1, Eliminate Zombie Servers. I have written about this in the past and now the brilliant people at the Uptime Institute have developed a rather compelling model that explores the value proposition in much greater detail. I’ll add a new twist for 2017: Zombie Servers represent a huge cybersecurity risk. No mission critical facility should receive a passing score on a cybersecurity risk assessment without a well-documented and demonstrable Zombie Server management plan.
2, Mandate Admin/Password Change. Let’s call this one a pet peeve, one the IoT industry must take seriously if we ever hope to deploy 30 to 50 billion connected devices to the Internet. Otherwise bad actors will deploy all sorts of tools to use these devices for DDOS attacks and worse. I give high marks to those firms who have already taken steps to ensure their devices do not connect unless the Admin and Password are changed at start-up. For added security try using a complete sentence, with numbers and special characters as your password.
3, Cybersecurity Public Service Announcements. As if the daily news reminders of email leaks, network hacks, data breaches, running commentaries from Assange, Guccifer, and the Snowden movie weren’t enough it is time to launch a broader, consumer and neophyte IT user cybersecurity awareness campaign. Perhaps most people do have good intentions but when I hear people ‘complaining’ about needing to change passwords on new toys, IoT refrigerators and the like with something as simple as Password1234, StreetName(HouseNumber) with the occasional obligatory #, well that goes a long way to explaining the exploding rate of security breaches and DDOS attacks.
4, Data Residency Awareness. As the rush to the cloud continues we need to know with reasonable precision where our data will reside before we start sending it merrily along the way across the Internet. If we understand the ‘where’ we can begin to build a solid model of data resiliency, availability, access & security, and the legal / government ramifications associated with the data transport, nodes crossed, and residency location. Where-in-the-world do your Apple, Google, Flickr, Photobucket, etc. photos reside? Think of this as an extension to the General Data Protection Regulation.
5, Application Specific Tier Rating System. The Uptime Institute’s Tier Classification for Data Centers helped to define the mission critical infrastructure space. Over time the IT and business community have learned that a monolithic tier need not apply to all aspects of the IT deliverables. What we need now is a clearly defined tier rating system for applications. A rating system that encompasses the unintended consequences of loss of the application, underlying data, corruption of either, and the knock-on effects of any disturbance. Picture it like this; one traffic signal outage is an inconvenience, a hundred traffic signals out in one small area is a major problem, and 1,000+ traffic signals out can lead to riot, insurrection, and pandemonium.
Not a long list and a few may take more than a year to sort out with item number five, Application Specific Tier Rating System looking like a good subject for the nascent Infrastructure Masons organization to tackle.