Jon Gagan Shende

When we talk about IoT, we think about the process we implement as we migrate to sensor-driven infrastructure for automated processes.

Looking at economies and technology ramp-up trends from a financial perspective, we will expect that there with be standardization around policies and processes, as well as implementing interfaces that are expected to connect sensors to networks, platforms, and application systems, or a combination of services.

It can all appear to be complex and… Show more

When we talk about IoT, we think about the process we implement as we migrate to sensor-driven infrastructure for automated processes.

Looking at economies and technology ramp-up trends from a financial perspective, we will expect that there with be standardization around policies and processes, as well as implementing interfaces that are expected to connect sensors to networks, platforms, and application systems, or a combination of services.

It can all appear to be complex and large scale, especially in the borderless world of IoT. However, if as security and privacy professionals we ask ourselves, “What are the major areas we should focus on?,” my perspective is that we will have to look at:

Device security and settings
Security device and system physical access (IAM)
Securing our communication network systems
Dealing with the large volume of data we will have to process, leveraging big data analytics, risk scoring and criticality metrics aligned to a system, user privilege, and the business functionality. Show less

If we look at IoT through a security lens, then we have to consider the integration of network, sensors, human machine interactions, virtualized systems and other endpoints that must be able to provide actionable security intelligence in near real time, and which can align to a security framework or model. This model should identify and mitigate environmental risk, ensure data privacy and drive threat mitigation around:

Weaknesses within web interfaces
Challenges with authentication… Show more

If we look at IoT through a security lens, then we have to consider the integration of network, sensors, human machine interactions, virtualized systems and other endpoints that must be able to provide actionable security intelligence in near real time, and which can align to a security framework or model. This model should identify and mitigate environmental risk, ensure data privacy and drive threat mitigation around:

Weaknesses within web interfaces
Challenges with authentication and authorization
Challenges with encryption
Data privacy across borders
Inconsistencies within network security
Challenges with physical security of devices Show less

An introductory thought piece on Healthcare and Cloud Computing and how it can be managed

As cloud computing technologies and offerings mature and evolve in its services to customers, one common consumer use will be that of the Software as a Service (SaaS) model.

This article will focus on aspects of security that impact the SaaS environment.

It is at the SaaS layer that we can perceive additional challenges with cloud security. One critical area of concern stems from the potential risk that a client's data can be exposed to as it is stored within the storage system… Show more

As cloud computing technologies and offerings mature and evolve in its services to customers, one common consumer use will be that of the Software as a Service (SaaS) model.

This article will focus on aspects of security that impact the SaaS environment.

It is at the SaaS layer that we can perceive additional challenges with cloud security. One critical area of concern stems from the potential risk that a client's data can be exposed to as it is stored within the storage system of its SaaS provider. This risk can potentially increase in the event of the SaaS provider in turn utilizing the services of a third party IaaS provider. Show less

A practical look at a Private Cloud and hypervisor security

It is generally accepted that the concept of cloud computing or, at least the amalgamation of services that infer the cloud ecosystem, lends to the premise of improvements in managing deployed services. This due to an assumed increase in efficiencies resulting from the sharing of hardware resources at one end of the spectrum

Proponents of the cloud ecosystem touts its "vastness, flexibility and scalability as advantages for the implementation of cloud services. However, from a digital point of view this can be a veritable forensic challenge as we view the cloud in terms of its scope and diversity.

One major concern with the adoption of cloud computing is the lack of a defined standard or standards that are specific to operations impacting security, interoperability & mobility within the Cloud ecosystem.

As most managers of security departments will attest to, there is a fine line between security and operations.

According to Simpson Garfinkil, a major challenge to any digital forensics investigator investigating data within the cloud; can be an inability to locate or identify data or code that is lost when single data structures are split into elements.

This in effect directly impacts forensic visibility.