GRC Software and Its Importance for Australian Businesses

GRC Software and Its Importance for Australian Businesses

A GRC software regulates an organisation's processes by finding and managing risks and ensuring they comply with the compliance and risk standards. GRC stands for Governance, Risk, and Compliance.

In current times, businesses are opting to invest in their technology for governance, risk management, and compliance (GRC). It usually to supports its corporate management plan with a unified approach to governing the organisation, spotting, and reducing risks, and complying with the regulatory requirements. It's insurance against disruption to operations in many cases.

A governance, risk and compliance software help manage data flow and accessibility within an organisation. Businesses implement GRC platforms to identify risks, enforce governance and policies, data safety, and track compliance.

 A sound GRC (Governance, Risk and Compliance) strategy gives organisations an integrated view of their enterprise essential to improving performance. Their key focus would be to overcome risks that can hinder the progress of their business. It helps you to create and manage regulatory and internal compliance measures thus improving business quality and providing learning opportunities.

A GRC software can be on-premises, or cloud-based, with zero coding that allows you to have complete

control over your company's activities related to risk and compliance, which increases internal efficiencies.

How does GRC software work?

A Governance, Risk and Compliance Software allows you to report risks in real-time in a centralised platform accessible to all employees as per structure. It is designed to register and track hazards, risks and incidents enable you to track workflows and offer notifications on the legislation and regulation changes.

GRC software provides your company with visibility to information for better quality decision making, faster audit procedures and a real-time reporting system of your risk profile.

Governance

Governance consists of the auditing processes, policies, and rules, assuring corporate activities intended to support business goals. It consists of resource management, ethics, management control, and accountability. These policies can be implemented by the government, legal body, an industry market etc. A risk management program complying with governance is essential for an organisation's success. Governance gives top management the tools to govern, control and influence happenings at the various department levels. They can also check if their work and services are in sync with customers' needs and business goals.

A company implements governance to its policies to offer liability for conduct and results. Executing ethical business practices and corporate citizenship rules can help administer conduct. Good governance determines jobs based on business rank and appraises employees based on results achieved than on responsibilities.

Risk Management

Risk management is an integrated solution that offers businesses a platform to centrally record, analyse and mitigate risks throughout a company's various departments. Risk management involves the employees of an organisation, the technology used, and the various procedures to achieve business goals.

The organisational risks include financial, legal, security, and strategic risks. The employees, as well as processes, implied contribute to the various risks. While lack of staff knowledge on password protection and cyber security causes a threat to the company, inefficient processes and risks at multiple stages can compromise productivity. Hence, enterprises must manage risks and overcome them while ensuring they comply with the latest regulations.

As an organisation experiences growth, including franchising, new sites and company acquisition, the volume of data increases across multiple locations and departments. Thus, tracking work procedures, data and workflow is essential. The ability to report on and mitigate risks manually becomes redundant with a company's growth. A centralised GRC software is the answer to this problem. It has automated controls, and you can report and manage risks that are visible to all. It helps in managing a business as per compliance guidelines.

A risk management program aims to achieve corporate objectives while optimising risk profile and securing value. It aims to share reliable information with the stakeholders while meeting their expectations. It must be contractual, legal, ethical, and social goals while assessing new technology-based regulations.

Continuous Risk assessments will protect businesses from uncertainty, reduce costs, and offer success and longevity.

Compliance

Compliance involves companies adhering to the government's policies, rules, laws, and standards. Failing to do so could cost an enterprise in terms of poor performance, costly mistakes, fines, penalties, and lawsuits.

An organisation must implement a compliance program based on creating, distributing, updating, and tracking compliance policies and training employees about them.

To implement a compliance program, companies shall analyse risk posing areas to assign resources. Only then, the policies should be developed, communicated, and implemented to the staff to address those risk areas. A standard guide should be created and shared with employees and vendors to make it easy for them to understand the compliance policies.

