While most businesses see opportunity in the Internet of Things (IoT), organizations lack understanding of how to properly secure the growing number of devices connected to their enterprise networks.
According to a ForeScout Technologies report, IT departments are faced with an increased size and diversity of attack surface: The average business expects to be dealing with 7,000 IoT devices over the next 18 months. Even smaller businesses expect the numbers to be hundreds or thousands; far more than they are used to securing when it comes to traditional user endpoints.
“The staggering growth of IoT is creating both value and risks for enterprise organizations,” said Jan Hof, international marketing director, ForeScout. “While IoT is recognized by many as an opportunity to improve and streamline business processes, there are associated security risks that need to be addressed—first and foremost through visibility of devices as soon as they connect to the network. You cannot secure what you cannot see.”
The report also found that healthcare is lagging in IoT readiness: IT and telecoms are the most advanced industries in terms of IoT readiness with healthcare, which many think stands to benefit significantly from the IoT, lagging behind.
Overall, one third of respondents say the IoT is already having a major impact on their organization, and a further third expect it to soon. But there’s uncertainty over identification and control. A full 65% of respondents have ‘quite’, ‘little’ or ‘no’ confidence in terms of being able to identify and control all IoT devices on their network.
This uncertainty is substantiated by the fact that many IoT operating systems are open-source and can therefore be adapted by device manufacturers, leading to many variants.
A majority (83%) of respondents said that getting the various IT functions (networking, security, DevOps, etc.) at an organization to work together is one of the top IoT security challenges. A minority of survey participants considered lack of personnel to be problem, but well over half worry about budgets and the availability of appropriate products.
“IoT deployments already involve millions of devices in businesses across Europe,” said Bob Tarzey, analyst and director at Quocirca, which carried out the survey. “Many will have limited processing power and require low power usage. Others will have unusual operating systems and, in certain cases, the Things involved will be unknown to IT security teams when they first request network access. All of this requires tools that can manage and understand the security status of all network attached devices, without the need to install agents.”
Photo © a-image