Both enterprises and the every-day-man anxiously await the convenient future promised by the Internet of Things. Analysts at Gartner echo the sentiment with estimates that IoT will support total spending services of $69.5 billion in 2015 and $263 billion by 2020, with a total of 25 billion connected devices by the end of the forecasted period. Likewise, IDC reports that the global IoT market will grow from $1.3 trillion in 2013 to $3.04 trillion in 2020. The predictions place IoT at the precipice of opportunity, but for users and companies to fully tap IoT potential, they must first remove obstacles preventing a completely connected and secure network.
It's difficult not to share in the excitement around IoT – the products announced at the 2015 Consumer Electronics Show, connected cars, wearables, advanced home security, thermostats that can predict your comfort level and refrigerators that can help you shop – there are endless possibilities for a connected future. But a worry remains. The cloud and virtual networks have nullified traditional security measures grounded in hardware, yet we continue to create larger networks connected to sensitive devices without implementing the right security measures.
In other words, people are exponentially plugging in to a virtual stream of data, which offers great promise, productivity and an improved way of life, but simultaneously, creates gateways for attackers to penetrate. Every device, every login is a potential access point for attack, making protecting against every intrusion impractical. Already, found vulnerabilities and reported hacks suggest a foreboding future in which hackers can spy on our homes or use a cool new office gadget to make their way to sensitive information.
Data's new nature coupled with poor process management and the rapid evolution of the malware landscape will mean unprecedented, and potentially disastrous modes of attack, unless users implement software-based security to accommodate the changing landscape.
To make IoT safe, users and companies must devise a way to visualize networks and understand their traffic at a lateral level – from device to device. Moreover, security processes need to improve between C-level executives, gatekeepers and general users to align them in a world of increasing information and connectivity.
It is already difficult to view laterally moving data traffic in existing data centers. In 2015, it can be expected that the expanding IoT space, with its growing number of interconnected devices serving as data hubs, will fall victim to the same issue to completely obscure data moving behind a perimeter.
The current opaque nature of networked infrastructures has already made east/west traffic practically invisible, creating a virtual playground for would-be cybercriminals. In the future, perimeter defenses will amount to little more than chain-link fences weakened by the expanding thicket of interconnected devices. Companies will need to focus on understanding traffic flows to strategically stop attacks and impede exfiltration. Additionally, they will require systems that map hacker movement through files, like GPS through a roadmap. Visualization of the network will also allow C-suite executives to understand security and judiciously enact better security policies.
Until the recent barrage of breaches, C-level executives were not as aware of security concerns as they should have been. But hackers aren't slowing and cloud-based information infrastructures are far from safe, especially considering how administrative control is often managed.
Internal monitoring of admin controls will uptrend as more attacks gain momentum and enterprises will be more stringent on gatekeepers and top down permissions. But the management of personal and enterprise devices will also need to be managed as systems become automated and new devices are introduced into company infrastructures.
The face of data infrastructure and function has dramatically changed as the enterprise has progressed down the path of cloud, app and mobility. What is needed is the ability to place security controls closest to the asset wherever it resides. In this way, enterprises will have a distributed and consistent layer of visibility, control and threat defense across all of their assets – physical, virtual or cloud.
With new devices computing at unprecedented levels, a smart watch or appliance will have the computing power your laptop or phone does now. It is rousing to think about all of the possibilities but at the same time, security needs to be addressed and built into the networks and IoT devices or it will open doors for an attack and even the botnets of the future. A new software-based, distributed approach is needed in order for IoT to realize its full potential. I hope we are ready.