IoT Means IT Teams and MSPs Must Focus on Security

Posted on the 27 May 2015 by Shellykramer @ShellyKramer

IT professionals share the same nightmare. After a productive and normal day at work, you head home, hang out with the family, then ultimately call it a day and roll into bed. But in the wee hours, your CIO (chief information officer) calls in a panic with the dreaded words, “There’s been a privacy breach.” Cue the cold sweats.

The occurrence of data breaches is becoming all too commonplace, happening to all kinds of companies. What makes them even more challenging is that there is often as much threat posed from alliances with vendors as from within your own organization.

Just within the last year we’ve read about security breaches at a variety of major retail organizations, insurance companies, and even government agencies. As a result, it’s no surprise that both customers and internal teams have placed network security as a top priority. Thinking about security definitely keeps IT teams as well as managed service providers (MSPs) up at night.

According to a CompuCon survey of 431 technology professionals, 44 percent listed security and cyber attacks as their number one concern. Another 28 percent listed data privacy and the exposure of sensitive personal information as next in line.

What is Privacy Anyway?

When we’re talking about privacy, what do we actually mean? A study by Michael Friedewald discusses seven types of privacy:

Privacy of Behavior and Action. Includes sensitive issues such as sexual preferences and habits, political activities, and religious practices.

Privacy of Communication. Aims to avoid the interception of communications, including mail interception, the use of bugs, directional microphones, telephone or wireless communication interception or recording, and access to email messages.

Privacy of Data and Image. Making sure that individuals’ data is not automatically available to other individuals and organizations and that people can “exercise a substantial degree of control over that data and its use.

Privacy of Thoughts and Feelings. The right not to share thoughts or feelings or to have those thoughts or feelings revealed.

Privacy of Location and Space. Individuals prefer to have the right to move about in public or semi-public space without being identified, tracked, or monitored.

Privacy of Association. Including group privacy, is concerned with an individual’s right to associate with whomever they wish, without being monitored.

Privacy of Person. Encompasses the right to keep body functions and body characteristics (such as genetic codes and biometrics) private.

Why the Focus on Security?

What’s causing this surge in security concerns? Informed consumers are waking up to the fact that their world has changed, and they are becoming more and more aware of the risks that security breaches can pose to them personally, as well as to their businesses. The mainstreaming of mobile is bringing connectivity to the masses, and the IoT has altered the digital landscape.

The CompuCon survey estimates some 212 billion devices will be connected by 2020—a market worth almost $9 trillion. By that time, there will be over 5.4 billion B2B connections. Pair the number of devices connected to the Internet with major security breaches, and the IoT has the potential to be a smoldering tinderbox, not to mention a gigantic headache for IT teams and MSPs.

Adding fuel, policy standards are also constantly changing and the concept of privacy is in flux. From the government to the legal system to the enterprise – everyone is trying to come to terms with how digital technology is changing how we look at privacy. Many consumers are poorly educated about how their personal data is collected by companies and are unsure about what it is actually used for.

Be Future Ready: Know the Answers to These Questions

An Isaca whitepaper, “Privacy and Big Data,” mapped out the questions enterprises must ask and answer, which—if ignored—expose the enterprise to greater risk and damage.

  • Can we trust our sources of big data?
  • What information are we collecting without exposing the enterprise to legal and regulatory battles?
  • How will we protect our sources, our processes and our decisions from theft and corruption?
  • What policies are in place to ensure that employees keep stakeholder information confidential during and after employment?
  • What actions are we taking that create trends that can be exploited by our rivals?

These all seem very simple, very commonsense-ical, but there’s a bigger picture issue in today’s hyper-connected world. Organizations must also revamp and alter their way of thinking about their current policies. Today’s privacy/security policies are digital – and the digital space is still somewhat of a global, borderless wild-west.

Clients and customers might be mobile, but many of them don’t have a clue about the implications of mobile, and most of them simply click “OK”on TOSs and other policies, without understanding the scope of their consent to the processing of their data. As incomprehensible as it might seem to those of us in the know, scads of people today still have no clue what an Internet cookie is!

