January 12, 2016

The Importance Of The Channel In IoT Security

The role of the channel in IoT Security

There have been many articles written about the Internet of Things in the last 12 months, and these have created a considerable amount of confusion in the marketplace. What is clear, however, is that the computing industry is shifting to a new model, even if it doesn’t quite understand what it is.

Different figures have been quoted in different reports, but the general consensus is that by 2020, we will have over 50 billion connected devices[1] in service globally, leveraging more than 5 million active applications. But what does this mean for the security reseller channel?

If anything, the security problems that we face today will be exacerbated as companies start to deploy IP-connected devices at scale. There are interesting parallels in the evolution of information security inside the enterprise, which can be extended to the Internet of Things.

If we look back to the late 1990s, companies had relatively robust, centralised networks with a hardened perimeter – this allowed them to focus on the edge of the network with firewalls, intrusion prevention and other technologies that were aimed at keeping the bad guys out. The threats came predominantly on attacks from outside the network through the web, email and network ports.

Over the next 10 years this shifted. The interconnected nature of modern computing, plus an influx of personally owned devices led to a ’data-centric’ approach – where companies have acknowledged that it is practically impossible to protect the network from well-resourced attackers, and instead focus on securing the data at the endpoint itself. This is done primarily through a combination of access control, strong authentication and encryption.

We now see this trend continuing with the proliferation of devices, sensors and networks that forms the Internet of Things. As the number of devices grows to an incredible level, we lose all sense of the traditional network. Data flows between different ecosystems and companies need to have policies on who or what can access the information they collect from their customers – this requires a significant investment in the tools to analyse, encrypt and allow selective access to data both inside and outside of the traditional enterprise.

Important considerations in Europe are the upcoming introduction of the General Data Protection Regulation (GDPR) and the Network and Information Security Directive (NISD). Both of these regulations look at data privacy and security and can impose significant sanctions on organisations that do not apply the appropriate safeguards and privacy controls around the management of data. There will be real fiscal impact for companies that don’t take this seriously.

It is also interesting to see that many of the companies haven’t been traditional consumers of security technology. The security quality of software in your car wasn’t such a big deal in the past. Now that your car is connected to the Internet then this is a very different story, as Fiat Chrysler discovered recently when they had to recall 1.4m Jeeps as a result of a hacking threat. These threats show that companies need help in driving their security strategy around endpoint and data protection at scale, an important role for the channel to play.

The growing importance of the Internet of Things represents a massive opportunity for the channel to guide customers and help them to open up new markets and business opportunities. Companies will have an even greater need to control the access to data, to manage the secure transfer of information between multiple organisations in different jurisdictions, and to be able to prove to regulators and customers that they have met their contractual commitments.

[1] Cisco

Darron Antill