EDITOR’ S QUESTION
Raj Samani
VP & CTO, EMEA, Intel Security
The Internet of Things. A term which conjures up images of everything from cars to medical equipment being compromised by nefarious actors for criminal gain. Certainly, the inclusion of IP connectivity of everything with power does represent a risk, but the reporting of vulnerabilities does create a level of fear that one can argue as somewhat overstated.
Every system will have vulnerabilities, the question is whether these vulnerabilities will be exploited causing the loss of confidentiality, integrity or disruption for the enterprise. In the past, basic risk assessments would consider the capability of actor groups to determine the probability of a risk being realized. This model however is very much outdated, particularly as attacks are now outsourced, from particular modules to the entire attack itself.
For enterprises looking to integrate IoT into their environment, the fundamental question to ask is what business benefit are you trying to derive, and whether the risk( and there will always be a risk) can be managed to a level that is acceptable. Consider the Oil and Gas industry, a recent IoT implementation into the world of digital oilfields has increased production by 150 % for a company within the region. This does introduce a risk of potentially allowing more malicious actors to target this infrastructure, but can be managed to reduce the likelihood by considering integrated security solutions that protect, detect and correct, into the design of both greenfield and brownfield installations. Not only is security by design imperative, so too is continuous analysis of the threat landscape to keep ahead of malicious actors.
For CIOs considering the deployment of IoT within their environment, the biggest concern will be the concept of shadow- IoT. We have seen shadow-IT already cause significant disruption within many organizations, but IoT will introduce many more devices inside the corporate network. These devices will be capturing data and sending it, well, everywhere!
Managing risk for IoT devices can be done, but managing risk demands knowing what is inside the environment, what data will be collected, and where( and how) it will be transmitted. Understanding this component is the first step for every CIO.
84 INTELLIGENTCIO www. intelligentcio. com