Cisco Blogs


Cisco Blog > Innovation

Job One: Securing IoT

Recently, I participated in the panel on Internet of Things (IoT) security as part of the Automation Perspectives media event hosted by Rockwell Automation, just prior to Automation Fair 2015 in Chicago. It is clear that the ability to deal effectively with security threats is the No. 1 make-or-break factor for IoT adoption. With this reluctance to implement IoT, companies will not benefit from the growing number of powerful IoT use cases that are emerging across all industries, which includes the digital revolution in manufacturing, where there is an identified 12.8 percent profit upside over three years for manufacturers that digitize.

IoT is now part of the very fabric of industry and the public infrastructure, including such essential services as transportation, the power grid, the water supply, and public safety. When these systems are compromised, the damage can go far beyond financial loss. Some examples in years following the Great Recession:

  • 2008 – A 14-year-old Polish boy hacked a local tram system, disrupting traffic, derailing trams, and injuring 12 passengers
  • 2009 – Due to a failure in the automated control system, a Washington D.C. Metrorail train struck the rear of a stopped train, resulting in death and injury
  • 2014 – An overflow of wastewater at a water treatment plant was due to suspected unauthorized employ access

In recent years, there have also been hacks on nuclear power plants, transportation systems, and connected cars. No one wants their company to show up on the front page of the paper as a cyberattack victim. In addition to the physical impacts, attack vectors on IoT security can cause losses that are less immediately perceptible—but very real and lasting—including downtime, brand damage, breach of trust, and theft of intellectual property.

Read More »

Tags: , , , , , , ,

Why Should You Participate in the Cisco #IoT Security Grand Challenge?

Eight weeks ago, Cisco launched the Cisco IoT Security Grand Challenge, an industry-wide initiative to bring the global security community together to secure the IoT. Despite its overwhelming business benefits, IoT adoption also significantly increases security risks. So this Challenge is really just a blatant attempt to bring the best and brightest security minds to the table to help us find innovative IoT security solutions. Thus far, it’s worked – we have some fantastic submissions. But we know there are more out there and we’d love to see what you can do!

If you’re interested in learning more about the Challenge, please plan to attend a free one hour webinar on Wednesday, May 7, 2014 at 12:00pm EDT. Dave Evans, Cisco’s Chief Futurist, and Dr. Tao Zhang, Cisco’s Chief Scientist for Smart Connected Vehicles, will talk about why the Challenge is so important to the future of IoT, and answer any questions you may have. This is a live, interactive webinar, so bring your specific questions. I’ll see you there!

Dave Evans Webinar 2

Tags: , , , , ,

Drivers for Managed Security and what to look for in a Cloud Provider [Summary]

The first blog of this series discussing the role of data security in the cloud can be found here.

In 2014 and onward, security professionals can expect to see entire corporate perimeters extended to the cloud, making it essential to choose a service provider that can deliver the security that your business needs.

While organizations can let business needs trade down security we’ve begun to see how a recent slew of data breaches are encouraging greater vigilance around security concerns. For example, a recent CloudTweaks article highlights the need for organizations to be confident in their choice of cloud providers and their control over data. IT leaders have the power to control where sensitive information is stored. They also have the power to choose how, where and by whom information can be accessed.

An important driver in mitigating risk and increasing security is to ask the right questions.

An important driver in mitigating risk and increasing security is to ask the right questions.

Institute Control By Asking the Right Questions

However, adding to fears about ceding the control of data to the cloud is lack of transparency and accountability about how cloud hosting partner/ providers secure data and ensure a secure and compliant infrastructure.  Cloud consuming organizations often don’t ask enough questions about what is contained in their  service-level agreements, and about the process for updating security software and patching both network and API vulnerabilities.

Organizations need reassurance that a cloud provider has a robust set of policies, process and than is using automated as well as the latest technologies to detect, thwart and mitigate attacks, while in progress as well as be prepared to mitigate after an attack.

An important driver in mitigating risk and increasing security is to ask the right questions. When evaluating cloud service providers, IT leaders need to ask:  Read the full blog here.

Tags: , , , , , , , , , , , , , , ,

Drivers for Managed Security and what to look for in a Cloud Provider

The first blog of this series discussing the role of data security in the cloud can be found here.

In 2014 and onward, security professionals can expect to see entire corporate perimeters extended to the cloud, making it essential to choose a service provider that can deliver the security that your business needs.

While organizations can let business needs trade down security we’ve begun to see how a recent slew of data breaches are encouraging greater vigilance around security concerns. For example, a recent CloudTweaks article highlights the need for organizations to be confident in their choice of cloud providers and their control over data. IT leaders have the power to control where sensitive information is stored. They also have the power to choose how, where and by whom information can be accessed.

An important driver in mitigating risk and increasing security is to ask the right questions.

An important driver in mitigating risk and increasing security is to ask the right questions.

Institute Control By Asking the Right Questions

However, adding to fears about ceding the control of data to the cloud is lack of transparency and accountability about how cloud hosting partner/ providers secure data and ensure a secure and compliant infrastructure.  Cloud consuming organizations often don’t ask enough questions about what is contained in their  service-level agreements, and about the process for updating security software and patching both network and API vulnerabilities.

Organizations need reassurance that a cloud provider has a robust set of policies, process and than is using automated as well as the latest technologies to detect, thwart and mitigate attacks, while in progress as well as be prepared to mitigate after an attack.

 

Read More »

Tags: , , , , , , , , , , , , , , , , ,

Data Security Through the Cloud [summary]

Is the combination of cloud computing and mobility a perfect storm of security threats?

Actually, yes. And you should prepare for them as if there is a storm coming.

As businesses become increasingly mobile, so does sensitive data. In fact, in a recent survey conducted by ESG,

31% of security professionals say that the biggest risk associated with cloud infrastructure services is, “privacy concerns associated with sensitive and/or regulated data stored and/or processed by a cloud infrastructure provider.”

Data Security Through the Cloud

 

With cloud-based services, it is key to have visibility into applications and provide consistent experience across devices accessing the web and cloud applications. More users are leaving the standard PC behind and engaging cloud applications through a mobile device, making application-layer security and user access security critical. Smartphones and tablets are able to connect to applications running anywhere, including public, private and hybrid cloud applications, opening your data to potential attacks. Security professionals need assurances that their cloud security provider will appropriately secure customer data while ensuring availability and uptime.

 

The conversation is no longer if you’ll be attacked, but when. And will you be prepared?

Read the full article: Data Security Through the Cloud

Tags: , , , , , , , , , , , ,