Chief Information Security Officers (CISOs) will be forced to redefine their security efforts beyond their present responsibilities given the power of objects in the Internet of Things (IoT) to change the state of environments, according to research firm Gartner, Inc. The firm, in its report, ‘What Securing the Internet of Things Means for CISOs’, has also predicted that IoT security requirements would have reshaped and expanded over half of all global enterprise IT security programs by 2020 due to changes in supported platform and service scale, diversity and function.
Gartner analysts will take a deeper look at the outlook for security solutions at the Gartner Security & Risk Management Summits taking place June 23-26 in National Harbor, Maryland, August 25-26 in Sydney, Australia and September 8-9 in London, United Kingdom.
According to Earl Perkins, research Vice President at Gartner, the IoT was re-drawing the lines of IT responsibilities for the enterprise. “IoT objects possess the ability to change the state of the environment around them, or even their own state; for example, by raising the temperature of a room automatically once a sensor has determined it is too cold or by adjusting the flow of fluids to a patient in a hospital bed based on information about the patient’s medical records. Securing the IoT expands the responsibility of the traditional IT security practice with every new identifying, sensing and communicating device that is added for each new business use case.”
“Traditional” Information Technology was now being supplemented by purpose-built, industry-specific technologies that were tailored by where and how that technology is used and what function it delivered. Although traditional IT infrastructure was capable of many of these tasks, functions that were delivered as purpose-built platforms using embedded technology, sensors and machine-to-machine (M2M) communications for specific business use cases signaled a change in the traditional concept of IT and the concept of securing IT, the report said.
Perkins felt this was an inflection point for security. In his opinion, CISOs will need to deconstruct current principles of IT security in the enterprise by re-evaluating practices and processes in light of the IoT impact. Handling network scale, data transfer methods and memory usage differences will also require changes. Governance, management and operations of security functions will need to change to accommodate expanded responsibilities, similar to the ways that bring your own device (BYOD), mobile and Cloud computing delivery have required changes — but on a much larger scale and in greater breadth, he felt.
Further, each use case risk profile will have specific requirements that may result in the use of old platform and service architecture with a new technology “overlay” to improve performance and control. “This represents an interesting challenge for CISOs when delivering secure services for the IoT,” said Perkins.
CISOs, said Gartner, should not automatically assume that existing security technologies and services must be replaced; instead, they should evaluate the potential of integrating new security solutions with old. Many traditional security product and service providers were already expanding their existing portfolios to incorporate basic support for embedded systems and M2M communications.
CISOs, in the opinion of Gartner, should also resist the temptation to overthink security planning while patterns and solutions are still emerging. “The requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security,” said Perkins.
Image Credit: Gartner
-Advertising Message –