Cisco published earlier this week the 2013 Cisco Global IT Impact Survey, exploring the relationship between IT and the business goals of the companies they support. Among other things, 42 percent of those interviewed responded that they know about the Internet of Things, “as well as I know Einstein’s Theory of Relativity.” In other words, beyond a passing knowledge of e=mc2, the relevance of the Internet of Things to IT is about as illuminated as a black hole.
Does that really matter at this point? you might ask. Isn’t the Internet of Things about Nike FuelBands and talking toasters? In fact, a lot of what we call “industrial automation” or “safety and security” is the leading edge of the Internet of Things. It’s already here today, called into the service of greater efficiency, productivity, and safety. This is “operational technology” instead of “information technology”: in other words, technology that directly monitors or controls physical objects and processes, such as assembly lines on a factory floor.
This has enormous implications for IT:
1. Security threats go from the merely cyber to the cyber-physical. Gartner summed it up nicely in the WSJ last week. And let’s not even talk about Shodan.
2. Beyond BYOD. The consumerization of personal electronic devices transformed the enterprise networking landscape. IT adapted to the new security threats posed, figured out how to associate multiple devices to a single user, etc. Now imagine “bring your own programmable logic controller.”
3. Redefining networking scalability and data management. And we thought video was a huge driver of traffic on the network. SAP and Harris Interactive recently estimated that 4 billion terabytes of data will be generated this year alone. (For some idea of the scale, take a single IoT use case — smart meters. Jack Danahy estimated 400MB of data per year. Not much, you say? Multiply that by, say, 1 million households, and you get 400 terabytes already. For a single use case. In one city.)
IT has much to offer, and should. As proprietary connectivity networks converge onto TCP/IP, IT can bring its expertise in securing IP-based networks. With experience in deploying cloud services, IT can bring in network management best practices. And with expertise in software-defined networking, IT can help re-architect networks to support immense scale, real-time requirements, analytics at the edge, and more.
From the outside-in, the Internet of Things may seem like a fast-moving train that’s zooming by too fast to board. But if you’re in IT, get on board: you’ll experience relativity and relevance.
The concept of crowd sourcing cyber intelligence may sound like an unstructured process, but there’s more to it than that. First, you need to remember that all crowds consist of collections of individuals contributing to the community knowledge base. Second, someone has to take responsibility for gathering data from the crowd, analyzing it, and refining it into actionable information that crowd members can apply to their unique situations.
One of the main reasons I’m excited about my job is that I work for an organization with unique qualifications to lead the movement to collective, crowd-sourced cyber security. Cisco has customers all over the globe that have agreed to share threat intelligence data with us for analysis and redistribution back to the community. This process evolved as a byproduct of our main line network products, solutions, and services business. It also hasn’t escaped our notice that these efforts not only deliver huge benefits to our current customers, but also carry with them a truly compelling business value proposition. I really shouldn’t say more, but do it any way in a video blog post you can access here.
A couple of weeks ago, I announced a new name and a new mission for the group I lead at Cisco. I’ll do my best to minimize reader exposure to boring administrative details, but the long and the short of it is that the former Cisco Global Government Solutions Group (GGSG) has become the Cisco Threat Response, Intelligence, and Development (TRIAD) organization.
Any organizational name change is only a label placed on more fundamental transformations in missions, strategies, and desired outcomes. While the new organization will continue to serve government customers, the time has come to mobilize the expertise we have built up over the years to help critical infrastructure and enterprise customers strengthen their abilities to deliver IT-based services and value with minimal disturbance from unauthorized sources.
Vectoring the organization’s mission to threat is the key to understanding what TRIAD is all about. Through our work with Cisco customers, observation and analysis of phenomena visible in Cisco and customer networks, and application of innovative thinking about security practices and processes, we see enormous potential for developing and delivering threat-focused approaches to cyber security into products, services, and solutions. Read More »
RSA 2013 ends and I both miss it and breathe a sigh of relief that it’s over. Let me explain. As a security guy, it’s nice to be around other security like-minded people. We all speak the language. You needn’t really justify why you are worried about things most people have never heard of. It’s exciting to see so many people try so many different things, be it startups, big companies, or inspired individuals. It’s great to see government employees, corporate executives, and pony-tailed security geeks all talking to one another. In a slightly strange way, it’s therapeutic.
That said, RSA is an incredibly intense week, and this year’s conference was no exception. In four-and-a-half full days (and this is just my schedule), I had:
Eight customer meetings
Eight dinners (working out to 1.78 dinners per day.)
Four press interviews: two on-record, one background, 1 live videocast via Google+
Four bizdev/company review meetings
Two analyst interviews
Two partner meetings
One customer breakfast talk along with with Chris Young
And this doesn’t include the countless run-ins with friends, a quick word here or there, and emails that all have to be managed along the way. In some respects, you don’t get enough time with really good friends (if there really is such a thing as enough time for such people in our lives), and in the end, it’s a huge blur from meeting to meeting.
I posed a question in my blog earlier this year: Are we making progress in cyber security? I say yes, yet not nearly enough, and now I am thinking hard about how to change it before RSA 2014.
The RSA Conference is expected to be bigger and better than ever this year—more booths, more vendors, more technical sessions and keynotes.
But I have to ask the question: “Are we as IT practitioners better off now than we were 4 or 5 years ago?” There are a lot of people at the show who worry that the old approaches aren’t working and next generation solutions have not clearly come into focus. I do think, however, there are reasons to be cautiously optimistic.
Join me for a live broadcast from the RSA show floor on Wednesday, February 27 at 10:30 AM PT as I discuss what I’m seeing at the RSA conference and what it means for the IT Security industry. We’ll be taking your questions live via Twitter and Google Hangouts. Read More »