DevOps+IoT+Security - Diana Rodriguez
Diana delivered a very insightful talk about the link between DevOps, IoT (Internet of Things), and security. It comes down to collaboration and feedback.
DevOps is about collaboration between development and operations. Diana gave us this passage from the Vue.js docs regarding the effects of DevOps:
The adoption of DevOps culture, tools and agile engineering practices has, among other things, the nice effect of increasing the collaboration between the roles of development and operations. One of the main problems of the past (but also today in some realities) is that the dev team tended to be uninterested in the operation and maintenance of a system once it was handed over to the ops team, while the latter tended to be not really aware of the system’s business goals and, therefore, reluctant in satisfying the operational needs of the system (also referred to as “whims of developers”).
What this means is that DevOps works to bring solutions together for the benefit of the development and operations teams. For example, they may suggest using containers (like Docker) to limit the differences between the environment of a developer's laptop and the production server.
She explained that efficient DevOps will also provide faster feedback which bring about quicker & better enhancement/repairs as well as insight around performance and usage. With IoT, feedback regarding device performance and usage is analyzed and used to tune the product's quality for everyone's benefit.
The part of Diana's talk regarding security was eye-opening.
Adam Romig 🐧 🇵🇭@adam_romigInsightful talk by @cotufa82 on devops, IoT, and security. Staggering survey results on how much faith people have about IoT device security. 😱 #jsfriendsconf
I believe it. People will unknowingly trade personal information and security for some convenience.19:57 PM - 02 Aug 2019
There is a huge lack of faith in the security of IoT devices by not only customers but developers too.
Of those surveyed:
- 52% believe that most IoT devices on the market right now DO NOT have the necessary security in place
- 49% don’t trust having their personal/private data tied to IoT devices – but still use them
- Only 18% trust having their personal data tied to IoT devices
- Nearly 35% claimed that the breaches of major companies have not had much of an effect on the trust or consumer interest in these brands
- 85% of developers surveyed have felt rushed to get an application to market due to demand/pressure in the last 6 months
- 90% of developers surveyed do not believe that IoT devices on the market currently have the necessary security in place
Not only IoT devices for smart homes are potentially security-light but wearables as well. Peoples' biometric data is out there in the cloud which can sound kind of scary. Imagine how you would feel in the case of a data breach. 😱 How much personal information and security are people willing to unknowingly give out in the name of convenience?
Why aren't more developers/companies focused more on security instead of delivering a product quickly? The answer is mostly about money unfortunately. Companies also deter from seeking outside consultation because people don't like being told what they're doing wrong.
Diana then gave suggestions on what to concentrate on for increased device security: secure update processes, authentication, encryption, & independent security assessments to name a few.
At the end there were a few questions to ask yourself regarding your own IoT usage.
- What devices are we using?
- What information do we share?
- What information do we have access to?
It was a very interesting presentation focusing on collaboration, capturing valuable feedback, and being security-minded. There was so much information - one of the best talks that day.