Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Security Businesses

CIOs Spend a Third of Their Time On Security (enterprisersproject.com) 110

StewBeans writes: Much has been discussed about the potential security risks of an Internet of Things future in which billions of devices and machines are all talking to each other automatically. But the IoT market is exploding at a breakneck pace, leaving all companies scrambling to figure out the security piece of the puzzle now, before it's too late. In fact, some experts believe this issue will be what separates the winners from the losers, as security concerns either stop companies from getting into the IoT market, or delay existing IoT projects and leave the door open to swifter competition. That's likely why, according to CIO Magazine's annual survey, CIOs are spending a third of their time on security. Adam Dennison from CIO said, "If IT leaders want to embrace the sexy, new technologies they are hearing about today—the SMAC stack, third platform, Internet of Things, etc—security is going to be upfront and at the center of the discussion."
This discussion has been archived. No new comments can be posted.

CIOs Spend a Third of Their Time On Security

Comments Filter:
  • Is that more or less than the percentage spend on porn?
    • Wrong security. It's on dealing with security guards, creating plans for escorting people to the exits, while hiring H1Bs and/or people overseas, as well as physical building security, and personal security for executives, because sometimes the riff-raff get uppity.

  • Already solved (Score:5, Insightful)

    by Jack Griffin ( 3459907 ) on Sunday November 22, 2015 @09:39PM (#50982859)
    I'm already using the most robust security model for the Internet of Things. I call it Things. My fridge doens't need an internet connection, nor does my light switch. My Smart TV thinks it does, but based on recent information I am in the process of removing that privelege.
    I think the difference between the winners and losers will be the CIO's that don't feel the urge to jump onto flavour of the month hype and connect everything to the Internet.
    The entire concept breaks the first rule of Engineering. Keep it fucking simple you fucking fucktards.
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      My fridge doens't need an internet connection, nor does my light switch.

      You're quite correct, it doesn't.

      But you will buy and use an internet connected fridge and lightswitch and garage door opener anyway. Wanna know why?

      Because eventually you will need a new fridge, lightswitch, and garage door opener, and the only models sold will be IoT models. "I"ll just not connect them", you think. But they will refuse to operate if they can't phone home. We're already seeing the start of this trend today.

      Either you will go without a fridge, or you will use a connected IoT fridge with

    • by khasim ( 1285 )

      I'd say to RTFA but I'll save time and just post this quote from it:

      Some of the largest organizations have an issue with an aging workforce that is more resistant to the impact of digital change on our businesses and in our lives.

      See? It's about those old people with all their so called "experience" obstructing you from embracing the new model.

      The year before was commonly dubbed âoethe year of the breachâ in IT circles, so we were not shocked to see that time spent on security management jumped fr

      • by lucm ( 889690 )

        time spent on security management jumped from 24 percent in 2014 to 31 percent in 2015.

        Wow! 24% of their time WAS spent on "security" and yet we read about breach after breach after breach. I'm sure that adding those additional 6 percentage points will make all the difference.

        I guess the missing 1% in your calculations got lost in one of those breaches you keep reading about

    • by AHuxley ( 892839 )
      +1 Sneaker net anything needed to the smart TV. Use the functions offered per file but keep it away from any networking. If networking is needed, do it with a device that only works well for its own network, brand and then unplug. Too many devices phone home over years of usage.
    • I'm already using the most robust security model for the Internet of Things. I call it Things. My fridge doens't need an internet connection, nor does my light switch. My Smart TV thinks it does, but based on recent information I am in the process of removing that privelege. I think the difference between the winners and losers will be the CIO's that don't feel the urge to jump onto flavour of the month hype and connect everything to the Internet. The entire concept breaks the first rule of Engineering. Keep it fucking simple you fucking fucktards.

      They will keep it fucking simple. As a consumer in the near future, you will no longer have the privilege of "removing" said privilege, so you won't have to worry about "options" anymore. You will either connect your IoT device properly and never be offline, or the device will not fucking work.

      They will also keep it fucking simple by not worrying about any of that complex security bullshit, because there will be no security.

      Our future is rather fucked when it comes to security, but really, it's no differ

    • "I'm already using the most robust security model for the Internet of Things. I call it Things"

      Yes, and I have the most secure home on the planet because I'm homeless!

      " My fridge doens't need an internet connection, nor does my light switch. My Smart TV thinks it does, but based on recent information I am in the process of removing that privelege."

