The increasing rate of change in IT, and the proliferation of devices such as smartphones and tablets, has meant that developers and system architects need to rethink how they approach security, access and control, according to Microsoft chief technical officer services Norm Judah.
Microsoft CTO services Norm Judah.(Credit: Michael Lee/ZDNet Australia)
Judah, who spoke at the closing of Microsoft's Tech.Ed event on the Gold Coast on Friday evening, said that as more devices were developed and were brought online, more consideration was needed in how those devices communicated with each other.
"The number of IP endpoints in the network is growing exponentially, because in your homes today, you probably have anywhere from 16 to 20 devices that communicate with someone. Each one of those devices has an IP address," he said, referring to the recent exhaustion of IPv4 addresses as an example of this.
Judah said that due to this increase in communication, further consideration needed to be given to securing these devices.
"Think of all the communication that is happening out of those devices. Think about every light switch in your house suddenly communicating. Your light switch now has to have an IP address, has to have an identity, has to have policy, authorisation, authentication," he said. "You need to know everything about your light switch, because you're not sure you want somebody remotely being able to talk to your light switch."
Judah also said that consideration needed to be given to more intelligent devices, such as internet-connected television sets, which could be leveraged by hackers as a springboard for attacks.
"Here's one thing that scares me. Every one of those television sets is running some version of probably an open-source operating system today. No firewall. No anti-virus. Think about all the bots that could be running on your TV sets today. Hundreds of millions of TV sets as hosts for bots.
"The explosion that we're seeing today in terms of sensor-based networks and connected networks is going to have significant impacts in terms on the work that we need to do around security, access and control."
Judah also said that businesses faced a significant problems in securing the BYO devices that employees are bringing into the corporate environment, while also allowing an appropriate level of access to those that need it.
"We are seeing a changing role in IT, which is IT in an organisation having to deal with these multitudes of personas and devices coming in on the network and gaining access to corporate resources. How do you provide the right level of control and access from an anonymous device or an anonymous user to your corporate assets?
"Going to corporate mail, corporate data or corporate processes means that you have to have a degree of identity and security and authentication in order to do that. IT on the infrastructure side is really facing an incredible dilemma today, with all of these individual devices having to access the network."
Michael Lee travelled to Tech.Ed as a guest of Microsoft Australia.