The internet of things (IoT) poses real security risks and presents lots of opportunities to companies. They need to find the right balance between IoT business value and the protection of data, systems, and processes. IT has to play a leadership role in making that happen.
Security planning and implementation needs IT leadership
Earlier this year, TEKsystems published the results of a survey held in November 2015. The organization polled more than 200 business and IT leaders regarding their perception and readiness for the internet of things (IoT). 39 percent of the respondents were already transitioning from pilot projects into IoT-enabled processes and offerings, or running test projects. The remaining 61 percent were in early discussions or preparing projects.
Respondents appeared to correlate IoT security and their IT organizations. 63 percent of the people interviewed indicated that internal IT resources would be tasked with implementing and managing their engagements with the IoT. In line with that, 64 percent noted that IT would have leadership of IoT initiatives. At the same time, 50 percent state information security is the main challenge in realizing the potential benefits of the IoT, and 45 percent indicate that, of the skills needed to pull an IoT initiative off, information security expertise is the most difficult one to find.
These findings demonstrate two points:
- IT plays at least a critical, if not always an exclusive, leadership role for IoT-focused business activities. This may be a shift in perspective for some execs and analysts who expected that IT was going to play more of a supporting role, storing and managing IoT big data.
- Because security is for good reasons a key concern in IoT projects, IT needs to gain the control, tools, and resources to ensure the security and availability of data, applications, and systems that are exposed to IoT data traffic.
Balancing the security and usability of systems and applications
Bringing IoT-connected machines and assets into your operation changes their nature from when they existed without connectivity. Almost ironically, they become more than “just things”—they are now network devices that communicate data. As such, they are both static and fluid. Directly and indirectly, they can expose the company infrastructure to security risks. Given that many companies are going to deploy and distribute millions of IoT-connected items, the potential security threat is significant. If you have any plans that involve the IoT, you should be discussing and implementing strong security measures now, before you open your systems to vulnerabilities. This is as essential a task as readying your infrastructure to handle the data processing, storage, and analytics workloads associated with IoT big data as well as the devices and sensors themselves.
Even without the IoT, security is a challenge for companies, especially when they welcome bring-your-own-device (BYOD) practices. In many organizations, the balance between business needs and security shifts from one system or application to another, and it may change with events. Strong security almost always requires some compromise of performance and usability, and extremely stringent security may for many users involve such unacceptable inefficiencies and limited functionality that they may begin to look for workarounds. Of course, abandoning security is not an option. IT and business groups may clash, collaborate, or delay action—but they need to come together to create a balanced state of their systems and applications that enables both optimal security and usability.
Extending existing security protocols to include IoT and diverse user groups
Fortunately, many IT groups already have documented and manage their environments by comprehensive policies that define their security practices for data, applications, and systems. Two factors change security requirements for IoT: To ready for IoT-centered initiatives, IT needs to scale its policies to much larger numbers of devices, connections, and data volumes. They also have to create security standards that regulate sharing of data sets between a company and individual or defined groups of customers, strategic partners, and suppliers. It is unlikely that this will succeed without a partnering between IT and business groups. The two camps need to educate each other on the value and opportunity of IoT-connected items as well as on security risks and liabilities. To move these efforts forward more smoothly, some enterprises will establish a new role in IT, a technology and business expert who is responsible for IoT security.
If you update your security strategy now to include the IoT scenarios that will take place at your company, you have a clear advantage when they are implemented. Reactive security almost always is either incomplete or over the top in terms of restrictiveness. innius comes with a range of effective, extensively tested security features that we explore more in-depth and technically in other blog posts. If you would like to explore innius more practically, have questions, or want to provide feedback, please contact us.
Discover 5 actionable tips for boosting OEE with IoT asset monitoring: