Cisco Blogs


Cisco Blog > Innovation

Job One: Securing IoT

Recently, I participated in the panel on Internet of Things (IoT) security as part of the Automation Perspectives media event hosted by Rockwell Automation, just prior to Automation Fair 2015 in Chicago. It is clear that the ability to deal effectively with security threats is the No. 1 make-or-break factor for IoT adoption. With this reluctance to implement IoT, companies will not benefit from the growing number of powerful IoT use cases that are emerging across all industries, which includes the digital revolution in manufacturing, where there is an identified 12.8 percent profit upside over three years for manufacturers that digitize.

IoT is now part of the very fabric of industry and the public infrastructure, including such essential services as transportation, the power grid, the water supply, and public safety. When these systems are compromised, the damage can go far beyond financial loss. Some examples in years following the Great Recession:

  • 2008 – A 14-year-old Polish boy hacked a local tram system, disrupting traffic, derailing trams, and injuring 12 passengers
  • 2009 – Due to a failure in the automated control system, a Washington D.C. Metrorail train struck the rear of a stopped train, resulting in death and injury
  • 2014 – An overflow of wastewater at a water treatment plant was due to suspected unauthorized employ access

In recent years, there have also been hacks on nuclear power plants, transportation systems, and connected cars. No one wants their company to show up on the front page of the paper as a cyberattack victim. In addition to the physical impacts, attack vectors on IoT security can cause losses that are less immediately perceptible—but very real and lasting—including downtime, brand damage, breach of trust, and theft of intellectual property.

Read More »

Tags: , , , , , , ,

For Value Chain Security Collaboration, Use a Carrot With Your Stick

The Digital Economy is transforming the way that organizations operate. Deploying a secure, trustworthy infrastructure is no longer enough. Security must be designed into all facets of an enterprise’s network and its third party ecosystem. At the same time, enterprises of all sizes must shrink the attack surface. And, foster an open, security-aware culture, internally and throughout their value chain.

Given Cisco’s commitment to being trustworthy, transparent and accountable, I have been thinking quite a bit lately about the importance of collaboration.

Partnering for improved security

Ensuring that your value chain embraces security wholeheartedly requires a commitment to collaboration. Embracing that commitment can enhance and accelerate security innovation. A true partnership that focuses on security can also create opportunities for previously unexplored operational excellence. Read More »

Tags: , ,

A New Security Paradigm Needed to Support the Internet of Things

Shutdown. Cleanup. Restart.

This “incident response” approach to cyber security was designed primarily for enterprise networks, data centers, and consumer electronics. It companies perimeter-based protection that uses firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS) to prevent security threats.

When threats penetrate perimeter-based protections, human operators typically shut down the compromised system, clean up or replace the compromised files and devices, and then restart the system.

Next is forensic analysis. This, too, requires intensive human involvement to harden existing protection mechanisms and develop future remediation measures.

However, as we move into the next phase of the Internet—the Internet of Things (IoT)—this security paradigm won’t be adequate because of changing form factors and use cases.

To succeed, we need fog computing. This will extend cloud computing (including security) to the edge of an enterprise’s or consumer’s network. Much in the way cloud technology enabled the Internet, fog will enable an array of secure IoT possibilities.

Read More »

Tags: , , , , , , ,

Secure Without Compromise

This is part of a series on the evolution of the Cisco Collaboration Cloud platform, exploring the technical and design principles behind its unique architecture.

So far in this series, we’ve learned about two ways the Cisco Collaboration Cloud is revolutionizing enterprise communications technology:  through its exceptional user experience and its hybrid capability. A third is security. Security ensures our customers are always in control of their own data and is fundamental to everything we do.

For IT, the question you really need to ask is a simple one: Does the collaboration platform protect my content from the prying eyes of others, including the vendor, or doesn’t it?

There is no gray area for collaboration security.

Our on-premises products, such as Cisco Unified Communications Manager, have traditionally put the decision about whether to use “Secure Mode” into the hands of the administrator. Secure Mode controls device profile security and media encryption. With entirely on-premises technology, administrators could decide whether the effort required to enable Secure Mode was justified for their enterprise.

More often than not, administrators decided to leave Secure Mode turned off. Let’s be clear: the administrator’s decision not to enable security was a failure on our part. We presented the administrator with an option to choose security that was only as secure as their network perimeter, which required zero effort or expense. Read More »

Tags: , , , ,

Healthcare Security: Improving Network Defenses While Serving Patients

Safeguarding patient information is critical for healthcare providers. From HIPAA regulations for patient record privacy to PCI standards for credit card processing, there are many areas where information can be compromised.

In our newly released white paper, Healthcare Security: Improving Network Defenses While Serving Patients, we identify areas in which healthcare organizations can make changes to better address threats facing their organizations by implementing improved security defenses.

Healthcare Security PaperIn a related study, we surveyed CISOs and SecOps managers and found that:

● Chief information security officers (CISOs) in healthcare are more likely than security operations (SecOps) managers to believe that their security processes are optimal.

● Healthcare organizations do not implement as many strong security defenses as organizations in other industries.

● When healthcare organizations experience a breach, they may be more likely to implement a wider array of security defenses.

We invite you to read the new White Paper to learn how Cisco can help enable compliance and help you to prevent your organization from suffering a potentially devastating cyberattack.

 

Tags: , ,