Future of the enterprise: Heavy investment in Internet of Things security

Research firm Gartner says over 20 percent of enterprises will invest in security for business initiatives using Internet of Things devices by 2017.
Written by Charlie Osborne, Contributing Writer

Gartner says over 20 percent of enterprises will have digital security services for business initiatives using Internet of Things devices by 2017.

The research firm said Friday that by the end of 2017, over 20 percent of enterprises will recognize the need to protect business units which use Internet of Things (IoT) devices, and as a result, will be required to invest more heavily in security.

Chief information security officers (CISOs) are already seeing a change in the business environment due to IoT, as devices, networks and systems are becoming more interconnected on a daily basis -- and security must evolve as a response. The problem many CISOs will face is the need to blend approaches and solutions to cater for IoT security, and this may include securing mobile and cloud architecture, industrial control, automatons and physical security, according to Gartner.

The research firm says that excluding PCs, tablets and smartphones, IoT devices will grow to 26 billion units by 202, which is almost 30 times higher than an estimated 0.9 billion units in 2009. In addition, 'ghost' devices -- IoT appliances with unused connectivity potential -- will be common.

The IoT industry is expected to contribute $1.9 trillion to the global economy by 2020, with manufacturing, health, insurance and the financial sector benefiting most in the beginning before IoT expands across other industry sectors.

Earl Perkins, research vice president at Gartner commented:

"In an IoT world, information is the 'fuel' that is used to change the physical state of environments through devices that are not general-purpose computers but, instead, devices and services that are designed for specific purposes. The IoT is a conspicuous inflection point for IT security -- and the CISO will be on the front lines of its emerging and complex governance and management."

Perkins says that cloud, social, mobile and information is driving early opportunities in IoT, and we have seen evidence of this already -- through examples such as wearable technology, smart home appliances, smart grids used by Western cities and intelligent medical equipment.

Such connectivity may make life and access to data more convenient, but with networking comes complexity -- the challenge many CISOs of the future face.

Perkins noted:

"At this time, there is no "guide to securing IoT" available that provides CISOs with a framework for incorporating IoT principles across all industries and use cases. What constitutes an IoT device is still up for interpretation, so securing the IoT is a 'moving target.' However, it is possible for CISOs to establish an interim planning strategy, one that takes advantage of the ‘bottom up’ approach available today for securing the IoT.

Gartner advises security leaders against over thinking IoT security by attempting to draft a grand strategy that encompasses all IoT security needs to this point in time. Instead, they should lower the residual risk of the IoT by assessing whether the particular business use case provides better control and performance. Lessons from these initial use cases will serve as building blocks for a broader strategy for addressing the security of the IoT."

Read on: In the enterprise

Read on: In the world of security

Editorial standards