The massive stone walls of ancient Troy took a long time and significant resources to build. Yet the fortress was defeated in a single moment, when someone made the bad decision to let in a giant wooden horse left as a parting gift from the Greeks.
Maintaining safety in a modern enterprise is also challenging, and just as dependent on the quality of decisions made by individuals. Not only do organizations have to worry about physical security (the kind provided by stone walls), they must also be concerned about the security of things that can’t necessarily be seen or touched – like cybersecurity, data privacy, regulatory compliance, and numerous other concerns of our modern, complicated world.
To help manage the complexity, some organizations have turned to technologies such as the Internet of Things (IoT) and machine learning. For example, running a casino is a complicated business. Not only do operators have to manage the gaming floor, they also have to run a hotel, food service operations, parking garage, shuttle service, and myriad other concerns. Doing the job well requires information. To that end, a casino business might use IoT devices to monitor security cameras for unusual patterns of foot traffic or customer behavior. They could monitor food safety temperatures in their kitchens and serving areas. They might even use IoT devices to regulate the temperature and cleanliness of those enormous fish tanks in the lobby.
But, as with many business decisions, benefits are often accompanied by risks. You may have heard about the case of the casino that was hacked through its Internet-connected fish tank. While many consumer-oriented devices can be set up and used by almost anyone (like the guy who got tired of scraping the green stuff off the sides of the fish tanks, for example), the people setting up those devices may not always be fully aware of the risks. They may be introducing a trojan horse to the organization, or opening the gateway to other sorts of malware and cyber attacking ne’er-do-wells.
Technologies like IoT can help an organization manage complexity. But when the organization doesn’t have a culture that puts security first, technology can actually make the situation worse. In a “security first” organization, all members of the organization would be trained in CyberSAFE practices and would learn to question the security of ad hoc solutions. The use of appropriate technology would be embraced and supported, but solutions would be planned, designed, and implemented by a team knowledgeable in security implications, and the systems used to actively monitor and protect the organization’s networks would be aware of any new devices added to the organization’s wired and wireless networks.
That’s the difference between IoT development and secure IoT development – and that’s the difference that the CertNexus Certified Internet of Things (IoT) Security Practitioner (Exam ITS-110) course and exam can make to your IoT project.