What are the major issues relating to IT security that you focus on particularly?
I focus particularly on what are known as disruptive technologies. These include Mobile Computing, Cloud Computing, IoT, IIoT (Industrial Internet of Things) and Industry 4.0. Why? Because components are used in these areas that are not based on “security by design” per se, but are used on the front line. People also speak of a fluid perimeter here. This means that it is no longer easy to see where the boundaries of a company’s network are any more. Using IoT devices, cloud solutions, etc. also means that there is a greater challenge to keep sight of the overall picture and to continue protecting the data of a networked company to an appropriate extent.
Technologies that are used in production companies today come from different manufacturers with a level of IT security that we as customers must assess. This is no easy task. On the one hand, this is because they are complex and varied solutions. On the other, it is because the lack of experts in the field of IT security becomes even more tangible when it comes to know-how regarding new technologies.
For example: Introducing agile methods can pose particular Vereinfachallenges to IT security. Pressure to meet deadlines and flexible approach models lead to the risk that, in its haste, a manufacturer may not be able to proceed with a sufficient degree of care. Combined with disruptive technologies, this can quickly result in a dangerous combination.
Another keyword here: cloud. Manufacturer change cycles are currently so fast that it is scarcely possible to conduct a systematic and in-depth inspection of security mechanisms. The German Federal Office for Information Security (BSI) has introduced the C5 certification concept in this area. This is definitely a step in the right direction. This gives cloud-using companies confirmation of the IT security status of a cloud provider. Nevertheless, this reduces IT security to an “audit on paper”.
In the area of mobile applications, there is a trend towards these software systems being reduced to “apps”. It is suggested that developing such applications is simple and can be acquired by virtually anyone. This means, however, that best practices such as a secure software development process, security by design, privacy by design might fall by the wayside.
We take these and other challenges to keep our own IT security standards at a high level.