New year predictions generally take one of several forms: broad generalizations about multi-year trends, guesses about what might happen, or overviews of recent events disguised as predictions. The first is too easy, the second—going out on a limb—risks missing the mark so badly as to be useless. So I will go with the third choice in the hope that, by calling out some of the common threads running through major stories of 2014, we can take some cues for the future.
In our increasingly interconnected world, the Internet of Everything is making trust a critical element of how people use network-connected devices to work, play, live, and learn. The relentless rise in information security breaches underscores the deep need for enterprises and governments alike to trust that their systems, data, business partners, customers, and citizens are safe.
Consequently, I see an evolution taking place regarding accountability in cybersecurity moving up to the boardroom level, an issue I discussed earlier this year in Fortune. In a recent Information Systems Audit and Control Association (ISACA) report, 55 percent of corporate directors revealed that they have to personally understand and manage cyber as a risk area. The National Association of Corporate Directors recently published a document on corporate directors’ ownership and management of risk in cyber for public companies. In March of this year, an SEC commissioner said that the SEC plans to create a requirement for corporate directors regarding managing cybersecurity as a risk.
In a Technology Vision 2014 report, consulting firm Accenture discussed major trends that drive a dramatic transformation for every business to enter a digital world. As they described, the excitement is to change from being “digitally disrupted” today to “digital disrupters” tomorrow. The huge opportunity is for businesses position themselves as leaders in this new world.
Many forces are at work in the journey of this remarkable transition. Among them, three dominant factors will play a vital role to determine whether this digital transformation will be successful: an intelligent information edge, IT simplicity and cybersecurity.
At the edge of the new digital world, intelligent and real-time technologies allow people to act and react faster to achievebetter experience and outcome. While mobile device explosion serves as a clear indicator of this rapid transition, greater potential lies ahead to fully utilize the power of mobility, analytics, cloud computing and other new technologies. For a preview of what is possible, check out how Fernbank Natural History Museum integrates 3G/4G and Wi-Fi seamlessly. The outcome is an dynamic application that brings an immersive and interactive experience to the visitors, instead of forcing them to find the information.
Technical complexity arises, as more and more applications, systems and infrastructure are added together over time. Cisco Global IT Impact Survey in 2013 found that nearly three out of four IT participants (71 percent) were deploying more applications than a year ago. Without IT simplicity, IT departments will be rapidly consumed by day-to-day fire drills. They will lose their ability to innovate and their relevance to the business.
As National Cyber Security Awareness Month (NCSAM) arrives, now is a good time to look at the rapid expansion of information growth. We believe that cyber security centers around an important question that all who serve, protect and educate should consider – if you knew you were going to be compromised, would you prepare security differently?
It’s no longer a matter of “if” an outside party will infiltrate a system, but “when.” We read about new threats in the news every day, and it’s important to consider innovation when it comes to protecting our most precious assets and information.
We look at preparedness from three angles: what it takes to manage security before an attack, how to react during a breach and what to do in the aftermath. Security professionals need to evolve their strategy from a point-in-time approach to a continuous model that addresses the full continuum.
The Cisco approach is visibility-driven, threat-focused and platform-based. By performing live policy and attack demonstrations, organizations can help to ensure that they are prepared for what may come across multiple platforms. Read More »
The Internet of Things (IoT) has become a popular topic of discussion amongst security company executives, analysts, and other industry pundits. But when they begin discussing the technical details, it quickly becomes evident that many of the most experienced security professionals still approach IoT with an IT-centric mindset. That’s because they believe IoT is mostly about the billions of new connected objects. While the dramatic increase in the number and types of connected objects certainly expands the attack surface and dramatically increases the diversity of threats, they’re only part of the IoT security challenge. In addition, the convergence of the organization’s existing IT network with the operational technology (OT) network (e.g., manufacturing floors, energy grids, transportation systems, and other industrial control systems) expands the depth of security challenges and makes threat remediation remarkably more complex.
While IT and OT were once separate networks, they’re now simply different environments within a single extended network ‒ but by no means are they the same! The architectures, operational needs, platforms, and protocols are vastly different for each of them, which drive radically different security needs for each of them. As a result, security architectures, solutions, and policies that have proven effective for years in the IT world often don’t apply in OT environments, so attempting to enforce consistent security policies across the extended network is doomed for failure.
Protecting data confidentiality is IT’s primary concern, so when faced with a threat, their immediate response is to quarantine or shut down the affected system. But OT runs critical, 24x7 processes, so data availability is their primary concern. Shutting down these processes can cost the organization millions of dollars, so the cost of remediation may be greater than simply dealing with the aftermath of an infection. In addition, because OT is a human-based operation in what can be dangerous working conditions, their focus is on the safety of their operation as well as their employees. As a result of these main differences, the two groups approach security in completely different ways. While IT uses a variety of cybersecurity controls to defend the network against attack and to protect data confidentiality, OT views security more in terms of secure physical access, as well as operational and personnel safety.
Securing IoT networks must go beyond today’s thinking. Rather than focusing on the individual security devices, they need to be networked, so that they can work together to produce comprehensive, actionable security intelligence. By combining numerous systems, including cyber and physical security solutions, IoT-enabled security can improve employee safety and protect the entire system from the outside, as well as the inside. As a best practice, IT should maintain centralized management over the entire security solution, but with a high level of understanding of the specific needs of OT. Based on that understanding, they need to enforce differentiated security policies to meet those specific needs, and provide localized control over critical OT systems.
At the end of the day, IT and OT need to work together for the common good of the entire IoT implementation – thereby driving truly pervasive, customized security across the extended network.
Want to learn about the part Big Data plays in your overall security plan, and how Cisco can help organizations deliver the security they need to succeed in the IoT and IoE eras? Join us for a webcast at 9 AM Pacific time on October 21st entitled ‘Unlock Your Competitive Edge with Cisco Big Data and Analytics Solutions.’ #UnlockBigData