn’t be a surprise that the coding error happened, and I don’t think that its existence is necessarily a condemnation of the way that open source vetting works. Continue reading “Heartbleed Bug Shows Industry is Under-investing in Software Integrity”→
The upcoming Interop event in Las Vegas will offer lots of sessions and workshops from fellow IT professionals and experts to attend and get current on your interests.
Take part in the social gathering to meet old friends and make new ones. Personal networking is as important as anything in your career.
Interop is next week and I am looking forward to catching up with old friends, peers, and colleagues and making new acquaintances. Still, the draw for me is meeting with vendors and attending a few of the presentations over the course of the event. The content this year is very solid and there’s something for everyone.