Skip to main content

Increased Connectivity - The Good, Bad & Ugly

Connectivity is on the rise by all accounts.  Interoperability is where it's act.  Languages, protocols, operating systems, identities, on-line profiles, devices, smart-phones, tablets, you name it, if connectivity isn't a feature it's not getting a look in.

If you look at pre-internet times (yes hard I know) device and data interconnectivity was seen as an important use case, but only implementable if deemed absolutely necessary.  As tooling and applications now allow data passage with a few clicks, the network of connected devices becomes enormous.

Whilst this brings many end user benefits it can also bring with it management issues, data loss prevention concerns and data proliferation where perhaps it shouldn't.

Increased Connectivity is Great Right?
The main area of increase recently has been the rise of the smart-phone.  Devices that now contain powerful processors, large portable micro-card storage and run operating systems with the same level of complexity of a desktop machine.  Smart-phones can hop onto a wi-fi network in seconds and communicate over TCP/IP like any other device.  Coupled with smart-phone 'always-on' capability, comes increased on-line connectivity.  By this I'm referring to the services that the internet provides.  For example, a Google account can link your phone contacts to your calendar, to your social network and in turn you can import your RSS feeds directly into a blog page and see the book recommendations from your friend feeds.  A document on your laptop can easily be shared, stored and copied to your phone, tablet and work colleague seamlessly.

Why is it a Problem?
The biggest danger with inter-connectedness comes data management.  If you use a basic cloud synchronisation service, you could quite easily have 3-4 copies of the same document.  A local copy, an on-line archive, a collaborative copy and so on.  Where is the ownership, protection and management of the original data?  No longer is corporate data restricted to the private LAN.  The boundaries of such a network are now blurred.  If corporate data can be downloaded, viewed and edited on a tablet or smartphone using 3G where does the corporate security policy end?  Data Loss Prevention can provide many answers.  Endpoint device management is a major concern as is the security of Data-in-Motion.  New technologies that focus on Information Rights Management that help restrict proliferated data access by unknown users is now popular.  Data-at-Rest is quite a well known concern area and disk encryption for laptops is popular and remote-wipe is also a common feature for smart-phones and tablets.

BYOD or Bring Your Own Device brings with it another complex set of security concerns.  Should organisations realise the potential of individually owned devices to create an inter-connected grid of data exchange?  What about employees with jail-broken phones, or phones with inconsistency patching, applications and so on.  What happens with an employee leaves an organisation?  Who owns the data and can it be legally wiped?

Shifting Boundaries
The expansion of the connectivity can create a blurring between the private and public networks and in turn cause policy jurisdiction issues.  A concern in recent years has been the increase in the number of SCADA (Supervisory Control & Data Acquisition) system attacks.  Historically these systems would be not have been so heavily inter-connected with the corporate network and in turn access to the internet.  SCADA networks were generally separate from existing LAN infrastructures, using faster lower level protocols.  As inter-connectivity with standard TCP/IP infrastructure increased, SCADA systems became inadvertently accessible via the internet and in turn more open to cyber and malicious software attacks.

It will be interesting to see as connectivity continues to increase at both the corporate, personal and industrial level, whether security policy and controls management can keep a pace, providing governance and support to help reduce data loss, attack and malicious software proliferation.

Popular posts from this blog

Customer Data: Convenience versus Security

Organisations in both the public and private sector are initiating programmes of work to convert previously physical or offline services, into more digital, on line and automated offerings.  This could include things like automated car tax purchase, through to insurance policy management and electricity meter reading submission and reporting.

Digitization versus Security

This move towards a more on line user experience, brings together several differing forces.  Firstly the driver for end user convenience and service improvement, against the requirements of data security and privacy.  Which should win?  There clearly needs to be a balance of security against service improvement.  Excessive and prohibitive security controls would result in a complex and often poor user experience, ultimately resulting in fewer users.  On the other hand, poorly defined security architectures, lead to data loss, with the impact for personal exposure and brand damage.

Top 5 Security Predictions for 2016

It's that time of year again, when the retrospective and predictive blogs come out of the closet, just before the Christmas festivities begin.  This time last year, the 2015 predictions were an interesting selection of both consumer and enterprise challenges, with a focus on:

Customer Identity ManagementThe start of IoT security awarenessReduced Passwords on MobileConsumer PrivacyCloud Single Sign On
In retrospect, a pretty accurate and ongoing list.  Consumer related identity (cIAM) is hot on most organisation's lips, and whilst the password hasn't died (and probably never will) there are more people using things like swipe login and finger print authentication than ever before.

But what will 2016 bring?

Mobile Payments to be Default for Consumers

2015 has seen the rise in things like Apple Pay and Samsung Pay hitting the consumer high street with venom.  Many retail outlets now provide the ability to "tap and pay" using a mobile device, with many banks also offer…

The Role of Identity Management in the GDPR

Unless you have been living in a darkened room for a long time, you will know the countdown for the EU's General Data Protection Regulation is dramatically coming to a head.  May 2018 is when the regulation really takes hold, and organisations are fast in the act on putting plans, processes and personnel in place, in order to comply.

Whilst many organisations are looking at employing a Data Privacy Officer (DPO), reading through all the legalese and developing data analytics and tagging processes, many need to embrace and understand the requirements with how their consumer identity and access management platform can and should be used in this new regulatory setting.

My intention in this blog, isn't to list every single article and what they mean - there are plenty of other sites that can help with that.  I want to really highlight, some of the more identity related components of the GDPR and what needs to be done.

Personal Data On the the personal data front, more and more org…