A New Perspective on Security for the Internet of Things

Internet securityWhile there are general best practices, such as encryption, that extend across all areas of software security, the Internet of Things (IoT) era introduces new security requirements. The IoT security approach differs from that of other platforms in a few key ways: product lifetime, scale of production, and operation mode.

Product Lifetime

IoT devices have a much longer life cycle than other computing devices. While a laptop or smartphone may be expected to last three to five years, an IoT device may be used for ten or more years. Due to this unique longevity factor, IoT security programs must consider the following facts:

  • The device may be reinstalled and configured multiple times, and operated by a vast and evolving user base.
  • The device may not be equipped with antivirus or malware detection software.
  • The device may be difficult or impossible to upgrade.

As a result of these factors, IoT must incorporate better hardware-based security. Robust protection at the core level will help the device endure through several eras of security threats.

Production Scale: The scale at which IoT devices are produced has several security ramifications, including:

  • Devices typically have a standard and consistent configuration.
  • Many IoT units use a predetermined username and password, and the same credentials may be used across multiple devices.
  • Device handlers or end users may not realize the importance of securing devices due to their volume and prevalence in certain environments (for example, a retail warehouse with thousands of scanners).

The best way businesses can combat these factors is by enforcing standard security requirements across all devices. Do not make exceptions for strong username and password rules just because the device falls under the IoT category.

Operation Mode: Some IoT devices are controlled by other machines and may not ever be used by a human operator. This lack of equipment for human interaction has the following usability-related security repercussions:

  • IoT devices often have limited display and cannot directly communicate their system status on the machine interface.
  • Input to the machine is also limited; this makes it difficult to directly enter any custom commands.
  • Due to the limited display and input capabilities, it may not be quickly evident when a security threat is present or when software is not upgraded to the most secure version.

In order to ensure secure and complete management of IoT devices, administrators must employ remote management and health monitoring tools. This will help them stay up to date with the device performance, status, and overall security.

IoT devices fall into a different category than the standard smart machine. By adapting the security approach for IoT devices to their unique life cycle, production volume, and operation mode, administrators can experience a successful and secure IoT deployment.

Location Matters: Disaster Recovery and Mother Nature

Business disasterThe fast-changing nature of technology can cause the business world to have a collective short-term memory. Historical events have had long-lasting business impacts that are too-quickly forgotten. For example, after Hurricane Katrina, businesses took the concept of Business Continuity Planning (BCP) and Disaster Recovery (DR) much more seriously after witnessing the aftermath of a natural disaster.

While the headlines have mostly disappeared about the business aftermath of Hurricane Katrina, the risks of a similar storm or another natural disaster are still a reality. It is important for IT leaders to consider the environmental risks of their DR sites in order to make an informed location decision with calculated tradeoffs.

Factors to Consider

Business leaders need to consider the following key environmental and geographic factors for their DR site:

  • Natural disasters: There is no perfect DR location; every point on the map is at potential risk for some type of disaster. There is some strategy to the matter, though: If the primary business or hosting site is on a potential hurricane path, then choose a geographically disparate recovery site that would not be subject to the same storm.
  • Power: Distance is not the only factor to evaluate for primary and secondary site locations. Single power grids can cover wide areas, and ideally the two sites should sit on different power grids. Otherwise, a single power outage could bring both sites down.
  • Cloud recovery location: Businesses using cloud-based backup sites still need to do their due diligence and ensure the data center meets a set of baseline requirements. Confirm that cloud providers are located in a geographically disparate area and on a separate power grid than the primary site.

Make the Best Decision

Once procurement and IT stakeholders have evaluated the criteria for DR locations, it is time to make a decision. This process is all about tradeoffs, and the strategies below will help decision-makers weigh the pros and cons of various risks:

  • Consider the worst-case scenario: When the pros of a particular primary site outweigh the cons, make sure to think through the situations that could result from those downsides. If transit routes from the headquarters to the DR site could be blocked, stakeholders need to evaluate how key personnel will access the required data and whether they will be able to quickly resume critical business processes.
  • Form strategic partnerships:  One easy way to mitigate known or anticipated risks is to form business partnerships that will help your company fail over during an emergency. A geographically disparate partner may be able to quickly and easily access the DR site and ensure continuity of operations.
  • Prioritize network speed: One of the downsides of geographically disparate sites is network latency between those two sites. Don’t forget about network performance when evaluating the locations. Users will need to access the secondary site to continue their work, and poor network performance could have a significant negative impact on that process.

Many factors are at play when choosing the most strategic DR site. By following established best practices during this process and making calculated tradeoffs, each business can make the right decision for their specific needs.

Virtualization Goes Mainstream

We knew virtualization was big, but we didn’t know it’s this big:

Most server workloads will be virtualized within the next few years. Our prediction? Virtualization will be the catalyst for a slew of changes in our industry.