Benefits of GRC Software

GRC tools offer considerable benefits to businesses implementing them. The right GRC software can provide an enterprise with a preventative strategy to secure their company.

A robust Governance, Risk and Compliance Software (GRC) provides a central platform for organisations to regulate their governance, risk management, and compliance strategy across the company. It also helps regulate independent silos, which might amount to risks and impact the overall growth of the enterprise.

A GRC software makes businesses capable of making informed, quick decisions. They can reduce the time invested in audit cycles with the help of automated controls, thus promoting efficiency and reduction in the cost incurred on lengthy audits.

GRC software can spot security as well as compliance risk harming an organisation. With the help of GRC software, companies can have the governance, risk, and compliance procedures essential for their company's long-term continuity.

Below listed are the benefits of GRC software:

  • Speedy risk analysis, prevention, and reporting.
  • It saves time invested in going through multiple spreadsheets.
  • Elevates business reputation and value.
  • More automated controls that promote efficiency.
  • Offers visibility.
  • Short audit cycles.
  • Reduction in the compliance cost.
  • Provides real-time notification on changes in the law and regulations.
  • Spots exceptions to reduce damage quickly.

Integrated Risk management (IRM)

Integrated risk management (IRM) is a group of processes supported by a risk-aware culture and enabling technologies that improve decision-making and performance through an integrated view of how well an organization manages its unique risks.

Top features to look out for in GRC software

A GRC software must have centralised, automated controls, be flexible and scalable and support future standards. It should have customisable reporting and task delegation.

We have described the top features of a GRC software as given below:

Content Creation & Document Management:

It must help users create, track, and store data in digital formats.

Risk analysis:

The software must allow users to access controls to assess them for risks and be able to predict and mitigate them. It should also provide solutions to overcome risks and enhance the process of risk mitigation.

Central dashboard

It offers a centralised dashboard with customisable metrics to provide visibility on GRC performance throughout the organization. All users can see GRC updates except for certain departments with limited access.

Audit management

This feature intends and assists users in simplifying internal audits and third-party risk assessments.

Workflow management

It helps in creating GRC inclusive workflows is made easy, thus allowing transparent and hassle-free workflow management.

Reporting tools:

Reporting tools provide users with an option to customise as well as export data to create reports. The formats make it easy to add inputs in the available file formats.

Built-in integrations:

The built-in integrations feature enables connectivity to other software and essential tools.

Compliance management:

Compliance management is an essential feature of GRC software. It helps assess if the company's policies resonate with the compliance efforts and regulatory requirements. It also notifies any changes in regulations and government policies in real-time.

Cloud-based Risk Management

With businesses shifting their base to the cloud, the risk management software also has a cloud interface to make it easy for organisations to assess, manage and store risk information in real-time.

Why is GRC important for businesses in Australia?

With the help of GRCs, Australian businesses can govern their enterprise, find and overcome risks and manage workflows in real-time. They reduce the time required for manual documentation and handling risks and workflow data. The centralised platform offers access to all departments, thus providing transparency and visibility.

GRC software makes it easy to mitigate risks at the departmental level itself, thus improving work productivity. GRC also ensures the business strategy; plans comply with policies and government regulations. It shall save Australian businesses from any legal action for non-compliance. Thus, GRC software is essential for the overall growth of Australian companies.

ROI Support to Businesses

Companies may find it challenging to assign resources, address conflicts, and measure success. These issues can result from the increasing costs of addressing risks and requirements while facing the challenge of managing the exponential growth of third-party relationships and risk.

However, companies can set and monitor clear objectives with metrics generated from a GRC platform, which will help increase their performance and improve their ROI.

With an innovative GRC solution to power their governance, risk management, and compliance strategy, companies can more efficiently govern their business while effectively anticipating and managing the risks they face-even as their operations grow in complexity. In the current environment of heightened risk and uncertainty, GRC tools provide the visibility, intelligence, and control businesses need to ensure their enduring success. Learning the use of GRC tools is also quite easy.

