Home About Blog Report & Survey Highlights Case Studies Q&A Interviews Services

Laura DiDio on…

Microsoft Azure Sphere chip for end-to-end IoT security from the Cloud to Network Edge

“MediaTek is a good partner [for Microsoft] to have for its Azure Sphere secure IoT chip,” said Laura DiDio, principal analyst with ITIC. “They will provide a Wi-Fi controller, the processor will run Microsoft’s Linux-based IoT OS and you’ve now got a highly secure, connected device at a decent price point.”

Channel Futures, April 17, 2018

Microsoft Reorganization:

“Microsoft has actually been moving away from Windows and more towards the cloud, analytics and AI for the past ten years,” explained Laura DiDio, an analyst at ITIC. “This did not happen overnight.” DiDio pointed out that Nadella has made major changes quickly during his tenure. “That’s the way you have to move,” to stay relevant, she said. “You’ve got to be agile to stay ahead of the game.”

The changes don’t mean that Microsoft is totally giving up on Windows, DiDio said. But they do mean that Nadella is focusing the company’s energies around stronger assets.

“They’re de-emphasizing Windows,” she said, in order to become a stronger “player in cloud and artificial intelligence, because that’s where the money is.”

CNN Money, March 29, 2018

Failure to deliver reliability and uptime:

“Time is money,” DiDio says. “Systems, networks and connectivity devices are subject to failure. If the downtime persists for any significant length of time, it can be expensive in terms of monetary losses. It can disrupt operations, decrease worker productivity and negatively impact the organization’s business partners, customers and suppliers.

“A security outage of any significant duration can also be a PR nightmare and damage the company’s reputation, causing lost business,” DiDio says. “Reliability and uptime go hand in hand with a comprehensive, detailed backup and disaster recovery plan that also includes an internal operational level agreement that designates a chain of command in the event of any type of service disruption.”

Every organization should have a disaster recovery plan that includes an itemized list of who to contact at vendor organizations, cloud and third-party service providers, DiDio says. “The CISO should also know what the company’s contracts stipulate as the response time from vendors, cloud, and third-party service providers to respond to and thwart security incidents and track down the hackers,” she says.

CSO Online, November 21, 2017

Cal State University and Hartnell College Launching Cohort Program:

“Since 2013, the two institutions have promoted this program as a way to attract minorities, women and students who are the first in their families to attend college to Computer Science and STEM subjects. The Cohort program nurtures these students by having them take their CS classes as a group.” DiDio says. It also helps them adjust more quickly to college life by providing them with group study and life skills classes to help them stick with CS as a major and graduate.

“So far, so good. A 75% majority of students enrolled in the CSUMB/Hartnell CS Cohort program graduate. This is well above the national average of about 30%,” DiDio notes.

ITIC Corp, November 17, 2017

Burger King Ad Creates Whopper of a Mess:

“In the Internet of Things environment, where you can have “an ecosystem or ecosystems of ecosystems interconnected, the attack vector universe is potentially limitless,” noted Laura DiDio, research director for IoT at 451 Research.

The risks are “everywhere, and what you can do is mitigate risk to an acceptable level,” she told the E-Commerce Times — but that requires vendors to make secure products.

E-Commerce Times, April 13, 2017

United Airlines Customer Service Snafus:

United’s behavior was “cavalier and callous,” said Laura DiDio, research director for IoT at 451 Research.

“The deck is stacked against passengers these days,” she told CRM Buyer.

However, this situation “is a PR nightmare for United Airlines,” DiDio added, “and it’s not going away.”

CRMBuyer, April 11, 2017

Nearly two-thirds of businesses – 62% — now allow their end users to “bring their own devices (BYOD)” and use them as their corporate desktops or mobile devices to access organizational data including Email, applications and sensitive data. However, 71% of businesses that allow BYOD, have no specific policies and procedures in place to support BYOD deployment and ensure security.

