Story image

How the IoT is changing the cybersecurity conversation

03 Sep 15

The Internet of Things (IoT) is changing the nature of cybersecurity and redrawing the lines of IT responsibilities for the enterprise, according to Gartner.

By the end of 2017, more than 20% of enterprises will have digital security services devoted to protecting business initiatives using IoT devices and services, says Gartner.

The analysts define digital security as the risk-driven expansion and extension of current security risk practices that protect digital assets of all forms in the digital business, and ensures that relationships among those assets can be trusted.

“The IoT now penetrates to the edge of the physical world and brings an important new ‘physical’ element to security concerns - this is especially true as billions of things begin transporting data," says Ganesh Ramamoorthy, Gartner research vice president.

"The IoT redefines security by expanding the scope of responsibility into new platforms, services and directions," he says.

“Moving forward, enterprises should consider reshaping IT or cybersecurity strategies to incorporate known digital business goals and seek participation in digital business strategy and planning," Ramamoorthy says.

In an IoT world, information is the ‘fuel’ that is used to change the physical state of environments through devices that are not general-purpose computers but devices and services that are designed for specific purposes, Gartner says.

As such, the IoT is at an inflection point for IT security, and the chief information security officer (CISO) will be on the front lines of its emerging and complex governance and management, the analysts say.

“Governance, management and operations of security functions will need to be significant to accommodate expanded responsibilities, similar to the ways that bring your own device (BYOD) mobile and cloud computing delivery have required changes - but on a much larger scale and in greater breadth,” says Ramamoorthy.

“IT will learn much from its operational technology (OT) predecessors in handling this new environment.”

Although an IoT device may seem new and unique, a hybrid of old and new technology infrastructure enables the services that the device consumes to perform.

Securing the IoT will force most enterprises to use old and new technologies from all eras to secure devices and services that are integrated via specific business use cases, Gartner says.

A unique characteristic of the IoT is the sheer number of possible combinations of device technologies and services that can be applied to those use cases.

What constitutes an IoT object is still up for interpretation, so securing the IoT is a ‘moving target’, the analysts conclude.

“Ultimately, the requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security.

“However CISOs will find that, even though there may be complexity that is introduced by the scale of the IoT use case, the core principles of data, application, network, systems and hardware security are still applicable," says Ramamoorthy.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Apax Partners wins bidding war for Trade Me buyout
“We’re confident Trade Me would have a successful standalone future," says Trade Me chairman David Kirk
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
NVIDIA sets records with their enterprise AI
The new MLPerf benchmark suite measures a wide range of deep learning workloads, aiming to serve as the industry’s first objective AI benchmark suite.
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.