To avoid playing catch up on IoT security, businesses should develop an approach that protects personal information and allows for multiple security tiers.
Over 20 percent of enterprises “will have digital security services devoted to protecting business initiatives using devices and services in the Internet of Things (IoT) by year end 2017,” according to Gartner. The research and advisory firm defines digital security as “the risk-driven expansion and extension of current security risk practices that protect digital assets of all forms in the digital business and ensures that relationships among those assets can be trusted.”
The growth of devices that produce and sometimes consume data leaves enterprises with a number of challenges for IoT security:
- Concern about legal compliance. Personal Identifiable Information (PII), for instance, carries with it a number of restrictions. Now that we have employees who are wearing devices that gather health data, how much is the company allowed to read that information, if at all?
- What about outsiders hacking into device data by exploiting some vulnerability that exists in the device? Unlike software platforms, devices are more difficult to monitor and update. You can count on security breaches that will occur over the next few years, as enterprise professionals learn to incorporate IoT security into overall enterprise security.
- The need to set up role-based or identity-based security among devices. With IoT, you’ll have some devices or sensors that just gather and transmit data that is acted upon by other devices or sensors. This passing off of data from one device or another means that you have to deal with multi-level security. In order to effectively deal with IoT security, you may need to set up security levels or tiers for the devices, separating rules of devices into different security levels that are treated as separate security domains. Also, identity-based security means you can treat devices or sensors using their own identities, thus configure security any way needed to meet your requirements.
The trouble is that IoT is moving much faster than security can keep up. We’re paying more attention to sensors that monitor machines, our bodies—pretty much anything that can gather data. As is often the case with new technology, security is an afterthought.
Also from Gartner: “Although an IoT device may seem new and unique, a hybrid of old and new technology infrastructure enables the services that the device consumes to perform.” IoT security will force most enterprises to use old and new technologies from all eras to secure devices and services that are integrated via specific business use cases.”
The trick is for enterprises to come up with a security approach now and ensure that all security requirements are met. That’s easier said than done considering the pace of innovation that’s happening around IoT right now.
Want more? Check out our most-read content:
Liked this article? Share it with your colleagues using the links below!