Home About Blog Report & Survey Highlights Case Studies Q&A Interviews Services

Laura DiDio on…

Microsoft Azure Sphere chip for end-to-end IoT security from the Cloud to Network Edge

“MediaTek is a good partner [for Microsoft] to have for its Azure Sphere secure IoT chip,” said Laura DiDio, principal analyst with ITIC. “They will provide a Wi-Fi controller, the processor will run Microsoft’s Linux-based IoT OS and you’ve now got a highly secure, connected device at a decent price point.”

Channel Futures, April 17, 2018

Microsoft Reorganization:

“Microsoft has actually been moving away from Windows and more towards the cloud, analytics and AI for the past ten years,” explained Laura DiDio, an analyst at ITIC. “This did not happen overnight.” DiDio pointed out that Nadella has made major changes quickly during his tenure. “That’s the way you have to move,” to stay relevant, she said. “You’ve got to be agile to stay ahead of the game.”

The changes don’t mean that Microsoft is totally giving up on Windows, DiDio said. But they do mean that Nadella is focusing the company’s energies around stronger assets.

“They’re de-emphasizing Windows,” she said, in order to become a stronger “player in cloud and artificial intelligence, because that’s where the money is.”

CNN Money, March 29, 2018

Failure to deliver reliability and uptime:

“Time is money,” DiDio says. “Systems, networks and connectivity devices are subject to failure. If the downtime persists for any significant length of time, it can be expensive in terms of monetary losses. It can disrupt operations, decrease worker productivity and negatively impact the organization’s business partners, customers and suppliers.

“A security outage of any significant duration can also be a PR nightmare and damage the company’s reputation, causing lost business,” DiDio says. “Reliability and uptime go hand in hand with a comprehensive, detailed backup and disaster recovery plan that also includes an internal operational level agreement that designates a chain of command in the event of any type of service disruption.”

Every organization should have a disaster recovery plan that includes an itemized list of who to contact at vendor organizations, cloud and third-party service providers, DiDio says. “The CISO should also know what the company’s contracts stipulate as the response time from vendors, cloud, and third-party service providers to respond to and thwart security incidents and track down the hackers,” she says.

CSO Online, November 21, 2017

Cal State University and Hartnell College Launching Cohort Program:

“Since 2013, the two institutions have promoted this program as a way to attract minorities, women and students who are the first in their families to attend college to Computer Science and STEM subjects. The Cohort program nurtures these students by having them take their CS classes as a group.” DiDio says. It also helps them adjust more quickly to college life by providing them with group study and life skills classes to help them stick with CS as a major and graduate.

“So far, so good. A 75% majority of students enrolled in the CSUMB/Hartnell CS Cohort program graduate. This is well above the national average of about 30%,” DiDio notes.

ITIC Corp, November 17, 2017

Burger King Ad Creates Whopper of a Mess:

“In the Internet of Things environment, where you can have “an ecosystem or ecosystems of ecosystems interconnected, the attack vector universe is potentially limitless,” noted Laura DiDio, research director for IoT at 451 Research.

The risks are “everywhere, and what you can do is mitigate risk to an acceptable level,” she told the E-Commerce Times — but that requires vendors to make secure products.

E-Commerce Times, April 13, 2017

United Airlines Customer Service Snafus:

United’s behavior was “cavalier and callous,” said Laura DiDio, research director for IoT at 451 Research.

“The deck is stacked against passengers these days,” she told CRM Buyer.

However, this situation “is a PR nightmare for United Airlines,” DiDio added, “and it’s not going away.”

CRMBuyer, April 11, 2017

The Bring Your Own Device trend has created a security “Achilles Heel” for a 56% majority of organizations that have no response plan in place to deal with lost, stolen or hacked BYOD notebooks, tablets and smart phones. And 56% of organizations also acknowledge they are not fortifying their existing security measures, taking extra precautions or implementing security training despite recent high profile security attacks against Fortune 1000 firms like Adobe, Reuters, Target, Skype, Snapchat and others.

