The research firm has announced that over the next three or so years, approximately one in five enterprises will recognize the necessity to protect business units which use IoT devices, and as a result, will be required to invest more heavily in security.
“The power of an Internet of Things device to change the state of environments and of itselfwill cause chief information security officers (CISOs) to redefine the scope of their security efforts beyond present responsibilities,” said Earl Perkins, Research Vice President at Gartner. “IoT security needs will be driven by specific business use cases that are resistant to categorization, compelling CISOs to prioritize initial implementations of IoT scenarios by tactical risk. The requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security.”
The research firm says that excluding PCs, tablets and smartphones, IoT devices will grow to 26 billion units by 2020, which is almost 30 times higher than an estimated 0.9 billion units in 2009. In addition, ‘ghost’ devices — IoT appliances with unused connectivity potential — will be common.
The IoT industry is expected to contribute $1.9 trillion to the global economy by 2020, with manufacturing, health, insurance and the financial sector benefiting most in the beginning before IoT expands across other industry sectors. In addition, there will be a $309 billion incremental revenue opportunity in 2020 for IoT suppliers from delivering products and services.
“In an IoT world, information is the ‘fuel’ that is used to change the physical state of environments through devices that are not general-purpose computers but, instead, devices and services that are designed for specific purposes. The IoT is a conspicuous inflection point for IT security — and the CISO will be on the front lines of its emerging and complex governance and management,” Perkins adds.
Perkins says that the “Nexus of Forces” identified in the recently-released report include cloud, social, mobile and information, each of which are driving early opportunities in IoT — some of which we have already seen ranging from wearable technology to smart home appliances and meters. The IoT already has a myriad of commercial and consumer technology use cases that range from connected homes and connected automobiles to wearable devices, from intelligent medical equipment to sensor systems for smart cities and facilities management.
The characteristics of intelligent, purpose-built devices that are networked to provide information and state changes for themselves or surrounding environments are increasingly used in OT systems, such as those found in industrial control and automation (sometimes referred to as the “Industrial IoT” or the “Industrial Internet.”). However, securing the IoT represents new CISO challenges in terms of the type, scale and complexity of the technologies and services that are required.
“At this time, there is no ‘guide to securing IoT’ available that provides CISOs with a framework for incorporating IoT principles across all industries and use cases. What constitutes an IoT device is still up for interpretation, so securing the IoT is a ‘moving target.’ However, it is possible for CISOs to establish an interim planning strategy, one that takes advantage of the ‘bottom up’ approach available today for securing the IoT,” Perkins noted.
Gartner advises security leaders against over thinking IoT security by attempting to draft a grand strategy that encompasses all IoT security needs to this point in time. Instead, they should lower the residual risk of the IoT by assessing whether the particular business use case provides better control and performance. Lessons from these initial use cases will serve as building blocks for a broader strategy for addressing the security of the IoT.”
So, what’s the first step in securing our intelligent, connected world? As previously discussed on Bits & Pieces, the dirty little secret of the IoT is that there probably cannot be such a thing as the Internet of Things if those things are not secure. That is where devices like Atmel CryptoAuthentication ICs play an important, if not catalytic role.