IDC predicts that by 2020 there will be a projected 30 billion connected "things" and a revenue opportunity of $1.7T for the ecosystem (IDC #248451, May 2015). For security service providers this is a terrifying yet exhilarating prospect. Terrifying because providers such as consultancies, systems integrators, security vendors, and managed security service providers (MSSPs) know that the communication stream for many of these things is not like legacy internet protocol communication between IT devices. Exhilarating because there is a lot of money to be made* in this "wild west frontier" of securing these newly connected endpoints.
Initially IDC believes there will be an explosion of security consulting services offered to help the user with IOT and that the IT buyer should look to providers with a broad set of the below capabilities. Specifically IT security buyers will need to engage services firms to:
- Assess assets (data, applications, devices, systems, vendors), identify vulnerabilities, and build a plan for securing assets by criticality
- Design asset classification grids with policies and procedures that support the business
- Create and implement infrastructure monitoring solutions
- Assess workers from an insider threat perspective and develop user awareness programs to reduce the risk of insider threats
- Build and practice deploying an incident response program from alert to forensic retrieval with clear role and responsibility delineation including lines of business (CEO, CFO, legal, public relations, HR) and IT
- Create, derive, and apply data analytics from connected things
- Iterate use of threat intelligence gathered from IOT to predict and thwart future attacks
In addition, implementation of the above plans and integration of controls, security devices and policy will push buyers to engage systems integrators for assistance.
IOT is one of the greatest innovations of our time connecting humans, machines and things together in ways that will drive advancements and improvements to human life in a multitude of ways. But unfortunately these connected things come with a dangerous lack of forethought to securing them and us. Service providers are scrambling to help the enterprise join the IOT revolution securely and some understand the challenges better than others. While no service provider will have a long history in working with IOT because it so new, IT buyers should look for providers with some track record in assessing the enterprise IT environment in industries such as the ones listed above. In addition, knowledge about how the operational technology (OT) side of the house works will bring familiarity with the convergence between IT and OT and the legacy disconnect between them.
Because IoT is an emerging innovation, buyers need to think panoramically about the implications and opportunities for the entire organization and its customers, suppliers, partners, and employees. Greater connectivity promises greater reward, but it also carries greater risk. Security considerations and requirements should be front and center in every phase of planning and execution.
*IoT market revenue is considered "largely incremental to worldwide information and communications technology (ICT) revenue" (IDC #248451, May 2015).