Intelligent CIO Europe Issue 9 - Page 50

FEATURE: IOT ////////////////////////////////////////////////////////////////////////// ORGANISATIONS ALSO NEED TO ENSURE THE SECURITY MEASURES THEY’RE USING TO DEFEND THEIR IOT DEPLOYMENTS HAVE THE FLEXIBILITY BUILT-IN TO ALLOW THEM TO CONTINUALLY ADAPT TO THE DYNAMIC THREAT LANDSCAPE. approach offers the ideal solution, allowing organisations to deploy IoT assets as modular pieces that are introduced incrementally, visibly and intentionally. Ofer Maor, Director of Solutions Management at Synopsys drills help to ensure that the organisation can identify and mitigate any breach promptly. Can a company truly win if the adoption of these types of technologies can expose the organisation to a new set of security risks, but without adoption, they are in danger of being left behind? Make no mistake, adoption of IoT technologies is mandatory for organisations to stay ahead of their competitors and continue meeting the demands of their customers. Organisations therefore need to improve their ability to adopt these technologies without introducing unacceptable risk. An application network These assets are exposed as APIs, which can be configured under a ‘zero-trust’ model, creating layered defences that prevent the API from trusting new entrants prematurely. As organisations continue to add new technologies at pace, this approach is vital to allowing them to simultaneously minimise and mitigate the associated risks. Can you explain how giving security providers visibility over every IoT entry point makes the organisation more secure? Without visibility into the systems and how they connect, a company is playing Russian roulette; it’s not whether they’ll get breached, but when. The bad actors are focused solely on breaching, while the good ones presumably have regular ‘day jobs’; and the bad actors need to succeed only once, while the good ones need to succeed always. If, on the other hand, systems are explicitly registered, access points are explicitly recognised and interconnections are actively maintained, then the good actors can concentrate their limited resources on defending known assets and accesses, and architects and security teams can ensure individual compromises cannot spread more broadly. Moreover, building in automatic visibility into every new system allows for building automatic security into each of them – and this is the ‘secure by design’ principle to which security professionals aspire. How do you see APIs benefitting the IoT ecosystem in the long-term? The main benefit that APIs bring is the ability to stitch together IoT deployments within a wider ecosystem of other applications and capabilities across the business. When IoT assets are exposed internally as APIs, they form part of an application network which provides a way of connecting IoT capabilities with other applications, data and devices. In this model, these assets are reusable across the business, removing the need for IT to create point-to-point connections for every IoT deployment. As such, APIs become the ‘digital glue’, providing a future-proof way of combining IoT with other business systems to create a rich ecosystem that gets the most benefit from IoT deployments. n 50 INTELLIGENTCIO