IT departments are excited for the Internet of Things in 2016, but worry the sheer amount of data will overwhelm their networks, leading to security concerns.
These are the results of a fresh research commissioned by Neustar.
The report, compiled by independent analysis firm Quocirca, found that the scaling out to many thousands of devices per organization clearly represents a wealth of new opportunities but highlighted the importance that the same security rigor and vigilance applied to traditional IT devices needs to be extended to all connected things.
All this activity adds up to a huge number of devices with the overall average per individual UK organization expected to run into the thousands over the next 12 months. All these devices will be attached to a variety of networks resulting in increased stress on both existing and new networks.
Although the report – compiled from the responses of 100 senior UK IT managers – shows that security is considered highly important by all respondents, it is clear that no business can ignore the wide range of issues arising from the growing numbers of network attached devices that constitute the IoT. Below is a breakdown of key findings and statistics from the report:
- Relevance: a small number (3 per cent) think the IoT is overhyped, but the overwhelming majority say the IoT is already impacting their organization (37 per cent) or will soon (45 per cent).
- Personal to Global: respondents believe the IoT is expected to scale up through vehicles, buildings, cities to the national and global level. Management and security capabilities put in place to support IoT must operate at these scales.
- Design: effective management and security is only possible through good design. 66 per cent of respondents see viewing IoT deployment being a series of hubs that interoperate with spokes on closed networks, making network configuration and security more
- Security: Security starts with identity. 47 per cent or respondents are already scanning IoT devices for vulnerabilities, another 29 per cent are planning to do so. When asked about the capabilities they feel are most important for authenticating the identity of devices, nearly all see DNS services as playing an important role. More experienced users supplement these third party registry and IoT database services.
Many IoT security issues such as data protection, botnet recruitment and DDoS-style attacks on IoT enabled processes are addressable through adapting and scaling measures that are already in place for existing IT infrastructure. For instance, 39 per cent of respondents were found to have DDoS protection in place, with another 31 per cent planning a deployment. However, the report found that there is not much difference between major IoT users and sceptics as DDoS attacks have been an issue for many years. More could be done to address the problem.
The adoption of a decentralized security and management model where a gateway needing a unique IP address controls communications with the outside world (for example, network routers, set top boxes, smartphones etc) which in turn communicates onwards with remote devices which do not need unique IP addresses, avoids the need for each device to have a unique IP address. This approach can work at scale, making the selective, effective and cost efficient deployment of IoT security more straightforward as scanning can be carried out using the same processes in place for existing IT endpoints. 35 per cent of experienced IoT users already recognize the value of such an approach.