IoT security will soon be common in the enterprise, Gartner says

Internet of Things-oriented platforms and services will redefine security, Gartner said recently.

Internet of Things IoT security to become common in enterprise Gartner
Martyn Williams

A fifth of all businesses will have deployed IoT-related security by the end of 2017, analyst Gartner thinks.

Dedicated digital security services that are committed to "protecting business initiatives using devices and services in the Internet of Things" will be in place by then, the research and advisory company says.

Gartner made the statement in a press release on its website in relation to a security and risk management summit earlier this month in Mumbai.

'Reshape IT'

"The IoT redefines security," Ganesh Ramamoorthy, research vice president at Gartner, said in the press release.

Ramamoorthy says that enterprises that haven't already done so should "reshape" IT or cybersecurity strategies. 

Scope changes

In particular, Ramamoorthy thinks that the scope of responsibility in IT security has to move to the "new platforms, services and directions."

"The IoT now penetrates to the edge of the physical world and brings an important new 'physical' element to security concerns. This is especially true as billions of things begin transporting data," he says.

I've written about IoT security before in "IoT to cause major security headaches."

Specific-purpose hardware

Interestingly, Ramamoorthy, who researches Internet of Things, the smart city, and the smart grid, thinks that one reason IT security will change and become more complicated is because an IoT world will involve devices and services that are designed for a specific purpose, as opposed to "general purpose computers."

This will make things more complicated.

"As such, the IoT is at a conspicuous inflection point for IT security," and those involved will be "on the front lines of its emerging and complex governance and management," he says.


Ramamoorthy refers to information as "fuel" in an IoT world. He says that that fuel will be used to change the state of physical environments, and that will contribute to the complexity.

Further complications can come into play because of the "sheer number of possible combinations of device technologies."

That is a good point, because there are no standards, and no one player is likely to emerge in the near future as dominant as Microsoft was during the rise of the PC, for example.

Disparate networking

In fact, you could argue that not only will the device technologies be disparate, but so too will the way they connect. I used a home automation product recently that didn't appear in the router devices list, for example.

Just how do you secure something you can't see?

'Moving target'

Ramamoorthy says that what constitutes an IoT object is still up for interpretation, so securing the IoT is a "moving target." This adds further complication that needs addressing.

And how to do it?

"Ultimately a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security," Ramamoorthy said.


But it doesn't all have to be new learning, he thinks.

"IT will learn much from its operational technology predecessors in handling this new environment," Ramamoorthy says.

Bring your own device (BYOD), mobile, and cloud computing delivery have required changes in approach and expanded responsibilities.

This will possibly be similar, but on a much larger scale, he thinks, referring to the billions of devices that will likely be in play.

Copyright © 2015 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022