Why ITOM and DevOps are more critical than ever
We’ve reached the point where nearly every aspect of our lives are interconnected. Our homes, cars, offices, our commutes, practically every facet of our day-to-day existence has a device associated with it (in fact, several), all of which are designed to make life smoother and easier. The interconnected world is, in theory, a wonderful place to be. Until it isn’t.
What’s the concern? There are multiple currents in play here, but they all revolve around a core driver– security. These “things” (as in “Internet of”) are being produced across an enormous range of applications at a far faster rate than a secure enabling infrastructure that can support them. All of these myriad Things are being designed for convenience and rapid adoption, and by that criteria are clearly succeeding, however, security as an integral part of the design process is often an afterthought.
How concerning is this? Four quick examples:
Home: your home security system could easily be accessed through an unsecured device on the network (e.g. your refrigerator), then monitoring cameras can be turned on or off, doors unlocked, etc. Manufacturers add network accessibility to devices to track usage and improve the product, but don’t think of the associated security risk because that is normally outside the scope of their core competency.
Car: Your car is essentially a mobile device. Most of the electronics on cars are connected to a CAN (controller area network) bus, which carries data without the benefit of encryption. Which means once someone hacks in, they have access to everything. It’s already been proven that hackers can remotely take control of a car while its in motion, and this is likely to be even easier if its an autonomous vehicle, since they’re designed to be controlled remotely.
Commute: most of our infrastructure is woefully unsecured. The information architecture limitations associated with cars also apply to subways or buses (same risk, bigger scale). Traffic lights are normally managed through a under-secured control system. Suppose a hacker decides to turn all stoplights green at once?
Office: Most newer buildings are “Smart”, with centralized control systems for everything. Same risk profile as your home, but on a much bigger scale. Imagine all the sprinklers in an 80 story building going off at once, or all the elevators shutting down simultaneously.
The enabling software that supports these device needs a paradigm shift from a design, development and deployment perspective, and it needs to happen immediately. This is an excellent opportunity for DevOps (the development of software than enables the device to be smart) and IT Operations Management (which manages and reports back on the devices in a production environment), to take a leading role in securing an interconnected world. “Things” are by definition, operational in nature; having a closed loop that ties ITOM to DevOps is the framework that will integrate security as a foundational element for the billions of devices which surround us. If they’re not secure, neither are we.