Internet of Things security warning issued by two reports

News by Steve Gold

"The Internet of Things makes it easier for someone to attack someone that you know," says Sarb Sembhi, analyst and director of consulting at Incoming Thought.

The Internet of Things (IoT) poses multiple challenges to data centre security, as well as the structure of the technology landscape, according to two recently published reports. 

Gartner's analysis says that the IoT will soon start to overload data centres and open up the enterprise to greater security risks, as we move steadily towards 26 billion interconnected devices by the end of the decade. 

The research firm's concerns are echoed by a report just published by Intercede, the business consultancy, which says that the IoT is inherently insecure and will continue to be until we can establish the identity of every machine or device that connects with our networks. 

According to Gartner's report - entitled `The Impact of the Internet of Things on Data Centres' - the IoT will interconnect remote assets and provide a data stream between the asset and centralised management systems. 

Those assets, says the firm, can then be integrated into new and existing organisational processes to provide information on status, location, functionality, and so on. 

Gartner claims that, against this backdrop, the increasing digitisation and automation of the multitudes of devices deployed across different areas of modern urban environments are set to create new security challenges to many industries. 

Over at fellow business research consultancy Intercede, meanwhile, the claims is made that IoT is already with us today and it requires a shift in the way that organisations think about security. 

Intercede says that, whilst protecting sensitive data will continue to be of the utmost importance, the rise in connected devices raises a new security concern - namely how to trust the identity of these devices. 

Dr Chris Edwards, the company's CTO, said that because of this, enterprises and other organisations must shake themselves out of the mind-set that that online security is simply about protecting data. 

With the rise of the IoT, he argues, organisations must also ensure that they can protect and verify the identity of every device that connects to their environments. 

"We are living in an increasingly fragile society. We depend on the Internet for many more things than we did a few years ago. The problem is that, whilst you can build a corporate enterprise fortress, the Internet itself has spiralled into real life with webcams, remote security systems and a potential for damage when things go wrong. 

It may be early days with the IoT, he says, but it is the stage when we must get things right if we are not to face major problems further down the IT trail. 

"I was at the Mobile World Congress recently and saw that most of the cars on show were truly internet interconnected. These cars now make use of home and company WiFi systems, as well as on-board cellular connections. The cellular side may be secure, but the WiFi isn't," he explained.

Sarb Sembhi, analyst and director of Incoming Thought, said that IoT increases the risk surface of people as well as companies. 

"It increases risk for you and your company - it also increases the risk to you and your family," he said, adding that the IoT also makes it easier for someone to attack someone that you know.

An example of this, he explained, is the steady rise of smart buildings, which interconnect the various systems inside the office and make decisions based on the data. 

Sembhi, who is also a leading figure at ISACA, the not-for-profit IT security association, went on to say that we also have the example of interconnected cars, which have data on everything - right down to the owner's insurance credentials - stored on their IT resource.

As well as securing that data, we also need to address the security of the automated breaking system on two smart cars.

"What happens when the interconnect is compromised?" he said. 

The end result of this, says Sembhi, is that there is a clear need for a layered approach to security when it comes to the IoT.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews