Cloud, IoT Can be Wolves in Sheep’s Clothing

It happens innocently enough: someone obtains and installs a reasonable Internet-enabled capability, and BANG! You’re open for business that’s not of your choosing.

Maybe it’s a shared corporate meeting calendar, or a construction pipe-weld inspection robot, or a security camera at a remote power plant. But whatever it is – be it a cloud-based offering or an Internet “thing” – it has to be remembered that if you can monitor or control it from wherever you are, so can the bad guys.

This may sound obvious once it’s stated aloud, but you’d be amazed by how often I hear the stories of how some executive subscribed to a cloud service or installed a connected device, and was shocked and surprised when a vulnerability arose and a reprimand followed.

The problem is that it’s ridiculously easy to acquire such capabilities – point, click, “agree,” and you’re done! And to be fair, if governance isn’t your bag, why would you think twice about it?

The lesson is that it’s up to us to spread the word that seemingly-harmless tools and technologies can create significant potential risks – and that their procurement and installation must be managed as carefully as the services and devices themselves. Otherwise, the threat can quickly outweigh the benefit.

About the author: Steve Weissman

Steve Weissman helps you do information right by bringing order and discipline to your governance and process practices. Principal Consultant at Holly Group and Co-Founder of the Information Coalition (now merged with ARMA International), he leverages a proven proprietary methodology to optimize everything from strategic planning and needs assessment to vendor selection and user adoption. He is, in short, The Info Gov Guy™, furthering best-practices for finding, leveraging, and protecting your business-critical information. A member of the AIIM Company of Fellows and holder of numerous industry designations, he can be reached at steve@hollygroup.com or 617-383-4655.

Leave a Reply

Your email address will not be published.