      You also don't need a toilet as you can shit in a bucket. It's simpler. You do shit in a bucket right? Tell me you don't violate your own principle on a daily

      • by roca ( 43122 )

        It turns out that you do not need to connect a fridge to the Internet for it to do its job well. Internet connection might make certain activities slightly more convenient ... at the cost of an increase in hidden complexity that you'll pay for down the line, e.g. when your fridge is recruited to a botnet.

        A horse is actually far more complicated and difficult to maintain than a car, so that analogy fails. Cramming cars with needless gadgetry is indeed making them dangerously complex and we're going to pay fo

        • "A horse is actually far more complicated and difficult to maintain than a car, so that analogy fails. "

          But it wasn't simpler to "create", at least for us humans. I also totally disagree that a horse is more difficult to maintain; you just have somebody else do the hard part for a fee, unless you are telling me you rebuild your own engines and own horses, I call bullshit on your claim (one can as easily outsource horse maintenance, and car maintenance is far more complicated.

          "Cramming cars with needless ga

          • You still have to feed a horse, even if you don't plan to ride him anywhere today.

            And I think that "avoid unnecessary complexity" and "avoid unnecessary dependencies" are good rules for engineers to follow, even if you don't.

            • You truly are mindless. I never suggested that that "avoid unnecessary complexity" and "avoid unnecessary dependencies" are not good rules for engineers to follow. That isn't what was said. The non-rule I contradicted was ". Keep it fucking simple you fucking fucktards.", which is an entirely different thing. Of course, everything we develop is technically "unnecessary complexity" so it really comes down to what you mean by "unnecessary", and matters of degrees. Now off you go ...
              • The non-rule I contradicted was ". Keep it fucking simple you fucking fucktards.", which is an entirely different thing.

                No it isn't. That was my creative paraphrasing of the well understood principle of Keep It Simple Stupid (KISS). If you haven't heard of this before then you need to hand in your geek card now.

          • by roca ( 43122 )

            Horses need to be fed, watered, cleaned-up after, and groomed. They sometimes get sick with a huge variety of different ailments, which need to be cured in lots of different ways --- you can't just swap in a new part. They have personalities and moods. They grow, get old and die. Outsourcing all that is not really practical because most of it happens where they're stabled; if you outsource that then it's comparable to a taxi, not a personally owned car.

            Some gadgetry gives much better cost-benefit than other

            • Cars need to be fed / watered (gasoline), cleaned-up after (they get dirty), and groomed (maintained with regular checkups at the garage.) They sometimes break down for a variety of different reasons. You can't always just "swap in a new part", and even when you can it is often cost prohibitive. I could go on, but the point is clear. For every claim you can make about the cost and effort of using the horse, I can draw a parallel to the car.
              • For every claim you can make about the cost and effort of using the horse, I can draw a parallel to the car.

                The car is cheaper and easier, and does more for less effort which is why people choose cars over horses.
                Samsung make a Internet enabled fridge right now, today. How many people do you know that choose this IoT version over the simplified version?

                • Don't you think that is a pretty frigging stupid question? How about, how many have they sold? That is a meaningful metric. Your just insisting someone come up with an answer that can't be found. Nobody could possible know how many had the opportunity and turned it down.
                  • Nobody could possible know how many had the opportunity and turned it down.

                    Er, can't you just ask them? Seriously, next time you're out for drinks, at a BBQ, or around the water cooler at work, ask your friends who thinks an Internet Fridge is something they're thinking about buying.

          • All gadgetry is needless gadgetry.

            I take it you've never been to a hospital...

      • Yes, and I have the most secure home on the planet because I'm homeless!

        But that isn't secure. A homeless person suffers more illness, diseases, assault and death than people who own their own homes. If you are going to make a point try and make one that actually makes sense.

        You also don't need a toilet as you can shit in a bucket. It's simpler. You do shit in a bucket right? Tell me you don't violate your own principle on a daily basis!

        Again, functioning plumbing is relatively simple ( I have a 70 year old house with mostly original plumbing that still works. Please show me a computer with the same record), and it a lot simpler than a bucket and water that has to be refilled and dumped each time. It is also much cleaner making me more se

    • by FAB10 ( 767615 )
      It's much better to KISS. KIFSUFF is overcomplicated.
  • 2/3 on anything else except security.
  • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Sunday November 22, 2015 @09:53PM (#50982905)

    And we really, really mean it this time! Security all the way!

