In the rush to connect every possible thing to powerful insight-generating capabilities in the cloud, Organizations should not fail to carefully evaluate and secure every component of the IoT ecosystem.
Developing an IoT security competency and implementing an IoT risk assessment program should be an important strategic focus for any company implementing an IoT strategy.
A great race is underway among companies in the industrial sectors to be leaders in the Internet of Things (IoT) realm. Companies are off and running in their plans to execute IoT strategies, and many are already connecting all manner of “things” to gather and analyze data about product usage and performance, factory output, maintenance issues, etc.
The proof is in the spending. A June 2017 report by research firm International Data Corp. (IDC) said spending on IoT in 2017 was expected to grow 17% compared with the previous year, reaching more than $800 billion. By 2021, IDC said, global IoT spending is expected to reach about $1.4 trillion, including hardware, software, services, and connectivity that enable IoT.
Industrial applications are likely to be among the biggest markets for IoT devices and services in the coming years, according to Michael Schallehn, a partner in Bain's Technology Practice and an IoT expert. And why not? IoT promises all sorts of benefits for facilities such as factories and warehouses, where companies can make significant improvements in processes and deliver truly “smart” manufacturing operations.
Need for a security focus
The IoT discussion at many industrial businesses today is often centered around business use cases and the most appropriate architectures and technologies to deliver on those use cases. One of the biggest expected benefits of this emerging connected world is being able to gain new insights about product usage, customer preferences, process flows, etc.
A June 2017 report from strategy consulting firm Altman Vilandrie & Co. showed that nearly half of U.S. organizations using some sort of IoT network (48%) have experienced a recent security breach. That’s based on a survey of 397 IT executives in 19 industries conducted in April 2017. Anything with an Internet connection can be hacked, the firm noted, and this creates significant financial and legal exposure for organizations as well as safety concerns for workers and consumers.
The survey also revealed the significant financial exposure of poor IoT security. The cost of the breaches covered in the survey represented 13% of the total revenues for companies with revenues under $5 million annually, and tens of millions of dollars for the largest enterprises. Nearly half of businesses with annual revenue of more than $2 billion estimated the potential cost of one breach to be more than $20 million.
Create a comprehensive program
Not surprisingly, cyber security is top of mind with senior executives and boardrooms these days, with recent events such as the huge Equifax data breach getting a lot of attention. That means IT and security departments should have no difficulty making security provisions for IoT a high priority.
While each component may independently provide sufficiently robust and comprehensive security capabilities, the actual security of the entire solution will depend on if, when and how these capabilities are leveraged when the final application is designed and implemented. Organizations need to create comprehensive IoT security risk assessment programs to evaluate IoT solutions before deployment.
While such risk assessment programs should cover the robustness of the technologies employed, it’s also important keep in mind the “people” issues, and have in place effective policies, procedures, governance and training programs to ensure strong operational oversight of the people responsible for critical IoT subsystems.
Often it is the failure of these people, who are charged with ensuring that security tools and procedures are promptly and effectively employed, that creates the opportunities for successful security exploits. However, people will always make mistakes. In an increasingly complex security threat landscape, companies need to examine how to best employ automation and machine intelligence to complement the efforts of their operational and security teams and reduce the risk of human error.
Developing an IoT security competency and implementing an IoT risk assessment program should be an important strategic focus for any company implementing an IoT strategy. Only then will organizations be able to safely reap the benefits available from a world of cloud intelligence and increasingly connected things.