eWEEKChat April 8: Can We Secure the Internet of Other People's Things?

On Wednesday, April 8, at 11 a.m. PST/2 p.m. EST/7 p.m. GMT, @eWEEKNews will host its monthly #eWEEKChat. Plan to join us for a lively discussion.

On Wednesday, April 8, at 11 a.m. PST/2 p.m. EST/7 p.m. GMT, @eWEEKNews will host its monthly #eWEEKChat. The topic will be "Can We Secure the Internet of Other People's Things?" It will be moderated by Chris Preimesberger, who serves as eWEEK's editor of features and analysis.

Some quick facts:

Topic: Can We Secure the Internet of Other People's Things?

Date/time: April 8, 2014 @11a.m. PST/2 p.m. EST/7 p.m. GMT

Hosted by: @eWEEKNews

Sponsored by: Hewlett-Packard

Moderator: Chris Preimesberger: @editingwhiz

Tweetchat handle: Use #eWEEKChat to follow/participate or use the widget below.

Chatroom real-time links: We have two: http://tweetchat.com/room/eweekchat or http://www.tchat.io/rooms/eweekchat.

Can We Secure the Internet of Other People's Things?

The Internet of Other People's Things is another way to describe the IoT in the hands of bad actors. The person-to-person Internet has long been a playground for hackers, but the IoT, with all the autonomic devices about to come online, multiplies attack surfaces tremendously.

However, the IoOPT isn't only about bad actors. People, and not always bad guys, will be connecting (often by accident) with other people's devices more often, and not just with phones and tablets. The sheer number of new URLs will fan this flame. Network flaws and crossed wires in networks also will contribute to this. Security will work well for some devices and networks and less well on other networks.

IoT devices will mostly be embedded systems with lightweight operating systems, such as Linux. Each device will thus be a fully accessible server on the Internet with access to the rest of the Internet. There are already too many possible points of entry for security to be airtight, and with the IoT, these will be multiplied a hundredfold or more.

Talk about the Wild West. There are no IoT-related regulations involved at this early point--security or otherwise. Any entity can have as many IP addresses as they desire for use in any way they want. Scale-out IoT isn't an issue; there appear to be no limits on the size and scope of networks, as long as there is bandwidth to run everything. With more entries into the Internet comes more on-ramps for hackers.

More Entry Points, More Hacking Doorways

How will we stop a malicious third party who takes control of 1 million or 10 million inanimate devices? What will happen if that malicious third party decided to launch attacks using all those devices? This is happening now, and it will only be happening more often, and with more zombie devices.

Where is all this new data going to live? The answer is the usual places: storage arrays, networks and servers on-premises and in the cloud that are hit all the time by hackers. But conventional protection of storage silos and servers has not succeeded. We need to get more granular with data security.

New security schemes are now being built for this possibility, but it may take years for them to replace entrenched legacy enterprise security systems. Individuals can move faster on this. Until we start maintaining each of our own corners of the Internet with more care, our own devices will eventually become part of the Internet of Other People's Things and in the control of bad actors. In fact, many of our devices are already part of that "bad actor" setup, and we don't know it.

Thus, the security and privacy of individual data files, using encryption and federated or two-step authentication whenever possible, is where this is all leading. Next-gen security will need to start with a data-centric--not a system-centric--approach.

What is this, and how does it work? Join our discussion April 8 to find out.

Questions we likely will ask on April 8:

Q1: How do you define data-centric anything: networking, storage, security?

Q2: Are any of you currently using a data-centric security-type system?

Q3: Who are some vendors you know that are working on new-gen security for the Internet?

Q4: What types of security would you like to see at your company, or in your own network? You can dream here.

Q5: Do you think it's possible for hacking to be completely blunted? Will the bad actors always be ahead of the institutions?

Plan to join us for an hour on April 8.