How the shift to the "personalization of IT" requires a new model of security strategies.January 21, 2014
Media buzz from the recent Computer Electronics Show (CES), leaves no doubt that the era of the Internet of Things (IoT), smart, networked devices, is here and growing at an exponential pace. Wearable devices like fit bands are becoming commonplace. Smart phone applications have become essential for work and leisure where access and connectivity are key. Add to these home devices like Nest thermostats that program themselves through the power of the cloud – and you can see how these “things” all contribute to today’s count of approximately 10 billion Internet-connected devices. Now consider the people who use them, how they use them, and all the data they generate. With IoT, we are unlocking the “personalization of IT.”
Looking back, not that many years ago a desktop machine was called a “personal computer,” but compared to today’s smart and predictive technologies, those machines are nowhere near personal. Fast-forward to today, and most of the applications on my smart phone are all about me, how I live my life and my interests. This is extremely personal.
As a security person, however, I’m concerned about the implications of this level of personalization and the amount of data shared. Today, there’s more data about our lives being analyzed in more places, more ways and with more intelligence. We can only expect this data will increase given that the number of connected things is expected to grow to more than 50 billion by 2020. In the IoT, not only is data representative of our lives, it is a powerful currency that all sort of nefarious actors would want to access. Data is something that we need to protect more ferociously than ever before.
Of course, determining what to protect and what to secure against is exponentially harder because the points of attack have grown and the type of attacks have changed so much. Data theft and data breaches will continue to be a huge problem, as we were reminded of by the recent Target and Neiman Marcus incidents.
That’s the bad news.
The good news is that intelligence deftly applied to security can help make smarter, automated security systems that help to preserve the convenience of the IoT, but can also help protect this personalization of IT. If we invest in the right security intelligence for protecting the IoT while it is still relatively nascent, we may have a better chance of making the world more secure as connected devices proliferate.
At Cisco, we see the IoT as one of many important technology transitions that make up the Internet of Everything (IoE). IoE is the networked connections of people, process, data and things – more connectedness, more potential value, and an even stronger need for a robust security infrastructure that enables “thing-based” solutions to deliver value to their owners, end users, and society as a whole. Security must be pervasive across these transitions — securing devices and solutions from interference, and protecting all infrastructures from attacks that leverage Internet-enabled devices as attack vectors.
The emergence of the “personalization of IT” strongly argues for a security model that incorporates the following principles:
- Agile threat protection powered via analytics and intelligence – to reduce the attack surface. Traditional static prevention and blocking models won’t suffice.
- A Visibility-driven environment from the devices, to the network to the cloud to ensure that decisions are made with the right context (e.g. identity, location, application).
- A Platform-based approach to that can scale and be managed centrally to reduce complexity.
- Elements of openness so that the security can adapt and extend with the explosion of connected “things.”
This list may not be exhaustive, but it’s a solid foundation upon which to build and deliver models for Security in our rapidly changing world. Despite the challenges, I remain an optimist. Our industry is creative, resilient and up for the challenge.