Who shall opt for GRC software?

The following types of enterprises shall implement GRC software:

  • Businesses seeking to enhance productivity; transparency in reporting and managing risks; compliance with regulations; and keenness to improve workflow.
  • Companies that have a history of risk and compliance failure.
  • SMEs and organisations lack confidence in managing their risk and compliance.

Is GRC Software industry-specific?

Australian businesses, irrespective of their industry, can benefit from GRC software. The larger size of an organisation makes it difficult to manage huge volumes of data and have a risk analysis for the various departments. Hence, big enterprises with governance, risk management, and compliance responsibilities distributed across multiple departments - may benefit more from adopting a unified methodology.

How much does GRC software cost?

A robust GRC software can range around $200,000, including software, hardware, and implementation. GRC software costs may reach as high as $600,000.

Top GRC software to look out for in 2022

Here is the list of the top GRC software to look out for in 2022:

  • Fusion Framework System.
  • StandardFusion.
  • IBM OpenPages.
  • ServiceNow Governance Risk and Compliance.
  • SAI Global Compliance 360.
  • Navex RiskRate.
  • Enablon.
  • Riskonnect

Why Choose Lahebo?

Lahebo is a cloud-based SAAS platform for SMEs and businesses willing to manage risk and compliance in real-time on a user-friendly database. Below are the core functions that make Lahebo stand out from the crowd for your risk and compliance needs:

  • Dashboard Reporting.
  • Real-time risk profile reporting.
  • Management and status reporting.
  • Earlier identification of risks.
  • Controlled Risk Register.
  • Company risks connected to the Legal Register.
  • Mitigation, Incident, and non-conformance tracking.
  • Legal Register
  • Legislative Library
  • Notification of Legislation and Standard changes.

The other features that will make Lahebo a favourite among Australian businesses are listed below:

  • Systematic Risk and Compliance Management.
  • Cost-effective packages.
  • User manuals and descriptive blogs.
  • Ease of access.
  • Responsive Customer Care.
  • Additional assistance from our Boutique consultancy Anitech for paid expert advice.

So, if you want to manage risk and comply with regulations, your business needs Lahebo. Contact us for further information; call us on 1300 802 163.

Cloud Security

Cloud Security

The security of data and intellectual property is a matter of great concern for an IT Leader. IN today’s environment, that of Security in a cloud-based environment.   It seems to be that a news item every day tells of a major serious breach at a high-profile company or government organisation. 

Use of the Cloud has increased as many organisations move to an e-commerce basis following pandemic lock-downs. Often they use Managed Service Providers to host their web-based functionality.

The cloud infrastructure differs from that of a traditional ICT environment. A traditional environment has few external interfaces.  They are usually well-managed behind a firewall and other antimalware and attack protections.  All users are registered users with a security profile.  Finally, there are limited types of devices that are known to IT attached to the network.  The chief point of concern is online security.  A second issue is users transferring data in and out of the network using online data stores like DropBox, and by using removable devices like flash drives.

Cloud Security brings a whole new range of threats.  Firstly, increasing numbers and types of external interfaces that need to be managed and monitored.  In addition to an Internet Connection supporting email and web surfing, the Internet interface now supports access to other applications.  Users want access to social media, the communications infrastructure needs to support VoIP voice, video calls and incoming connections. 

A major issue with remote access is that IT no longer has control over the devices that attach to their network.  Users can use smart devices, laptops, tablets and PCs to access it.  They can connect from home, or by WiFi from a public space.  IT needs to make sure that communications are encrypted, secured and that devices can be remotely scanned for malware.

Remote and working from home staff need access to the corporate systems anytime and from anywhere.  In the supply industries, some organisations provide customers and suppliers with limited interaction with corporate systems,  The general public want access to the corporate website, and to online support.   This environment is highly complex and provides a much larger attack surface to gain unauthorised access to systems and data.

