Cyber Physical Systems (CPS) And BYOD Security

Cyber Physical Systems (CPS) 

Technology has changed the world radically. But, to date, the world hasn’t changed as fast as technology to. There are a couple of concepts that are concerning as we head into the reality of CPS-deployed systems. The first is that standards don’t exist.

Many companies are considering the Bring Your Own Device (BYOD) conundrum, evaluating the value and cost (as well as the risk) of allowing employees to bring their own devices to work. The value for the company is that a single device now connects each employee to the company. It also connects them to their life, which means they will always have their work phone with them.

A Peak Inside

It opens a door, and once that door opens, not even Pandora will be able to close it.

My phone is a component of the personal operating space called my personal cloud. When you, as my employer, enable a BYOD program, you are inviting my personal cloud into the Workplace. By default, you are also allowing me to connect my personal cloud to your network. The image that comes to mind here is of Charles Schulz’s character Pig Pen. My personal cloud extends all around me like Pig Pen’s dirt cloud.

Cyber Physical Systems

CPS_for_Manufacturing

(Image Source: Wikipedia)

And there’s another problem to consider. CloudTweaks is full of articles on the ever- expanding reality of the Internet of Things (IoT), more properly called Cyber Physical Systems (CPS). Why CPS and personal clouds? Because your corporate network is connected to every single CPS device my phone is connected to. I am the Trojan horse. I bring the Greek warriors inside your corporate security and, without knowing it, I am also the one that opens the trap door.

Some of the devices I connect to are harmless. But, given that they are simple harmless devices, someone can modify them. Do I care if there is suddenly a red dot in the upper right corner of my home weather station? Nope, I just need to know how much rain is falling on my house. But that dot isn’t a nice dot. It is sort of the modern equivalent of a laser targeting dot. We see them on TV all the time, when the bad guy suddenly realizes there aren’t two guns pointed at him but 200. I can mandate that all BYOD devices have Bluetooth disabled and are not directly connected to the corporate Wi-Fi network, but I am just putting lipstick on a pig, as the old saying goes. Once that phone connects to and moves corporate data, I am at risk as a company.

Homebase

Beyond the personal cloud, there is also the issue of the home cloud. I call it the home-private cloud because it is a stationary-managed solution that provides computation and storage for the people who live in my home. It, along with my personal cloud, are now happily connected to your network. My Trojan horse that I carry in my pocket is connected to an even bigger Trojan horse.

Now, I am not advocating that enterprises send their IT security professionals to every house that connects to their network. There need to be easily managed personal and home-private cloud security standards, and by easy I mean automatically deployed. If you connect to a corporate network, that network can connect to the security control center of your network and verify that it hasn’t been modified or hacked. If it has, quarantine the phone so that the Trojan horse can’t be deployed. The same is true of my personal cloud. Having standards that include easily deployed and managed security settings will at least keep the horse in the barn. It won’t roll the Trojan horse into the middle of your corporate network and then hand it the keys and say, “Have at our corporate secrets.”

We need simple security standards for home-private and personal clouds.  They don’t have to include complex security rules. Rather, they could consist of a single chip in the phone and a single device in your home that will tell you if, in fact, that cloud has been compromised.

Dismantled Trojan horses make great firewood for the winter.

By Scott Andersen

Kayla Matthews

7 Technology Trends to Look for in 2020

Leading Tech Trends 2020 Cloud computing has become the norm. As of 2019, 94% of IT professionals were using the cloud in some form or another. This widespread adoption means that although it was once a ...
Kyle Bernard Author

FlightHub and JustFly on Facial Recognition Technology, Travel and Privacy

Facial Recognition Technology For years facial recognition technology only existed in science books, television and cinema. The idea was brilliant. However, real-world technology hadn’t yet caught up with the concept. That’s changed in recent years ...
Fahim Kahn

The 5 Biggest Hybrid Cloud Management Challenges—And How to Overcome Them

Hybrid Cloud Management Challenges The benefits of the cloud—reduced costs, greater IT flexibility, and more—are well-established. But now many organizations are moving to hybrid cloud management platforms. While hybrid clouds do offer a greater level ...
Digital Theft

Cross-Site Scripting – Why Is It A Serious Security Threat For Big Data Applications?

Security Threat And Big Data Applications (Updated August 11th, 2020) IBM, Amazon, Google, Yahoo, Microsoft - and the list goes on. All these leading IT enterprises have been affected by Cross-Site Scripting (XSS) attacks in ...
Best Wordpress Alternatives

Managed Cloud WordPress Hosting Services

Managed Hosting Providers Managed cloud servers are becoming especially popular among startups and other small businesses concerned about Web security. Prior to managed hosting services, most security-conscious companies hired system administrators to configure, secure, and ...
Miha Kralj

SaaS Native – Design, Delivery and Management of Applications

Going cloud native, the right way Moving from a traditional IT organization to one that’s cloud native is an inevitability for all businesses. This is because all real software innovation is now cloud-first or cloud-only, ...