Security concerns should not hold back investment in the IoT
Written by: Mark Venables | Published:

Despite ongoing security concerns, a new report from Machina Research concludes that for most enterprises planning to invest in the IoT, the best course of action is to get started and not wait for a security panacea.

The conventional wisdom has it that IoT security, or the lack thereof, is a disaster waiting to happen. Machina Research, however, argues that this is largely a myth. According to the report, the grand vision of the IoT as everything connecting to everything is so distant that it makes little sense to future-proof all of today’s deployments for it. At least for the next ten years, what we refer to as the IoT will be driven by the Subnets of Things used in relatively controlled settings. Most of today’s security requirements can be met incrementally, with proper planning and already available solutions.

In principle, the security layer should be enabled in IoT deployments by design, rather than retroactively when all else is said and done. Yet in reality, the viability of this maxim tends to depend highly on what is actually being deployed.

“Individual products can, and should, be secured by design, and developers who fail to do so are asking for trouble,” The report author, principal analyst Aapo Markkanen explained. “That said, when the project is not about a single product but a complex system, comprising multiple products supplied by different vendors at different times, the scope for doing pretty much anything ‘by design’ is limited. That is often the case especially in the Industrial IoT, where brownfield deployments are the norm. In these environments, security is more of a systems-integration issue than a design issue.”

Consequently, systems integrators are set to become a critical stakeholder when it comes to securing the industrial IoT, and the ones that want to play a role in this market have to develop various new competences and technologies. Overall, the strategic attention to these is lacking among the big system integrators, but there are also examples of the contrary. Atos, CGI, and Tieto are names that appear to be ahead of the curve.

Another area that can further improve the outlook is risk management. According to Markkanen, “Security is never a binary choice of either having it or not having it. For an IoT-driven enterprise, getting the security right is more about judging how much cyber risk it can stomach, and investing accordingly. A serious problem is that this risk cannot be sufficiently quantified, because enterprises do not have reliable information on the materialised cyber incidents. Having a trusted third party, be it a regulator or even the insurance market, to broker such information would be most welcome.”


This material is protected by MA Business & Leisure Limited copyright.
See Terms and Conditions.


Twitter

Land Mobile is the only monthly publication exclusively dedicated to wireless communications for business. Launched in 1993, this leading industry title provides practical advice, expert opinion and commentary, and insightful, informative, truly authoritative editorial.

St. Jude's Church,
Dulwich Road,
London,
SE24 0PB,
United Kingdom

MA Business is part of the Mark Allen Group.