Category Archives: emerging technology

What is your process to monitor emerging technology?

Leave a reply

I will write a post soon on a process to monitor emerging technology.  The key benefit of proactively monitoring emerging technology is to uncover unknown business problems and associated technical solution and to go faster to market with technology.  It also provides architects greater time to design and prepare for potentially disruptive technology.

The best known and potentially disruptive emerging technology is “block chain” (especially bitcoin).  This topic deserves several discussion by itself.  Please see a good summary of blockchain at ZDnet.com.  For example, I found this description of blockchain and bitcoin useful: think of blockchain as the ‘operating system’ upon which different ‘applications’ (such as Bitcoin) can run.

The Takeaways

  1. Develop a service/product that delivers recommendations on either ignoring, monitoring, testing or adopting emerging technology
  2. Continue to monitor and develop use cases for blockchain.

 

How Smart, Connected Products Are Transforming Companies – A New Architecture

Leave a reply

I randomly (can you say “squirrel”) came across article entitled, ” How Smart, Connected Products Are Transforming Companies.” The article has an interesting architecture or new technology stack for handling smart, connected products. It requires companies to build and support an entirely new technology infrastructure. The entire article is a really good read.

R1411C_A2

The authors writes about the need for security:

Until recently, IT departments in manufacturing companies have been largely responsible for safeguarding firms’ data centers, business systems, computers, and networks. With the advent of smart, connected devices, the game changes dramatically. The job of ensuring IT security now cuts across all functions.

Every smart, connected device may be a point of network access, a target of hackers, or a launchpad for cyberattacks. Smart, connected products are widely distributed, exposed, and hard to protect with physical measures. Because the products themselves often have limited processing power, they cannot support modern security hardware and software.

Smart, connected products share some familiar vulnerabilities with IT in general. For example, they are susceptible to the same type of denial-of-service attack that overwhelms servers and networks with a flood of access requests. However, these products have major new points of vulnerability, and the impact of intrusions can be more severe. Hackers can take control of a product or tap into the sensitive data that moves between it, the manufacturer, and the customer. On the TV program 60 Minutes, DARPA demonstrated how a hacker could gain complete control of a car’s acceleration and braking, for example. The risk posed by hackers penetrating aircraft, automobiles, medical equipment, generators, and other connected products could be far greater than the risks from a breach of a business e-mail server.

Customers expect products and their data to be safe. So a firm’s ability to provide security is becoming a key source of value—and a potential differentiator. Customers with extraordinary security needs, such as the military and defense organizations, may demand special services.

Security will affect multiple functions. Clearly the IT function will continue to play a central role in identifying and implementing best practices for data and network security. And the need to embed security in product design is crucial. Risk models must consider threats across all potential points of access: the device, the network to which it is connected, and the product cloud. New risk-mitigation techniques are emerging: The U.S. Food and Drug Administration, for example, has mandated that layered authentication levels and timed usage sessions be built into all medical devices to minimize the risk to patients. Security can also be enhanced by giving customers or users the ability to control when data is transmitted to the cloud and what type of data the manufacturer can collect. Overall, knowledge and best practices for security in a smart, connected world are rapidly evolving.

Data privacy and the fair exchange of value for data are also increasingly important to customers. Creating data policies and communicating them to customers is becoming a central concern of legal, marketing, sales and service, and other departments. In addition to addressing customers’ privacy concerns, data policies must reflect ever-stricter government regulations and transparently define the type of data collected and how it will be used internally and by third parties.

Shared Responsibility for Security.

In most companies, executive oversight of security is in flux. Security may report to the chief information officer, the chief technology officer, the chief data officer, or the chief compliance officer. Whatever the leadership structure, security cuts across product development, dev-ops, IT, the field service group, and other units. Especially strong collaboration among R&D, IT, and the data organization is essential. The data organization, along with IT, will normally be responsible for securing product data, defining user access and rights protocols, and identifying and complying with regulations. The R&D and dev-ops teams will take the lead on reducing vulnerabilities in the physical product. IT and R&D will often be jointly responsible for maintaining and protecting the product cloud and its connections to the product. However, the organizational model for managing security is still being written.

The authors continue with implications for organizational structure (i.e., The Takeaways)

R1510G_PORTER_ANEWORGANIZATIONAL-1024x794

 

How can we improve IoT security?

Leave a reply

Read interesting article on securityweek.com by Lance Cottrell. I think that the following comment is spot on:

It is easy to vilify the IoT makers, but they are simply responding to the constraints and market realities in front of them. Moral persuasion will not meaningfully change their behavior. To get better IoT security, that needs to actually be a priority for the business, and that means changing the regulatory and liability landscape to make it so.

 

This not only applies to IoT makers. What about biomedical makers? What about manufacturers of computer software in general?

Take aways

  • In the absence of regulation, you need to collaborate with your Legal, Risk Management and IT teams to encode your standards into terms of legal contracts.  These terms can be negotiated and exception granted (and monitored).