Slashdot Mirror

← Back to Stories (view on slashdot.org)

CIOs Spend a Third of Their Time On Security (enterprisersproject.com)

Posted by samzenpus on from the keeping-an-eye-on-things dept.

StewBeans writes: Much has been discussed about the potential security risks of an Internet of Things future in which billions of devices and machines are all talking to each other automatically. But the IoT market is exploding at a breakneck pace, leaving all companies scrambling to figure out the security piece of the puzzle now, before it's too late. In fact, some experts believe this issue will be what separates the winners from the losers, as security concerns either stop companies from getting into the IoT market, or delay existing IoT projects and leave the door open to swifter competition. That's likely why, according to CIO Magazine's annual survey, CIOs are spending a third of their time on security. Adam Dennison from CIO said, "If IT leaders want to embrace the sexy, new technologies they are hearing about today—the SMAC stack, third platform, Internet of Things, etc—security is going to be upfront and at the center of the discussion."

17 of 110 comments (clear)

  1. Already solved by Jack+Griffin · · Score: 4, Insightful

    I'm already using the most robust security model for the Internet of Things. I call it Things. My fridge doens't need an internet connection, nor does my light switch. My Smart TV thinks it does, but based on recent information I am in the process of removing that privelege.
    I think the difference between the winners and losers will be the CIO's that don't feel the urge to jump onto flavour of the month hype and connect everything to the Internet.
    The entire concept breaks the first rule of Engineering. Keep it fucking simple you fucking fucktards.

    1. Re:Already solved by Anonymous Coward · · Score: 3, Insightful

      My fridge doens't need an internet connection, nor does my light switch.

      You're quite correct, it doesn't.

      But you will buy and use an internet connected fridge and lightswitch and garage door opener anyway. Wanna know why?

      Because eventually you will need a new fridge, lightswitch, and garage door opener, and the only models sold will be IoT models. "I"ll just not connect them", you think. But they will refuse to operate if they can't phone home. We're already seeing the start of this trend today.

      Either you will go without a fridge, or you will use a connected IoT fridge with a software stack you are given no control over or ability to replace.

    2. Re: Already solved by Zero__Kelvin · · Score: 2

      "Just like you can go buy a car from the 60s, you can continue to buy old fridges and pay for maintenance if needed."

      Just as very, very few people do that (and indeed if many people wanted to they couldn't because there simply aren't that many in supply) very few people will do so with refrigerators. As you point out, it costs a lot of money to go that route as well, so again, very few people will be able to do it. I don't think this is a bad thing. I also can't easily acquire a TI/99-4A and cassette tape drive to develop software with, but I'm totally OK with that :-)

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  2. Re:Really? by Darinbob · · Score: 4, Insightful

    It seems CIOs spend 10% of their time actually working, the rest of the time they're shmoozing with all the other entitled execs.

  3. Re:Not true - some spend no time at all by Anonymous Coward · · Score: 5, Insightful

    Where Im at they solved the problem by

    1) Outsourcing security to a 3rd party vendor.
    2) Giving everyone in security full admin rights on all the servers and network equipment.

    When he was asked Why? He responded that by doing so, if anything happens, it is the 3rd party vendor who is to blame and not him.

    So we have security through "It's not may fault"

  4. This time will be DIFFERENT! by khasim · · Score: 4, Insightful

    And we really, really mean it this time! Security all the way!

    No. It won't be different. And they do NOT spend 1/3 of their time on security.

    Most of them don't even know what security is. Or why you cannot buy it. It's just another item on a checklist for them.

  5. Easy answer by penguinoid · · Score: 2

    If the CIO of an Internet of Things company is spending 1/3 of their time thinking about security, yet is still so incompetent... maybe they would be better off paying 1/3 of a CIO's salary to a random slashdotter for 5 minutes of their time.

    Of course, no matter how long they take thinking about security, they're still going to sacrifice security for usability every time, so I don't know what purpose thinking about it has.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    1. Re:Easy answer by lucm · · Score: 5, Funny

      It's tough being a CIO. He looks like he's up there, but the CEO, CFO, COO and all other cool CxOs all look down on the CIO and make fun of him in his back, they don't even invite him to join them at the cool people's table at the office Christmas party. He sits at the loser table, with the head of HR and the head of facilities, and instead of hearing the good stories about coke parties and hookers, he hears about groupons and vacations in Punta Cana.