    No. It won't be different. And they do NOT spend 1/3 of their time on security.

    Most of them don't even know what security is. Or why you cannot buy it. It's just another item on a checklist for them.

    • by Tablizer ( 95088 )

      And they do NOT spend 1/3 of their time on security. Most of them don't even know what security is.

      Those are not necessarily mutually exclusive. They could spend 1/3 of their time going, "duuhh, why is my ass posted on Facebook?"

  • by penguinoid ( 724646 ) on Sunday November 22, 2015 @10:00PM (#50982937) Homepage Journal

    If the CIO of an Internet of Things company is spending 1/3 of their time thinking about security, yet is still so incompetent... maybe they would be better off paying 1/3 of a CIO's salary to a random slashdotter for 5 minutes of their time.

    Of course, no matter how long they take thinking about security, they're still going to sacrifice security for usability every time, so I don't know what purpose thinking about it has.

    • by lucm ( 889690 ) on Sunday November 22, 2015 @11:43PM (#50983273)

      It's tough being a CIO. He looks like he's up there, but the CEO, CFO, COO and all other cool CxOs all look down on the CIO and make fun of him in his back, they don't even invite him to join them at the cool people's table at the office Christmas party. He sits at the loser table, with the head of HR and the head of facilities, and instead of hearing the good stories about coke parties and hookers, he hears about groupons and vacations in Punta Cana.

      People, give a break to your CIO. He's a reject and a commodity like everyone else in IT, and sooner or later they'll replace him with someone from that Indian company where he outsourced your job.

    • " they're still going to sacrifice security for usability every time"

      One could reasonably categorize a security professionals job as sacrificing security for usability, but deciding exactly how to best do that and still cover as much of the security landscape as possible.

    • Me, me! I'm Random Slashdotter...
  • If I was surveyed (and I have been), I'll report what I worry about the most. That may or may not be what I actually get to spend time on. If I was a politician (and I'm not), I'd strictly answer what the questioner wants me to worry about the most.
  • by roca ( 43122 ) on Sunday November 22, 2015 @10:12PM (#50982977) Homepage

    Many CIOs will dive head-first into IoT, get a lot of good PR, stock prices will rise and they'll be rewarded. Then their companies will discover the IoT security nightmare, get lots of bad PR, stock prices will sink and the CIOs will blame it on someone else. Result: happy CIOs and IoT vendors and an absolute disaster for everybody else.

  • by matbury ( 3458347 ) on Sunday November 22, 2015 @10:12PM (#50982979) Homepage

    I believe in better security by cutting back on extra, unnecessary features; all they do is provide more surfaces for finding vulnerabilities. I recently bought an IoT washing machine and have stripped back the extra features, like wash, rinse, and spin cycles, so that all it does is send SPAM messages and participate in DDoS attacks.

  • If CIO's are only spending one third of the time, it's obvious why things are so insecure in general. Pffft.
    • How much time do you expect them to spend. I would say 1/3 is pretty damn good, and if you don't then you probably have little experience with executives and their responsibilities. I don't actually believe they are spending that much time on it, but if they are it is a pretty damn good number.
  • Oh CIO - as the inexorable IoT takes over the intertoobz - you will fondly look back on the days when only 1/3rd of your time was spent on security. Just wait until the CEO calls because his Android penis pump won't shut off because a rival company hacked it.
  • by Anonymous Coward on Sunday November 22, 2015 @10:42PM (#50983075)

    And particularly those who said Windows is unsecurable. I remember the days when UNIX ruled the business landscape, was on the Internet, and generally a medium sized shop could use a large UNIX box and run all services with 99.9???% uptime. Was stunned people believed Microsoft and tried replacing the UNIX boxes with a single or a few Windows NT boxes. Laughed when I heard how NT apps would crash the whole OS and so all the other services/apps so they started putting one service/app on a Windows NT server. ROFLMAO hearing how they then doubled those numbers to try and get close to 99% reliability with these redundant servers. There is a _great_ snake oil salesman out there going by the initials Bill Gates.

  • "...leaving all companies scrambling to figure out the security piece of the puzzle now, before it's too late."

    This statement is made as if companies themselves do not control the design and development of their own damn products. The simple fact is they do, and they'll either choose to do the right thing and prioritize security, or they'll choose to do the greedy thing and rush to market.

