In this paper we examine changes that may need to be made to the way we manage our security processes, to prepare the groundwork for the Internet of Things (IoT) and the security challenges it brings. We look at some of the market drivers of the IoT, regulations and initiatives, organisational and technical changes ahead; and finally, why we should stop calling it the IoT.
In fact, let’s do the last bit first. Why should we stop calling it the IoT? The term IoT has simply become too vast, there are too many architectures, too many technologies, too many use cases fall under its umbrella. Trying to define “IoT” security is simply too vast a subject to contemplate. We prefer the term Connected Device (the acronym ‘CD’ is up for re-use). Its not really any better than the term IoT, and likely even more vague, but it’s easier to think about the security of a CD; and if that device connects to other devices, we need to think about the next link in the chain, a ground up approach.
Of course, the added complication is that CDs can range in functional capability from an internet connected gateway device (running a standard operating system and closely resembling the traditional IT devices such as desktops and laptops); to single function devices, running bare metal (no operating system). The location and function of a CD must also be considered when defining an appropriate security characteristic. For example, a simple connected temperature sensor used to monitor a domestic property will have one risk profile, however take that same device and use it to monitor the temperature in an industrial greenhouse the risk profile will change. It is these characteristics of CDs that, in our experience, separate them from IT and why we may need to make a few changes to our business and technical processes to efficiently administrate CDs as they continue to permeate all aspects of our lives.
To download the full paper please click the link below: