Internet of Things to 'change cyber-security forever'
Gartner predicts 20% of organisations will have IoT-focused security in place by 2017
The Internet of Things (IoT) will change cyber-security forever - so says Gartner in its latest report predicting that, by 2017, over 20% of organisations will have digital security services devoted to protecting business initiatives using IoT devices and services.
Gartner said that it defines digital security as the risk-driven expansion and extension of current security risk practices that protect digital assets.
"The IoT now penetrates to the edge of the physical world and brings an important new ‘physical' element to security concerns. This is especially true as billions of things begin transporting data," said Ganesh Ramamoorthy, research vice president at Gartner.
"The IoT redefines security by expanding the scope of responsibility into new platforms, services and directions. Moving forward, enterprises should consider reshaping IT or cybersecurity strategies to incorporate known digital business goals and seek participation in digital business strategy and planning."
In an IoT world, information is the "fuel" that is used to change the physical state of environments through devices that are not general-purpose computers but, instead, devices and services that are designed for specific purposes, Gartner said. As such, the research house explained that the IoT is at a conspicuous inflection point for IT security, and the chief information security officer (CISO) will be on the front lines of its emerging and complex governance and management.
Gartner added that the IoT is redrawing the lines of IT responsibilities for the enterprise. IoT objects possess the ability to change the state of the environment around them, or even their own state. This could be raising the temperature of a room automatically once a sensor has determined it is too cold, or adjusting the flow of fluids to a patient in a hospital bed based on information about the patient's medical records.
"Governance, management and operations of security functions will need to be significant to accommodate expanded responsibilities, similar to the ways that bring your own device (BYOD), mobile and cloud computing delivery have required changes - but on a much larger scale and in greater breadth," said Ramamoorthy.
"IT will learn much from its operational technology (OT) predecessors in handling this new environment."
However, Gartner also said that, although an IoT device may seem new and unique, a hybrid of old and new technology infrastructure enables the services that the device consumes to perform. As a result, securing the IoT will force most enterprises to use old and new technologies from all eras to secure devices and services that are integrated via specific business use cases, Gartner said.
The research house added that a unique characteristic of the IoT is the sheer number of possible combinations of device technologies and services that can be applied to those use cases. What constitutes an IoT object is still up for interpretation, so securing the IoT is a "moving target", Gartner said.
"Ultimately, the requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security," Ramamoorthy explained.
"However CISOs will find that, even though there may be complexity that is introduced by the scale of the IoT use case, the core principles of data, application, network, systems and hardware security are still applicable."