Essential Guide

Browse Sections
This content is part of the Essential Guide: An IT security strategy guide for CIOs
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

IoT device security raises new data protection questions

Connected device technology continues to proliferate, and companies are desperately trying to keep up to take full business advantage as the Internet of Things gains popularity. The problem is that like connected technology itself, IoT device security remains relatively nascent: Companies are still trying to determine the best strategies to protect data as it is stored and transmitted via the constantly evolving technology. 

The process is further complicated because companies often have to integrate IoT capabilities with legacy environments as well as newer virtualized environments, said Demetrios "Laz" Lazarikos, vArmour's Chief Information Security Officer. In a series of video interviews from the 2015 ISSA International Conference in Chicago, SearchCompliance editor Ben Cole discussed modern information security strategy with conference speakers and ISSA members. Here, Lazarikos discusses how the increased focus on IoT device security is influencing how companies approach InfoSec strategy.

How are the Internet of Things and other fast-evolving technology influencing companies' information security efforts?

Demetrios Lazarikos: I always like to give some context to it -- it's not like we flipped a switch and all of a sudden we have all of these new devices. Organizations and enterprises have been opening up their data centers for many years. If you look back to right around 1998 or 2000, when the Internet was really taking off from a commercialization standpoint, part of the challenge was people wanted to integrate different technologies faster, and they want to do this faster today. We have more visibility into this today because the business is demanding that we as security and IT practitioners align to their requirements. They want to move faster, they want to integrate, so they come up with a really cool idea and all of a sudden want to tie everything together with it.

I think what's happening is that if we look at these cobbled-together systems of legacy environments, virtualized cloud and all these other devices that will tie in to these infrastructures, I think organizations have to consider that they have had these systems in place for over 20 years. Now the question is "how do I want to open up this environment that's been bypassed by cybercriminals because of these legacy solutions?" The issue is how to open this up to support all of the new devices that are going to be out there. Gartner estimates that by 2025 there will be billions of these IoT devices. These are considerations that organizations have to account for because I've got a legacy environment, a virtualized environment and now the cloud and other devices that want to be out there. I have to, as a practitioner, take into account how I'm going to store, process or transmit sensitive data that are on these devices inside my legacy environment and my new environments.

To let us know what you think about the story and any advice on IoT device security, email site editor Ben Cole.

View All Videos