Home About Blog Report & Survey Highlights Case Studies Q&A Interviews Services

Laura DiDio on…

Microsoft Azure Sphere chip for end-to-end IoT security from the Cloud to Network Edge

“MediaTek is a good partner [for Microsoft] to have for its Azure Sphere secure IoT chip,” said Laura DiDio, principal analyst with ITIC. “They will provide a Wi-Fi controller, the processor will run Microsoft’s Linux-based IoT OS and you’ve now got a highly secure, connected device at a decent price point.”

Channel Futures, April 17, 2018

Microsoft Reorganization:

“Microsoft has actually been moving away from Windows and more towards the cloud, analytics and AI for the past ten years,” explained Laura DiDio, an analyst at ITIC. “This did not happen overnight.” DiDio pointed out that Nadella has made major changes quickly during his tenure. “That’s the way you have to move,” to stay relevant, she said. “You’ve got to be agile to stay ahead of the game.”

The changes don’t mean that Microsoft is totally giving up on Windows, DiDio said. But they do mean that Nadella is focusing the company’s energies around stronger assets.

“They’re de-emphasizing Windows,” she said, in order to become a stronger “player in cloud and artificial intelligence, because that’s where the money is.”

CNN Money, March 29, 2018

Failure to deliver reliability and uptime:

“Time is money,” DiDio says. “Systems, networks and connectivity devices are subject to failure. If the downtime persists for any significant length of time, it can be expensive in terms of monetary losses. It can disrupt operations, decrease worker productivity and negatively impact the organization’s business partners, customers and suppliers.

“A security outage of any significant duration can also be a PR nightmare and damage the company’s reputation, causing lost business,” DiDio says. “Reliability and uptime go hand in hand with a comprehensive, detailed backup and disaster recovery plan that also includes an internal operational level agreement that designates a chain of command in the event of any type of service disruption.”

Every organization should have a disaster recovery plan that includes an itemized list of who to contact at vendor organizations, cloud and third-party service providers, DiDio says. “The CISO should also know what the company’s contracts stipulate as the response time from vendors, cloud, and third-party service providers to respond to and thwart security incidents and track down the hackers,” she says.

CSO Online, November 21, 2017

Cal State University and Hartnell College Launching Cohort Program:

“Since 2013, the two institutions have promoted this program as a way to attract minorities, women and students who are the first in their families to attend college to Computer Science and STEM subjects. The Cohort program nurtures these students by having them take their CS classes as a group.” DiDio says. It also helps them adjust more quickly to college life by providing them with group study and life skills classes to help them stick with CS as a major and graduate.

“So far, so good. A 75% majority of students enrolled in the CSUMB/Hartnell CS Cohort program graduate. This is well above the national average of about 30%,” DiDio notes.

ITIC Corp, November 17, 2017

Burger King Ad Creates Whopper of a Mess:

“In the Internet of Things environment, where you can have “an ecosystem or ecosystems of ecosystems interconnected, the attack vector universe is potentially limitless,” noted Laura DiDio, research director for IoT at 451 Research.

The risks are “everywhere, and what you can do is mitigate risk to an acceptable level,” she told the E-Commerce Times — but that requires vendors to make secure products.

E-Commerce Times, April 13, 2017

United Airlines Customer Service Snafus:

United’s behavior was “cavalier and callous,” said Laura DiDio, research director for IoT at 451 Research.

“The deck is stacked against passengers these days,” she told CRM Buyer.

However, this situation “is a PR nightmare for United Airlines,” DiDio added, “and it’s not going away.”

CRMBuyer, April 11, 2017

Yes, infrastructure absolutely does matter and has a profound and immediate impact on enterprise security.

Server hardware (and the server operating systems and applications that run on them) form the bedrock upon which the performance, reliability and functionality of the entire infrastructure rests. Just as you wouldn’t want to build a house on quicksand, you don’t want your infrastructure to be shaky or suspect: it will undermine security, network operations, negatively impact revenue, raise the risk of litigation and potentially cause your firm to lose business.

