As we all know, probably to the point of exhaustion, is that the internet is a place filled with many threats that we all need to be aware of. Our federal government has recognized how hard it is for all of us to address all of these threats on our own by developing and publishing the 2023 National Cyber security Strategy of the United States Government, National-Cybersecurity-Strategy-2023.pdf (whitehouse.gov). UniVista strongly endorses this strategy. It’s filled with lots of good ideas, like making investments in cyber security research, training, and even making it easier to survive a cyber security incident through a federal Cyber Insurance backstop. The idea we’re particularly enthusiastic about is “Strategic Objective 3.3: Shift Liability for Insecure Software Products and Services,” which aims to stop vendors and software providers from absolving themselves of responsibility should your network be compromised due to using their software or services. UniVista appreciates the clear focus the government is projecting onto those who provide insecure software or services, and we hope this focus will encourage all vendors and manufacturers to their products and services are secure for the sake of us all.

“Wait,” you might say, “UniVista is a service provider and your own liability could be increased by this directive!  Why would you want to endorse something that puts you in the cross hairs?” 

As your Technology Partner, we at UniVista treat your environment with the same care and accountability as our own internal network.  We’ve focused on “Best Practices” for a long time, even rolling out our “Alignment Score” as the first item on our Monthly Health Reports as a reminder to keep such Best Practices at the forefront of all our discussions.  Heck, many of our customers (and maybe even you, reading this) could recount a situation where we’ve held a new vendor’s feet to the fire, raised concerns about an insecure deployment, or even made you sign a single-purpose Security Addendum to your support agreement to underline how much of a risk was present in a decision that was about to be made. If you’ve ever been asked to sign that kind of Addendum with us, we promise it wasn’t because we were being obstinate or controlling.  In every instance, there’s been a real and tangible risk to your business operations which we genuinely felt you needed to be aware of.  It’s quite rare we go so far as to say “no, seriously, don’t do this,” but it’s a fact of reality that actions have consequences, and on computers, admin actions can have dire consequences.

Like the rest of you, UniVista has our own service providers and partners we rely on to do business and support you while keeping your costs affordable.  We’re no better positioned to develop our own remote support tool than you are to assemble your own credit card reader.  This means we all must use providers like Intel, Dell, Microsoft, Apple, or Google to create the systems and tools we use to conduct business.  However, that doesn’t mean that we are powerless in our choice of partners and providers. 

UniVista conducts business with clients who run the gamut of regulatory oversight and requirements, but we hold both ourselves and all our customers to the same standards, and we treat every environment like it is the most important environment in the world (because to you, it is).  We go out of our way to ask auditors additional questions and seek recommendations outside the strict “letter of the law” in compliance frameworks.  We challenge our vendors and seek independent verification of their claims, just like we do when you bring on your own vendors. 

We can’t promise you that we or our own partners will never be compromised in the future, just like we can’t promise you that you won’t be either.  But we can promise you that we have been pursuing – and will always pursue – every Best Practice we can to minimize all our risks!  It only makes all our jobs easier to have the feds putting pressure on developers and service providers alongside us.

The very first line of the 2023 National Cyber security Guidance Objective 3.3 says “Markets impose inadequate costs on – and often reward – those entities that introduce vulnerable products or services into our digital ecosystem.”  We get it.  It’s often so much cheaper to go with one provider over another for your software or service needs, and technology is expensive.  We’ve said for years that there are often “hidden costs” associated with going with the “cheap” or “easy” options for software and services, by way of cut corners and questionable commitments… so we simply cannot be anything other than thrilled that the government aims to hold everyone to the same standard to which we’ve already been holding ourselves.  If this means that everyone takes security and Best Practices as seriously as we do, then we all win.

What’s the next step? We at UniVista will keep monitoring the process and keep you informed as our government develops this strategy into a series of directives and laws. In the interim, we’ll keep advocating for you to whoever can help, giving you the best advice we can, and doing our best job for you.  

If you have any questions or would like to have a more in-depth conversation about our best practices, or anything at all, then please do not hesitate to reach out to us. 

As we have mentioned in past blogs, the term “Internet of Things”, also referred to as IoT, is a collective network of internet-based technology, along with associated connected devices that facilitates communication between those devices and the cloud.  

The concept of IoT takes into account all interrelated computing devices. These devices include mechanical and digital machines, along with objects that possess the ability to transfer data over a network without human interaction. In a nutshell, IoT allows hardware/devices to gather information and send it over the internet to a cloud, app, or software.

In the simplest sense, your smartphone or Apple Watch can be considered an IoT device. These devices allow not only mobility and data transfer but can also upload to their proprietary cloud environments automatically. A prime example: is cloud storage of the photos and videos on your phone. Your Fitbit is also an IoT device, it manages large amounts of data autonomously and alerts the wearer as required or deemed necessary. These days many of the “smart products” like coffee machines and refrigerators, along with “smart homes” filled with other “smart appliances” would be considered IoT. Essentially, the device must connect to the internet, manage, and process data, often very large amounts of data, manage notifications, and do this autonomously.

While the advantages, along with the potential of future advancements in IoT are tremendous, much like all things it seems, there are potential drawbacks. The biggest drawbacks are potential issues with security and privacy. All IoT devices must be protected from not only physical tampering but also from internet-based software attacks as well as network-based and hardware-based attacks. Another issue is data privacy. IoT is being used more and more in sensitive applications like in the healthcare and financial industries, so proper safety measures like encryption or multi-factor authentication need to be put in place. Additionally, as all things power-based, IoT requires both the internet and electricity to function. If either goes down, so could your IoT devices. Depending on how many things you have interconnected and relying on each other in your technology ecosystem, lack of power can be a big issue. 

If you’re considering branching out further into IoT, ensure that your organization has plans in place to protect against failures, as an outage WILL happen at some point. If you want to review your current Business Continuity Plan taking IoT into account, please contact your UniVista Account Rep.

Another issue that can be seen as a drawback can be device or system compatibility. Different products produced by different manufacturers may not work within your existing technologies. Each product or system may require different configurations and/or connections, so deployment may not be as efficient as everyone would like at this point. This compatibility issue is a factor since currently there is no consensus on IoT protocols and standards. 

IoT certainly has numerous benefits, has a large convenience factor, and allows both individuals and organizations to function more efficiently. However, implementing IoT across a large platform or numerous locations can be an intricate task. Let us help you plan and strategize! If you have any questions about the Internet of Things (IoT) and how your organization can best take advantage of it, contact your UniVista Account Rep.