The Internet of Things likely to drive an upheaval for security
Securely managing IoT will require a combination of IT, physical and industrial control security, Gartner says
Computerworld - Analyst firm Gartner expects the Internet of Things (IoT) to drive a convergence of IT, physical and industrial control security practices over the next several years.
Much of the convergence will result from the sheer heterogeneity and number of devices that will become Internet-enabled by 2020. Current estimates range from Gartner's 26 billion devices to IDC's mind-boggling projection of 212 billion installed devices.
While most of the devices are unlikely to pose security threats, many will intersect with enterprise networks in the form of smart heating and lighting systems, equipment monitoring and maintenance sensors, industrial robots, asset tracking systems, plant control systems and personal devices such as fitness bands and smartwatches.
Managing those devices securely will require a combination of security skills, said Earl Perkins, Gartner analyst and the author of a new report that looks at the security implications of the IoT for CISOs.
"We are at the early stages of a major inflection point in security," Perkins said.
Most of the devices will be function-specific and use a variety of non-standard communication protocols. The devices will also feature embedded operating systems and software that provide little way for IT to add a security layer on top. Some devices will just be sensors for storing and forwarding data. Often, new devices will need to interact with older systems and software.
While IT organizations have been able to add some measure of protection to smartphones, tablets and other mobile devices in the workplace, they will find it hard to do the same with many of the devices that will comprise IoT in a few years.
Instead of layering protection at the device level, organizations may need to think about centralizing and aggregating security controls via gateway devices. The massive number of devices that will need to be managed in this way could pose new problems.
"There will be many different kinds of service providers who will contribute to security" in the enterprise, Perkins predicted. In addition to traditional security vendors, others like embedded application and operating system vendors and equipment manufactures will have a role to play, too.
"All of [these entities] will become players in the security space," Perkins noted. "Some will be customers of security and some will contribute to security."
Dealing with the real-time, event-driven applications and non-standard protocols that define much of IoT will require significant changes to app testing, vulnerability, identity and access management practices, Perkins said. It will also require changes to other practices such as governance, management and enforcement of security functions.
Just as mobile devices and the BYOD trend have forced IT managers to think differently about security, IoT will require companies to rethink what they do. The main difference is that the scale is magnitudes larger than what security managers deal with now, he said.
The challenge for IT is less about technology and more about getting ahead of the security curve. Many of the technology controls needed to secure a highly connected world already exist. What CISOs and other IT managers need to focus on are policy and process -- specifically, developing secure deployment practices and polices and putting in place architectural foundations for accommodating new IP-enabled devices.
The issues confronting IT are no different from the challenges they faced when migrating from mainframes to client/server or to mobile, the Web and the cloud. "Every time we have a major infection point, we seem to make the same mistakes. We allow it to get away from us and end up playing catch up for the next five to 10 years."
IoT presents another opportunity for IT to get ahead on security, Perkins said, "Just like every new generation of technology, we've got to be sanguine about how to approach it."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- Popular Internet-of-Things devices aren't secure
- Microsoft backs open source for the Internet of Things
- Microsoft joins AllSeen Alliance, the Qualcomm-led IoT project
- The Internet of Things at home: Why we should pay attention
- The Internet of Things at home: 14 smart products compared
- Google's move into home automation means even less privacy
- It's time to get moving on IPv6 rollout
- A new industrial age is being built on sensors, 3D printing and the cloud
- Could robots walk on stage at Google I/O?
- The Internet of Things figures into this IT leader's five-year plan
Read more about Security in Computerworld's Security Topic Center.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!