By Jim Hietala, Vice President, Business Development & Security, The Open Group
The Internet of Things (IoT) is a fast evolving phenomenon. From smartphones and tablets to connected cars and industrial control systems, the number of IoT devices is continuing to explode. In fact, according to a report by Cisco, the number of connected devices is set to reach 30 billion in 2020, creating a $19 trillion opportunity for businesses around the world.
However as this technology grows, it’s important to consider the potential risks that IoT could introduce to the enterprise and even to society. To put it simply, not much is being done at the moment in terms of IoT security.
The risks brought about by IoT aren’t just restricted to industries handling highly-sensitive personal data, such as Healthcare. Look at industries like energy, transport, manufacturing and mining, which are all starting to report the benefits of IoT ranging from faster time to market, better equipment efficiency and improved productivity. In any industrial setting, if high-value IoT data that gives an organization a competitive advantage was to leave the company, it could have serious consequences.
Arguably there are many vendors producing IoT enabled devices which are not taking risk or basic security mechanisms into account. Vendors are putting Internet Protocols (IPs) onto devices without any consideration about how to properly secure them. It’s fair to say, there are currently more problems than solutions.
This is happening, and it’s happening fast. As IoT technology continues to race way ahead, security standards are trying to catch up. Currently, there isn’t a consensus around the right way to secure the vast number of connected devices.
It’s important that we as an industry get to grips with IoT Security and start to apply a common sense strategy as soon as possible. That’s why we want people to start thinking about the risks and where best practices are lacking, a key issue we’ll be discussing at The Open Group Madrid 2015.
We’ll be exploring the implications of IoT from the standpoint of Security and Risk, looking at the areas where work will need to be done and where The Open Group Security Forum can help. What are the burning issues in each vertical industry – from retail to Healthcare – and what is the best way to identify the key IoT-enabled assets that need securing?
As organizations start to permit IoT-enabled equipment, whether it’s connected cars or factory equipment, IT departments need to consider the Security requirements of those networks. From a Security Architecture point of view, it’s vital that organizations do everything in their power to ensure they meet customers’ needs.
Registration for The Open Group Madrid 2015 is open now and available to members and non-members. Please visit here.
Jim Hietala, Open FAIR, CISSP, GSEC, is Vice President, Business Development and Security for The Open Group, where he manages the business team, as well as Security and Risk Management programs and standards activities, He has participated in the development of several industry standards including O-ISM3, O-ESA, O-RT (Risk Taxonomy Standard), O-RA (Risk Analysis Standard), and O-ACEML. He also led the development of compliance and audit guidance for the Cloud Security Alliance v2 publication.
Jim is a frequent speaker at industry conferences. He has participated in the SANS Analyst/Expert program, having written several research white papers and participated in several webcasts for SANS. He has also published numerous articles on information security, risk management, and compliance topics in publications including CSO, The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.
An IT security industry veteran, he has held leadership roles at several IT security vendors.
Jim holds a B.S. in Marketing from Southern Illinois University.
Join the conversation @theopengroup #ogchat #ogMAD
Jim, living in NZ I am far too distant to attend TOG Madrid 2015 but would like to ask a question regarding the blog. Your statement about devices being attached to TCP/IP and internet is very valid. It does raise a very valid issue which should be widely known and considered by vendors from a security perspective.
Is there any further objective of your presentation such as promoting an agreed standard of security, or an agreed approach of addressing security for such devices. I would be interested in your approach and results.
Many thanks
Hi John,
IoT and security is an important issue, and part of the goal of the presentation was to raise awareness. Our Security and Open Platform 3.0 forums are looking at this area, and considering what sort of work projects are needed, and how The Open Group can best contribute.
Regards,
Jim