The answer to the question “Are your data really safe in the Cloud?” is no.  However stringent the security measures, however rigorous the policing of network traffic, at some point the hackers will break the defences.  To what measure and how quickly the organisation recovers depends on the defence and recovery programmes in place.

If you have outsourced your online presence to cloud infrastructure provided by a Managed Service Provider, then most of the security issues are down to them.  You, however, need to take care of your internal issues, and have regular reviews of the security measures used by your MSP.

To consider defence first.  The usual sporting analogy is that offence is the best defence.   The anti-malware and intrusion systems must be proactive.  Implement, and use, network management software that can detect unusual patterns of activity, particularly at the firewall.   Even if it affects performance make sure that the full range of protection is enabled on your firewall.

AI and self-defining networks can go a long way to providing monitoring and alert systems that reduce the need for dedicated staff.

Don’t neglect the desktop.  Make sure all desktops have centrally managed anti-malware software, load, operational and up to date.  Malware can spread across a network with lightning speed.   All desktops need to be equipped with up to date malware protection.

The FBI state that most attacks begin with user errors.  A phishing email sent to everyone will see how many employees actually respond.  Users might introduce malware inadvertently or deliberately into the network using a removable device. They might try to steal data using a removable device.  Their DVD and USB ports should be disabled in the BIOS to stop them.

If you have outsourced your operations to a cloud services provider, data theft and security breaches might start with their staff.  Be very vigilant.

Second, how can you improve your chances of a full recovery? 

Create, and test a cloud backup regime that allows you to take your environment back to the factory settings and completely reinstall all operating and network systems, applications systems and data from a backup suite.   Test it, because it wouldn’t be the first time that backup media is corrupt or empty.

Don’t be complacent.  Even if you have industrial strength malware protection, you will be hacked at some point.  To reiterate - The answer to the question “Are your data really safe in the Cloud?” is no. 

Internet of Things  – Futures

Internet of Things  – Futures

As with most things, predicting the future of IoT is a bit of a guessing game, what we predict today is unlikely to be what we will see down the line.  The big picture may be the same, but details will be different.

For this reason, some analysts divide up their divinations into two camps, domestic or consumer IoT, and Enterprise or Industrial IoT.

The Big Picture

Opinions on this are very varied and range from the optimistic to the tinfoil-hatted predictors of catastrophe.   Some think that the future will be one of increased leisure and opportunity, others see a dystopian future like the Terminator movies with mankind struggling to survive against an AI driven IoT army.

In short, the reality will probably lie somewhere in between.

Consumer IoT

We are seeing the emergence of the “Smart Home”.  The proliferation of Fibre to the Home, 5g and WiFi have combined to allow homes to have high bandwidth, always-on connectivity to the Internet.

The Intelligent home has been with us for some time, but its efficiency and capabilities were limited by not being connected to the Internet.   That has all changed.

Consumers can install smart security systems, with IP cameras and motion detectors, automatic recording capability, and latterly, smart locks.   A PC or smart device based app gives the user the ability to monitor what is happening at home, to lock and unlock doors, switch lights off and on.

Internet-connected refrigerators monitor their contents and automatically order replacement items.  There is even an Internet-enabled toilet that determines your current and projected state of wellness and recommends to the refrigerator what, and what not to buy.

All these features will be driven by a voice-activated assistant like Alexa or Siri.   In future, they will self-educate, become much more sophisticated and move closer to almost human response patterns.

Gartner estimates that every person has at least four internet-enabled devices – smartphone, smartwatch, personal health monitor, laptop and/or tablet.   Add to that, media streaming devices, smart TVs and gaming consoles and the average home has a large network.

There is therefore a great potential for the average home to substantially increase its investment in IoT devices.

One tongue-in-cheek suggestion was for an IoT alarm clock.  It would use Internet sources to monitor traffic and weather, and if you needed extra time to get to work, would wake you up earlier.

