(The Big Disrupt) IoT: Schizophrenia

How do you ever get anything done?

How do we, as a society, ever get anything done?

Every ten seconds some kind of notification is demanding our attention. Emails from friends and colleagues, social media blips, timers, news updates, the list goes on forever. We are subjected to a constant barrage of digital noise.

And not just in one place.

We have phones, tablets, laptops, desktops and connected vehicles, just to name a few. There is never a moment when we are more than ten feet from a device that is connected to the internet. Not only is this a huge tax on our attention and the main culprit of what many call ‘shiny object syndrome’, it is also a huge risk to our personal data.

All day as we Tweet, post, reply, and consume, our data is passing through the airwaves on some kind of connection. Some of those connections are more secure than others, depending on the awareness and technical aptitude of the proprietor of a given wireless hotspot. However, by and large, the measures that are in place to secure our personal musings and private data are woefully inadequate.

The number of connected and mobile devices we use keeps increasing while the measures that protect us lag behind.

The next time you pick up a shiny new internet enabled gadget it is well worth asking how it may affect your privacy.

(The Big Disrupt) IT: Why Shadow IT isn't just bad news for CIO's

While tackling shadow IT isn't the most prominent challenge on a CIO's growing to do list, the widespread growth of the practice in recent years has become hard to ignore. 

It wasn't that long ago when research firm Gartner predicted that by 2017, marketing departments would end up spending more  on IT than IT departments and since then the use of IT services in other business has exploded to the point that Gartner's prediction is not too far off from being vindicated. 

You'd be hard pressed to find a CIO or IT professional who is loving the explosion in IT spend by other business units as it undermines IT departments and even brings into question the need for CIO's. Executives outside the IT department have defended their increased IT spend by accusing CIO's of being too restrictive and rigid.    

There's some truth to this complaint as CIO's have traditionally been less than willing to introduce new solutions, particularly those provided by startups. The unwillingness of CIO's to introduce new solutions forced software vendors to target other business units within their organization which has led to the increased use of IT solutions without the CIO's blessing.        

The growth of shadow IT in the last five years has concerned CIO's across the board with IT leaders responsible for fewer and fewer IT buying decisions. However, what really keeps CIO's up at night is the security vulnerabilities shadow IT can potentially opens their organization to. 

Despite most organizations having strict policies in place forbidding its workforce from using third party applications to handle company data, it's well known these rues are flouted with abandon. You would think this might lead to some type of punitive action taken on employees who flout these rules but since only 8% of organizations can track the use of shadow IT, finding and reprimanding employees is easier said than done to say the least 1. 

It's quite scary to think that only a measly 8% of organizations can track the use of shadow IT as it means a staggering 92% of companies are devising security and device management policies in the dark. What's even more terrifying is that should organizations that make up the 92% suffer a breach, their CIO won't know what hit them until it's too late. 

This scenario is very likely to become the norm as according to a survey carried out by Intel Security, a worrying 23% "handle security without IT's help" 2. Why this is happening when in most cases these departments are just a phone call away from each other is crazy and is a disaster waiting to happen. 

In sum, leadership at these organizations are going to have to figure out fast how to track the use of shadow and find a way to bring IT into the conversation or risk being getting hacked and beefing up their lawyer's retainers. 

1. M. Korolov, 2015, only 8% of companies can track shadow IT, http://www.cio.com/article/2868113/it-organization/only-8-percent-of-companies-can-track-shadow-it.htm
2. C. Worley, 2016, Shadow IT: Mitigating Security Risks, http://www.csoonline.com/article/3083775/security/shadow-it-mitigating-security-risks.html 

(The Big Disrupt) AWS: AWS re:Invent 2015 | (MBL205) Everything You Want to Know About IoT by @awscloud

Check out this great introduction by AWS on everything you need to know about IoT from what it is to technical tips on how to connect devices securely.

(The Big Disrupt) IoT security: why IoT could prove to be a terrible idea

The history of internet it has been one of growth and expansion as we're more connected than ever however the timing of the internet continued expansion into the physical world through the Internet of Things couldn't be worse. The internet of things (IoT) has to be one of the most talked about technology with a vast number of companies entering the IoT marketplace but their rush to market has seen them relegate security as an afterthought which, given the scale that IoT operates, is highly irresponsible. 

As mentioned above, IoT is at base an expansion of the internet into the real world which on the face of sounds like a great idea but after some consideration, it just might be one of the worst ideas to come out of Silicon Valley. Connecting a car for example to the internet may sound like a great idea until you remember your driving a car connected to the internet.  

The internet as we know it is a truly strange place at the best of times but introducing an Audi TT on to a network that's all too vulnerable to being hacked is not only careless  but really stupid. The rush to market by so many players in a market tipped to be worth over $1 trillion in next five years is understandable from a business sense but from a security perspective, the players in question are playing with fire. 

Why organizations would be this careless makes no sense as organizations left and right have had their fingers burned to the nub in costly lawsuits  and reputational damage over the last few years as they struggle to secure their networks from external threats and suffer humiliating data breaches. With the advent of IoT and the security concerns that come with it, the recent growth spurts in the cyber insurance and IoT security markets look set to explode in the next few years.    

Expanding the internet through IoT is a truly crazy idea when most CIO's and CISO's expect to get hacked and are at a serious disadvantage as hackers only have find one vulnerability while CIO's and CISO's have to find them all and stamp them out. Add to that that hackers collaborate with their peers and CIO's and CISO 's don't, connecting cars, watches, CCTV cameras, refrigerators, smartphones and the like to a network is a disaster waiting to happen as the people tasked to keep these networks secure are in no position to do so. 

In sum, IoT is likely to be one of the most important technologies in the 21st century but given it's glaring yet unaddressed flaws and the scale it operates at, IoT can also prove to be a truly terrible idea we all might regret.