Analysts to Explore Cybersecurity Trends During the Gartner Security & Risk Management Summit, September 1-2, in Mumbai
Over 20 percent of enterprises will have digital security services devoted to protecting business initiatives using devices and services in the Internet of Things (IoT) by year end 2017, according to Gartner, Inc. Gartner defines digital security as the risk-driven expansion and extension of current security risk practices that protect digital assets of all forms in the digital business and ensures that relationships among those assets can be trusted.
“The IoT now penetrates to the edge of the physical world and brings an important new ‘physical’ element to security concerns. This is especially true as billions of things begin transporting data,” said Ganesh Ramamoorthy, research vice president at Gartner. “The IoT redefines security by expanding the scope of responsibility into new platforms, services and directions. Moving forward, enterprises should consider reshaping IT or cybersecurity strategies to incorporate known digital business goals and seek participation in digital business strategy and planning.”
In an IoT world, information is the "fuel" that is used to change the physical state of environments through devices that are not general-purpose computers but, instead, devices and services that are designed for specific purposes. As such, the IoT is at a conspicuous inflection point for IT security, and the chief information security officer (CISO) will be on the front lines of its emerging and complex governance and management.
The IoT is redrawing the lines of IT responsibilities for the enterprise. IoT objects possess the ability to change the state of the environment around them, or even their own state (for example, by raising the temperature of a room automatically once a sensor has determined it is too cold, or by adjusting the flow of fluids to a patient in a hospital bed based on information about the patient's medical records).
“Governance, management and operations of security functions will need to be significant to accommodate expanded responsibilities, similar to the ways that bring your own device (BYOD), mobile and cloud computing delivery have required changes - but on a much larger scale and in greater breadth,” said Mr. Ramamoorthy. “IT will learn much from its operational technology (OT) predecessors in handling this new environment.”
Although an IoT device may seem new and unique, a hybrid of old and new technology infrastructure enables the services that the device consumes to perform. Securing the IoT will force most enterprises to use old and new technologies from all eras to secure devices and services that are integrated via specific business use cases.
A unique characteristic of the IoT is the sheer number of possible combinations of device technologies and services that can be applied to those use cases. What constitutes an IoT object is still up for interpretation, so securing the IoT is a "moving target."
“Ultimately, the requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security,” Mr. Ramamoorthy said. “However CISOs will find that, even though there may be complexity that is introduced by the scale of the IoT use case, the core principles of data, application, network, systems and hardware security are still applicable.”
About the Gartner Security and Risk Management Summit
Additional details on the security market will be discussed at the Gartner Security & Risk Management Summit taking place September 1-2 in Mumbai, India.
Members of the media can register for press passes to the Summit by contacting firstname.lastname@example.org
Information from the Gartner Security & Risk Management Summit 2015 will be shared on Twitter at http://twitter.com/Gartner_inc using #GartnerSEC.
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. The company delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the valuable partner to clients in approximately 10,000 distinct enterprises worldwide. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, USA, and has 8,300 associates, including more than 1,800 research analysts and consultants, and clients in more than 90 countries. For more information, visit www.gartner.com.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.