Time
5 hours 49 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Transcription

00:00
Hello, everybody. And welcome to the I A T Security episode Number four Thing I t's Industry and business. My name is Alejandro Gonna and I'll be your instructor for today's session.
00:13
Learning Operatives is to understand and be able to identify some concepts on just cases for I A T business and industry.
00:23
Ah, well, enterprise I t cells moving forward with the deployment off I NT system that served, you know, various business purposes.
00:32
Some industries have mature their concepts of I A t more than the offers. For example, in energy are, you know, in the energy industry, they were allowed advance infrastructures, you know, with smart meters and wireless communication
00:50
to enhance the energy and monitoring capabilities off the utility itself.
00:55
Uh, you know, retail, on the other hand, is trying to, you know, figure it out. How to leverage the new sensors and they in data, you know, retail establishments
01:07
given But the various technology layers and physical components that comm prop, you know, comprised the ia ti eco system. It's good to consider on enterprise. I want implementation as a system to system.
01:21
Uh, why's that? Because, for example, company days in both for example, e Commerce and Health I ity will help them to sell more while also now in their claims, fitness programs and health overall.
01:34
For example, let's say that this is a single company things Cos. Chief information officer. My bills tasked with managing foots off, you know, cars and shipping vehicles drawing system that support inspection of critical infrastructure, for example, the data center,
01:56
you know, in certain and sensors embedded in the trucks to provide feet but gas consumption.
02:00
So all of this always are different systems that are connected to each other.
02:07
And you know this. This complexity into this challenge is to keep in there to secure on ensuring that no one instance after that he cannot be used as a pivoting point Joe talk to attack. Other systems in the business are in the enterprise,
02:23
interprets itself.
02:24
Security architects will need to be clearly great colleague, you know, involved in every area of the planning process off, you know, so we can establish security requirements because if we try to patch at the end of the life cycle,
02:43
these are this is way too expensive and you know,
02:46
CEOs, mind not, you know, end up rolling out products that doesn't have any IOC products. Doesn't have any security on top of them.
02:57
Eso lets you know, just right here. Ah, little example of what we just talked about. For example, we could have here
03:09
all this.
03:10
Let's say this is a watch. You can say this is a watch
03:15
on. We have a lot of other watches over here.
03:19
All of them. We have fun over here,
03:23
which is, you know, communicating Thio Radio frequency.
03:29
Um, you know, all of them go to a get away. You can say this is a get quake.
03:36
Um,
03:37
and then we, on the other hand, we also have the fleet of vehicles.
03:42
I can say this is a vehicle. Well, because it is a vehicle.
03:46
Ah, and we have, you know, three of them and
03:50
they are all connected again. Also, that sitter's of cloud provider over here.
03:57
And they're all connected. Thio,
04:00
um, And down here we have some environmental monitoring
04:05
devices or sensors
04:09
there are connected with. Remember the section where we talk about particles? The Kuwait Protocol, which was better suited for devices that didn't consume, didn't have enough a performance, you know, didn't have a big
04:27
chip or a big ah, memory, for example. So Kuwait
04:32
can be really coming handy when we talk about this, um, sensors to communicate
04:42
environmental.
04:48
Um, then we can also have some other energy monitoring here sensors
04:56
on. And this time we'll be using a different protocol, which is because we needed we need thio. Make sure that we're providing a quality of service so that I am
05:09
Q t t political. We come in handy in this case, and this is also connected to the same,
05:15
uh, provider
05:17
on at the end of all this. This is the cloud, of course. But over here,
05:24
let's say this is a server.
05:27
We have a server over here.
05:30
Uh, which is, you know, getting all of this information from all this points
05:34
and is being You know, I used, uh too. Maybe
05:40
at third party integration right here. Maybe there's another business.
05:46
There's another enterprise or dish another. You know,
05:49
someone here is also
05:51
waiting for bad information because that they can actually give you a now a more information about what you're doing. But you're not doing our maybe celled, you another thing
06:04
and the school also go to reporting me, but maybe data analytics, our business intelligence over here, uh, which you know,
06:16
it will.
06:17
I have all this monitoring and you can see the graphics here. Maybe a pie. A graphic charts?
06:25
I don't know.
06:26
Ah,
06:27
all this. Um
06:30
it isn't
06:30
good. Back go. It could, you know, go back to you. Over here
06:34
are I could back Thio the server over here or the server King made decisions here to adjust us sensors over here.
06:44
So, as you can see, the point here is that there's assistant system connections here. You know its privileges costs on one principle feature of piety is that anything can be connected to everything and everything to anything. You know, Governor says that ality, you know, generate massive amounts
07:03
off input data from sources that are globally distributed.
07:08
Uh, this means that transfer it dancer into date up, for example. This could be these right here could be in Central America,
07:19
which is where I'm located, by the way.
07:21
Ah,
07:24
this could be in Europe.
07:29
This could be in UK. This could be in China.
07:33
This could be on a U. S.
07:36
So all these sources are coming from different locations. So, uh, you know,
07:44
using centralized applications to reduce costs on Greece Security is incompatible with the i t. Nowadays, when it's Jason's will have to would be forced to aggregate data in multiple distributed many data centers or use
08:00
instead of using a centralized approach. Use a decentralized approach. So,
08:05
uh, this is this is yet another that we need to feel out from from from, you know, normal security to Ryan. See security.
08:13
So you know the problem again. How can you How can we guarantee security, safety and privacy when data is moving from one point to another really fast? And we have several sources to protect
08:31
what those systems system means in there to world with? Well, uh, one system, which is measuring health, could be communicating with another system. There is measuring that's consumption,
08:43
that system to system communication. Can we continue using centralized systems? Us. I NT grows?
08:50
Uh, no. We cannot do continue to that. The cost implications off this will be huge. Not to mention is the safety and security implications.
09:01
What's the greatest concern with using centralized systems in I A T infrastructure? Well, how to protect the data coming from different data sources and how to protect it. You know, if one day comes from Central America and the other data is located in China.
09:22
On today's brief lecture, we discussed a few examples use cases and concerns off I 80 uses in business and industry.
09:33
Uh, you can look the gardener, which contains a really, really cool our article off this, uh, you know, I A t in industry and business
09:45
Looking forward in the next video, we'll cover their tea future. And what challenges can we expect?
09:50
Well, I hope you're you're the video and talk to you soon.

Up Next

IoT Security

This IoT Security training is designed to help IT professionals strengthen their knowledge about the Internet of Things (IoT) and the security platforms related to it. You’ll also be able to identify the security, privacy and safety concerns related to the implementation of an IoT infrastructure.

Instructed By

Instructor Profile Image
Alejandro Guinea
CERT Regional Director
Instructor