Cloud, IoT Can be Wolves in Sheep’s Clothing

It happens innocently enough: someone obtains and installs a reasonable Internet-enabled capability, and BANG! You’re open for business that’s not of your choosing.

Maybe it’s a shared corporate meeting calendar, or a construction pipe-weld inspection robot, or a security camera at a remote power plant. But whatever it is – be it a cloud-based offering or an Internet “thing” – it has to be remembered that if you can monitor or control it from wherever you are, so can the bad guys.

This may sound obvious once it’s stated aloud, but you’d be amazed by how often I hear the stories of how some executive subscribed to a cloud service or installed a connected device, and was shocked and surprised when a vulnerability arose and a reprimand followed.

The problem is that it’s ridiculously easy to acquire such capabilities – point, click, “agree,” and you’re done! And to be fair, if governance isn’t your bag, why would you think twice about it?

The lesson is that it’s up to us to spread the word that seemingly-harmless tools and technologies can create significant potential risks – and that their procurement and installation must be managed as carefully as the services and devices themselves. Otherwise, the threat can quickly outweigh the benefit.

About the author: Steve Weissman

Steve Weissman is Principal Consultant at Holly Group and Co-Founder of Information Coalition. A trusted advisor for more than 20 years, he is a recognized expert in information governance and process innovation – or as he defines it, in the “’care and feeding’ of critical business information and the technologies used to manage and protect it.” Known as The Info Gov Guy™, Mr. Weissman leverages a proven proprietary methodology to optimize everything from your strategic planning and needs assessment to your vendor selection and user adoption. He is a member of the AIIM Company of Fellows and holder of numerous industry designations, and can be reached at or 617-383-4655.

Leave a Reply

Your email address will not be published.