By Peter Sondergaard
The new Mini ad reads, “High-Speed Mobile Device” and touts the car’s “digital hub that syncs with your devices and social networks. So now you can motor like the wind and tell everyone all about it.” Cars are just one of the everyday objects slated to become digitalized and connected as the Internet of Things, which impacts industries and products as we know them today.
In essence, companies that make cars, toasters, elevators, construction equipment, washing machines and more, become companies that are, basically, producing Internet-connected devices. With this fundamental change, CEOs and business leaders will need to start dealing with the same challenges that IT has dealt with since the advent of the Internet — securing your devices and networks from malicious attack.
Potential Points of Vulnerability
The Internet of Things will lead to hundreds, thousands, maybe even hundreds of thousands of physical devices in your enterprise being connected to the Internet. And every single one of those devices will be a potential point of vulnerability. It doesn’t take much imagination to see the compromising impact of powering down or interfering with millions of devices through a single Internet of Things vulnerability, potentially resulting in physical damage to environments, injuries or death.
Securing the Internet of Things represents new challenges in terms of the type, scale and complexity of the technologies and services that are required. The Internet of Things means sensitive information, such as device operation details and personal data, transitions from moving within secure networks to moving between third parties. The risks of having information travel between externally controlled appliances, customers and sensory-based technology challenges traditional, layered-protection security management.
To address these challenges, CEOs and business leaders need to:
- Understand that the nature of what security means to your enterprise is rapidly changing with the advent of the Internet of Things.
- Determine where your Chief Information Security Officers (CISO) should report if their responsibilities are expanded. Not only will the CISO need to take into account the addition of tens of thousands of physical Internet-connected objects that now need to be secured, but also that the organizational responsibilities for these objects may be with diverse business leaders.
- Support the creation of a new security architecture spanning your digital architecture. This will create a platform to address the expanded scope of technology, as well as the vast amount of new “intelligent” things embedded in your enterprise.
- Determine how your enterprise will move to proactive security and embed this program into an overall risk management strategy.
Recent research by my colleague Earl Perkins indicates that, by year-end 2017, more than 20% of enterprises will have digital security services devoted to protecting business initiatives using devices and services in the Internet of Things. It’s inescapable: The fundamental meaning of security is changing as things both inside your enterprise and those you create become connected to the Internet. Now is the time to grasp both the speed and impact this will have or risk your own “high-speed mobile devices” crashing with catastrophic results for your enterprise.
Mr. Sondergaard is a senior vice president and global head of Research at Gartner. He is a keynote speaker at the upcoming Gartner Symposium/ITxpo 2014.