Skip to main content

Increased Connectivity - The Good, Bad & Ugly

Connectivity is on the rise by all accounts.  Interoperability is where it's act.  Languages, protocols, operating systems, identities, on-line profiles, devices, smart-phones, tablets, you name it, if connectivity isn't a feature it's not getting a look in.

If you look at pre-internet times (yes hard I know) device and data interconnectivity was seen as an important use case, but only implementable if deemed absolutely necessary.  As tooling and applications now allow data passage with a few clicks, the network of connected devices becomes enormous.

Whilst this brings many end user benefits it can also bring with it management issues, data loss prevention concerns and data proliferation where perhaps it shouldn't.

Increased Connectivity is Great Right?
The main area of increase recently has been the rise of the smart-phone.  Devices that now contain powerful processors, large portable micro-card storage and run operating systems with the same level of complexity of a desktop machine.  Smart-phones can hop onto a wi-fi network in seconds and communicate over TCP/IP like any other device.  Coupled with smart-phone 'always-on' capability, comes increased on-line connectivity.  By this I'm referring to the services that the internet provides.  For example, a Google account can link your phone contacts to your calendar, to your social network and in turn you can import your RSS feeds directly into a blog page and see the book recommendations from your friend feeds.  A document on your laptop can easily be shared, stored and copied to your phone, tablet and work colleague seamlessly.

Why is it a Problem?
The biggest danger with inter-connectedness comes data management.  If you use a basic cloud synchronisation service, you could quite easily have 3-4 copies of the same document.  A local copy, an on-line archive, a collaborative copy and so on.  Where is the ownership, protection and management of the original data?  No longer is corporate data restricted to the private LAN.  The boundaries of such a network are now blurred.  If corporate data can be downloaded, viewed and edited on a tablet or smartphone using 3G where does the corporate security policy end?  Data Loss Prevention can provide many answers.  Endpoint device management is a major concern as is the security of Data-in-Motion.  New technologies that focus on Information Rights Management that help restrict proliferated data access by unknown users is now popular.  Data-at-Rest is quite a well known concern area and disk encryption for laptops is popular and remote-wipe is also a common feature for smart-phones and tablets.

BYOD or Bring Your Own Device brings with it another complex set of security concerns.  Should organisations realise the potential of individually owned devices to create an inter-connected grid of data exchange?  What about employees with jail-broken phones, or phones with inconsistency patching, applications and so on.  What happens with an employee leaves an organisation?  Who owns the data and can it be legally wiped?

Shifting Boundaries
The expansion of the connectivity can create a blurring between the private and public networks and in turn cause policy jurisdiction issues.  A concern in recent years has been the increase in the number of SCADA (Supervisory Control & Data Acquisition) system attacks.  Historically these systems would be not have been so heavily inter-connected with the corporate network and in turn access to the internet.  SCADA networks were generally separate from existing LAN infrastructures, using faster lower level protocols.  As inter-connectivity with standard TCP/IP infrastructure increased, SCADA systems became inadvertently accessible via the internet and in turn more open to cyber and malicious software attacks.

It will be interesting to see as connectivity continues to increase at both the corporate, personal and industrial level, whether security policy and controls management can keep a pace, providing governance and support to help reduce data loss, attack and malicious software proliferation.


Popular posts from this blog

2020: Machine Learning, Post Quantum Crypto & Zero Trust

Welcome to a digital identity project in 2020! You'll be expected to have a plan for post-quantum cryptography.  Your network will be littered with "zero trust" buzz words, that will make you suspect everyone, everything and every transaction.  Add to that, “machines” will be learning everything, from how you like your coffee, through to every network, authentication and authorisation decision. OK, are you ready?

Machine Learning I'm not going to do an entire blog on machine learning (ML) and artificial intelligence (AI).  Firstly I'm not qualified enough on the topic and secondly I want to focus on the security implications.  Needless to say, within 3 years, most organisations will have relatively experienced teams who are handling big data capture from an and identity, access management and network perspective.

That data will be being fed into ML platforms, either on-premise, or via cloud services.  Leveraging either structured or unstructured learning, data fr…

Customer Data: Convenience versus Security

Organisations in both the public and private sector are initiating programmes of work to convert previously physical or offline services, into more digital, on line and automated offerings.  This could include things like automated car tax purchase, through to insurance policy management and electricity meter reading submission and reporting.

Digitization versus Security

This move towards a more on line user experience, brings together several differing forces.  Firstly the driver for end user convenience and service improvement, against the requirements of data security and privacy.  Which should win?  There clearly needs to be a balance of security against service improvement.  Excessive and prohibitive security controls would result in a complex and often poor user experience, ultimately resulting in fewer users.  On the other hand, poorly defined security architectures, lead to data loss, with the impact for personal exposure and brand damage.

Top 5 Security Predictions for 2016

It's that time of year again, when the retrospective and predictive blogs come out of the closet, just before the Christmas festivities begin.  This time last year, the 2015 predictions were an interesting selection of both consumer and enterprise challenges, with a focus on:

Customer Identity ManagementThe start of IoT security awarenessReduced Passwords on MobileConsumer PrivacyCloud Single Sign On
In retrospect, a pretty accurate and ongoing list.  Consumer related identity (cIAM) is hot on most organisation's lips, and whilst the password hasn't died (and probably never will) there are more people using things like swipe login and finger print authentication than ever before.

But what will 2016 bring?

Mobile Payments to be Default for Consumers

2015 has seen the rise in things like Apple Pay and Samsung Pay hitting the consumer high street with venom.  Many retail outlets now provide the ability to "tap and pay" using a mobile device, with many banks also offer…