This content is part of the Essential Guide: Framing your enterprise IoT approach
Get started Bring yourself up to speed with our introductory content.

Don't let security slow down your IoT

Competitive pressures spur investments in IoT

Enterprises are increasingly seeing IoT as an effective tool for building competitive advantage. Be it to reduce costs, enhance operational efficiencies, improve customer service or accelerate new product development — IoT provides numerous solutions and toolsets to accomplish a variety of important business goals. In fact, our surveys and conversations with enterprises reveal just how pervasive IoT awareness has become. The vast majority are either already using IoT, planning to implement it or actively exploring and learning more about it. On average, only a small portion — well below 10% of respondents — will express no interest in IoT.

To be sure, this is creating tremendous opportunities for the IoT ecosystem (as well as admittedly contributing to the hype). However, IoT adoption still faces several challenges. They are creating market friction and hindering the development of the industry. Among these challenges there is perhaps none more top of mind and discussed in the industry than IoT security. As enterprise dependence on IoT amplifies, so does naturally the need to ensure the connected systems are secure and reliable. Combine this with recent high profile hacks of connected systems and the amount of industry attention and conversations around IoT security, it should be no surprise that security ranks among the topmost concerns enterprises have when considering IoT.

An approach to tackling IoT security concerns

Enterprises should not let security concerns stall their exploration or implementation of IoT. In a world marked by increasing globalization and competitive pressures, standing still is simply not an option for the enterprise of today. To overcome these concerns, enterprises must carefully break down the IoT security challenge into the multi-dimensional issue that it is and create a framework that allows them to methodically and comprehensively assess the security issues around it. At the most basic level, this means considering what an IoT solution is comprised of and distinguishing between the technological and non-technological aspects of its security. Understanding these areas will give enterprises the necessary confidence to proceed with their IoT effort without any further delay.

First, enterprises should be mindful of the fact that an IoT solution is comprised of multiple technologies and components. A typical solution can be broken down into the basic elements of device, network, platform, application, data processing and storage (see Figure 1). An IoT implementation must secure each element via, for example, the appropriate authentication and encryption technologies. This challenge is further complicated by the fact that each component may have several subcomponents. For example, as systems are opened up to developers, the number of potential instances wherein vulnerabilities may be introduced are inevitably increased. Enterprises, with their partners, must be aware of and take the time to audit the integrity of each and every element and sub-element of an IoT solution.


Figure 1: Key components in an IoT solution, including security (Source: Machina Research)

Figure 1: Key components in an IoT solution (Source: Machina Research)

Enterprises must also recognize that security challenges go beyond the IoT solution itself and can encompass both technology and non-technology related issues. For example, areas such as data privacy and protection and overall operations should be carefully considered. Data privacy and protection, which naturally have regulatory implications that vary from one country and market segment to another, can represent a potentially complex issue. Enterprises should not only handle and store their IoT data carefully, but they also need to consider and have a position on issues such as the ownership of the data itself. This is especially important in instances where there are third parties (their customers or partners) involved in the production of the data.

When it comes to overall operations, enterprises need to carefully examine the human interactions that may occur with an IoT implementation. Appropriate procedures and policies should be developed around the interactions so as to minimize the potential risks associated with employee error and negligence. Employee error and negligence can just as easily compromise a system. For example, IoT implementations will often (and they should) require passwords to secure the human interactions with the system. Often cited in our conversations with enterprises is the difficulty in ensuring that staff implement best practices in creating and protecting of passwords. Staff training as well as education on the potential damage that can be caused by a breach and its ramifications are thus highly imperative. Enterprises should also explore technologies that may help overcome some of the challenges created by this human element in IoT (e.g., biometric solutions as a substitute for passwords).

Finally, when tackling these IoT security challenges, it will be important for enterprises to be open to asking for help outside of the organization and to always consider the business value of what it is they are ultimately trying to protect. Given the layers and complexity in an IoT solution, it will be rare that an enterprise have all the necessary technical and operational knowhow around security in-house. Deep collaborations with their suppliers and ecosystem partners will be critical in order to ensure the integrity of and fully understand the security implemented in each layer of the solution. This certainly requires developing sufficient trust with suppliers and partners (that they have knowledge of and have effectively implemented security technologies and operational approaches).

Efforts also need to be aligned with the business value of the IoT implementation. For example, mission-critical and high-value data, such as those around key infrastructure operations/public safety, financial/banking and medical information, naturally warrant greater investments. On the other hand, less critical and sensitive information, such as anonymized fitness data from wearables or tire pressure readings from an automobile, see reduced business value in comprehensive security measures.

Accelerating the IoT journey

There are technologies and knowhow available today for securing IoT. What enterprise adopters need is adequate awareness of the challenge itself and a framework to address it properly. By recognizing the multi-dimensional nature of security, understanding that outside help will be necessary and approaching the challenge with business value in mind, an enterprise can allay its concerns and continue moving forward with its IoT journey.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.