IoT means “potentially billions of devices will report data about themselves, making it possible to create new applications in areas as diverse as factory optimization, car maintenance, or simply keeping track of your stuff online” as reported in MIT Technology Review. The IoT allows Internet communications with unique objects using Radio-frequency identification (RFID), QR codes, barcodes, and GPS in cells and tablets.
Computerworld identified the following 6 ways IoT will transform enterprise security:
- The IoT will create billions of new (insecure) end points. Analyst firms have differing takes on the number of devices or “things” that will connect to the Internet by 2020. Estimates range from Gartner’s 26 billion devices to IDC’s somewhat dystopian projection of 212 billion installed devices. Regardless of which is right, the one thing that is certain is that a lot of IP-enabled devices will one day find a home inside enterprises. Examples include smart heating and lighting systems, intelligent meters, equipment monitoring and maintenance sensors, industrial robots, asset tracking systems, smart retail shelves, plant control systems and personal devices such as smart watches, digital glasses and fitness monitoring products.
- The IoT will inevitably intersect with the enterprise network. Just as there are no truly standalone industrial control networks and air traffic control networks anymore, there won’t be a truly standalone enterprise network in an IoT world, says Amit Yoran, general manager at RSA and former director of the National Cyber Security Division at the U.S. Department of Homeland Security.
- The IoT will be a world of heterogeneous, embedded devices. Most “things” in an IoT world will be appliances or devices with applications embedded in the operating system and wrapped tightly around the hardware, said John Pescatore, director of research at the SANS Institute in Bethesda, Md.
- The IoT will enable physical and physiological damage. While online threats mainly affect data, in an IoT world there will be physical and physiological risks as well, said Michael Sutton, vice president of security research at Zscaler.
- The IoT will create a new supply chain. In a majority of cases, enterprises will have to either rely on device manufacturers for patching, firmware and operating system support or find a way to support the technologies on their own. Many of the devices that connect to the enterprise network in the not-too-distant future will be from companies that traditional IT security organizations are not familiar with.
- The IoT will exacerbate the volume, stealth and persistence of online attacks. In theory at least, the threats posed by a completely interconnected world are not very different from the threats faced by most IT organizations today. Many companies are already intimately familiar with the challenges posed by smartphones, tablets and other wireless-enabled devices. What is different with the IoT is the sheer scale and scope of the challenge.
IoT has been discussed since about 1991, particularly with the use of RFID, but as the Internet grows IoT will become more important to security for all business and individuals.