On the downside, most home networks are not adequately protected against malware, and that will be one area that will see major growth over the next few years.  There are already reports of ransomware attacks on home networks.  To the home user, the sole copy of a video of a family event is as equally valuable as Intellectual property to a corporate.   Imagine how easy it would be   Hacking the home security system would make robberies much easier and reduce the chances of being caught.

Enterprise IoT

As described elsewhere, robotics and other automation techniques have been around for some time, supplemented recently by the IIoT and AI. That process will continue with the objectives being to reduce production costs, improve product or service quality and find new and better manufacturing or service provision processes.

We can expect to see increasing numbers of unmanned, lights-out factories, fully automated production processes, and automated management of SCADA and ICS devices.  It is likely that stock management will become fully automated, and driverless vehicles will transport material around eh factory.

Really Out There

Donald Rumsfeld once famously said “there are known knowns, known unknowns and unknown knowns”.  Simply put, we know what we know and sometimes what we don’t know, but mostly don’t know what we don’t know.   That is very true of IoT futures.

For example, ten years ago, who would have predicted driverless vehicles.

Optimists

Optimists see IoT devices, including robots and androids taking over most of the mundane tasks we currently carry out at home and at work. Some even see the IoT removing the need for human involvement in some work environments.

Pessimists

Pessimists point out that at some point, usually called the singularity, the intelligence of IoT devices will exceed that of humans. Some observers put the singularity as happening in around 2030.

At that time, particularly if AI development follows the same trajectory, humankind will be relegated to second-tier status and ultimately wiped out by a new race of androids.

We, therefore, need to be very careful when using IoT without implementing substantial upgrades to IoT security.  It’s easy to see how a ransomware attack on a moving driverless vehicle could have fatal consequences.

The tinfoil-hatted are seriously concerned about IoT and the proliferation of intelligent and semi intelligent robotic devices, especially nanobots.  They point out that without proper design, management, and control, they have the potential to wipe out all biomass on Earth at worst or create a real-life Terminator environment at best.

Overall, the IoT has the potential to make significant improvements in our lives but will require careful management to ensure that the social changes in its wake do not overwhelm us.

 

The Internet of Things in Industry

The Internet of Things in Industry

Manufacturing industry has been looking at automation as a means of boosting quality and productivity for many years, from the days of Henry Ford inventing the production line to the increasing use of robots and the IoT.

Today’s critical industries encompass both the infrastructure and manufacturing sectors.  A new suite of low-cost energy-efficient devices, accessible through WiFi provides the ability to link with Cloud-based applications such as Big Data analytics.  

Some commentators refer to the new era as Industrial IoT (“IIoT”) or Industry 4.0.  Adding IIoT to the mix brings a whole host of new opportunities to continue the process.

On the downside, the relative newness of Industry 4.0 brings new risks as it is deployed. Increased state surveillance, increased criminal activity and supply chain risks follow on from incomplete, missing, or defective cybersecurity included in the new device’s firmware and software.  It clearly needs a stable power and communications infrastructure to operate successfully.

Having accepted all that, and that we need to have robust backup systems to keep the IoT devices running, what are the areas that will benefit from the IIoT?

A Brief Overview of IIoT

IIoT uses much of the same technologies as the broader IoT.   At the end of 2019, there were around 27Billion IoT devices, and over 30Billion are expected in 2022.    The IIoT market is expected to have reached $200Billion in 2021.

IIoT includes the pre-existing Systems Control and Data Acquisition (“SCADA”)  and Industrial Control Systems (“ICS”) systems that are in operation in industrial control and management environments and infrastructures.

IoT brings them together with the objective of enhancing efficiencies and optimising production in manufacturing and the wider delivery of products and services. There will also be benefits in safety improvements and cost reductions.   Many ERP systems can now use data supplied by IoT devices to track and analyse the real-time production process, monitor the condition of manufacturing equipment and provide input to predictive analytics. 

