When you read technology news, security (or lack thereof) dominates many of the headlines. When you scan the titles of talks at Agile conferences, or you skim blog posts about Agile, you don’t see as much discussion about security. Agilists aren’t indifferent to security, but there are few clear guidelines for how to incorporate security into Agile practices. Fortunately, the ways to address security within Agile practices are not too hard, but as with anything related to security, the earlier you deal with it, the better. Security often fits into the work of an Agile team in the following ways: Tasks needed to implement a story. Security often appears within implementation tasks (“When I write Read more
Posts Tagged 'security'
The embarrassing hack of Sony’s corporate information, followed by the company’s decision not to release The Interview because of vague online threats, has already resulted in a lot of hand-wringing about how secure corporate information is, and whether companies have done all they can to secure it to the utmost. Owners, shareholders, customers, and partners will want to relieve that anxiety, so 2015 may be the year of a lot of impromptu security projects. Given the scale of the urgency and unknowns, coupled with the potential for a lot of unintended business consequences, 2015 may be the year that many IT departments consider a more Agile approach to security. The worst response to the Sony Read more
I predict there will be a major hack to a connected devices, causing havoc and putting a temporary damper on the stampede towards the Internet of Things. It will be widespread, as the hackers will want to show just how vulnerable we are. This will be a temporary setback, and the precise impact will depend on the severity of the damage done — but the Internet of Things development will continue. In a related note, it will be revealed that the government has experimenting with novel ways to conduct surveillance using these connected devices. My biggest bet is that LEDs used to light public areas will be the first discovered, but there may be even Read more
As mobile computing has made sophisticated, digitally-mediated interactions possible in both personal/consumer and business-like capacities (BYOD) – the market and the challenges associated with it have exploded. Taking a step back to when the technologies that underpin mobile computing and networking were developed, it was assumed that each user had some level of expertise, that the use cases were quite limited in scope, and that the overall numbers of users were constrained. Fast-forward to present day, the massive scale of mobile computing adoption, the broad scope of supported use cases, and the “naive” user base has created a number of serious issues that the IT industry must grapple with now. Chief among these problems is Read more
There are times when major trends intersect. Sometimes they reinforce each other; other times they cancel each other out. In the case of Target’s security problems, there seems to have been a fair amount of interference (to read my earlier Advisor on the Target security breach, see “Cyber Security: Inside and Out“). The FireEye software that was supposed to warn of the kind of exposure that did Target in reacted as it was supposed to: the basic problem was flagged and diagnosed immediately, and a warning message was included in one of the security logs and highlighted by analysts at Target’s Bangalore security center. Unfortunately, the critical message was not deemed worthy of immediate action by the Read more
If you wear the CIO hat of a very large retail company, what could be worse than to have your site broken into and tens of millions of customers’ information records stolen and … right at the peak of the holiday season? Well, I suppose it could be worse if your organization had recently spent millions to buy the latest in security equipment and software and set up a large, 24×7 monitoring center halfway around the world to monitor the critical alerts from security software … and then when someone 12 time zones away did notice that the organization’s networks had been breached and sent a notice to their overlords in the US, nothing much Read more
By the end of the decade, self-driving cars will be on the roads in many developed countries. The electric grid will tell our heaters when it is more economical to run, “learning thermostats” will be in many homes, and we will track the movements of people, pets, packages, and many other things. By some estimates, the number of devices connected to this “Internet of Things” (IoT) will pass the number of connected human users by 2016. The question is: will serious accidents be necessary before people take the risks seriously and harden this infrastructure? Because the IoT senses and controls physical objects, serious harm can happen — either accidentally or intentionally. We need devices to Read more