IoT Will Force CISOs To Redefine Security

by CXOtoday News Desk    May 02, 2014


The profound impact of Internet of Things (IoT) on business and social environments will force Chief Information Security Officers (CISOs) to redefine the scope of their security efforts beyond present responsibilities, according to Gartner.

The research firm predicts that IoT security requirements will reshape and expand over half of all global enterprise IT security programs by 2020 due to changes in supported platform and service scale, diversity and function.

“The IoT is redrawing the lines of IT responsibilities for the enterprise,” said Earl Perkins, research VP at Gartner. He believes that securing the IoT expands the responsibility of the traditional IT security practice with every new identifying, sensing and communicating device that is added for each new business use case.

According to Gartner, although traditional IT infrastructure is capable of many of these tasks, functions that are delivered as purpose-built platforms using embedded technology, sensors and machine-to-machine (M2M) communications for specific business use cases signal a change in the traditional concept of IT and the concept of securing IT.

Perkins states CISOs will need to deconstruct current principles of IT security in the enterprise by re-evaluating practices and processes in light of the IoT impact.

Read: ‘Internet of Things’ increases security concerns

“Governance, management and operations of security functions will need to change to accommodate expanded responsibilities, similar to the ways that bring your own device (BYOD), mobile and cloud computing delivery have required changes — but on a much larger scale and in greater breadth,” he explains.

However, Gartner suggests CISOs should not automatically assume that existing security technologies and services must be replaced; instead, they should evaluate the potential of integrating new security solutions with their existing portfolios to incorporate basic support for embedded systems and M2M communications. These may include support for communications protocols, application security and IAM requirements that are specific to the IoT.

It is also important for CISOs to establish an interim planning strategy, one that takes advantage of the ‘bottom-up’ approach available today for securing the IoT, said the report.

CISOs should resist the temptation to overthink security planning while patterns and solutions are still emerging. They should start small and develop initial security projects based on specific IoT interactions within specific business use cases. CISOs can build on these use case experiences to develop common security deployment scenarios, core architectural foundations and competency centers for the future.

“The requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security,” sums of Perkins.