Many people take the term “Internet of Things” too literally, and assume that IoT is about the things, themselves. But they’re missing the whole point! It’s not the “things” that makes IoT special. After all, connected devices are neither new nor particularly interesting, particularly since the data each individual item produces is of little value. But by networking these devices together, IoT enables us to benefit from their ability to combine simple data to produce usable intelligence. In turn, that intelligence can be used by businesses to increase operational efficiency, and by individuals to make life easier and more comfortable.
But despite the many benefits of IoT, the billions of connected sensors, devices, and other smart objects it comprises will also dramatically increase the diversity of threats we will face. As a result, securely embracing IoT will require a multi-layer approach to security – including cloud, perimeter, physical, and device-level security, as well as end-to-end data encryption.
Ensuring that we can reap the overwhelming benefits of IoT without undermining security isn’t going to happen on its own; it will take strong leadership and a great deal of teamwork throughout the industry. That’s why I’m proud that Chris Young, Cisco’s Senior Vice President of Security, recently topped the list as one of the top 100 thought leaders for IoT! It will take leaders like Chris, who have a strong understanding of security and a passion for IoT, to help ensure that we can securely embrace IoT.
I honestly expect IoT to change the world in a variety of ways. But truly harnessing its power requires that we inspire and cultivate a true culture of security throughout every level of the extended network – which means that leadership and teamwork will be far more valuable than the technology, itself.
Tags: Cisco, cyber security, Internet of Everything, internet of things, IoE, IoT, IoT Security, network security, security
Editor’s Note: This post is a response to EN Mobility Workspace. Please see that post for full context.
A colleague of mine here at Cisco, Jonathan, recently spoke well to the Evolution of Cisco Mobility Workspace Journey. Like all technologies, there is an adoption and engagement cycle based on maturity and risk level. We begin at the device-focused phase with a simple “get me on the network.” Following is the application-focused phase, “now that I am on what can I do with my ability to move around without a wire and work anytime and anywhere.” And the final is the overall experience, which is tailored to the user based on who they are, where they are, what they need or can do. And one can argue the next mobility phase for organizations is IoT (Internet of Things) as more single purpose devices (not necessarily with a user behind it) move to the wireless network.
What is critical to point out is the consistent requirement (not a nice to have) for security as the mobile user experience expands. Why is this so important? According to IDC over 47 percent of organizations see security enhancements required with their mobility initiative. The questions to consider are:
- What are the secure mobility issues today and potentially tomorrow?
- What are the implications?
- What is likelihood of these threats?
The top secure mobility concerns noted by numerous surveys indicate the following:
- Data protection
- Application access
- Lost and stolen device
- Rogue devices
Read More »
Tags: application access, cyber security, data protection, interop, lost device, mobile, MobileIron, Ponemon, rogue device, security, stolen device
It’s December and the 2013 cyber security news cycle has just about run its course. We’ve seen more and increasingly virulent attacks, continued “innovation” by adversaries, and a minor revival of distributed denial of services (DDOS) actions perpetrated by hacktivists and other socio-politically motived actors.
Against this, Cisco stood up tall in recognizing the importance of strong security as both an ingredient baked into all Cisco products, services, and solutions, and a growing understanding of how to use the network to identify, share information about, and defeat threats to IT assets and value generation processes. I can also look back at 2013 as the year that we made internal compliance with the Cisco Secure Development Lifecycle (CSDL) process a stop-ship-grade requirement for all new Cisco products and development projects. Read More »
Tags: asr, CSDL, CSO, cyber security, DDoS, John Stewart, security
(I pulled this list together with the help of my colleague Martin Chorich. Or maybe it was the other way around. )
Every year, publications ranging from supermarket tabloids to serious academic journals issue forecasts for the coming year. Those with foresight hold on to these articles and read them again the following December for a good laugh, as we all know how accurate they can be. With that in mind, and following a long week of staring into a well and inhaling the fumes, we offer the following unofficial 2014 guide to trends for cyber security practitioners. These should not be construed in any way as representing Cisco expectations of future market or business conditions. As for their true value, this article and about $4.50 will get you a double mocha latté at a national coffee chain.
1. Changes in the Global Framework Governing the Internet – It is no secret that government policies around the world have had trouble keeping pace with the cultural and economic changes enabled by the Internet. At the same time, the Internet would not be the juggernaut it is without its borderless and unregulated nature. The Internet has developed around a multi-stakeholder model led by the Internet Corporation for Assigned Names and Numbers (ICANN). In recent years, some stakeholders have called for a more government-centric model of Internet governance. In 2014, this conversation will intensify. Debate topics will include whether governance of the Internet should change, and what sort of new governing bodies might find consensus, as stakeholders consider the risks of Internet balkanization and the potential stifling effects of mounting regulatory requirements.
Read More »
Tags: Borderless Networks, cyber security, DDoS, internet governance, internet of things, IT trends, metrics, threat intelligence
Last month I attended a summit of subject matter experts on securing the Internet of Things (IoT). At first, I thought I had the wrong room, because it seemed that everybody other than me was an architect or engineer working for a device manufacturer, and as a result the conversation was dominated by placing security controls into the devices, themselves. In contrast, I tend to approach the issue from the perspective of protecting the core of the network. But just when I was beginning to think I had wasted an hour-long drive and was going to be bored out of my skull all day, a few of us started debating the issue and the conversation began to evolve. Before long, we had found common ground in the fact that security controls are all about trust relationships -- ‘I trust you, therefore I will allow you to do that’.
Now trust is a funny thing, because by its very nature it can neither be one-sided nor one-dimensional. Instead, it must be built into every aspect of the transaction; a sort of “digital handshake” to ensure all is well before doing business. In other words, each of our pre-conceived perspectives was correct, yet we were all being stubborn and short-sighted! Read More »
Tags: Cisco, cyber security, Internet of Everything, internet of things, IoE, IoT, network security, security