Information Security Blog

Disruptive Technology: Coming Soon to Your IT Environment

Disruptive Technology: Coming Soon to Your IT Environment

17 Flares

17 Flares


×

Everywhere you look, technology is changing the game in terms of how businesses have traditionally operated. Lately I’ve been doing a lot of work with organizations in the taxicab industry, which is challenged to adapt its IT security infrastructures and policies to manage waves of disruptive change.

One major vector of disruption in this industry is e-Hail services. When you download an e-Hail app and sign up for the service, you give the provider a credit card number. Then whenever you need a cab, the app automatically determines where the closest available “partner” cab is located, and dispatches it to you.

disruptive-technology

While this service is popular with cab users, it circumvents traditional cab dispatch systems, and thus introduces a host of security and service concerns. For example, how much authentication does the app provider do on who registers as a driver? Passenger location information (which implies “I am in a low-traffic area, have money but don’t have a car and may be alone.”) is potentially available to anyone who signs up.

There are also a host of enforcement and regulatory issues related to how these services work. Say you’re a cabby and you sign up independently with an e-Hail service provider that lets you purchase a “gold plan.” This gives you dispatch priority over cabs on the “regular plan.” The e-Hail provider is now effectively extorting money and generating different service levels in what had formerly been a more level playing field. Then there’s the possibility of bribes, kickbacks… all sorts of issues come up around the fairness of the new system and the enforcement practices that municipalities need to put in place.

Enforcement agencies are having difficulty dealing with e-Hail apps in the areas they’re responsible for. For example, in New York City there’s been a push to come out with what’s known as a memorandum of understanding, which effectively specifies how the City wants any such apps to operate within its jurisdiction. Other major cities in the US and around the world are dealing with similar issues in their own ways.

Even more disruptive to “business as usual” in the taxicab industry are carpooling or peer-to-peer ride-sharing apps. Even the tech giant SAP now offers a carpooling app as part of its push for corporate sustainability. Is this “a new era of hitchhiking”? Or are drivers effectively operating as gypsy cabs – with no insurance, no training, no maintenance checks on vehicles, and so on. Is that ride you just signed up for safe? The due diligence of the app provider is perhaps the only source of data to track drivers and passengers. And many such providers want regulators to view them as information services rather than transportation services, and thus limit access to driver/rider data.

If a cabby or ride-share provider is shot and killed by a passenger, how does the local enforcement agency find out who was in the back of that cab? There are long-standing, well-understood processes in place for that today within the regulated taxicab industry. But now third-party app providers are involved. Do they keep the right records and do they keep them for long enough? These new services are adding layers of complexities to the regulatory and IT security environments of this industry.

Your company may not be in the taxicab industry, but chances are that it will face challenges of a similar scope in the near future due to disruptive technology. To cite but one example, a recent Gartner study predicts that by 2017 half of employers will require employees to supply their own devices for work purposes: “… the most radical change to the economics and the culture of client computing in business in decades” according to a Gartner analyst. Who will own the data on those personal devices? Will companies wipe departing employees’ personal phones? Lines around privacy and security quickly get blurred.

Predicting the impacts of disruptive future technologies is next to impossible – there’s only so much planning you can reasonably expect to do. But if you have a solid IT security foundation in place, you’ll almost certainly be able to roll with disruptive change with less cost, risk and vulnerability than if your environment is less mature.

Photo by Scott

0


Free Whitepaper: Five Best Practices for SIEM

siem-whitepaper

The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

Free Download: A Best Practices Guide to Database Security

database security roadmap

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Download: Information Security Attestation Guide

Information Security GuideA Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Free Whitepaper: Stop Wasting Money on Penetration Testing

penetration-testing-whitepaper

Penetration Testing is most frequently performed to:

  • Substantiate the net effectiveness of a mature control environment
  • Prove to a third party that an environment is secure/trustworthy
  • Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
  • To validate that significant changes did not have unanticipated results

Free Download: ISO 27001 Vendor Selection Toolkit

“ISOOur ISO 27001 Toolkit will help you to select an ISO 27001 consulting firm.
  • Review the Issues Critical to Your Environment
  • "Vet" Vendor Qualifications
  • Compare the Top 3 Vendors
  • Sample RFP Included

Free Download: ISO 27001 Implementation Roadmap

ISO 27001 RoadmapHave no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Is ISO 27001 Right for (Y)our Organization?

iso-27001-webinar

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

  • How to deal with increasing threats
  • How to manage multiple regulatory requirements
  • How to handle client requests for attestation
  • To validate that significant changes did not have unanticipated results

Best Practices for Firing A Network Security Administrator

Firing A Network Security AdministratorWant to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

About the Author:

Marc Silverman, CISSP - Senior Security Consultant

Add a Comment

17 Flares Twitter 8 Facebook 3 Google+ 4 Pin It Share 0 LinkedIn 2 Reddit 0 StumbleUpon 0 Email -- 17 Flares ×