ISACA urges connectivity caution as Internet of Things expands
We still don’t have flying cars or hotels on the moon. As human societies surge into the future, however, riding a swelling wave of technology, some of the formerly far-fetched and fanciful notions about how mankind would live in the 21st century are actually taking shape. The Internet of Things, relentlessly sweeping the world into a web of wireless (and wired) transmission that connects everything to everything else, is making everything smarter. Your house can’t repair the malfunctioning furnace in your basement while you sleep … yet. That, however, is the direction we’re headed in.
And with ever more devices and machines getting hooked up to other devices and machines, IT governance group ISACA is urging a strong dose of connectivity caution. The late John Ritter once had 8 Simple Rules for Dating My Teenage Daughter, and now ISACA has nine simple questions for vetting your organization’s increased connectivity. ISACA officials announced their recommendations in a Tuesday press release, which also included the information (cribbed from ISACA’s most recent annual IT Risk/Reward Barometer forecast) that nearly half of all enterprises are escalating Internet of Things involvement already, or plan to do so later this year.
The first question to ask deals with connecting new devices to company networks: “How will the device be used from a business perspective, and what business value is expected?” It’s good to remember that just because a device can be connected, doesn’t mean that it must or should be connected. If there’s not a clear business advantage, then maybe a different decision would be better.
The second thing to bear in mind is vulnerability: “What threats are anticipated, and how will they be mitigated?” Taking a proactive approach to security can help uncover weaknesses before someone on the outside finds them — and exploits them. Businesses often don’t learn about gaps in security until something bad slips through them, even though the gap was there all along.
Next on the list is restricting (and protecting) access to connected devices: “Who will have access to the device, and how will their identities be established and proven?” If your office has a cleaning service, for example, then your employees aren’t the only ones who have periodic unfettered access to company equipment. (We love you, janitorial personnel! It was just an illustrative conjecture.)
ISACA executive Robert Stroud said in a statement to press that enterprises need to look beyond the obvious: Computers, tablets, phones and other direct business aids are obvious points of entry to the company network, but connectivity isn’t limited to devices that have obvious, human-directed input and output. “Connected devices are everywhere,” Stroud said, “from obvious ones, like smart watches and Internet-enabled cars, to ones most people may not even be aware of, such as smoke detectors.”
We’ll leave the other six questions for you to discover, but we will mention that ISACA has additional help to offer. Along with its recommendation of the nine questions, ISACA is offering a free guide, Internet of Things: Risk and Value Considerations, for download by any interested parties.