IoT Causes CISOs To Redefine Security Efforts

by CXOtoday News Desk    Sep 17, 2014


Chief information security officers (CISOs) are seeing a dramatic change in the business environment with the emergence of Internet of Things (IoT), as devices, networks and systems are becoming increasingly interconnected. In this scenario, security must evolve as a response, believe researchers. As research firm Gartner says over 20 percent of enterprises will heavily invest in security for business initiatives using IoT devices by 2017.

Although the projected number is far less, “the power of an Internet of Things device to change the state of environments and of itself will cause CISOs to redefine the scope of their security efforts beyond present responsibilities,” says Earl Perkins, research vice president at Gartner.

The research firm says that securing the IoT represents new CISO challenges in terms of the type, scale and complexity of the technologies and services that are required. The challenge ahead for many CISOs is the need to combine approaches and solutions to cater for IoT security. For example, they may have to secure mobile and cloud architecture, industrial control, automatons and physical security, and so on.

 Gartner predicts that excluding PCs, tablets and smartphones, IoT devices will grow to 26 billion units by 202, which is almost 30 times higher than an estimated 0.9 billion units in 2009. In addition, ‘ghost’ devices - IoT appliances with unused connectivity potential - will be common.

The IoT industry is expected to contribute $1.9 trillion to the global economy by 2020, with manufacturing, health, insurance and the financial sector benefiting most in the beginning before IoT expands across other industry sectors.

In an IoT world, information is the ‘fuel’ that is used to change the physical state of environments through devices that are not general-purpose computers but, instead, devices and services that are designed for specific purposes. The IoT is a conspicuous inflection point for IT security — and the CISO will be on the front lines of its emerging and complex governance and management.
-Earl Perkins, Research VP at Gartner

Perkins says that emerging technologies such as cloud, social, mobile and information is currently driving opportunities in the IoT space. Its use is also seen in a myriad of commercial and consumer technology that range from connected homes and connected automobiles to wearable devices, from intelligent medical equipment to sensor systems for smart cities and facilities management.

“At this time, there is no “guide to securing IoT” available that provides CISOs with a framework for incorporating IoT principles across all industries and use cases, says Perkins, as he believes what constitutes an IoT device is still up for interpretation, so securing the IoT is a ‘moving target.’ “However, it is possible for CISOs to establish an interim planning strategy, one that takes advantage of the ‘bottom up’ approach available today for securing the IoT,” he says.

Nevertheless, Gartner advises security leaders against “over thinking” IoT security by attempting to draft a grand strategy that encompasses all IoT security needs to this point in time. “Instead, they should lower the residual risk of the IoT by assessing whether the particular business use case provides better control and performance, at least address the security of the IoT at least in the initial days,” sums up Perkins.