The Internet of Things is set to change the face of cyber security at more than 20% of firms by 2017, research by Gartner shows. As the technology is expected to be deployed in the coming years, concerns about how to protect and prevent tampering with devices remain an industrial concern. The consulting firm believes that the remit of the Chief Information Security Officer will increase to provide more insight into potential risks as well as solutions, while firms need to make clear businesses cases for the deployment of potentially insecure devices.
According to Ganesh Ramamoorthy, the research Vice-President at Gartner, the Internet of Things (IoT) is set to change the face of cyber security forever as the technology provides a wide range of interfaces through which cyber adversaries may be able to penetrate the network of an organisation. As a result, the need to defend the boundaries will become ever more pertinent.
One consequence of the need to defend the boundaries, according the consulting firm, is that 20% of enterprises will be using a digital security force to secure its IoT boundaries by 2017. Digital security forces are the risk-driven expansion and extension of the current security assets of enterprises – with their aim to protect and make sure that information gathered and the relationships between devices are secure and trusted.
“The IoT now penetrates to the edge of the physical world and brings an important new ‘physical’ element to security concerns. This is especially true as billions of things begin transporting data,” explains Ramamoorthy. “The IoT redefines security by expanding the scope of responsibility into new platforms, services and directions. Moving forward, enterprises should consider reshaping IT or cyber security strategies to incorporate known digital business goals and seek participation in digital business strategy and planning.”
According to the firm, the information collected, processed and passed on by IoT devices about their environment is to be the ‘fuel’ used ‘to change the physical state of environments.’ IoT is thereby challenging the responsibility that IT has to the wider enterprise as it captures more and more sensitive information. IoT devices thereby become ‘conspicuous inflection points’ that need specific security planning for their defence as well as rules for the data governance of the taken information. Gartner sees the Chief Information Security Officer (CISO) on the frontline for new changes and challenges.
“Governance, management and operations of security functions will need to be significant to accommodate expanded responsibilities, similar to the ways that bring your own device (BYOD), mobile and cloud computing delivery have required changes - but on a much larger scale and in greater breadth,” says Ramamoorthy. “IT will learn much from its operational technology (OT) predecessors in handling this new environment.”
A number of challenges await businesses starting on their IoT integration journey, with old and new technologies and techniques needing to be brought in line. Through careful planning, the use cases of such integrations can be considered in the provision of securing new IoT services for clients. The difficulty of the wide range of potential interfaces – open up for attack – remains however, with the development of IoT itself not yet mature. Securing the IoT boundaries thereby remains a ‘moving target.’
“Ultimately, the requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security,” Ramamoorthy concludes. “However CISOs will find that, even though there may be complexity that is introduced by the scale of the IoT use case, the core principles of data, application, network, systems and hardware security are still applicable.”