2008-03-07 11:08:35 by Posted By: John Pescatore, VP Distinguished Analyst in IT Leaders - Security and Risk Management
At the recent Gartner Mobile and Wireless Conference, Sanjay Khunger, the chief technologist of GM's OnStar unit, gave a presentation on the history of OnStar's satellite-based remote safety, security and diagnostic service. GM looks at auto safety as being in three distinct phases: before the crash, during the crash and after the crash. Another way to look at this is preventing/avoiding the crash, surviving the crash and recovering after the crash. GM designs features into cars in each of those phases (anti-lock brakes to avoid crashes, chassis design and airbags that reduce injury during the crash, and so on). I always thought of OnStar as a "push the button to call for help" service, but Khunger explained how it was an integrated part of GM's overall safety strategy.
Beyond the obvious capabilities to call for help after a crash, OnStar has features that also apply to the first two phases. Hands- and eyes-free navigation and cell phone capabilities minimize driver distraction and reduce accidents. Remote proactive diagnostics and remote door unlock services reduce the time a driver spends standing next to a dead car on the side of the road. Multiple sensors in the vehicle provide information on the type of crash and the number of occupants so that emergency personnel have more information to ensure that EMTs have the right equipment to best save lives at the crash scene.
This isn't meant to be a commercial for OnStar - if you watch sports on TV, you've already seen plenty of those. However, GM's placement of a security-related service in the larger context of customer safety really hits home on a larger point: Security and, just as importantly, safety need to be worked into all the critical business and IT processes at your business. The biggest bang for the buck comes from avoiding incidents - minimizing vulnerabilities in applications, not just by having secure development life cycles but by thinking about user safety. What are the abuse cases where a user or customer might accidentally put themselves in danger? What features are built into your business applications to avoid those situations?
Financially, OnStar makes more money by helping its customers avoid accidents. But stuff happens, and building in instrumentation, response and recovery features to minimize damage during an incident and speed to ensure swift resumption of business after an incident is important, as well. This applies as much to car crashes as it does to identity theft incidents, insider attacks and every other IT security "crash." Build security into your critical business processes, and keep your customers safe.
Beyond the obvious capabilities to call for help after a crash, OnStar has features that also apply to the first two phases. Hands- and eyes-free navigation and cell phone capabilities minimize driver distraction and reduce accidents. Remote proactive diagnostics and remote door unlock services reduce the time a driver spends standing next to a dead car on the side of the road. Multiple sensors in the vehicle provide information on the type of crash and the number of occupants so that emergency personnel have more information to ensure that EMTs have the right equipment to best save lives at the crash scene.
This isn't meant to be a commercial for OnStar - if you watch sports on TV, you've already seen plenty of those. However, GM's placement of a security-related service in the larger context of customer safety really hits home on a larger point: Security and, just as importantly, safety need to be worked into all the critical business and IT processes at your business. The biggest bang for the buck comes from avoiding incidents - minimizing vulnerabilities in applications, not just by having secure development life cycles but by thinking about user safety. What are the abuse cases where a user or customer might accidentally put themselves in danger? What features are built into your business applications to avoid those situations?
Financially, OnStar makes more money by helping its customers avoid accidents. But stuff happens, and building in instrumentation, response and recovery features to minimize damage during an incident and speed to ensure swift resumption of business after an incident is important, as well. This applies as much to car crashes as it does to identity theft incidents, insider attacks and every other IT security "crash." Build security into your critical business processes, and keep your customers safe.
