Yes, yes…we all know security is a major concern surrounding the Internet of Things. Unfortunately, we’ll be hearing about IoT security for quite some time as organizations continue to struggle with how to secure it. A recent study by 451 Research of more than 600 IT decision-makers worldwide found “55.1% rated IoT security as their top priority when asked to rank which technologies or processes their organizations considered for existing or planned IoT initiatives.” The second most ranked priority was a tie between IoT infrastructure equipment and IoT applications at 39.9%.
According to 451 Research, some business leaders are slow adopting the Internet of Things regardless of the upside benefits because they believe the risks are still too high.
Further, a 2017 IoT Workloads survey identified the top IoT attack vectors that most concerned enterprises. The top three included:
- Poor authentication of IoT endpoints such as sensors and network modules
- Unsecured enterprise IoT applications
- Vulnerabilities in how end users access their IoT devices and applications
This has created an opportunity though for vendors. Enterprises value security capabilities as the top reason for choosing a commercial IoT platform, with 58% of survey respondents ranking it as the top attribute in choosing a vendor partner.
At least according to Brian Partridge, Research Vice President for Internet of Things at 451 Research,
“The silver lining in all of this is that IoT security breaches have raised overall awareness of the issues and consequences when nothing goes wrong. It also raised the bar for suppliers who are increasingly fighting for deals based on their security cred. There is still a need for trusted actors that can bring IoT security together holistically for customers.”
For enterprises, an IoT security article from www.networkworld.com provided two important security processes that all enterprises should perform. But also spotlights areas where vendors can help enterprises stay secure.
- Identify, track, and manage endpoint devices. Per Robert Westervelt, research director of the Data Security Practice at International Data Corp. (IDC), “For some organizations, the discovery and identification are about asset management and less about security. This is the area that network access control and orchestration vendors are positioning their products to address, with the added component of secure connectivity and monitoring for signs of potential threats.”
- Patch and remediate security flaws as they’re discovered. According to John Pironti, president of consulting firm IP Architects, “If a security-related patch exists for an IoT device, that is the vendor’s acknowledgment of a weakness in their devices and the patch is the remediation. Once the patch is available, the accountability for the issue transfers from the vendor to the organization using the device.”