Equally alarming is that 50% of companies concede their corporate and employee-owned BYOD and mobile devices may have been hacked without their knowledge in the last 12 months, consequently leaving their datacenter servers and mission critical applications vulnerable to internal and external security breaches. Anecdotal evidence obtained from first person customer interviews indicates that 75% of IT and security managers are now lobbying executive management to construct mobile and BYOD-specific security policies to plug potential vulnerabilities.

Those are among the top findings of the ITIC/KnowBe4 “2014 State of Corporate Server, Desktop and BYOD Security Trends Survey.” The joint independent Web-based survey polled 300+ organizations in February 2014 on a wide range of issues including the organization’s approach to security; the biggest security threats and challenges facing their firms and the company’s preparedness to recognize and react to potential breaches.

BYOD and mobile usage offers many advantages for organizations and end users. On the positive side it enables businesses to reduce expenditures and lower the administrative burdens of IT departments as end users manage, maintain and in many cases pay for their own devices. It also provides businesses and their end users with increased productivity because they have flexibility and mobility to access their Emails and corporate data 24 x 7.

THE BYOD & MOBILITY CONUNDRUM

There is also no denying BYOD trend is a two-edged sword.

The potential downside: it is much more difficult for IT to monitor and secure BYOD and mobile devices. Users control their smart phones, notebooks and tablets, making it extremely challenging for IT to prohibit them (or even determine) when they access suspect sites or download infected code. BYOD devices can create undetected entry points into the network and their massive numbers increase the chances of a successful penetration. Another potential risk with mobile devices is the ever-present threat of loss and theft. It is this issue that is presently causing IT and security professionals the most angst.

The proliferation of Bring Your Own Device (BYOD) usage, coupled with the continual increase in remote access and the rising mobile workforce, constitute a potentially pernicious security threat to corporate data and the datacenter.

ITIC/KNOWBE4 2014 STATE OF SECURITY SURVEY HIGHLIGHTS

Among the other survey highlights:

  • Over two-thirds – 68% of survey respondents indicated that their servers and mission critical server-based applications had NOT experienced a security breach within the last year.
  • An 80% majority of firms consider strong anti-virus, intrusion detection and firewalls the most important/critical element and most effective mechanism to safeguard their networks followed by endpoint security (65%) and physically limiting access to the server room/datacenter (60%).

Some 34% of survey participants acknowledged that they either “have no way of knowing” or “do not require” end users to inform them when there is a security issue with employee-owned BYOD devices. This makes the corporation very vulnerable!

  • One-third – three-in-10 respondents are unaware or unable to discern whether or not BYOD security breaches impacted servers, mission critical apps or network operations.
  • One-third – 32% – of survey participants indicated their firms have “No BYOD or mobility-specific security in place” or are “Unsure” if they do.

CONCLUSIONS

Individually and collectively, the inability of a significant segment of corporations to track and secure both company and employee-owned mobile and BYOD devices undermines IT and security administrators’ efforts to secure the environment. It also creates a larger attack vector for hackers. And it makes servers and mission critical applications more vulnerable to infection by rogue code, malware or sensitive data that was hijacked when a BYOD device’s security was compromised.

Without the appropriate level of security controls, the adoption of security awareness training and the implementation and enforcement of strong computer security policies and procedures organizations’ data is at increased risk of malware invasions, cyber attacks and litigation.

ITIC and KnowBe4 strongly advise organizations irrespective of size or vertical market to proactively devise a plance to respond to potential BYOD security incidents. Businesses should also invest in security training for their appropriate IT staff and end users and update existing computer security policies and procedures to implement specific mobility and BYOD provisions.



Share This Content:
No Discussions

Be the first to comment!

Post a Comment:




Laura DiDio on Facebook
Laura DiDio on LinkedIn
Laura DiDio on Skype
Laura DiDio on Twitter