The enterprise of things is not secure!
There is a lot of talk about how IoT will alter the way consumers interact and how businesses will function. But the truth is, most activity to date has been around IoT (consumer) and not EoT (enterprise). EoT is different. Companies deploying EoT must concentrate on devices that are in place for long duration (seven to 10 years) and not consumer-level throwaways. They must also be manageable, like other corporate technology assets, and many devices will have user interfaces of some sort requiring organizations to have an extended endpoint app strategy. All of these issues are important and require careful planning. But perhaps the biggest challenge will be in securing the devices and their interactions with back-end corporate systems.
Many organizations have deployed some level of “things” into their operations. Indeed, I estimate that as many as 75% to 80% of enterprises already have some form of devices deployed. Yet, I also estimate that no more than 10% to 15% of these “things” would meet acceptable standards of corporate security if they were typical enterprise-grade devices (e.g., smartphones, PCs or even server assets). This is a major problem as with such limited security, it’s relatively easy for hacks of devices to be initiated — and with potentially disastrous consequences. If a PC is hacked and crashes, it’s annoying. If an EoT device gets hacked and crashes, physical property and or persons are at risk.
In this short article, it’s impossible to talk about all of the issues regarding security in EoT. It requires a concerted effort to secure the things at the hardware level first (many of which are built on old and potentially insecure technology). But it’s also important to have a network infrastructure for these devices that can monitor and remediate any potential threats. And it’s equally important that proper management tools be implemented that can properly deploy, monitor and control these devices (similar to what’s done today for smartphones and PCs).
A useful model to look at for working with EoT, though not totally the same, would be the mobile environment where in the early days, the proliferation of smartphones was essentially equivalent to anarchy. There was little management and a minimal level of security. In fact, corporate IT was often not even involved. It took several years for the security and management of these devices to catch up to the level required in the enterprise. The good news is that using the smartphone as a model, the amount of time and effort to secure EoT can be much shorter. Indeed, several of the mobile security and management companies are already moving down the EoT path with a unified management approach (e.g., BlackBerry and Citrix), and this will benefit organizations in the short term.
There is much more to say about this and in subsequent articles, I’ll discuss more specifics. But for now, enterprises should be putting a strategy in place that deals with the inherent insecurity of the many devices now being put in place, and the plethora of devices that will appear in the next two to three years. If you don’t, it’s certain you’ll pay a significant price.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.