      People, give a break to your CIO. He's a reject and a commodity like everyone else in IT, and sooner or later they'll replace him with someone from that Indian company where he outsourced your job.

      --
      lucm, indeed.
  6. CIOs will be rewarded for getting security wrong by roca · · Score: 4, Insightful

    Many CIOs will dive head-first into IoT, get a lot of good PR, stock prices will rise and they'll be rewarded. Then their companies will discover the IoT security nightmare, get lots of bad PR, stock prices will sink and the CIOs will blame it on someone else. Result: happy CIOs and IoT vendors and an absolute disaster for everybody else.

  7. CUt back on extra features... by matbury · · Score: 2

    I believe in better security by cutting back on extra, unnecessary features; all they do is provide more surfaces for finding vulnerabilities. I recently bought an IoT washing machine and have stripped back the extra features, like wash, rinse, and spin cycles, so that all it does is send SPAM messages and participate in DDoS attacks.

  8. except those who quit after breaches by Anonymous Coward · · Score: 3, Informative

    And particularly those who said Windows is unsecurable. I remember the days when UNIX ruled the business landscape, was on the Internet, and generally a medium sized shop could use a large UNIX box and run all services with 99.9???% uptime. Was stunned people believed Microsoft and tried replacing the UNIX boxes with a single or a few Windows NT boxes. Laughed when I heard how NT apps would crash the whole OS and so all the other services/apps so they started putting one service/app on a Windows NT server. ROFLMAO hearing how they then doubled those numbers to try and get close to 99% reliability with these redundant servers. There is a _great_ snake oil salesman out there going by the initials Bill Gates.

  9. Re:There ya go by Zero__Kelvin · · Score: 2

    How much time do you expect them to spend. I would say 1/3 is pretty damn good, and if you don't then you probably have little experience with executives and their responsibilities. I don't actually believe they are spending that much time on it, but if they are it is a pretty damn good number.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  10. Re:Really? by MyAlternateID · · Score: 4, Insightful

    Shmoozing with other execs, both within their company and outside it, is a very large part of the job description.

    Yes. From a sane viewpoint this is called cronyism, but in the current business environment this is called "networking".

  11. Re:Which Is To Say by dbIII · · Score: 3, Insightful

    architecting the Citrix solution that is going to propel the company into the brave future of 1998

    Don't knock it, many software developers haven't made it to where they should have been in 1998. We're still knee deep in 32bit single threaded applications. Fortunately most applications no longer need admin rights to run so at least they've made it to 1992.

  12. Re:Not true - some spend no time at all by AK+Marc · · Score: 2

    I've been there. The CIO golfs with the CEO. They fired everyone in the IT department except the CIO, and he repeated the mistake, but it hadn't blown up on him again by the time I'd left.

    --
    Learn to love Alaska
  13. There is no security by bankman · · Score: 2

    Seriously, it's not even an afterthought. I have worked on a publicly funded research project covering smart home and living crap. While some of it may be interesting from a tinkering with stuff point of view, most of it is creepy surveillance type of shit, like smart metering. When I raised the question of security people stared blankly at me for a second or two and suggested that it wasn't a problem at all and if ever will be fixed later, maybe.

    My point is, CIOs do not make relevant security decisions when it comes to product design. No one does. It's all about marketability and cost efficiency, security is neither because it is complex and costs a lot of money. And who care? Honestly, who cares about security? It's not the vendors and it's definitely not the consumers who constantly carry their rarely-if-ever-security-updated-listening-in-and-tracking-devices and provide the world with current information about the vacancy of their homes. So again, who cares? Eventually the insurance companies might care, when some cracker remotely burned down a kitchen or flooded a bathroom or two or ten thousand.

    --
    I feel so sig.
  14. Re:Wrong security by Errol+backfiring · · Score: 2

    I think they spend that much time on their job security.

    --
    Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!