Cisco estimates that the number of Internet-connected devices today is somewhere between 10 and 15 Billion, which is mind-boggling considering the fact that the Internet has been a viable service since 1993. For many of us in the IT world, this sounds like a lot of added work as we attempt to keep these devices secure.
Good news is, many of the devices that we purchase as consumers either offer a connection or Radio Frequency Identification (RFID) device for two primary purposes; monitoring and maintenance. By monitoring a device, we can build in workflows that remind us to perform various maintenance activities. These activities can range from backing up the data to updating the software. By recording this maintenance information, we can be certain that we are using these devices in an optimum state, reducing waste, increasing utilization. Additionally, we are gathering a huge amount of data points that feed marketing, logistics and even demand for online service, such as electricity, entertainment, geolocation, and ownership.
The greatest thing about this from a IT manager perspective is that it places the utilization of maintenance notifications in the hands of all users. This effect over the past few years has been termed a “technocracy.” The role of the servicer and manager for technology is being reduced rapidly in favor of crowd-based activity, which by nature requires the data to be universally available to any participant. A result of this trend is the lowering of security boundaries for data and the means by which the data is consumed and shared.
Now that business and consumers are inseparably linked through the use of technology and our internal business operations and lives are complicated and dependent upon technology infrastructure, security as a discipline of study and practical application is essentially an enigma. The security of our personal information is no longer in our own hands. Our medical records, our social information, and even our preferences are all available. These sensitive information types are really only protected by the confusion of the principles and limited only to the amount of will that a person or organization has to locate, reference, cross-reference and analyze the data.
In the realm of cloud services, this discipline applies to the distribution of data. As the custodian of data as an information technology specialist, your job is also security specialist. By classifying and placing data in the right places, prevention of accidental or intentional disclosure is possible. Reducing the field of data in the classification process reduces the potential for vulnerability. Simply put; you must focus on what can be protected and make every reasonable attempt to ensure security. With the term “cloud” comes a level of obscurity and in many cases an abdication of the need for human intervention in the security assurance process. If you have a cloud platform storing your key data secured only by a contract with an outsourcing vendor, you might be surprised how available your data is. In a sea of data that grows with every device plugged into a common network, it is impossible to control the tide, but you can control who drinks your water.