February 19, 2014
Share on Twitter.
The topic of internet security has been getting a lot of attention lately, and for good reason. After all, there's not a single
week that goes by that we don't read about a new security vulnerability, a new spoofing attack, or worse: millions of internet users
that got their credit cards stolen over the Web.
And that's a real shame, since a bit of prevention can go a long way at protecting yourself from many online risks, if only a few
guidelines and some basic common sense is used.
At its very core, the basic concept of internet security is a simple one-- extend computing and data-processing capability to
the physical world around us.
And the earliest manifestations of this are starting to be seen already in the growth of smart devices-- TVs, automobiles, appliances,
electronic hydro meters, etc.
You can imagine numerous scenarios in which our businesses can be streamlined through strategic application of this concept-- dynamic
inventory management; self-diagnostic capability for appliances; better logistics; increased efficiencies resulting from better
telemetry and so forth.
These advantages promise rapid and prolific adoption as implementation comes to fruition, but there are also serious ramifications for security
For example, about 51.3 percent of respondents to a recent global survey planned to capitalize on the so called Internet of Things and about
45.1 percent believed that it had already impacted their businesses.
The top governance-level concerns were related to security and privacy. Specifically, increased security threats were cited by 38 percent
of respondents, followed by data privacy, which was a top concern of 28 percent of respondents to the ISACA 2013 IT Risk/Reward
Still, there have been IP-connected, closed architecture, specialized devices in the scope of many security programs for
quite a long time. Consider the role of PoS (point-of-sale) devices in retail, diagnostic modalities in healthcare (MRI machines
and the like), and industrial control systems in energy and manufacturing.
While wildly different in functionality and implementation, these devices have common aspects that can help shed light on the
security challenges ahead as more IP-connected and purpose-built devices come online.
Those historical challenges can serve as a touchstone to prepare for the emergence of the Internet of Things. We can't solve
all of them now but anticipating today what capabilities we might need as smart devices become more prevalent has a few advantages.
It can give us a leg up if businesses ramp up quickly, as it is likely to, and also help insulate organizations against risks
during early adoption, when guidance and standards are still emerging.
Although securing the web is a work in progress, there are a few security capabilities to develop if they're already in place
in order to prepare. These are elements you can do today that have benefits right away but that also will be critical as the internet
develops more and when smart devices really start to proliferate everywhere.
Purpose-built devices, no matter what they are, have security vulnerabilities to the same degree that everything else does on the Web.
Device makers may not have the same kind of vulnerability reporting and response channels as, say, an operating system or application
Those devices are often closed architecture with a non transparent and often proprietary code base. There will be varying degrees
of transparency when it comes to security vulnerability reporting.
For example, some manufacturers may initially downplay the impact of vulnerabilities or be slow in reporting them. Having
internal analysts with their ear to the ground for vulnerabilities in these devices and a process for rapidly reporting what they
find can really help expose such weaknesses earlier than if the sole alerting mechanism is manufacturer notification.
Likewise, tracking the tactics of attackers will help expose attempts to actively exploit these devices. As most security professionals
know from cloud and virtualization efforts, retroactively creating inventories of a rapidly expanding technology footprint is
challenging, to say the very least.
As previously unconnected dumb devices start to come up with built-in network and computing capabilities, knowing what and where
those devices are will be very important.
And it's a good idea to start tracking what they are and where they are, where they live and just who's responsible for them. It's
easier to start now while the issue is small than it is to wait and retroactively attempt discovery once usage proliferates.
If you're a manufacturer producing a smart device, you need to minimize the number of issues you have to fix once its in customers'
hands. Likewise, if you're a consumer, it's helpful to understand the underlying protocols these devices use to interact and
work with each other.
Both require expertise in understanding how applications operate and interact-- like how the protocols operate; how security defects
or misconfigurations arise; how other components are likely to impact the applications running on these devices; etc.
If, like many businesses, you've underinvested in this area in the past, starting to build some strength here might be a smart
move for the long term, something that will clearly provide you with worthwhile dividends down the road.
Though it might not seem immediately apparent, securing the supply chain can be particularly critical when it comes to securing
purpose-built software, and there are a few good reasons. The practices of manufacturers (for example, their ability to build a
hardened product) play a role.
Implementers and VARs (value added resellers) can leave configuration or other errors in deployment. Then, maintenance and support
teams may require granting access to external parties so they can troubleshoot and provide that support.
Building a capability to assess these external parties in the supply chain can offer you some transparency and help you assess
the level of risk that these situations might introduce.
However, and this is important to note, all of the above capabilities require one central and crucial element to be truly effective--
the utmost knowledge of how an organization is employing the Web as part of its broader strategy.
To get this, you need some knowledge about what the business is doing and, ideally, as rapidly as possible. Being out of touch
with business efforts has never been a good way to manage, but it's particularly risky now more than ever.
Business people might not think to come to information technology when making purchasing decisions about previously unconnected
devices that now host both networking and computing capability, but that's how it's done nowadays. Get with the flow.
Get a great Ubuntu Linux dedicated server for less than $3 a day!
Share on Twitter
This article was featured on Business 5.0.
Advertise on E-Commerce News
If you have a product or service that deals with the ecommerce
or ebusiness field, advertising on E-Commerce News can bring
you new sales leads and close new marketing channels. This news
portal is read by over 25,000 people a week.
Businessmen and woman that either own an ecommerce website, an
ebusiness franchise, a B2B commercial exchange or by people in all walks
of life that need to keep abreast of this fast-changing field. For
more information on the many advantages of advertising on our news
portal or to request pricing information, please send us an
and a marketing representative will be glad to answer you