Enterprise IoT threatens to undermine cloud and IT security

The internet of things, or IoT, is pervasive these days in your personal life. However, this technology is just getting into the Global 2000 companies. Yet most of the Global 2000 companies are unaware of the risks that they are bringing to IT and cloud security with their IoT adoption.

How did this happen? Well, for example, as thermostats and sensor fail in buildings’ HVAC systems, they are often replaced with smart devices, which can process information at the device. These new IoT sensor devices often are computers unto themselves; many have their own operating systems and maintain internal data storage. IT is largely unaware that they exist in the company, and they are often placed on the company’s networks without IT’s knowledge.

Besides the devices that IT is unaware of, there are devices that it does know about but are just as risky. Upgrades to printers, copiers, Wi-Fi hubs, factory robots, etc. all come with systems that are light-years more sophisticated in intelligence and capabilities than what came before, but they also have the potential of being turned against you—including attacking the cloud-based systems where your data now resides.

Worse, many of these IoT devices are easily hacked, and so can easily become agents for the hackers lying in wait to grab network data and passwords, andeven breach cloud-based systems that may not have security systems that take into account access from within the company firewall.

And don’t let price be a proxy for secrity level: I’m finding that the more specialized and expensive that the devices are, the more they are likely to have crappy security.

This is going to be a huge issue in 2018 and 2019; many companies will need to get burned before they take corrective action.

The corrective action for this is obvious: If the IoT device—no matter what it is—cannot provide the same level of security as your public cloud provider or have security systems enabled that you trust, it should not be used.

Most IoT companies are improving their security, even supporting security management by some public clouds. However, such secure IoT devices are very slow to appear, so most companies deploy what is available in the market: IoT devices without the proper security systems bundled in.

Sadly, I suspect that IoT security will be mostly a game of Whack-a-Mole over the next several years, as these things pop up on the corporate network regularly.

That’s really too bad. We finally just got cloud security right, and now we’re screwing it up with new thermostats and copiers that make all that good security worthless.

Powered by WPeMatico

4 surprise cloud computing trends for 2018

First of all, I hate doing yearly predictions. Also, this is the time of year that every PR firm in the country asks me to read the cloud computing predictions of their clients, which are all pretty much wrong and self-serving.

So, I’ve put together four cloud predictions for 2018 that you won’t see coming but that should help shape your cloud strategy for the new year.

2018 cloud prediction No. 1:
Microsoft or Oracle buys Salesforce.com

Microsoft and Oracle can afford it, and both are looking to accelerate their cloud computing cred. It does not get better in terms of SaaS dominance than Salesforce, and that cash cow can be milked by one of the two mega enterprise players for the next 20 years.

2018 cloud prediction No. 2:
A rash of data breaches caused by idiots

We’ve seen the NSA and others leave sensitive data exposed because of public cloud misconfigurations. There’s been no real damage done yet, but in 2018 we’ll see an explosion of breaches caused because somebody forgot the lock the virtual door—you just need to know the URL, and you’re in—not because the hackers were exploiting some unknown vulnerability.

2018 cloud prediction No. 3:
More cloud categories are coming

While hybrid, public, and private clouds are how we’re defining cloud deployments, as well as now multicloud, they are often misapplied. This semantic confusion is caused by big enterprises technology providers cloud-washing the heck out of the commonly used buzzwords, perverting the cloud terminology defined by NIST in 2008.

For example, vendors’ versions of hybrid clouds are often traditional systems paired with pubic cloud, and not the paired private and public clouds that NIST defined. Moreover, virtualized sets of servers are often called private clouds, even though they are not.

We’ll have to make up new terms for these other patterns, and stop calling them what they are not. Watch this space for my suggestions. 

2018 cloud prediction No. 4: 
Non-US cloud providers get more traction

We’re now seeing several new public cloud providers, such as Alibaba, that are beginning to show up in deals. Although most of the Global 2000, as well as the US government, will turn up their noses at these new providers, enterprises and governments outside the US, as well as small to medium US businesses, will look at these providers with interest, considering their low costs.

Indeed, depending on what analyst firm you’re paying attention to, Alibaba has already surpassed Google in IaaS revenue.  

So, be ready for these four cloud developments in 2018.               

Powered by WPeMatico