As the Internet of Things Mobilizes, Safeguarding the Cloud Is Our Prerogative
Test case: the connected car
The idea of the connected car is a reality. Connected car technology precedes cars from Google and Apple that will help bring the Internet of Things (IoT) to our doorsteps in a big way by the year 2020.
Yet already we have the news of the Fiat-Chrysler hack test that resulted in the recall of 1.4 million vehicles. Hackers were able to take control of a moving car over the internet.
Recently, I’ve been thinking a lot about how connected cars are a harbinger of the IoT. Eventually, the theory goes that autonomous, connected cars will use data transmitted by all the things around us in connected cities to make decisions in real time.
This presents a scary scenario. Of all the things that will make up the IoT, how many will be vulnerable to hacks, similar to what just happened to Fiat-Chrysler? How many of the cars will have Achilles Heels?
Danger zone: the IoT
From all accounts, the IoT promises to be huge for business in terms of how we use big data. Each object equipped with sensors and linked to the internet will affect how we’re using data points. Manipulation of the data could be more insidious than hacks that cause malfunctions. Hackers could potentially falsify data to create chaos. Corporations could manipulate and falsify data to create conditions favoring their product. Further, as is the case currently with Diane Feinstein’s Cybersecurity Information Sharing Act, the government could demand access to data and give corporations the right to collect and store more of it than we ever thought possible.
The truth is that in any cyber infrastructure where there are built-in access points, and encryption protocols are not applied consistently to sets of data, there will always be the possibility of hacks—the data will always be available to prying eyes.
Cloud security: our prerogative
Are we ready for a connected world without data security accountability—a wild west of data? In order to be proactive here, we’ve got do our part in the business world—we’ve got to secure data on the cloud. The following is a rundown on doing just that.
If your organization has an IT department, talk to the CIO (Chief Information Officer) or CSO (Chief Security Officer) and make sure you are up-to-date on the measures they are taking to ensure cloud security. If this information isn’t readily available to you in a form you can easily digest, make a suggestion. They’ll be happy you care and respectful of your concern.
If your organization doesn’t have anyone in charge of information security and is simply using the available cloud technology, talk to appropriate parties about what you can do. Spearheading the discussion will do everyone a favor.
- Staying current
IT departments are in charge of staying current on cloud security solutions. Data encryption methods, effective data loss prevention software (DLP), anti-virus and anti-malware solutions—all are important for cloud security. Moreover, CSO’s can set requirements for adopting a cloud application provider—they can request to see information verifying the provider’s compliance with common standards such as the CSA Cloud Control Matrix, and they can review technologies and certifications.
To protect against external threats, they can take additional measures such a two-factor authentication, one-time passwords, and Distributed Denial of Service protection. To ensure no one but those who are authorized to do so can access the cloud application, they can use an Identity Federation Solution, which relies on your organization’s User Directory for authentication. There are many ways for IT to stay current on cloud security. If you are an IT professional, or just interested, consider these 14 tips to secure cloud applications from CSO Online.
Where do you stand in the ladder of implementation? As I’ve discussed so far, determining the means to cloud security is IT’s job, but implementation is a company-wide affair. Owners and CEOs can ensure implementation by making sure it’s a priority. They can urge Human Resources to stay on top of employee concerns and gauge employee satisfaction with cloud applications and security solutions. They can prioritize effective communication through management, and they can organize events, such as seminars and workshops, to help educate employees.
In turn, employees can make sure their credentials are safe. No writing down passwords and putting them anywhere near the computer or on a post-it note, and don’t store them on an unprotected, shared drive; make sure passwords are unique, abstract, and incredibly hard to crack. Don’t download cloud apps that haven’t been sanctioned by your employer.
Overall, communicate with the IT department when considering any sort of cloud activity that hasn’t been pre-approved and prescribed by your employer.
Paving the way: we're the architects
The bills we pass now, the decisions we make about storing, and securing or sharing big data, will have a direct impact on the IoT of tomorrow. These decisions will determine whether big data, the cloud and the IoT are ultimately a positive or negative experience for mankind. Do we want a giant, vulnerable web sharing information about us constantly, information that could fall into the wrong hands? Or do we want an enclosed, safe system? It’s up to the people whose businesses deal in big data to decide.
I'm a freelance writer who specializes in marketing, tech, social media, and anything super-interesting in the world right now. I love playing music--specifically guitar, bass, and drums. I graduated from Boise State University with a degree in Creative Writing. Please find me on Twitter.