When I was in grade school, my best friend had a favorite saying whenever he disagreed with somebody’s observation that two things were really similar. “It’s the same, only different,” he would quip. Though this phrase was mostly intended to be flippant and evoke an emotional response from the recipient, I’ve finally found a topic where his phrase is 100 percent legitimate; IoT security. That’s because when it comes to securing IoT, we’re not talking about a single, homogeneous network, but rather the extended network which comprises both Information Technology (IT) and Operational Technology (OT) environments.
While existing IT networks have included cloud and perimeter security for many years, OT environments have traditionally been air gapped from the Internet, and therefore only required physical security components to ensure a high level of secure access and safety for plant personnel. And since IT and OT networks were completely separate, the radical differences in their approach to security didn’t make much of a difference – users of each simply lived in blissful isolation. But IoT is changing all of that! Read More »
Tags: Cisco, cisco live, Cisco Live! 2014, Cisco Live! San Francisco, cyber security, Internet of Everything, Internet of Things (IoT), IoE, IoT, IoT Security, network security
Many people take the term “Internet of Things” too literally, and assume that IoT is about the things, themselves. But they’re missing the whole point! It’s not the “things” that makes IoT special. After all, connected devices are neither new nor particularly interesting, particularly since the data each individual item produces is of little value. But by networking these devices together, IoT enables us to benefit from their ability to combine simple data to produce usable intelligence. In turn, that intelligence can be used by businesses to increase operational efficiency, and by individuals to make life easier and more comfortable.
But despite the many benefits of IoT, the billions of connected sensors, devices, and other smart objects it comprises will also dramatically increase the diversity of threats we will face. As a result, securely embracing IoT will require a multi-layer approach to security – including cloud, perimeter, physical, and device-level security, as well as end-to-end data encryption.
Ensuring that we can reap the overwhelming benefits of IoT without undermining security isn’t going to happen on its own; it will take strong leadership and a great deal of teamwork throughout the industry. That’s why I’m proud that Chris Young, Cisco’s Senior Vice President of Security, recently topped the list as one of the top 100 thought leaders for IoT! It will take leaders like Chris, who have a strong understanding of security and a passion for IoT, to help ensure that we can securely embrace IoT.
I honestly expect IoT to change the world in a variety of ways. But truly harnessing its power requires that we inspire and cultivate a true culture of security throughout every level of the extended network – which means that leadership and teamwork will be far more valuable than the technology, itself.
Tags: Cisco, cyber security, Internet of Everything, internet of things, IoE, IoT, IoT Security, network security, security
Editor’s Note: This post is a response to EN Mobility Workspace. Please see that post for full context.
A colleague of mine here at Cisco, Jonathan, recently spoke well to the Evolution of Cisco Mobility Workspace Journey. Like all technologies, there is an adoption and engagement cycle based on maturity and risk level. We begin at the device-focused phase with a simple “get me on the network.” Following is the application-focused phase, “now that I am on what can I do with my ability to move around without a wire and work anytime and anywhere.” And the final is the overall experience, which is tailored to the user based on who they are, where they are, what they need or can do. And one can argue the next mobility phase for organizations is IoT (Internet of Things) as more single purpose devices (not necessarily with a user behind it) move to the wireless network.
What is critical to point out is the consistent requirement (not a nice to have) for security as the mobile user experience expands. Why is this so important? According to IDC over 47 percent of organizations see security enhancements required with their mobility initiative. The questions to consider are:
- What are the secure mobility issues today and potentially tomorrow?
- What are the implications?
- What is likelihood of these threats?
The top secure mobility concerns noted by numerous surveys indicate the following:
- Data protection
- Application access
- Lost and stolen device
- Rogue devices
Read More »
Tags: application access, cyber security, data protection, interop, lost device, mobile, MobileIron, Ponemon, rogue device, security, stolen device
It’s December and the 2013 cyber security news cycle has just about run its course. We’ve seen more and increasingly virulent attacks, continued “innovation” by adversaries, and a minor revival of distributed denial of services (DDOS) actions perpetrated by hacktivists and other socio-politically motived actors.
Against this, Cisco stood up tall in recognizing the importance of strong security as both an ingredient baked into all Cisco products, services, and solutions, and a growing understanding of how to use the network to identify, share information about, and defeat threats to IT assets and value generation processes. I can also look back at 2013 as the year that we made internal compliance with the Cisco Secure Development Lifecycle (CSDL) process a stop-ship-grade requirement for all new Cisco products and development projects. Read More »
Tags: asr, CSDL, CSO, cyber security, DDoS, John Stewart, security
(I pulled this list together with the help of my colleague Martin Chorich. Or maybe it was the other way around. )
Every year, publications ranging from supermarket tabloids to serious academic journals issue forecasts for the coming year. Those with foresight hold on to these articles and read them again the following December for a good laugh, as we all know how accurate they can be. With that in mind, and following a long week of staring into a well and inhaling the fumes, we offer the following unofficial 2014 guide to trends for cyber security practitioners. These should not be construed in any way as representing Cisco expectations of future market or business conditions. As for their true value, this article and about $4.50 will get you a double mocha latté at a national coffee chain.
1. Changes in the Global Framework Governing the Internet – It is no secret that government policies around the world have had trouble keeping pace with the cultural and economic changes enabled by the Internet. At the same time, the Internet would not be the juggernaut it is without its borderless and unregulated nature. The Internet has developed around a multi-stakeholder model led by the Internet Corporation for Assigned Names and Numbers (ICANN). In recent years, some stakeholders have called for a more government-centric model of Internet governance. In 2014, this conversation will intensify. Debate topics will include whether governance of the Internet should change, and what sort of new governing bodies might find consensus, as stakeholders consider the risks of Internet balkanization and the potential stifling effects of mounting regulatory requirements.
Read More »
Tags: Borderless Networks, cyber security, DDoS, internet governance, internet of things, IT trends, metrics, threat intelligence