CIO Symmetry

Jul 3 2014   7:34PM GMT

Prepare for IoT security, and how to develop a SaaS risk strategy

Fran Sales Fran Sales Profile: Fran Sales

Tags:
BYOD
CIO
Cloud Security
cybersecurity
FCC
Forrester
Internet of Things
Net Neutrality
Risk strategies
SaaS
SaaS applications
SaaS security
Sarbanes-Oxley Act
SMB

The Internet of Things provides consumers with many conveniences, but as ASIP CTO Andy Thurai and IBM VP of product management Michael Curry cautioned CIOs at MassTLC’s recent IoT conference, its massive attack surface and the lack of security standards also mean that breaches to these connected devices are inevitable. Features writer Kristen Lee lists four key elements of IoT security, according to Curry, to help CIOs prepare for these attacks.

But our IoT coverage isn’t all doom and gloom! At the MongoDB event in New York City, Amazon CTO Werner Vogels waxed enthusiastic about the widespread impact of IoT. In this week’s Data Mill, senior news writer Nicole Laskowski lays out Vogels’ standout examples of IoT forays in the fields of science, retail, sports and more.

In other SearchCIO matters…

CIOs walk a tightrope when it comes to managing SaaS apps. On the one hand, losing track of the business’ use of cloud apps could put their organization at greater risk of a security breach; at the other extreme, cracking down on shadow app use, even for security purposes, could restrict employee efficiency and productivity. In part one of her feature, executive editor Linda Tucci lays out how CIOs should begin developing a balanced SaaS risk strategy. In part two, she gets tips from French Caldwell, governance, risk and compliance expert at Gartner, on how to create a top-down SaaS governance policy.

Recently, Laskowski ran into Massachusetts Congressman Joe Kennedy at the offices of CyberArk, an information security company, and discovered that cyberattacks are a growing concern at the Capitol. If it can happen to Target and eBay, then it can happen to smaller players, Kennedy explained. In her CIO Matters column, Laskowski details why Washington’s answer to cyberwar shouldn’t be about mandates and regulatory compliance.

There’s no shortage of SearchCIO coverage on the ubiquity of BYOD in enterprises, but how many corporate employees actually use their own devices for work? Well, if we’re talking tablets, just the few at the very top, according to Forrester. In this week’s Searchlight, associate editor Emily McLaughlin explains what could be behind the research’s findings; plus, get her take on Facebook’s recent psychological experiment and Google Glass’ more nefarious uses.

Deepak Tiwari, analytics head for Google’s consumer operations division, has learned many lessons and discovered the value of failing fast ever since he began at the company three years ago. Here on the CIO Symmetry blog, Laskowski outlines Tiwari’s top takeaways for enterprises and small businesses alike from his presentation at the recent Useful Business Analytics Summit.

In SearchCIO’s latest tweet jam, disaster recovery expert Paul Kirvan and other participants emphasized the importance not only of having a comprehensive DR plan, but also of frequently testing these plans to ensure that they can work in the event of a real disaster. Check out this #CIOchat recap for more on how to best implement a DR plan test schedule.

And on SearchCompliance…

The Federal Communications Commission’s proposal to amend Open Internet rules and allow ISPs to charge content providers a fee for prioritized delivery has drawn much criticism from various parties, including consumer advocacy groups, technology companies and even talk-show host John Oliver. In SearchCompliance’s latest installment of its FAQ series, find out if ISPs truly could control performance quality and speeds should the U.S. government enforce the net neutrality proposal. And in a recap from the latest #GRCchat, see tweet jam participants’ predictions on the impact of the proposal’s usage-based pricing structure on small and medium-sized businesses (SMBs).

U.S. companies have the not-so-easy task of complying with a wide variety of regulations; large financial institutions, for instance, must adhere to the Sarbanes Oxley Act (SOX), the Gramm-Leach-Bliley Act, the Payment Card Industry Data Security Standard and a host of other laws. In this SearchCompliance tip, contributor Judith Myerson focuses on four steps toward meeting SOX’s data compliance mandates.

And that’s all for the week’s news, folks! Watch out for another Symmetry roundup next week; in the meantime, keep track of our stories during the week by following @SearchCIO, @SearchCIOSMB and @ITCompliance.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: