CIOs Spend a Third of Their Time On Security

StewBeans writes: Much has been discussed about the potential security risks of an Internet of Things future in which billions of devices and machines are all talking to each other automatically. But the IoT market is exploding at a breakneck pace, leaving all companies scrambling to figure out the security piece of the puzzle now, before it's too late. In fact, some experts believe this issue will be what separates the winners from the losers, as security concerns either stop companies from getting into the IoT market, or delay existing IoT projects and leave the door open to swifter competition. That's likely why, according to CIO Magazine's annual survey, CIOs are spending a third of their time on security. Adam Dennison from CIO said, "If IT leaders want to embrace the sexy, new technologies they are hearing about today—the SMAC stack, third platform, Internet of Things, etc—security is going to be upfront and at the center of the discussion."

Already solved

[Jack+Griffin]

I'm already using the most robust security model for the Internet of Things. I call it Things. My fridge doens't need an internet connection, nor does my light switch. My Smart TV thinks it does, but based on recent information I am in the process of removing that privelege.
I think the difference between the winners and losers will be the CIO's that don't feel the urge to jump onto flavour of the month hype and connect everything to the Internet.
The entire concept breaks the first rule of Engineering. Keep it fucking simple you fucking fucktards.

Re:Already solved

My fridge doens't need an internet connection, nor does my light switch.

You're quite correct, it doesn't.

But you will buy and use an internet connected fridge and lightswitch and garage door opener anyway. Wanna know why?

Because eventually you will need a new fridge, lightswitch, and garage door opener, and the only models sold will be IoT models. "I"ll just not connect them", you think. But they will refuse to operate if they can't phone home. We're already seeing the start of this trend today.

Either you will go without a fridge, or you will use a connected IoT fridge with a software stack you are given no control over or ability to replace.

Re:Really?

[Darinbob]

It seems CIOs spend 10% of their time actually working, the rest of the time they're shmoozing with all the other entitled execs.

Re:Not true - some spend no time at all

Where Im at they solved the problem by

1) Outsourcing security to a 3rd party vendor.
2) Giving everyone in security full admin rights on all the servers and network equipment.

When he was asked Why? He responded that by doing so, if anything happens, it is the 3rd party vendor who is to blame and not him.

So we have security through "It's not may fault"

This time will be DIFFERENT!

[khasim]

And we really, really mean it this time! Security all the way!

No. It won't be different. And they do NOT spend 1/3 of their time on security.

Most of them don't even know what security is. Or why you cannot buy it. It's just another item on a checklist for them.

CIOs will be rewarded for getting security wrong

[roca]

Many CIOs will dive head-first into IoT, get a lot of good PR, stock prices will rise and they'll be rewarded. Then their companies will discover the IoT security nightmare, get lots of bad PR, stock prices will sink and the CIOs will blame it on someone else. Result: happy CIOs and IoT vendors and an absolute disaster for everybody else.

except those who quit after breaches

And particularly those who said Windows is unsecurable. I remember the days when UNIX ruled the business landscape, was on the Internet, and generally a medium sized shop could use a large UNIX box and run all services with 99.9???% uptime. Was stunned people believed Microsoft and tried replacing the UNIX boxes with a single or a few Windows NT boxes. Laughed when I heard how NT apps would crash the whole OS and so all the other services/apps so they started putting one service/app on a Windows NT server. ROFLMAO hearing how they then doubled those numbers to try and get close to 99% reliability with these redundant servers. There is a _great_ snake oil salesman out there going by the initials Bill Gates.

Re:Easy answer

[lucm]

It's tough being a CIO. He looks like he's up there, but the CEO, CFO, COO and all other cool CxOs all look down on the CIO and make fun of him in his back, they don't even invite him to join them at the cool people's table at the office Christmas party. He sits at the loser table, with the head of HR and the head of facilities, and instead of hearing the good stories about coke parties and hookers, he hears about groupons and vacations in Punta Cana.

People, give a break to your CIO. He's a reject and a commodity like everyone else in IT, and sooner or later they'll replace him with someone from that Indian company where he outsourced your job.

Re:Really?

[MyAlternateID]

Shmoozing with other execs, both within their company and outside it, is a very large part of the job description.

Yes. From a sane viewpoint this is called cronyism, but in the current business environment this is called "networking".

Re:Which Is To Say

[dbIII]

architecting the Citrix solution that is going to propel the company into the brave future of 1998

Don't knock it, many software developers haven't made it to where they should have been in 1998. We're still knee deep in 32bit single threaded applications. Fortunately most applications no longer need admin rights to run so at least they've made it to 1992.