Swapnil Bhatnagar, Research Director, IDC South Asia

Is IoT the remedy for all enterprise problems?

While this is an obvious exaggeration, someone eavesdropping in the boardrooms of Indian companies in the last few months may well be excused for thinking so. Across industries companies are exploring the fantastic possibilities of IoT and investing in pilot programs and initial projects. Logistics players are actively exploring adding sensors to trucks to optimize operations through geo-fencing and monitoring driving characteristics. Manufacturers are doing the same to machines to enable data collection and analytics to increase efficiencies and predict breakdowns. The possibilities across industries, really, are endless.

But while business heads are excited about the potential business benefits of IoT, there are some deep frowns on the faces of CIOs, CISOs, and CSOs. After all, these are the people who can see the security challenges that the proliferation of IoT will bring with it, especially to the. The traditional ways of securing the network would never be able to address the new challenges on the horizon:

  • Massive increase in both the number and variety of devices will increase the complexity of network security manifold
  • Highly dispersed endpoints will make traditional perimeter focused network security controls such as firewalls and IDS/IPS ineffective
  • Internet-enabled devices with sensor-technologies with inadequate malware protection at the edge of the network will significantly increase the attack surface of the network. Edge devices will need to have computing abilities to do a first-level analysis of the data streams, making the network vulnerable and difficult to secure
  • Data security concerns as critical and confidential data flowing through the network will increase sharply

Thus, it is evident that mirroring the transition to the Internet era, IoT comes with its own set of security concerns. Security organizations will have to address these in a very structured manner, with frequent adjustments along the way as the environment for IoT evolves. To start, security teams need to:

  • Change the way you think about the network. Traditional security still functions on the belief that enterprises control most data and that systems are more or less homogenous (except BYOD). With IoT, this model will disrupt as different edge devices working on multiple protocols in a dispersed environment will become the new standard. Gear up for this new reality.
  • Map your network, then do it again. You cannot secure an environment unless you know its components. Making an inventory of all devices, both authorized and unauthorized, and the associated software and applications running on these devices needs to become a regular feature of all security planning. As the number and nature of both devices and software will change frequently, investment in network monitoring and vulnerability assessment solutions would be critical.
  • Be smart about what to protect. Regular threat-modeling exercises to identify the most critical assets in the network are essential. Controls can then be placed to protect these from high-probability threats. While the most valuable controls will be specific to each use case, account monitoring, collection and analysis of logs and network security monitoring to identify anomalous activity would provide good results.
  • Explore automation now. The scale of IoT networks will be so high that human and/or physical management would be nearly impossible. Implementation of automated monitoring, with elements of machine and cognitive learning, will help understand abnormal behaviors and institute rules to take action on them

The IoT game board is being set up in India, and enterprises with a thought-through network security strategy will have an advantage. Data flowing through the IoT enterprises will be sensitive in nature with significant personal safety implications (think personal financial data submitted through point of sale devices, etc.) and thus would be subject to careful scrutiny and regulatory pressures.


 1 feb


Mimo india


Read Current Edition of Communications Today