It has also provided new network infrastructures. In the early days, all IoT transactions were sent to core systems for analysis and response.  This generated large volumes of network traffic that could reduce service levels in other applications.

After some thought and research, it was realised that many trans actin were ignored by the core processes.  Moving the analysis functions to the edge of the network would significantly reduce the network traffic, saving cost and improving service levels.  Cloud technologies gave the opportunity to do this, and so, the concept of “Fog Computing” was born, in essence, having many semi-independent network clouds at the network edge.   Transactions were processed in the local cloud, and only the summary transactions needed for overall monitoring were passed back to the core systems.

A new breed of IIoT devices has recently come to the fore,  autonomous transportation.  Just like driverless cars, factories can now use driverless vehicles to transport work-in-progress and finished goods between production steps and finished goods warehouses.   The difference between the prior automated transport systems and the latest driverless vehicles is that the new vehicles are not limited to pre-determined routes laid out as tramlines.

What’s Next?

What is to come rather dep[ends on the continuing development of the hyper-connected Internet environment promised by recent advances in 5G, WiFi and fibre technologies.   Some countries are rolling out smart cities with ubiquitous WiFi coverage and Fibre to the Home.    As infrastructure developments continue to roll out, the ability for Industry to connect factories, suppliers and customers will improve.

Large amounts of data that need to be processed by advanced analytic software will travel on these new superhighways and will need to be met by significant processing and storage capacity.  The growing adoption of Cloud Computing will enhance the process.

A new factor that has emerged over the last two years, following restrictions imposed by the pandemic is the increased use of remote working, both from a mobile perspective and from the new working from home paradigm.

This will change how industry operates, particularly in the service industries, and will build on the infrastructure improvements currently underway.   As an example, 5G, despite its health risks and WiFi communications will allow seamless broadband communications from areas currently underserviced or not serviced at all.

Artificial Intelligence

Strictly speaking, Ai is not part of the IoT, though it will leverage the benefits flowing from the adoption of IIoT in the workplace.   The significant amounts of raw data generated by IIoT can be processed by an Ai engine to increase understanding of the data and the information hidden in it.  For example, it is already starting to be used in the mining and petrochemical industries to analyse survey results and indicate where minerals or oil could be found.

In general terms, AI, linked with IIoT can be used in machine learning to allow individual IIoT devices to improve, alert and on occasion decide how best to operate.

Summary

IIoT Is here to stay in industry, in both the manufacturing and service sectors.  The benefits that accrue from being able to process, and with AI, analyse large amounts of raw data can mean the difference between a cost-effective and a redundant process.

To be sure, there are significant cybersecurity issues to be addressed and overcome, but experience shows that is a struggle between the black hats and white hats that will continue.  This time the difference is that failure can have very serious consequences.

Overall though,  industry is embracing IIoT.

Internet of Things – Security Concerns

Internet of Things – Security Concerns

Security has always been at or near the top of the to-do list for all heads of IT.  The last two years have given security considerations a savage twist.   Working From Home and providing remote access to systems and data has become a necessity for many organisations.   Because IT has little or no control over remote devices, that in effect, is an implementation of an IoT environment.

Simply put,  IoT expands the attack surface exposed to threats and potential malware attacks. Add to that, many organisations don’t have the resources or skills to implement the best practices in IoT security.   The increasing spread of IoT devices into homes also opens domestic networks to attack. 

Estimates put the number of IoT devices in 2022 at over 50Billion worldwide. 

IoT Security – Why is it Important?

One simple example illustrates the point.  Driverless Vehicles.  Hacking into a sensor or control mechanism could have serious or even fatal consequences.   Extend this to automated manufacturing environments, and the seriousness of potential malware attacks on IoT devices is obvious.