That’s according to the latest independent joint survey conducted by ITIC and KnowBe4.com, a Clearwater, Florida company that specializes in security awareness training. The ITIC/KnowBe4.com survey, polled 550 companies worldwide in July and August. The survey survey found that only 13% of respondents said their firms have specific policies in place to deal with BYOD deployments, while another nine percent indicated they were in the process of developing BYOD procedures.

“These survey findings should act as a wake-up call to galvanize corporations into proactively managing and securing corporate data accessed by mobile BYOD devices before they suffer an expensive and potentially crippling loss or hack,” said ITIC principal analyst Laura DiDio. She continued, “Every firm regardless of size should conduct a risk assessment review and adopt strong security and management policies to deal with increasingly mobile BYOD deployments.”

BYOD deployments have been among the biggest trends in corporate computing usage in the last 12 to 18 months, spurred on by the burgeoning use of mobile and portable devices like smart phones and tablets which have become ubiquitous and near-indispensible workplace tools. BYOD usage does help businesses to contain costs and lower the administrative burden of IT departments as end users manage, maintain and in many cases pay for their own devices.

However, the downside of the BYOD and mobility trends is that they leave companies – from SMBs to enterprises — extremely vulnerable to security breaches. Unless the corporation has strong, effective usage and security policies in place to govern BYOD usage, the company and its sensitive corporate data could be put in a precarious position in the event that a mobile device is lost, stolen or hacked.

Kevin Mitnick (former ‘most-wanted’ hacker), KnowBe4’s Chief Hacking Officer agreed, noting, “Mobile devices are the new target-rich environment. Based on lessons learned in the early days of the personal computer, businesses should make it a top priority to proactively address mobile security so they avoid same mistakes [of the PC era] that resulted in untold system downtime and billions of dollars in economic loss.”

Among the other ITIC/KnowBe4.com survey highlights:

  • Organizations are split on who takes responsibility for the security of BYOD devices. Some 37% of respondents indicated the corporation was responsible; 39% said the end users were responsible; 21% said both bear equal responsibility and the remaining three percent were “Unsure.”
  • Presently, 51% of workers utilize smart phones as their BYOD devices; another 44% use notebooks and ultra books, while 31% of respondents indicated they use tablets (most notably the Apple iPad) and 23% use home-based desktop PCs or Macs.
  • A 57% majority of respondents said the end users purchased/owned their BYOD devices; compared with only 19% that indicated the corporation buys and owns them. Another 22% of survey participants said the company and the employees split the cost. The remaining two percent said they decide on a case-by-case basis.
  • The top three challenges with respect to BYOD deployment were: difficulty of management and support (63%); provisioning new applications (59%) and security (48%).

The transition to a BYOD model is rapid and widespread. Legal services leader Foley & Lardner, was an early adopter of BYOD in October of 2009. According to a recent article, the firm implemented this program to cut costs and enable their employees to work anywhere, anytime. The security issue on personal devices is said to be protected from “within the secure confines of our data center” (1).

Organizations that allow BYOD, but fail to implement strong safeguards will find themselves extremely vulnerable. Unless the corporation has strong, effective policies, procedures and security awareness training in place to govern BYOD usage, the company and its sensitive corporate data could be put in a precarious position in the event that a mobile device is lost, stolen or more likely, hacked, a real possibility in recent times. (2)

For necessary and vital security measures, every firm regardless of size should conduct a risk assessment review, adopt the ‘defense-in-depth’ strategy and create a strong first layer: security policy, procedure and security awareness training to deal with BYOD deployments.

(1) ZDnet.com , August 23, 2012. “Legal services leader and SMB Foley & Lardner makes strong case for BYOD” www.zdnet.com/legal-services-leader-and-smb-foley-and-lardner-makes-strong-case-for-byod-7000003094/
(2) “HP Research Reveals 56 Percent Rise in Cost of Cybercrime”; published on HP.com, August 2, 2011. www.hp.com/hpinfo/newsroom/press/2011/110802xa.html

Share This Content:
1 Discussion
No Comments

Be the first to comment!

Post a Comment:

Laura DiDio on Facebook
Laura DiDio on LinkedIn
Laura DiDio on Skype
Laura DiDio on Twitter