Grabbing the IoT security opportunity

Darron Antill, CEO of Cryptosoft explains how VARs can capitalise on a new wave of threats as the IoT becomes more mainstream

There have been many articles written about the Internet of Things (IoT) in the last 12 months, and these have created a considerable amount of hype & perceived confusion in the marketplace.

What is clear, however, is that the computing industry is shifting to a new paradigm, where new business models will evolve, even if most do not quite understand what it is.

Significantly huge figures have been quoted in different reports, but the general consensus is that by 2020, we will have over 50 billion connected devices in service globally, leveraging more than five million active applications.

But what does this mean for the channelsecurity resellers and VARS alike and those who partners specialise in security channel?

If anything, the security problems that we face today will be exacerbated as companies start to deploy IP-connected devices at scale, talking to each other, sharing information and not involving a human interface or interference. There are interesting parallels in the evolution of information security inside the enterprise, which can be extended to solving security challenges to the Internet of Things.

If we look back to the late 1990s, companies had relatively robust, centralised networks with a hardened perimeter – this allowed them to focus on the edge of the network with firewalls, intrusion prevention and other technologies that were aimed at keeping the bad guys out.

The threats came predominantly on attacks from outside the network through the web, email and network ports. As a result many channel partners developed managed services and consulting practices to design, deploy and manage these environments.

Over recent years this security landscape certainly shifted. The interconnected nature of modern computing, plus an influx of personally owned devices led to a ’data-centric’ approach – where companies have acknowledged that it is practically impossible to protect the network from well-resourced attackers, and instead focus on securing the data at the endpoint itself.

This is done primarily through a combination of access control, strong authentication and encryption. We now see this trend continuing with the proliferation of devices, sensors and networks that forms the Internet of Things.

As the number of devices grows to an incredible level, we lose all sense of the traditional network. Data flows between different ecosystems and companies need to have policies on who or what can access the information they collect from their customers – this requires a significant investment in the tools to analyse, encrypt and allow selective access to data both inside and outside of the traditional enterprise.

Important considerations in Europe are the upcoming introduction of the General Data Protection Regulation (GDPR) and the Network and Information Security Directive (NISD). Both of these regulations look at data privacy and security and can impose significant sanctions on organisations that do not apply the appropriate safeguards and privacy controls around the management of data.

There will be real fiscal impact for companies that don’t take this seriously. And with the recent US EU Safe-harbor policy agreement now declared invalid government, companies and people are going to need to re-evaluate their data security strategies. Again an important for partners.

It is also interesting to see that many of the companies looking to deploy connected devices have not been traditional consumers of security technology. The security quality of software in your car wasn’t such a big deal in the past. Now that your car is connected to the Internet then this is a very different story, as Fiat Chrysler discovered recently when they had to recall 1.4m Jeeps as a result of a widely covered hack.

These threats show that companies need help in driving their security strategy around endpoint and data protection at scale, an important role for the channel which could drive significant advisory, architectural and managed service opportunities.

The growing importance of the IoT represents a massive opportunity for the channel to guide their customers through these security challenges and help them to open up new markets and business opportunities.

Companies will have an even greater need to control the access to data, to manage the secure transfer of information between multiple organisations in different jurisdictions, and to be able to prove to regulators and customers that they have met their contractual commitments.

The stakes have just got higher, and so has the opportunity.

Darron Antill is CEO of Cryptosoft