IoT devices are not just for businesses.  Fibre to the Home and domestic WiFi has brought IoT into the front parlour.  A smart home could have a security system with IP cameras, smart locks and motion sensors.  Individuals could have smart devices, laptops, digital wearable devices like watches and fitness monitors.  Internet attached Smart TVs have recently become common, with the children using gaming consoles to compete on Internet gaming platforms.   Some cable companies offer an Internet-based streaming service. 

The wide diversity in IoT devices brings security and operational issues in its wake.  Currently, there is a determined move towards standardisation and compatibility between devices, but this is by no means complete.  Device portability also raises security concerns.   These gaps are exploited by hackers to carry out information thefts and attacks on corporate and increasingly on home networks.

Unfortunately, as described below, as yet, IoT security has not had the rigorous attention as have other aspects of network security.

IOT Security Issues

Device Vulnerabilities

Many IoT devices have not been designed with security in mind, and many lack the capacity to operate a security environment.   Another reason is the short development cycle of secure firmware and limited budgets intended to ensure a fast time to market and a low price point for the devices.

Two malware attacks have been recorded on IoT devices, URGENT/11 and Ripple20.

A second attack surface is the applications software used to manage the IoT device, which sometimes is not part of the anti-malware defence environment.

Device portability is also an issue.  Users can bring flash drives, smart devices and e-readers from home to work and attach them to the corporate network.   Even if they do not carry malware, they can be used to steal confidential information.

Hijacked Devices

This is a particular issue of home systems, where users don’t activate or configure the inherent security features in their IoT device.   They may also use easily hacked passwords.  Hijacking an IoT device can be used as a prank or can be used as an entry point to a domestic or corporate network.

Malware

Cybercriminals are increasingly looking at IoT devices as a target in themselves, or as an entry point to networks and systems.  One recorded exploit was when the Mirai botnet downed major websites and services worldwide.   Ransomware is a recent and rapidly growing threat.

Compromised IoT devices can also be used as the base for DDoS attacks, as the source for infecting other devices, or as an entry point to a corporate network.

Data Security

Quite apart from using an  IoT device as the entry point to a corporate network, some devices store information that could be stolen.  In a research environment, this could be valuable IP data.

Operational Issues

The FBI say that most successful malware attacks are because of actions, malicious or otherwise, initiated between the keyboard and the back of the chair.  A complex network (some home networks are at or beyond this status), needs proper management, an understanding by users of what constitutes a  cyber threat, and what to do if they suspect they have found one.

One other operational issue is the misconfiguration of IoT devices, or not setting up the security features at all.

Protection

Step 1 – Does it need to be on?

Look at all your IoT devices.  Not all will need to be switched on and connected 24/7/365.   Switch them off when not needed.

Step 2 – Create a separate network for IoT devices

If a hacker does manage to break into an IoT device, limit his ability to move on into the corporate network by having all IoT devices on a separate logical network.  This means that your router needs to be completely secure.

Step 3 – Check for Updates

Regularly check for firmware upgrades for your IoT devices.

Step 4 – Check your Anti-Malware Software

Make sure you are using anti-malware software that provides coverage for IoT devices. Not all do.  If necessary change.

Summary

IoT security can be a minefield, particularly for the home user.  However, there are tried and trusted solutions and techniques too make an IoT environment as secure as possible.

Internet of Things

Internet of Things

Internet of Things – What is It?

The scope of the digital revolution has spread over the last few years to devices we would not imagine needed a digital connection.   The media have latched onto this, calling it the Internet of Things (”IoT”). We’ve read of web-enabled fridges that will automatically order replacement food, robot cleaners that will make your home sparkling, and that the day of androids taking over mundane tasks is nearly here.

The reality is a little more prosaic, being the development of driverless cars, smart microwaves, and other digital improvements in transport and manufacturing.

In this series of four short articles about IoT, we will look in hopefully a non-technical way at what is meant by IoT, security concerns around its implementation, how it is affecting manufacturing and what is coming up.

