Cyber Physical Systems (CPS) And BYOD Security

Cyber Physical Systems (CPS) 

Technology has changed the world radically. But, to date, the world hasn’t changed as fast as technology to. There are a couple of concepts that are concerning as we head into the reality of CPS-deployed systems. The first is that standards don’t exist.

Many companies are considering the Bring Your Own Device (BYOD) conundrum, evaluating the value and cost (as well as the risk) of allowing employees to bring their own devices to work. The value for the company is that a single device now connects each employee to the company. It also connects them to their life, which means they will always have their work phone with them.

A Peak Inside

It opens a door, and once that door opens, not even Pandora will be able to close it.

My phone is a component of the personal operating space called my personal cloud. When you, as my employer, enable a BYOD program, you are inviting my personal cloud into the Workplace. By default, you are also allowing me to connect my personal cloud to your network. The image that comes to mind here is of Charles Schulz’s character Pig Pen. My personal cloud extends all around me like Pig Pen’s dirt cloud.

Cyber Physical Systems

CPS_for_Manufacturing

(Image Source: Wikipedia)

And there’s another problem to consider. CloudTweaks is full of articles on the ever- expanding reality of the Internet of Things (IoT), more properly called Cyber Physical Systems (CPS). Why CPS and personal clouds? Because your corporate network is connected to every single CPS device my phone is connected to. I am the Trojan horse. I bring the Greek warriors inside your corporate security and, without knowing it, I am also the one that opens the trap door.

Some of the devices I connect to are harmless. But, given that they are simple harmless devices, someone can modify them. Do I care if there is suddenly a red dot in the upper right corner of my home weather station? Nope, I just need to know how much rain is falling on my house. But that dot isn’t a nice dot. It is sort of the modern equivalent of a laser targeting dot. We see them on TV all the time, when the bad guy suddenly realizes there aren’t two guns pointed at him but 200. I can mandate that all BYOD devices have Bluetooth disabled and are not directly connected to the corporate Wi-Fi network, but I am just putting lipstick on a pig, as the old saying goes. Once that phone connects to and moves corporate data, I am at risk as a company.

Homebase

Beyond the personal cloud, there is also the issue of the home cloud. I call it the home-private cloud because it is a stationary-managed solution that provides computation and storage for the people who live in my home. It, along with my personal cloud, are now happily connected to your network. My Trojan horse that I carry in my pocket is connected to an even bigger Trojan horse.

Now, I am not advocating that enterprises send their IT security professionals to every house that connects to their network. There need to be easily managed personal and home-private cloud security standards, and by easy I mean automatically deployed. If you connect to a corporate network, that network can connect to the security control center of your network and verify that it hasn’t been modified or hacked. If it has, quarantine the phone so that the Trojan horse can’t be deployed. The same is true of my personal cloud. Having standards that include easily deployed and managed security settings will at least keep the horse in the barn. It won’t roll the Trojan horse into the middle of your corporate network and then hand it the keys and say, “Have at our corporate secrets.”

We need simple security standards for home-private and personal clouds.  They don’t have to include complex security rules. Rather, they could consist of a single chip in the phone and a single device in your home that will tell you if, in fact, that cloud has been compromised.

Dismantled Trojan horses make great firewood for the winter.

By Scott Andersen

David Gevorkian

How to Apply Website Accessibility in UX and How to Achieve Better User Experience

Design Tweaks: Apply Website Accessibility in UX In this current digital age, websites have become more complex because of the introduction of various aesthetic designs on a web page interface. It especially affects people with ...
Sebastian Grady

Leveraging Hybrid IT Now to Power Digital Transformation 

Leveraging Hybrid IT Summary: Cloud is a dominant force in enterprise software today. Global market turbulence is forcing some companies to accelerate moving parts of IT to the cloud sooner than expected to adapt to ...
Aruna Headshot

66% Say They’d Switch Vendors in Order to Get an Intelligent Online Meeting Solution

People are getting frustrated with online and video meetings. In fact, according to a recent survey, 85% say they are challenged with these types of poor experiences and 74% say they’re not too happy about ...
Building a Robust Virtual Agent (VA) Rollout Strategy for DSPs

Building a Robust Virtual Agent (VA) Rollout Strategy for DSPs

Building a Robust Virtual Agent (VA) Rollout Strategy for DSPs Proven methods to increase VA containment & customer satisfaction The virtual agent’s market is at an all-time high and is garnering more and more interest ...
Kevin Ovalle Anderson Frank

How cloud-based business management can help an SMB go global

Global SMB Business Management Most companies today are familiar with the cloud; using software-as-a-service (SaaS) apps and customer relationship management (CRM) for years. However, many businesses are now running the whole show from the cloud ...
Anita Raj

A Winning Data Strategy Series Part 2: Data, an Asset, or a Liability?

Data, an Asset, or a Liability? This is the second piece of a 5-part series on plugging the obvious but overlooked gaps in achieving digital success through a refined data strategy. You can read the ...