The Elephant And The Internet

A little while ago I bumped into a journalist friend at a trade conference. We chatted about the event to try and identify hot topics and trends from our discussions and supplier meetings, and both sat there deflated when the stories that came to the surface were the same old ones of fear-mongering around APT and “cyber” threats.

CISOs have a habit of missing the boat,” I said, thinking of how virtualization, social media, and consumerization had all crept into wide-scale adoption before many security teams had managed to turn their attention to them, “so, what topic should we be looking ahead to that CISOs are not talking about?” This question was much more interesting and we came to realize that the elephant that is currently pushing its way into the room is the Internet of Things (IoT).

My friend pointed out that he had raised this topic with several CISOs and was surprised at their lack of appreciation for the potential change that the IoT could bring to industry, consumers, and the Security & Risk (S&R) role — as the digital and physical world entwine, for example, we can envisage huge safety risks that the CISO would be best placed to address. We also decided that the stakes were surprisingly high, as the IoT has the potential to revolutionize technology innovation to such an extent that the eCommerce and social media bubbles will appear both sluggish and trivial by comparison.

The IoT is starting to happen now and this is a wave of change that S&R Professionals cannot miss. If we are to build acceptable levels of security into the products and services of the future, we need to understand where that future is headed and ensure that security and risk management are fundamental to the initial designs. Make sure that you and your team and not left behind, read “Prepare Your Security Organization For The Internet Of Things,” and start to look for the IoT “elephant” creeping into your organization.

Comments

I agree that we have a habit

I agree that we have a habit of falling into the day to day dealings of the reactive nature of our jobs but not all CISOs missed the boat on the latest trends. I was a bit surprised; however; at the speed of acceptance and adoption by businesses of the latest “fads”. Granted, I may be a bit defensive since I’m a CISO but two forces continue to be a challenge:

1) A lack of built-in security controls in these new solutions that would enable safe, early adoption by enterprise customers that need to protect their IP.

2) A legacy corporate infrastructure environment that is not conducive to seamless integration of these game changing technologies in a rapid yet secure manner.

These new trends have me rethinking our strategic direction and on the plus side, it has enabled more collaboration with other IT and business groups. Looking ahead to the next wave of Internet enabled solutions, I expect Privacy to play a much bigger role.