{"id":12904,"date":"2018-07-25T11:00:22","date_gmt":"2018-07-25T19:00:22","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2018\/07\/25\/news-6671\/"},"modified":"2018-07-25T11:00:22","modified_gmt":"2018-07-25T19:00:22","slug":"news-6671","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2018\/07\/25\/news-6671\/","title":{"rendered":"Preparing for Shadow OT: A Hospital Case Study"},"content":{"rendered":"

Credit to Author: William “Bill” Malik (CISA VP Infrastructure Strategies)| Date: Wed, 25 Jul 2018 17:09:51 +0000<\/strong><\/p>\n

\"\"<\/p>\n

The convergence of IT and OT is happening more rapidly than IT expects. Once upon a time, IT was so expensive that enterprises built entire departments to prioritize spending and efficiently manage those costly investments. Now, IT is so inexpensive that any individual who wants IT can buy it (or rent it). This is \u201cShadow IT\u201d: information technology that the IT organization does not know about. IoT puts OT on the same path.<\/p>\n

Nurses at a hospital in the US Northeast decided to use IoT to help doing rounds. They put motion and moisture detecting pads in thirty hospital beds on one ward, with remote monitors in the nurse\u2019s station. Instead of walking into each room every hour or two overnight, nurses monitored the patients for signs of motion or possible spills centrally. This improved patient care. Patients who were sleeping soundly remained undisturbed, while those who needed attention got it quickly. The nurses had more time to manage paperwork, prepare medications, and attend to other duties.<\/p>\n

These devices were very inexpensive \u2013 home versions retail for $50 or less. In contrast, an FDA-approved smart hospital bed can cost from $10,000 to $40,000 (a standard hospital bed costs around $6,000). Clearly the nurses would not succeed asking IT for an additional $4,000 to $30,000 per bed, but spending $50 per bed for non-clinical supplies doesn\u2019t require that level of approval or scrutiny.<\/p>\n

The experiment was so successful that sensors were installed on beds across the hospital \u2013 over 1,000 in total. They use WiFi and do not communicate over the hospital\u2019s corporate network. Then the administration directed IT to take over management of the devices. IT was blindsided by the request. They are coping with this new technology.<\/p>\n

See https:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC4746860\/<\/a> for a survey of smart hospital bed technology.<\/p>\n

Shadow IT represents a risk:<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • It is not governed and may violate compliance regulations,<\/li>\n
  • It is not integrated into the organization\u2019s information security program and may present additional attack surfaces,<\/li>\n
  • It is not covered by the IT organization\u2019s functional strategies so it will not be backed up or included in the enterprise disaster recovery plan, and<\/li>\n
  • It is not included in the organization\u2019s enterprise architecture so it may drive investment into counter-strategic channels.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

OT \u2013 operational technology \u2013 is in the same boat. The Internet of Things brings sensors, actuators, and programmable analytics within the budget of most organizations. These organizations are acquiring capabilities without any governance, security, centralized management or architecture. This wave of ungoverned OT will end up in IT\u2019s lap.<\/p>\n

IT has never been able to shut off shadow IT. From personal computers, WiFi, and cheap storage devices to free open source software and cloud computing, people will use available technology to solve business problems whether IT approves or not. A better strategy is to embrace this creativity: provide tools and training to help power users can make better choices. By opening the lines of communications, IT can improve the overall security and management of its technology portfolio, and stay informed of what may come next.<\/p>\n

What do you think? Let me know by responding below, or Tweet me @WilliamMalikTM<\/b><\/span>\u00a0.<\/a><\/p>\n

The post Preparing for Shadow OT: A Hospital Case Study<\/a> appeared first on <\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: William “Bill” Malik (CISA VP Infrastructure Strategies)| Date: Wed, 25 Jul 2018 17:09:51 +0000<\/strong><\/p>\n

\"\"<\/p>\n

The convergence of IT and OT is happening more rapidly than IT expects. Once upon a time, IT was so expensive that enterprises built entire departments to prioritize spending and efficiently manage those costly investments. Now, IT is so inexpensive that any individual who wants IT can buy it (or rent it). This is \u201cShadow…<\/p>\n

The post Preparing for Shadow OT: A Hospital Case Study<\/a> appeared first on <\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[1001,5976,6269,10495,714,19046],"class_list":["post-12904","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-business","tag-healthcare","tag-internet-of-things","tag-iot","tag-security","tag-shadow-ot"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12904","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=12904"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12904\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=12904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=12904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=12904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}