The challenge is that the Internet of Things is different for different companies and they're going to create the data in a different way and they're going to deliver the data in a certain way. I need to analyze the data in real time, and I have to take all of that data - what I did with it - and bring it to my secure area in to share it again. There are multiple areas now where for the CIO, security really has to become more about methodology what I do with the data in terms of encryption and connection and audit, so that I know what I sent out will be in a certain way and what I take in will be safe and is not going to compromise in some fashion. This is very complicated. This is how you make sure somebody's front door doesn't get hacked. The smart front door that you open with your watch, some hacker might figure out what codes are needed to open the door. This may be something that you never tested for. Or maybe you did test for it and it had worked great. But some new app may surface and hackers figured out how to get this new app to talk to another app that will open up your front door.
Yeah, you know Apple Pay is facing such problems.
I don't know much about how Apple Pay works on the backend - I'm not qualified to talk about it - but (with) products like Apple Pay, you're putting tremendous amount of trust in it as you put your credit cards details in it. As a security professional myself, not speaking on behalf of CommVault, I think what they have done is pretty clever because they have encrypted and moved things around to other areas so even if you get into one piece of the good stuff, you don't have enough to get the data out. But what if some app can very cleverly fool Apple Pay into everything has happened and pull it out? In the Apple ecosystem, there's a lot of testing at Apple store, things take a long time to get approved. Do you think the Android ecosystem is safe?
No, my guess is worse, probably.
Same here. What happens when the Internet of Things, the actual devices get separated from the software so now it's even possible that you might have an Android device, I'm just speaking theoretically, that might be able to take advantage of Apple device or take advantage of the Apple device via a third device it's able to connect to. This is where all of this gets really murky for us and nobody knows yet because it is new. In the next five years, we'll have all of this adoption and we'll also have all of these interesting problems that nobody could possibly have foreseen.
You just mentioned about security as a methodology? Which method are you or your company recommending?
Sign up for CIO Asia eNewsletters.