Last Friday, Gartner said that "by the end of 2017, over 20 percent of enterprises will recognize the need to protect business units which use Internet of Things (IoT) devices, and as a result, will be required to invest more heavily in security."
But this new investment in security isn't likely to follow old norms.
The IoT movement represents a fundamental innovation within IT: changing the face of technology and how we interact with it. As such, it brings new challenges to the security table. In this rapidly-evolving landscape, old solutions don't hold up like they used to - and old assumptions are quickly becoming obsolete.
A few points to bear in mind
1. Information is currency.
"In an IoT world," said Earl Perkins, research VP at Gartner, "information is the 'fuel' that is used to change the physical state of environments through devices that are not general-purpose computers but, instead, devices and services that are designed for specific purposes. The IoT is a conspicuous inflection point for IT security – and the CISO will be on the front lines of its emerging and complex governance and management."
2. Information is more dynamic now than ever.
"Perkins says that cloud, social, mobile and information is driving early opportunities in IoT, and we have seen evidence of this already – through examples such as wearable technology, smart home appliances, smart grids used by Western cities and intelligent medical equipment" (source).
3. We've all got a lot to learn.
The connectivity ushered in by the IoT revolution offers a world of new benefits – and a world of new risks. Meanwhile, the fact remains, there's no rule book to navigate these new waters. So how can we cope with the complexity of the challenge?
Gartner says that "it is possible for CISOs to establish an interim planning strategy, one that takes advantage of the 'bottom up' approach available today for securing the IoT." On that note, it offers some advice: "security leaders...should lower the residual risk of the IoT by assessing whether the particular business use case provides better control and performance."
Point being? As the IoT continues to evolve, CISOs at organizations large and small must adopt a multi-faceted approach to security, creatively blending solutions to achieve defensibility.
We'll be doing the same.