EDITOR ’ S QUESTION
Raj Samani
VP & CTO , EMEA , Intel Security
The Internet of Things . A term which conjures up images of everything from cars to medical equipment being compromised by nefarious actors for criminal gain . Certainly , the inclusion of IP connectivity of everything with power does represent a risk , but the reporting of vulnerabilities does create a level of fear that one can argue as somewhat overstated .
Every system will have vulnerabilities , the question is whether these vulnerabilities will be exploited causing the loss of confidentiality , integrity or disruption for the enterprise . In the past , basic risk assessments would consider the capability of actor groups to determine the probability of a risk being realized . This model however is very much outdated , particularly as attacks are now outsourced , from particular modules to the entire attack itself .
For enterprises looking to integrate IoT into their environment , the fundamental question to ask is what business benefit are you trying to derive , and whether the risk ( and there will always be a risk ) can be managed to a level that is acceptable . Consider the Oil and Gas industry , a recent IoT implementation into the world of digital oilfields has increased production by 150 % for a company within the region . This does introduce a risk of potentially allowing more malicious actors to target this infrastructure , but can be managed to reduce the likelihood by considering integrated security solutions that protect , detect and correct , into the design of both greenfield and brownfield installations . Not only is security by design imperative , so too is continuous analysis of the threat landscape to keep ahead of malicious actors .
For CIOs considering the deployment of IoT within their environment , the biggest concern will be the concept of shadow- IoT . We have seen shadow-IT already cause significant disruption within many organizations , but IoT will introduce many more devices inside the corporate network . These devices will be capturing data and sending it , well , everywhere !
Managing risk for IoT devices can be done , but managing risk demands knowing what is inside the environment , what data will be collected , and where ( and how ) it will be transmitted . Understanding this component is the first step for every CIO .
84 INTELLIGENTCIO www . intelligentcio . com