Internet of things security years away from being fully baked, says Forrester

Forrester's take on the Internet of things isn't that shocking--the industry has developed with little thought about security--but the time frames are jarring nonetheless.
Written by Larry Dignan, Contributor

Many Internet of things technologies are in deployment among categories such as analytics, hardware and networking, but the vendor ecosystem needs to focus on security and standards, according to a Forrester Report.

Anyone who perused the Internet of things dreams that surround smart homes and autos couldn't help but notice that security issues were glossed over at best and more often ignored.

Forrester's take highlights the push and pull of the Internet of things. Forrester was upbeat about software and analytics, but wary of security and the integration issues that will arise from the lack of standards.

As IoT takes center stage at CES 2016, security gets lost in the wings

In a research report, Forrester noted:

Most hardware and networking IoT technologies have hit the Growth phase or even the Equilibrium phase. IoT software is in the Survival phase. But standards are nascent, as vendors are only a couple of years into the process of creating general-purpose interoperability standards. And IoT security technologies are still in the Creation phase, with no established products.

Forrester's report was based on 27 vendor companies. In graphic here's how Forrester sees the market:


My view goes like this:

  • It's promising that so many IoT technologies are adding business value and developing well.
  • Yet it's alarming that something like security has been overlooked and may be at least a year to three years away (probably longer). Forrester noted: "For security and risk pros, the IoT brings an enormity of additional devices to manage, new forms of vulnerability such as physical property damage, and a wide range of new technologies to master. But we found the technologies to be nascent, which is startling given how many devices are already deployed." That's alarming given many devices are deployed in power grids and other critical areas.
  • Given the lack of standards and security it's not surprising that business applications for IoT are currently projected to be 5 to 10 years away.

Bottom line: Enterprises need to have a long-term plan for IoT and pilots in the short run, but better think through security before broad deployments.

Editorial standards