IoT: Securing the Next Chapter of the Digitization “Book”
The Internet of Things (IoT) era is here: Nearly two-thirds of organizations currently collect data from equipment, devices or other connected endpoints and use it for a business purpose, according to survey findings from 451 Research. The most common sources of IoT data are equipment related to data center IT operations (as cited by 51 percent of companies), camera/surveillance needs (34 percent), data center facilities (33 percent) and smartphones/end-user devices (29 percent).
The insatiable demand for data is driven by efforts to propel efficiency, new capabilities and will fuel IoT growth, with estimates of 50 billion devices connected to the Internet by 2020.
At Cisco, we see this innovation occurring in every customer we touch. We realize that the IoT phenomenon is another chapter in the universal digitization of the enterprise. And, as with any new “thing,” there are reasonable concerns about protection of the information within: Security remains an IoT deployment impediment for 46 percent of the organizations taking part in the 451 Research survey. “The elephant in the room is, of course, security,” as one respondent stated. “I’m getting a lot of push back on my security requirements for all of these IoT projects. I’m not budging, and … I have the blessing of my CIO not to budge.”
Fortunately, if respondents like this one convince their companies to take the right path to IoT adoption, no one will have to budge. As we continue through National Cyber Security Awareness Month in the U.S. and European Cyber Security Month, I’ll weigh in on what the history of digitization can teach us as we navigate our continuously connected lives.
Through past digitization cycles, we learned that – regardless of whether we’re dealing with the cloud, mobility or any technology that connects to the network – we need complete visibility into the way technology interacts with our business. Too often, customers buy something and “plug it in” without considering what the device maker, cloud vendor or other outside party has done to ensure that it’s secure.
With visibility, however, we gain insights into all of a device’s behaviors so we can determine how it will affect our overall security posture. We identify the hidden risks within that could ultimately harm our data. In the process, we segue from implicit trust (“We believe the vendor when they say the product is vetted and safe.”) to explicit trust (“We have asked all the questions, received the answers required to understand and even quantify how the risk factors may impact us and how to reduce the risk, and are ready to move forward.”)
To reach a state of explicit trust, we can’t be bashful about asking vendors the right questions. For example, in setting up an enterprise-wide HVAC or lighting system that’s connected to our network and exterior systems, we come up with a long list of inquiries: Which of our systems and data will the device interact with? How will it interact? What can we control in terms of what it can and cannot access? What security layers have you put in place to protect this product, and our assets? Does the vendor use their own internet connectivity by using a mobile network?
In seeking good answers to these and additional questions, we drive toward explicit trust that’s earned, not assumed. IoT and other waves of digitization are proving themselves as mission-critical – organizations will lose competitive relevance if they choose to ignore them or resist them out of fear. With complete visibility, we can invest in connected machines with our eyes wide open, with absolute awareness about what the risks are – and how to mitigate them. Thus, we successfully complete this “chapter” of the book and look forward to the next; confident that turning the pages won’t compromise our data or systems.