IoT – a definition

Broadly speaking the IoT is about extending the power of the Internet beyond computers and smart devices to other devices, environments, and applications.   One commentator has put it very simply as connecting everything in the world to the Internet.

The process has been underway for a few years and is predicted to accelerate in the next decade.

Why does the IoT matter?

Connecting stuff to the Internet allows them to communicate. A good example is listening to music on a smartphone.  Your phone doesn’t store the music, just pulls it down from a storage location somewhere on the Internet.

Low-cost computing and ubiquitous connectivity enable synergy between the cloud, big data, analytics, and mobile technologies.  In a broader sense that makes devices smarter, and they can carry out mundane routine tasks previously made by people.   One commentator described it as “The physical world meeting the digital world—and they cooperate”.

The Technology base of the IoT

Most of the technologies used by the IoT have been around for a while.  It is only relatively recently that advances in different fields have come together to make IoT a practical proposition:

  • Micro-technology.  Low-power and low-cost sensors.
  • Ubiquitous Connectivity.   The expansion of cellular and WiFi coverage has made it possible to remain connected while mobile.
  • Standards.  New connectivity standards and protocols have made it a lot easier to connect devices for easy data transfer.
  • The Cloud.  Cloud platforms are  more and more common, allowing businesses and individuals to scale their infrastructure without needing to manage it.
  • Machine Intelligence.  There have been significant advances in machine learning and analytics recently.  Applying MI to Big Data gives businesses a competitive edge and can further allow IoT devices to carry out tasks previously carried out by humans.
  • Artificial Intelligence.  Having the data, and connecting to the devices that supply and use it, is not much use if it needs to be processed before acting on it.  New AI environments using natural language processing like Siri, Alexa and other conversational AI systems take the reach of the IoT into both business and the home.

How does it work?

A typical network has a central core where the main processing happens with devices at the edge, such as the PCs and smart devices that people use connected to it.   The Internet is simply lots of these networks all linked together.  An IoT network is exactly the same.

As an example, in an IoT smart manufacturing environment, the edge of the network is a mixture of sensors, operational devices like computer-controlled devices (“CNC”) and user-managed devices.  The sensors record what is happening, pass the information back up the network for processing, and the CNC devices act on the instructions passed back to them.  Operators and managers can see what is happening using their personal devices and if necessary can pass control instructions to the CNC machines.   A loop, if you like.

Why Use IoT at Home?

To take a very trivial example, you wake at the same time every working day when your alarm clock goes off.  Some days, everything goes well, other days things go wrong.  Your train is cancelled or it’s raining, so it will take longer to get to work.

If your alarm clock was an IoT device with an AI capability, it would know these things and reset your wake-up time to earlier to compensate for these problems. A really smart alarm clock would communicate with your IoT coffee maker to tell it to start percolating earlier so your coffee is ready now you are up earlier.

Why Use IoT in a business?

IoT provides better insight for a business into both internal and external operations.  The detailed level of information can be used to identify and implement new efficiencies in an operational process, improve the management of physical assets and assist with compliance with regulatory requirements.

It can also create an entirely new business model.  As an example, in the motor industry, a manufacturer’s involvement with a vehicle ends when it ships to the dealer, where the new owner purchased it.

Having a connected car means that a link between the manufacturer, dealer and owner is established.  Rather than an outright purchase, the owner pays a usage fee to the manufacturer or dealer based on how much they drive.  The manufacturer can also continuously upgrade the vehicle software.  One commentator, rather tongue-in-cheek referred to the concept as MaaS (Motoring as a Service).

Summary

IoT means many different things to many people.  As technology in its infancy and one with the power to generate profound social change, it has a long way to go.  Industry and commerce are already using IoT, linked with other emerging technologies like AI to improve their businesses, both internally and in terms of customer service.

To quote someone or another, I forget exactly who, “You ain’t seen nothing yet”.