And that’s just the tip of the iceberg. These days, many if not most corporate enterprises have extranets to facilitate commerce and communications amongst their customers, business partners and suppliers. Any weak link in infrastructure security has the potential to become a gaping hole, allowing a security breach to extend beyond the confines of the corporate network and extranet. Security breaches can infect and invade other networks with astounding rapidity.

Increasingly, aging and inadequate infrastructure adversely impacts enterprise security.

ITIC’s 2013 Global Server Hardware and Server OS Reliability survey, which polled over 550 businesses in spring 2013 indicates that a 53% majority of businesses find that security has a moderate, significant or crucial impact on infrastructure and overall network reliability. This compares to 28% of respondents who said security had only minimal impact on infrastructure reliability and seven percent who said it had no impact because they were separate and distinct. Another 12% of those polled said their organizations don’t track the impact of server hardware and server OS security on infrastructure reliability. This is double the six percent of respondents who said they didn’t track server OS security’s impact in ITIC’s 2011 poll and it marks a disturbing trend.

Similarly, 47% of ITIC Reliability survey respondents indicated that when a significant portion of their firms’ main line of business (LOB) server hardware is more than three and a half years old or older and fails to upgrade security, it has an adverse impact on server uptime and reliability. Approximately one-third or 35% of respondents said aging servers 3 ½ years old or more didn’t adversely impact reliability is down significantly from the 56% of participants who responded “No” in last year’s survey.

  • Incompatible patches, drivers and applications: This is another long-standing problem that continues to plague corporations and lower reliability.
  • Human Error: The ITIC 2013 reliability survey marks the first time that respondents had the option of choosing “user error” as negatively impacting security and reliability and it shot to number two on the list, with 28% of respondents acknowledging the impact of IT staff mistakes on downtime.
  • Nearly one-third attributed bugs/flaws in the operating system as negatively impacting downtime, while 24% of participants attributed server instability/problems for causing downtime. And 22% of respondents indicated that security issues and the fact that their IT departments were understaffed and overworked also negatively impacted network reliability.

There is clearly a direct correlation between the 28% of survey respondents who blamed human error for reliability issues and the 22% of participants that specified understaffed, overworked and inadequately IT departments and administrators as undermining infrastructure reliability.

Corporate enterprises must take responsibility to keep their infrastructure up-to-date in order to fortify security. That means regularly replacing, retrofitting and refreshing their server hardware as needed. The server operating systems, applications should be updated regularly with the necessary patches, updates and security fixes as needed to maintain system health.

Enterprises should also review their security policies and procedures every year at minimum. Companies should also install and keep current on the latest security products such as anti-virus, authentication, intrusion detection and audit trail software and security devices. Security training and awareness is a must for IT and security staff and end users. The onus is also on the server hardware and server operating system vendors to provide realistic recommendations for system configurations to achieve optimal performance. Vendors also bear the responsibility to deliver patches, fixes and updates in a timely manner and to inform customers to the best of their ability regarding any known incompatibility issues that may potentially impact performance.

The data and business you save may be your own.

To hear more, join me, Stu Sjowerman, founder of KnowBe4.com and ESG security analyst Jon Oltsik in an IBM “virtual debate.” We’ll discuss such topics as crypto hardware from an investment point of view and the “secret hardware vs. software sauce” needed to make up the ultimate level of system security for an organization. Read more about the debate on the IBM Smarter Computing blog.

When: September 17th at 1 pm ET; 10 am PT. Invite colleagues and clients to http://www.smartercomputingblog.com/debate/register now at ibm.co/144Xo79.

Share This Content:
No Discussions

Be the first to comment!

Post a Comment:

Laura DiDio on Facebook
Laura DiDio on LinkedIn
Laura DiDio on Skype
Laura DiDio on Twitter