    Of course, we all already know what they will choose. Otherwise we wouldn't be having this discussion.

    "...security is going to be upfront and at the center of the discussion."

    Might as well stop throwing this kind of bullshit around until you look back through consumer-throwaway-product history and try

    • "This statement is made as if companies themselves do not control the design and development of their own damn products. The simple fact is they do, and they'll either choose to do the right thing and prioritize security, or they'll choose to do the greedy thing and rush to market."

      Companies don't controll other companies development, and therein lies the problem.

      You speak as if security and time to market are mutually exclusive polar opposites, but they aren't. You furthermore speak in terms of a single

  • Sure, CIOs (should) spend a lot of time on security. But it has almost nothing to do with the "Internet of Things." The refrigerators at the office may be a security risk, but it has more to do with food security, than network security!

  • A third if their time coming up with new corporate password rules, a third of their time architecting the Citrix solution that is going to propel the company into the brave future of 1998 and a third of their time requiring their employees to get training on whatever the bandwagon buzzword of the month is (This quarter it's Rally/Agile/Scrum.) You know, honestly, the company would be a lot better off if a freak software error caused that guy to fall down an elevator shaft.
    • Re:Which Is To Say (Score:4, Insightful)

      by dbIII ( 701233 ) on Monday November 23, 2015 @12:04AM (#50983321)

      architecting the Citrix solution that is going to propel the company into the brave future of 1998

      Don't knock it, many software developers haven't made it to where they should have been in 1998. We're still knee deep in 32bit single threaded applications. Fortunately most applications no longer need admin rights to run so at least they've made it to 1992.

  • As much as it's proven orgs are overall lax on security, security concerns do complicate IT greatly. It used to be a lot easier to "hook things up": different servers and boxes all talking to each other doing a different part of the job.

    Now it requires diddling with black boxes because nothing exposes helpful info about what it is in the name of security.

    Perhaps if "they" designed systems right, things would be easier, but humans are imperfect and build imperfect things. An appeal to idealism falls flat.

    The

  • nobody gives a fuck about the over-hyped IoT except for marketing vermin and other sub-human cunts who want to spy on people in their homes.

  • At least considering all the security breeches over the last couple of decades. Trust breeds trust.

    • Security breeches? So the folks at Levi's are getting in on the IOT bandwagon as well?

      • by EzInKy ( 115248 )

        Bottom line in today's world, you just can't trust people who don't take security seriously. 99% of their time should be spent on keeping both themselves and their clients secure.

  • Remember, in security, Access Denied is success.
  • If they did, they would quit outsourcing. Seriously, when you outsource the code to another nation in which you are paying software engineers 8-10,000 / year, what do you think will happen which China or Russia offers one of them 100,000 to leave a back door in the code? Then once the black hats get on the system, they put in a new back door and remove the one that was put in the system so as to not point back to the original person.

    If the CIOs at places like Target and Home Depot REALLY cared about Secu
  • A totally pointless article full of content-less quasi-technical sounding waffle ..
  • by bankman ( 136859 ) on Monday November 23, 2015 @08:40AM (#50984357) Homepage

    Seriously, it's not even an afterthought. I have worked on a publicly funded research project covering smart home and living crap. While some of it may be interesting from a tinkering with stuff point of view, most of it is creepy surveillance type of shit, like smart metering. When I raised the question of security people stared blankly at me for a second or two and suggested that it wasn't a problem at all and if ever will be fixed later, maybe.

    My point is, CIOs do not make relevant security decisions when it comes to product design. No one does. It's all about marketability and cost efficiency, security is neither because it is complex and costs a lot of money. And who care? Honestly, who cares about security? It's not the vendors and it's definitely not the consumers who constantly carry their rarely-if-ever-security-updated-listening-in-and-tracking-devices and provide the world with current information about the vacancy of their homes. So again, who cares? Eventually the insurance companies might care, when some cracker remotely burned down a kitchen or flooded a bathroom or two or ten thousand.

  • They spend 33% of their time in security. The spend the remaining 66% of the time making sure their developers can not do any legitimate work. They run stuff like Bit9 or real-time process whitelist etc and when it catches any build process that uses the same .Net API or MFC class header that was used in any malware their signatures match and the build process gets killed. Developers play this demolition derby testing whether their code changes and pull requests can get past all the hurdles thrown in by IT.

We are experiencing system trouble -- do not adjust your terminal.

Working...