Security needed now for the internet of things by Juliana Kenny

05/09/2015 07:06

Ageneral warning has circulated for a few years now, alongside the the growth of the internet of things, that the more devices appear on the market, the more users are at risk for cyber breaches.

Indeed, the logic follows: the more end points exist on a network, the more channels through which hackers have access to data. Security measures are clearly needed, but the implementation of proper security historically lags behind the development of the technology in need of protection. The case is no different with the internet of things, meaning businesses are largely at risk. Research published by Gartner this week details the need for advanced security for enterprises as IoT integrates into the business world.

Gartner explains the difference between computers and devices in IoT networks:

In an IoT world, information is the “fuel” that is used to change the physical state of environments through devices that are not general-purpose computers but, instead, devices and services that are designed for specific purposes. As such, the IoT is at a conspicuous inflection point for IT security, and the chief information security officer (CISO) will be on the front lines of its emerging and complex governance and management.

The need for IoT management in the enterprise will be key in moving forward with the inevitable landscape occupied by trillions of devices. Think of it as similar to the pickle businesses found themselves in as the bring-your-own-device trend (BYOD) caught on: businesses’ IT departments found themselves not only having to manage the devices already sanctioned, but wrangling data to and from employees’ personal devices. That trend sparked a wave of changes for the enterprise including legal ramifications for leaked data, new compliance structures for employee devices, and rethinking how company communication proceeds. The internet of things will bring a new host of issues.

Ganesh Ramamoorthy, research vice president at Gartner, said in the group’s statement:

The IoT now penetrates to the edge of the physical world and brings an important new ‘physical’ element to security concerns. This is especially true as billions of things begin transporting data. The IoT redefines security by expanding the scope of responsibility into new platforms, services and directions. Moving forward, enterprises should consider reshaping IT or cybersecurity strategies to incorporate known digital business goals and seek participation in digital business strategy and planning.

A difference between the governance needed for BYOD and that needed for IoT will be the scope. BYOD devices are smartphones, tablets, and computers. IoT encompasses everything from wearables to thermostats. There will be more devices that all perform different functions with different protocols; it’s well beyond time to start thinking about how to regulate the influx of end points.

The important point is that this need for security is not a maybe. Last year Gartner predicted that 26 billion devices will be a part of the IoT world by 2020. The International Data Corporation has forecasted that the IoT market will reach $7.1 trillion by 2020. Better late than never to start thinking about how to protect the data flowing to and from all these devices.