“We’re at an inflection point in technology history,” said Earl Perkins, research vice president at Gartner, in his session titled How the Internet of Things Will Change Digital Security Forever at the Gartner Security & Risk Management Summit in National Harbor, Maryland. The Internet of Things (IoT) now penetrates to the edge of the physical world and brings an important new “physical” element to security concerns. This is especially true as billions of things begin transporting data “somewhere.”
Nowhere To Hide
No industry is immune to the IoT and the digital opportunities it represents. Examples include medication that senses when and whether it’s consumed, smart sports equipment, connected traffic management or insurance companies that track health and adjust premiums. While we may not qualify these sensors as computers, they have processing power and collect data. Basically, a sensor will be put “anywhere business innovation decides it needs to go.” And since the small sensors prohibit use of an agent, security professionals must contend with the implications of protecting all the new data.
Earl Perkins, Gartner
Objects within the IoT also possess the ability to change the state of the environment around them, or even their own state (for example, by raising the temperature of a room automatically once a sensor has determined it is too cold or by adjusting the flow of fluids to a patient in a hospital bed based on information about the patient’s medical records). As technology begins to make changes in the physical environment, we need to have another dimension of security: Digital security.
Digital Security Defined
Perkins defines digital security as “The risk-driven expansion and extension of current security and risk practices that protect digital assets of all forms in the digital business and ensures that relationships among those assets can be trusted.”
“You don’t have to relearn what you know today but assets as we know them become loaded with different types of meaning,” Perkins says. In the new world of IoT, it’s necessary to protect the relationships – thing to thing, service to thing, and thing to people. Notably, when moving from information security to cybersecurity, the qualities of security evolve to include safety along with availability, confidentiality and integrity.
Strategic Planning Assumption: By year end 2017, over 20% of enterprises will have digital security services devoted to protecting business initiatives using devices and services in the Internet of Things.
Understand your role in the digital security universe
Perkins emphasizes that it’s important for security professionals to understand that they play a new role in the digital security universe. The “Things” in Digital Business are the “Things” in IoT and will be disassembled and reassembled in tiny packets of function that are fit for purpose and cheap. Most security professional still focus on IT and information security. But devices and services used in IoT are moving out to the edge. “It’s time to move from “Dr. No” to “Yes, but,” he says, “and describe the options, and the risks involved with potential options.”
Moving forward, consider reshaping your IT or cyber security strategy to incorporate known digital business goals and seek participation in digital business strategy and planning. Demonstrate competence and value in digital business moments to show credibility and become an incubator for digital security options.