Companies shouldn't 'over think' internet of things security

The internet of things opens up a vast range of new opportunities for individuals and businesses. But as we saw yesterday with expert predictions on the impact of the Apple Watch it also brings additional risks.

Analysts at Gartner are predicting that by 2017 more than 20 percent of businesses will have security devices aimed at protecting services and devices in the internet of things.

"The power of an Internet of Things device to change the state of environments and of itself will cause chief information security officers (CISOs) to redefine the scope of their security efforts beyond present responsibilities," says Earl Perkins, research vice president at Gartner. "IoT security needs will be driven by specific business use cases that are resistant to categorization, compelling CISOs to prioritize initial implementations of IoT scenarios by tactical risk. The requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security".

On Gartner's predictions the number of "things" -- which doesn’t include PCs, tablets, smarthones, etc -- will be around 26 billion by 2020. This is forecast to create a $309 billion opportunity for suppliers delivering IoT products and services.

"In an IoT world, information is the 'fuel' that is used to change the physical state of environments through devices that are not general-purpose computers but, instead, devices and services that are designed for specific purposes", says Perkins.

Securing the IoT then brings new challenges in terms of the type and scale of technologies involved. As Perkins points out there is no, "guide to securing IoT" to provide CISOs with a framework. Even the definition of an IoT device is still open to interpretation.

Perkins concludes, "Gartner advises security leaders against over thinking IoT security by attempting to draft a grand strategy that encompasses all IoT security needs to this point in time. Instead, they should lower the residual risk of the IoT by assessing whether the particular business use case provides better control and performance. Lessons from these initial use cases will serve as building blocks for a broader strategy for addressing the security of the IoT".

Security solutions for the IoT will be discussed further at the Gartner Security & Risk Management Summit next week in Dubai.

Image Credit: PlusONE / Shutterstock