The rise of the Internet of Things (IoT) is driving changes in all aspects of security causing organizations to reevaluate the necessary people and service skills, structures and approaches to their security needs.
Earl Perkins, research vice president at Gartner, shares his thoughts on how security leaders can develop new approaches to security organization and better protect their digital business against potential threats and breaches.
Q: How has the rise of IoT and connected devices changed the security landscape?
A: The landscape known as the “pervasive digital presence” is changing how we approach digital security through four main differentiators from traditional IT security: scale; diversity; function; and flow. Security and risk managers should consider how these differentiators are driving change and adapt new strategies that help address the ever-shifting landscape.
First, the security landscape is changing due to the scale of this digital presence. The pace of innovation has generated requirements for millions of devices, most network connected or wirelessly connected in some capacity. Unfortunately, most of these devices have little or no protection at the software and infrastructure level.
“ As a whole, the industry will need to acknowledge IoT’s pervasive presence and adopt new strategies that consider our digital world.”
There are connected devices that have been in use for many years that need to safely and securely communicate with newer connected devices, particularly in the world of industrial automation and control systems. For example, with the diversity of devices and environments in which they operate, there is no single standard for device-to-device authentication or how devices can securely link to cloud services.
Another differentiator in IoT security is how typical IoT devices function. Many devices are constructed to be “fit for purpose,” in that they are created to perform specific functions that may require only a few operations, such as a sensor detecting five characteristics of an environment or an actuator performing to commands. The rise of the IoT creates a varied and different approach to device function – some devices may be built to only deliver information by the second, while others act as a static storing place for information until something may be triggered.