At the 2016 MIT Sloan CIO Symposium, “Uber-ization” reigned as the buzzword of the day.
The explosive growth of the Internet of Things is an exciting trend for consumers, but it comes with many unknowns and risks for CIOs. From meeting the demands of a hyper-connected workforce, to staying ahead of emerging cyber threats, addressing IoT challenges and opportunities will be essential to thriving in the new digital economy.
Roota Almeida, head of information security for Delta Dental of New Jersey, will discuss this topic on stage at the upcoming MIT Sloan CIO Symposium. The Enterprisers Project caught up with her to discuss how CIOs can prepare their organizations for what's on the horizon.
The Enterprisers Project (TEP): What are the positive and negative effects of the influx of new connected devices on CIOs and/or IT organizations?
Almeida: Consumerization of IT has significantly changed the direction of technology absorption. Consumers are adopting the latest technologies and devices and are demanding the same at work. We have seen businesses struggling to adapt to this reality as we move beyond mobile devices and into the “Internet of Everything.” While the addition of sensors and connectivity to physical things is driving massive gains in efficiency, it is also posing a significant security risk for organizations.
In the past, data was stored in-house, and locked down. Organizations’ IT had physical and logical control over their data. That is rapidly changing. Small to mid-size companies are not looking to have in-house data centers anymore. Additionally, employee-owned devices have infiltrated the workplace. We live in a world where employees expect data access on any device, anywhere, and at any time. This issue has become prominent for companies and will become particularly challenging as the BYOD era evolves to include wearable devices. Beyond the omnipresent mobile devices in the workplace, always-on work mentality combined with telecommuting and the constant demand for information, leaves organizations in a tough spot. Finding balance between accessibility and security is a tough challenge.
We are in the initial stages of “Internet of Everything,” and it holds amazing potential for companies. CIOs must be prepared to adapt to this new trend by developing strategies to cash in on new opportunities and leveraging this explosion of data.
TEP: Are there any common “weak links” or areas that are particularly vulnerable to security risks that CIOs should be aware of?
Almeida: Continuing with the “Internet of Everything” trend, criminals are taking advantage of the increasing reliance on the smartphone as an authentication measure. This “connected device” could be the weak link where a malicious actor could intercept the text or code generation authentication elements built into mobile programs, to take over other accounts in a variation of man-in-the-middle attack. With this information, criminals can use the device as a key to access a broad range of information available to the user, including valuable corporate data.
Another vulnerable area CIOs should be aware of is the “old source code,” which could bring new chaos to the environment. It is the new Trojan horse waiting to be exploited! A large part of what makes information systems open to attack is that they contain “undocumented features.” The more experience one has with any one piece of software, the more holes can be found and/or closed. Yet, even a perfect fix will last only until the next innovation hits the system.
TEP: What other advice would you offer to CIOs about staying ahead of security risks in an IoT world?
Almeida: A few things:
TEP: What do you think is the most important thing a CIO can do to help their organization thrive in the digital economy?
Almeida: To thrive in the digital economy, CIOs have to understand business and new technologies better. They have to learn how to create value from their data and understand new technical capabilities for the whole business, not just in the IT domain. CIOs have the ability and must help design the end-to-end innovation process that leads to a better business, and then enable it. Innovation can drive efficiencies and lead to competitive advantage; technology is one way of capturing both.