Print

Click below to embed the above image into your website

Making Your Hybrid Choice Simple

Cloud choiceFor many companies, the goal of moving information to the Cloud is centered around financial motives. While it is true that cloud can reduce expense, the real advantages are speed, adaptability, accessibility and improved operation. Hybrid cloud systems frequently offer the best return on investment, however, choosing the “right” cloud arrangement can often be complicated. Considering the following points will help simplify the task.

Where Data Lives

Both public and private clouds may be hosted at off-site locations that are not owned by the company. Some cloud vendors are able to provide a hybrid solution where both cloud offerings are hosted at the same facility for convenience. Data location for any cloud type chosen should be clearly established with each vendor during the procurement process.

What Can Public Cloud Hold?

Selecting the applications and data that may be moved to the lesser expensive public cloud option can be a complex task. Security is of great concern, since public cloud typically is less secure and supervised than the private alternative. Host mainly benign applications or sites on public cloud. Store critical data and applications requiring security on the private side of the cloud. Preferably, no connection or route between the two sets of applications/data should exist.

Compliance and Regulatory Considerations

Many industries are governed by laws revolving around privacy and data security. Payment Card Industry compliance is one regulatory concern that must be considered when selecting a cloud. Sensitive card data and customer information is extremely valuable and must be protected, otherwise a business may face legal ramifications and loss of revenues. Healthcare data should always be hosted on private cloud to comply with Health Insurance Portability and Accountability Act laws and ensure the highest level of protection.

For some industries, holding data on the continent or even in a specific region may be required. This is especially true for companies doing business with government agencies. As a rule of thumb, private clouds should almost always be hosted within a business’ home country to maintain control and have the protection of domestic law. Be sure the vendor selected for either cloud setup has been certified and/or successfully evaluated by independent data center auditors.

Access and Speed

With the right vendor, the speed at which the company can access data should be adequate for either cloud arrangement. As networks extend over state or national borders, speed may decrease or be less reliable. Two speeds must be evaluated: Network speed from cloud to cloud, and from end users to the host cloud. Latency on either should be minimal or nonexistent.

Rather than choosing between private and public cloud for a company’s entire solution, leveraging a hybrid arrangement provides the best of both worlds. Selecting a quality vendor is paramount in the decision-making process. The result won’t only be cost savings, but also the greater benefits of scalability, flexibility and speed.

7 Ways That Video Allows for Business Breakthroughs

Video conferenceUsing video for marketing purposes is a common strategy today, but many companies haven’t yet discovered how internal use of video can give their company an edge from within. The power of video use throughout company operations is just beginning to be understood. Likely to become a blossoming trend, video may improve an organization in several ways.

1. Recruiting

Video conferencing for interviews is a very fast and easy way to “meet” a potential candidate. More can be discovered in a video interview about applicants and how they present themselves to the professional world than a phone call would reveal. With video conferencing, candidates can proceed through multiple interview levels efficiently and inexpensively without the company having to fund travel for a potential hire to visit in person. Using video strategies for recruiting may be a differentiating factor to many candidates who might be interviewing with less savvy employers.

2. Training & Orientation

After finding the optimal candidate, the next important task is to ensure that the new employee is fully engaged in the onboarding process. Video makes the orientation period simpler and faster while saving human resource costs. Knowledge modules can be recorded and replayed limitless times without booking training facilities or requiring personnel time. Using video in this manner also provides a standardized and comprehensive training program, ensuring that new hires receive the most relevant information from the best possible source.

3. Bring Geolocated Team Members Closer

The new business landscape often involves telecommuting or remote employees. Team cohesion is sometimes a challenge in this type of culture, but interacting through video can given team members an opportunity to bond and to build closer relationships. Cooperation is improved, and productivity receives a substantial boost.

4. Communication

Video does something that written communication cannot: it brings life and personality to company messages. When executives speak to employees through video, a more personal and animated connection may be made. Employees are more enthusiastic and engaged in the company’s success as a result.

5. Brainstorming and Information Gathering

Teams benefit immensely from the use of video. The next best thing to an in-person meeting, video meetings allow for collaboration, the sharing of knowledge, improved learning, and more creativity. The use of videos in this manner allows teams to perform at an optimal level and achieve real results. Video also can be used to record tutorials for the benefit of those employees who wish to grow their skill sets. The internal candidate pool grows stronger and more flexible this way, making succession planning a painless process.

6. Promote Company Activities

For a business with multiple locations (potentially intercontinental), sharing excitement across oceans and state lines is incredibly important. Live streaming footage of regional events to a global audience boosts morale and fosters employee engagement in their company’s culture. Employees feel more vested in current events and more connected with management.

7. Company Portal

Combining training, celebration, news, team work, and hiring processes into a “social network” for all things company-related is absolutely essential. Live and recorded content can be hosted on video streams that are easily and immediately accessible to employees. Contributions by others should be encouraged, and an employee-centric portion of the site might be used to enhance networking and recognition.

Using the capabilities of video within a company is an impressive way to positively impact a business on many levels. From hiring talent to employee retention and training, video helps companies reap rewards at every step.