Now, I want to talk about the Internet of Things and cyber security. These two have been chosen as bedfellows as there will be an increasing crescendo of noise around each individually and also between the domains.
Cyber security and the Internet of Things (IoT)
The installed base for IoT devices is estimated to grow from around 10 billion connected devices today to as many as 30 billion devices by 2020.
We will be facing a world where there are objects, literally everywhere and we will start to realise this as this becomes more and more pervasive.
These objects will be telling us about the weather in this part of the city or where a particular bus or train is right now.
The emerging problem is that most IoT device manufacturers and service providers are failing to implement common security measures in their products.
They are frankly focussed on being the object of choice and getting their product out to market. Our friendly hackers will be able to exploit these new devices to conduct data breaches, corporate or government espionage, and damage critical infrastructure like electrical grids.
When it comes to IOT, it is clear to me that GE will be a major player. The company is investing across its respective divisions from aircraft engines to energy utility and healthcare.
Meanwhile, Phillips is partnering with Cisco on IOT and both companies are investing heavily in this space.
What’s going to be hot is when smart objects talk to other objects and provide insights and actions. A great example is objects gather data for predictive and preventative analysis.
Imagine street lights that use data to detect traffic jams and can automatically warn drivers and encourage them to take another route.
The reality is that these larger scale IoT transformations are some time away. So let me calibrate our expectations. Here are a few useful IoT technologies that you may want to consider.
This is simple but great little smartphone app that works on both iOS and Android platforms. It is all about finding that lost set of keys or an object that you want to be able to locate – like your pet dog.
A feature that I really like is Crowd GPS – when another user of the TrackR app comes within a 100ft range of your lost item, you will receive a GPS update of where your item is located.
These are sensors that they can be placed in their home, office, and car. SmartThings lets these sensors communicate with each other, and with others. There are many use cases and I’m not sure that these are necessarily smart, just perhaps useful.
You can turn off your lights, open and close your garage door, or check that the kids are on their way home. This solution is open source and that’s going to be mandatory as we will all be using multiple branded devices.
Jasper is a pioneer in cloud-based IoT and has already had success making the ‘connected car’ a reality for companies like GM, Nissan, Ford and VW.
With some 3,500 enterprise businesses have standardised on the Jasper platform across 24 mobile operator groups worldwide, in more than 100 countries. The Jasper technology is also used in Amazon Kindles, the Sony Playstation, and across several smart metering projects.
Jasper started with US$205 million in funding and was acquired by Cisco just a few months ago.
Electric Imp is a very interesting company that works on private and public clouds to connect devices securely. As both the device and cloud are managed services, this is an IoT offering with security built-in.
This platform has secure hardware modules that run impOS – a secure, managed operating system that hosts the customer app within the wireless chip itself.
On top of this is a security as a service that monitors, patches, and updates to ensure the ongoing security. Within the cloud itself, the managed Imp service hosts a VM for every connected device and there are out of the box integrations for AWS Kinesis, Keen.io, Salesforce, Pubnub, Wolfram, New Relic and Twilio. (Note that the last two were featured in What’s hot in enterprise IT – part 1.)
Let talk cyber security
One of the world’s highest valued cybersecurity organisations, Tanium, has raised more than $300 million. Venture capital firm, Andreessen Horowitz, is the company’s largest single investor with a $142 million stake.
Tanium is designed to detect hackers the minute they attack. What is behind this is to simplify control of networked computers into a single management package.
Every endpoint – computers, servers, printers, phones, tablets – is protected. The solution offers endpoint asset inventory, security vulnerability detection and remediation, software distribution, IT compliance reporting, patch management, software license management, security policy enforcement, and endpoint device power consumption management.
The company's claim is that you can update all endpoints within 15 seconds.
Llumio provides a policy-driven security that helps lock down application visibility and connectivity to unauthorised users. The general idea is about protecting data even if a hacker breaks in.
It works with your current host-based firewalls and can be controlled with a centrally-managed policy. This is all about injecting more agility, without compromising security controls. It just makes administration practical and doable.
Centrify is an identity platform that protects compromised credentials. It does this by securing an enterprise’s internal and external users as well as its privileged accounts. This covers both hybrid IT environment of cloud, mobile and on-premises.
Centrify provides a sign-on, multi-factor authentication, mobile and Mac management, privileged access security and session monitoring.
What this means is that you have a single password sign-on to access all your applications across all your enterprise technology. In essence, the unified single sign-on with mobile management is the secret sauce. The end result is policy enforcement is easier and there will be less help desk calls.
The company’s clients include Citi, Credit Suisse, Microsoft and GE Capital.
If you want to know who was behind the Sony hack, then AlienVault will help. The company's provides a combination of five key security capabilities with expert threat intelligence, which is updated every 30 minutes with data that has been analysed and classified by the company's lab team.
The company’s ‘open threat exchange’ provides a crowd-sourced and collaborative forum that collects global threat intelligence from attacks, which improves your ability to detect threats and repeal hackers.
This is a SaaS platform that can provide you with an app to streamline communication between security researchers and your internal response team.
To unleash hackers for good is what HackerOne is all about. It includes a bug bounty program that has already paid US$6.5 million in bounties. These bounties can range from US$150 to as much as US$30,000 per bug.
There is a HackerOne Professional and a HackerOne Enterprise version and they include in their customer base Dropbox, Airbnb, and Adobe.
Here is another startup, this one founded by former McAfee executives. Like Tanium, CrowdStrike talks about speed and it endeavours to provide a ‘five-second visibility’ into a company’s security posture.
CrowdStrike uses a cloud-based approach that creates a threat graph model to analyse and correlate large volumes of events in real-time to identify anomalies, and behavioural patterns for both known and unknown threats. The product also has a ransomware blocking feature.
Watch this space
It is clear to me that these 30 billion connected things will be a massive opportunity and threat at the same time. These technologies need built-in security and we are starting to see the early stages of this being realised.
There are not going to be two areas of IT that will move faster and with greater dependency than IoT and cyber security. Simply, you can’t roll out IoT devices with considering the security implications and if you try, then IoT will be more of a threat than an opportunity.
David Gee is the former CIO of CUA where he recently completed a core banking transformation. He has more than 18 years' experience as a CIO, and was also previously director at KPMG Consulting. Connect with David on LinkedIn.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.