How the IoT is changing the cybersecurity conversation
The Internet of Things (IoT) is changing the nature of cybersecurity and redrawing the lines of IT responsibilities for the enterprise, according to Gartner.
By the end of 2017, more than 20% of enterprises will have digital security services devoted to protecting business initiatives using IoT devices and services, says Gartner.
The analysts define digital security as the risk-driven expansion and extension of current security risk practices that protect digital assets of all forms in the digital business, and ensures that relationships among those assets can be trusted.
"The IoT now penetrates to the edge of the physical world and brings an important new 'physical' element to security concerns - this is especially true as billions of things begin transporting data," says Ganesh Ramamoorthy, Gartner research vice president.
"The IoT redefines security by expanding the scope of responsibility into new platforms, services and directions," he says.
"Moving forward, enterprises should consider reshaping IT or cybersecurity strategies to incorporate known digital business goals and seek participation in digital business strategy and planning," Ramamoorthy says.
In an IoT world, information is the 'fuel' that is used to change the physical state of environments through devices that are not general-purpose computers but devices and services that are designed for specific purposes, Gartner says.
As such, the IoT is at an inflection point for IT security, and the chief information security officer (CISO) will be on the front lines of its emerging and complex governance and management, the analysts say.
"Governance, management and operations of security functions will need to be significant to accommodate expanded responsibilities, similar to the ways that bring your own device (BYOD) mobile and cloud computing delivery have required changes - but on a much larger scale and in greater breadth," says Ramamoorthy.
"IT will learn much from its operational technology (OT) predecessors in handling this new environment.
Although an IoT device may seem new and unique, a hybrid of old and new technology infrastructure enables the services that the device consumes to perform.
Securing the IoT will force most enterprises to use old and new technologies from all eras to secure devices and services that are integrated via specific business use cases, Gartner says.
A unique characteristic of the IoT is the sheer number of possible combinations of device technologies and services that can be applied to those use cases.
What constitutes an IoT object is still up for interpretation, so securing the IoT is a 'moving target', the analysts conclude.
"Ultimately, the requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security.
"However CISOs will find that, even though there may be complexity that is introduced by the scale of the IoT use case, the core principles of data, application, network, systems and hardware security are still applicable," says Ramamoorthy.