The New Frontier: Privacy as a Right

The Internet of Things and the age of BYOD have changed “privacy as a right” into something revolutionary—an exchange of data and personal information between people and organizations, bound by the same principles of trust one expects in social and business relationships. Think of it as a good old-fashioned handshake Today it’s a given—your employees expect privacy and your customers expect privacy, period.

“It would be hard to estimate just how much productivity is lost and how much innovation is stifled due to poorly designed security products and protocols,” says Elliot Lewis, Chief Security Architect, Dell Software. “It’s just bad business. It’s bad business because it costs more than it has to. It’s bad business because you’re not protected as well as you should be. And it’s bad business because it restricts the very capabilities that information technology was designed to enable.”

Between technology innovations and the fears and expectations posed both internally and externally, it is without question the job of the IT department to understand and consider these worries. That’s where the concept of being future ready plays such an important role for IT professionals and why security is at the very top of that list. Clients have every right to be worried, however, and knowing that their managed service providers care about their concerns and that every measure of security is being taken goes a long way toward instilling confidence.

Four Steps to Implementing Better Security

There are four main steps to tackle security: Protect, comply, enable, and communicate.

Protect. This should be your first step. Protection involves a combination of firewalls, intrusion detection software, identity management, and antivirus. These must be updated regularly to remain useful and it’s important to understand that threat actors and hackers go for the most popular routes. It’s easy to get around a system once you know it. The more popular your system of choice, the easier a hacker can get it, plain and simple. Just as tech innovations are constantly bettering their systems, threat actors are constantly focused on finding new holes to worm through. You and your team can beat them at their game by stopping holes from appearing and consistently upgrading and monitoring your systems.

Go a step further and cross-train your entire workforce on some of the easier-to-handle procedures. This way, small issues can be handled quickly and efficiently. Making sure that you notify customers that even low-level non-IT employees are trained in security protection shows your company’s commitment to security. This speed and company-wide level of attention and care will go a long way with your clients, both internal and external and give them greater peace of mind that they’re in good hands.

Comply. Compliance usually means systematically checking items off a list. However, just because you don’t have another box to check doesn’t mean you have a secure system. IT departments that just aim to check off boxes miss crucial areas that need protection. Instead, look at compliance through the lens of security.

Instead of only protecting start point devices, begin with endpoint devices. Encrypt data at all levels. This ensures that all devices, BYOD or not, are secure and protect client information. This solution is cross-board, cross-device, and cross-department. It even covers remote workforces, giving you (and your clients) the peace of mind of knowing all entry – and exit – points are covered and secure.

Enable. IT security often does not have the best name in business. You’ll find no shortage of conversation and grumbling about how IT departments constrict, slow down, and/or limit functionality in business. It is considered to be the chain that can’t be removed, the constant thorn in business’side. That reputation is changing, however, as companies begin to recognize the value of having a trusted security system in place and an IT team that’s constantly looking out for the safety of them and their clients. Done right, security can be the white knight, enabling business productivity, creating flexibility and efficiencies, and instilling the confidence needed to aggressively pursue new opportunities and increased revenue.

Communicate. Lastly, it’s important to remember that having these steps in place doesn’t mean a thing if your customers, internal or external, don’t know about them, your expertise and laser focus as an IT team on security. Fostering trust not only comes through proving the strength of your security initiatives, but also regularly demonstrating and communicating to your clients that their information and privacy is of the utmost important to you and your team.

#BeFutureReady when it comes to privacy and security. Don’t wait until a security breach happens to start letting your clients know about the practices your IT team uses to keep their information safe. A monthly update on any upgrades, processes, or new tools shows your clients that their privacy is IT’s top priority. That makes them feel valued and safe, and hopefully, it will allow you to sleep better at night as well.

Additional Resources:

Privacy Concerns in the Digital World
Better Security for Better Business: Enabling the Future-Ready Enterprise with End-to-End Security
Internet Of Things: 6 Obstacles

This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. For more on these topics, visit Dell’s thought leadership site PowerMore. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.

Photo Credit: PryanksterDave (Dave Price) via Compfight cc