By year-end 2017, over 20% of enterprises will have digital security services devoted to protecting business initiatives using devices and services in the Internet of Things (IoT), according to Gartner.
Business cases using IoT devices already exist and their role in business and industry will force enterprises to secure them.
“The power of an Internet of Things device to change the state of environments and of itself will cause chief information security officers (CISOs) to redefine the scope of their security efforts beyond present responsibilities,” said Earl Perkins, Research Vice President- Gartner.
“IoT security needs will be driven by specific business use cases that are resistant to categorization, compelling CISOs to prioritize initial implementations of IoT scenarios by tactical risk. The requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security,” added Perkins.
Gartner predicts that the installed base of “things,” excluding PCs, tablets and smartphones, will grow to 26 billion units in 2020, which is almost a 30-fold increase from 0.9 billion units in 2009. The component cost of IoT-enabling consumer devices will approach $1, and “ghost” devices with unused connectivity will be common.
There will be a $309 billion incremental revenue opportunity in 2020 for IoT suppliers from delivering products and services. The total economic value-add from IoT across industries will reach $1.9 trillion worldwide in 2020 by which time more than 80% of the IoT supplier revenue will be derived from services.
The industries likely to see the greatest value added from the IoT will initially be manufacturing, healthcare providers, insurance, and banking and securities. However, this growth will not be confined there but will expand across all industry sectors.
According to Perkins, the Nexus of Forces identified in Gartner research— cloud, social, mobile and information — is driving early-state opportunities in the IoT. The IoT already has a myriad of commercial and consumer technology use cases that range from connected homes and connected automobiles to wearable devices, from intelligent medical equipment to sensor systems for smart cities and facilities management.
The characteristics of intelligent, purpose-built devices that are networked to provide information and state changes for themselves or surrounding environments are increasingly used in OT systems, such as those found in industrial control and automation (sometimes referred to as the “industrial IoT”). However, securing the IoT represents new CISO challenges in terms of the type, scale and complexity of the technologies and services that are required.
“Gartner advises security leaders against over thinking IoT security by attempting to draft a grand strategy that encompasses all IoT security needs to this point in time. Instead, they should lower the residual risk of the IoT by assessing whether the particular business use case provides better control and performance. Lessons from these initial use cases will serve as building blocks for a broader strategy for addressing the security of the IoT,” concluded Perkins.