Internet of Things Makes Patch Management Unruly
When installing my new television the other day, I found that I had to install a new network switch in my multimedia cabinet. It turns out that the new TV had a place to plug in a network cable and being naturally curious, I wanted to find out what I got when I plugged the Television into a home network. It turns out I get the same things that I already have on my DVD player, my Tivo, my AppleTV, my receiver, and my Windows Media PC.
OK, you got me. I’m a nerd when it comes to my entertainment center. Who else needs a 6-port switch for their entertainment center? I know wireless exists, but Gigabit Ethernet is the way to go for streaming content from my other Windows computers and from the Internet. All of this is very cool and very geeky. Gartner describes this as the Internet of things.
The other day my DVD player graciously reminded me that its software was out of date and needed a firmware upgrade. It took about 20 minutes before I could watch a DVD frustrating me and the kids waiting to watch the movie. The Tivo just updated overnight. The Windows Media Center updates what seems like just about every time I use it and the AppleTV mysteriously has new icons for me to play with every time I switch over to it. Who’s tracking all these updates? I’m hoping they give me new features but more importantly, I’m hoping they keep me secure.
Take this to the next level. My buddy has connected all his lights, thermostat, home security, doggy door, and who knows what else to the Internet. It’s gotten to a point that home thieves don’t need to know how to break glass or work a lock, they need to know how to hack your home security.
With all of these devices connected to the internet, how secure are you? HP investigated the companies who create these products which include intelligent appliances, garage door openers, sprinkler controllers, remote power outlets, etc and found them to be lacking some basic security measures. These include plain text communication, storing passwords that were easy to hack, and stored and unencrypted personal data. Do you know if you name, address, or even credit card information is stored on your garage door opener?
On the bright side, these vendors are coming up with clever ways to at least update these devices from the Cloud, sending down new firmware to fix security issues. However, how do you know if you have the latest software on these devices? How do you know if your personal information is encrypted and your data safe?
What if you are a business and you have some of these devices in the workplace. Is it IT’s responsibility to secure these devices? This poses a question of “who is responsible for securing and updating the Internet of Things?”
Share with me your thoughts on what IT is doing to prepare for the Internet of Things? What are some of the ways patch management will change in the future?