Story image

Power of Internet of Things to change CISO security scope

24 Sep 14

By year-end 2017, over 20 percent of enterprises will have digital security services devoted to protecting business initiatives using devices and services in the Internet of Things.

According to Gartner, business cases using Internet of Things (IoT) devices already exist and their role in business and industry will force enterprises to secure them.

“The power of an Internet of Things device to change the state of environments and of itself will cause chief information security officers (CISOs) to redefine the scope of their security efforts beyond present responsibilities,” says Earl Perkins, research vice president, Gartner.

“IoT security needs will be driven by specific business use cases that are resistant to categorisation, compelling CISOs to prioritize initial implementations of IoT scenarios by tactical risk.

"The requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security.”

Gartner predicts that the installed base of "things," excluding PCs, tablets and smartphones, will grow to 26 billion units in 2020, which is almost a 30-fold increase from 0.9 billion units in 2009.

The component cost of IoT-enabling consumer devices will approach $1, and "ghost" devices with unused connectivity will be common.

There will be a $309 billion incremental revenue opportunity in 2020 for IoT suppliers from delivering products and services.

The total economic value-add from IoT across industries will reach $1.9 trillion worldwide in 2020 by which time more than 80 percent of the IoT supplier revenue will be derived from services.

The industries likely to see the greatest value added from the IoT will initially be manufacturing, healthcare providers, insurance, and banking and securities.

However, this growth will not be confined there but will expand across all industry sectors.

“In an IoT world, information is the ‘fuel’ that is used to change the physical state of environments through devices that are not general-purpose computers but, instead, devices and services that are designed for specific purposes,” Perkins says.

“The IoT is a conspicuous inflection point for IT security — and the CISO will be on the front lines of its emerging and complex governance and management.”

Perkins says that the Nexus of Forces identified in Gartner research— cloud, social, mobile and information — is driving early-state opportunities in the IoT.

The IoT already has a myriad of commercial and consumer technology use cases that range from connected homes and connected automobiles to wearable devices, from intelligent medical equipment to sensor systems for smart cities and facilities management.

The characteristics of intelligent, purpose-built devices that are networked to provide information and state changes for themselves or surrounding environments are increasingly used in OT systems, such as those found in industrial control and automation (sometimes referred to as the "industrial IoT").

However, securing the IoT represents new CISO challenges in terms of the type, scale and complexity of the technologies and services that are required.

“At this time, there is no "guide to securing IoT" available that provides CISOs with a framework for incorporating IoT principles across all industries and use cases," Perkins adds.

"What constitutes an IoT device is still up for interpretation, so securing the IoT is a ‘moving target.’

"However, it is possible for CISOs to establish an interim planning strategy, one that takes advantage of the ‘bottom up’ approach available today for securing the IoT.

“Gartner advises security leaders against over thinking IoT security by attempting to draft a grand strategy that encompasses all IoT security needs to this point in time.

"Instead, they should lower the residual risk of the IoT by assessing whether the particular business use case provides better control and performance.

"Lessons from these initial use cases will serve as building blocks for a broader strategy for addressing the security of the IoT.”

NZ’s $3.45bil IT services market fueled by competitive advantage
"With regards to cloud adoption, organisations are prioritising innovation and security over cost and scalability.”
The secret to scaling DevOps in the digital era
"Organisations around the world have learnt at a cost that while agile DevOps methodologies can result in improved outcomes within teams and projects, they have a propensity to fail miserably."
APAC FinTech network launches to encourage cross-border innovation
Nine associations formally launched the network by signing a Statement of Intent at the Asian Financial Forum event in Hong Kong.
Avaya expands AI offerings with new partnerships
The additions to the ecosystem will enable Avaya to add prioritisation and natural language processing to its UC solutions.
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Kiwis make waves in IoT World Cup
A New Zealand company, KotahiNet, has been named as a finalist in the IoT World Cup for its River Pollution Monitoring solution.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
SUSE partners with Intel and SAP to accelerate IT transformation
SUSE announced support for Intel Optane DC persistent memory with SAP HANA.