Internet of Things: How to Tackle Security
The Internet of things (IoT) has everyone giddy. You can record shows with your phone that you forgot to set on your digital TV box before you left the house. You can unlock your house without a key or turn on your lights before you get home. You can turn on the heater remotely so it’s nice and toasty before you step in the door.
Much more is to come; there’s buzz about the connected car, healthcare devices, and the endless possibilities. Analysts at IDC predict IoT spending will exceed $7.3 trillion by 2017. While all this is great for improving the consumer experience, a dark shadow lurks behind it all: concerns about privacy and security.
It’s no surprise that the IoT is leading to a new category of cybercrime. The smart LED light bulbs that leaked Wi-Fi passwords are a recent example. What does a hack of such a device mean? We haven’t seen one with devastating consequences—yet.
READ MORE: 7 Questions About the Internet of Things
But even relatively minor hacks can cause inconvenience for the user. Worse, these vulnerabilities break the customers’ trust and tarnish a company’s brand reputation, which can irreparably damage its business.
Identifying who’s who and what’s what has never been so complex. It’s not just about protecting IoT devices but the entire ecosystem, from the customer to the partner, the web page, the mobile device, the mobile app, the cloud and everything else in between.
Static and portable devices need to communicate with each other, and human-to-machine and machine-to-machine identification and interaction must be taken into account. Without the right model in place, your organisation could be at risk of making your data—and your customers’—openly available to cyber attacks.
The IoT requires a new way of thinking and acting, one that will protect a business and help it grow. To ensure security in the era of IoT, I’d recommend organisations consider the following:
Think security – IT needs to authenticate customers outside the firewall. Users may want to access systems via multiple devices, and they will expect a user experience that is tailored to how, when, and where they access services.
Think ecosystem – Trying to duct-tape security architecture together or protect access on a device-by-device basis is not going to work effectively—or even at all. A single platform that unifies the entire ecosystem will provide a simple, repeatable way to protect a growing number of devices.
Think flexibility – Building a platform that supports and unifies the entire ecosystem is challenging enough, but you also need to keep the future in mind. Businesses need to support new services, new devices, and new infrastructure on the back end. Open source gives IT a platform it can build on and customise, while open standards offer the flexibility to adapt to future needs in a very standardised manner.
Think monetisation – How do enterprises protect data they can’t see as it’s communicated between IoT devices and other parts of the ecosystem? Ensuring data is encrypted and authenticated is important. However, it’s also important to understand the relationship between different parts of the ecosystem. Knowing who accesses data and how, where, and when they access it are just a few of the factors that can help ensure proper security. This knowledge helps you verify the user is legitimate and that current behavior is consistent with past behavior. Because organisations collect all this information, businesses now have a platform they can leverage to better understand and serve the needs of their customers and to provide up-sell opportunities that generate new revenue streams.
Savvy organisations will go to great lengths to protect their customers. We’ve all seen the negative impact mega data-breaches have on organisations.
Being smart about security not only helps the CEO keep his or her job, it helps to protect the brand and provides an opportunity to turn the cost of IoT security on its head by using it to provide new and valuable avenues for future growth. Isn’t that what the board really wants in the first place?
According to a recent Gartner report, CEOs list “growth” among their top three business priorities and are investing heavily in their digital businesses to achieve this goal. IoT will surely play a significant role in achieving this growth, but if it is implemented without proper security, CEOs will fail before they have a chance to succeed.
By Neil Chapman SVP & MD EMEA / International, ForgeRock
GfK and VMware: Innovating together on hybrid cloud
GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.
In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade.
“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.
Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.
By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.
One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.
“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.
Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs.
“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.
The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment.
The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.
One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.
“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.
“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client.
“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”