National Harbor -- Gartner set its sights on 2020 at its Security and Risk Management Summit this week, arguing...
that one of the key influences on information security over the next five years will be the Internet of Things.
Christian Byrnes, managing vice president at Gartner Inc., took the keynote stage to predict a rapidly changing landscape in security where companies not prepared for the Internet of Things (IoT) will inevitably be left behind. The biggest impacts to security strategy will come in physical safety and how companies handle the vast amounts of data produced by IoT devices.
"The data that's collected is a lot bigger because as mobile evolves towards the Internet of Things, we're going to have orders of magnitude more sources of data," Byrnes said. "So the data collected by 2020 is going to be 1,000 times as much as 2015, something like that … The organizations that collect, use and intelligently analyze the data collected, those are the ones to succeed."
Byrnes said the traditional CIA triad model of security -- confidentiality, availability and integrity -- will see shifts because of IoT. Availability becoming a critical factor based on a move to more real-time event-driven systems. The sheer volume of data generated will lead to organizations accepting lower integrity data as standard.
"Confidentiality is going to become interesting because society is changing worldwide. Society is beginning to worry about confidentiality," Byrnes said. "We're pretty sure that one thing that is happening is a push towards more transparency."
This push towards transparency is potentially a significant decision for organizations, according to Byrnes, because the amount of data collected through IoT devices will make it more difficult to protect everything, and the lower integrity may mean protecting it all is unnecessary in general.
"By 2020, how transparent will your organization be willing to be?" Byrnes asked the crowd. "If you're gathering three to ten orders of magnitude more information, what are you going to do with it? Are you seriously going to try to protect all of it? It's a different way of thinking about how security operates."
The biggest shift in thinking, Byrnes insisted, will come with a fundamental change to the CIA model by adding "safety," making it the CIAS model. This major change will come as a direct result of the rise of IoT.
As more and more devices become connected to the network, this will increase risk from physical infrastructure complexity and automation, hazard controls will become part of the security landscape, and cyber-attacks can have an impact on the physical world. Byrnes said some industries will see this before others and offered the example of automated systems giving pharmaceuticals to patients in hospitals, or operational security systems controlling things from access to buildings to traffic lights.
"The convergence of physical security and information security is now inevitable," Byrnes said. "As we move towards the Internet of Things, it becomes probably the most important thing we need to think about. Physical security has been concerned with the safety and preservation of life and now it's going to be in your purview. You no longer have the option to fail. The Internet of Things does not just sense what is going on, it changes what is going on; it changes the physical world."