With October designated as Cyber Security Awareness Month, it got me thinking about the connections between awareness and trust. Cisco has made significant investments in what we call “Trustworthy Systems.” These products and services integrate security features, functions, and design practices from the very beginning. We do this because we know that people will be depending on Cisco products for communications critical to their personal and professional missions. Read More »
It’s hard to believe but it’s ten months since I first blogged on Cisco Domain TenSM, which is Cisco Service’s framework to guide you on your path to data center and cloud transformation. I’ve now covered all ten domains of this concise and powerful model. I’ll now collect all articles – including my most Cisco Domain Ten article around the breadth of SDN adoption challenges – into this one article as a useful summary. So forgive the brevity and please do dive into the links/URLs for more information if indeed you missed these articles first time. And if you’ve read every article and watched our VoDs, please do let me know what you thought of the series – oh, and thanks!
Going back, now, I started in December 2012, with our launch of Cisco Domain Ten, where I set the focus for my series of articles as cloud transformation. Let me summarize each article with (and for those that know me you’ll know this is a struggle ) just one sentence with the key message from each blog/domain.
The Internet of Everything is a big thing, and it’s going to get bigger. As more devices, sensors, gadgets, and people get interconnected, you’ll hear more and more about it. But there’s one aspect of the Internet of Everything that I don’t hear a lot about.
That aspect is security, both in the form of actual security and the sense of security.
Let’s go back to the mid-1980s, when I got my start with computers. You could finally buy one and make it useful at home without being a programmer or a soldering wiz. Pre-packaged software was available to do all sorts of useful things, but the thing that stood out for me was financial software. You know, Sylvia Porter, Multiplan, or whatever worked with your brand of computer. (I was a weird kid; I even did mock tax returns in middle school civics class for extra credit.)
But there were a lot of people who would not think of doing their finances on their home computer, for fear of being hacked or having their identity and their money stolen electronically.
Now anyone who’s had a credit card replaced because their account information was compromised will know this is a valid concern, at times. But some of these folks using Quicken on their monochrome Macintosh 512 without any connection to the outside world were convinced that hackers would get in, perhaps through the power line (way before powerline Ethernet adapters).
It took the personal financial software industry (and the PC industry as a whole) a while to overcome the fear, uncertainty, and doubt (FUD) surrounding their products, to the point where people were comfortable storing their personal/sensitive information on a personal computer, connected or not. Fast forward to today when, according to Pew Research, over half of us bank online and about a third bank on our mobile phones.
As more people start to see what the Internet of Everything is about, they’re going to be excited, and eager to get involved. But they’re also going to have concerns and fears about all of this interconnectedness, and what it means for their privacy and security.
You’re not going to want hackers to make your fridge shut down, for example. But we shouldn’t cry over spoilt milk that isn’t necessarily going to happen.
There will be some genuine security issues, at least as long as humans are writing the code (and the documentation), but I expect there will be more fears of issues than actual issues. It’s like wars and rumors of wars. They can both be dangerous, but we can each take an active role in dealing with the latter.
As for me, I’m watching for where interconnectedness is growing fastest, and getting an elevator pitch ready to calm the nerves of my less-technical friends, coworkers, neighbors, the woman behind the counter at Five Guys, my landlord, etc.
Now I’m off to recharge my Pebble and Fitbit for the week, and make sure my unconnected fridge hasn’t turned itself off yet. But before I go…
What are you doing to prepare for the Internet of Everything? And where do you think the most FUD will come from? I’d love to hear your thoughts and predictions in the comments below
Mobility, cloud and the Internet of Everything (IoE) continue to change IT security making point product solutions insufficient. The old model of having disparate products securing isolated areas simply won’t protect against the dynamic threats of today’s world. In the ever-growing world of the Internet of Everything (IoE) the number of attack vectors will only increase. Today’s security solutions require a continuous approach that is much more automatic when handling security threats before, during and after an attack.
The good news for our partners is that the acquisition of Sourcefire is complete. With Sourcefire part of the Cisco family, we will provide partners with a broad portfolio of integrated solutions that deliver unmatched visibility and continuous advanced threat protection across the entire attack continuum, and partners can:
- Work with one vendor to offer a wide range of industry leading security offerings;
- Become or remain more competitive in the security space; and
- Use the support of Cisco to build your security business Read More »
In the last week alone, two investigations I have been involved with have come to a standstill due to the lack of attribution logging data. One investigation was halted due to the lack of user activity logging within an application, the other from a lack of network-based activity logs. Convincing the asset owners of the need for logging after-the-fact was easy. But ideally, this type of data would be collected before it’s needed for an investigation. Understanding what data is critical to log, engaging with the asset owners to ensure logs contain meaningful information, and preparing log data for consumption by a security monitoring organization are ultimately responsibilities of the security monitoring organization itself. Perhaps in a utopian world, asset owners will engage an InfoSec team proactively and say, “I have a new host/app. To where should I send my log data which contains attributable information for user behavior which will be useful to you for security monitoring?” In lieu of that idealism, what follows is a primer on logs as they relate to attribution in the context of security event monitoring. Read More »