There’s a real opportunity now to incorporate the scaling and management (including security management) needs for the IoT in the way we plan our enterprise and consumer services. How will those services work within the context of the IoT? Can they support the proliferation of potential connection points? Do we understand how they might respond when they need to deal with the complexity of management of so many users and devices? And perhaps most importantly, can those systems, and the security processes around them, cope with the explosion in raw data?
A June 2015 report from Management Consulting Firm, McKinsey & Company, suggests that a significant proportion of the value of the IoT will be in the data that is generated; yet much of that data currently remains unused. As an example, they cite the fact that less than one percent of the data gathered from sensors on 30,000 oil rigs is currently used, and most data gathered is simply used for real-time decision making, not generating long-term strategic value. There is huge strategic value buried within the operational noise of IoT sensors –strategic value that must be extracted to most effectively meet competitive pressure.
What this means is that organizations will need to not only gather raw data from the smart devices that comprise the IoT, they must also *use* that data. And that need to use the data will, in turn, force the pace of connection between new, IoT-centric systems and devices and the current set of enterprise services.
In other words, whether we think we should be connecting the IoT and our existing systems together or not, the basic imperative to extract business intelligence from the raw information will demand that the connection takes place. Worse, it will almost certainly happen more quickly and more broadly than expected, simply because once you start garnering value from all that data, the pressure for more will be irresistible.
So what happens when we connect new, highly complex and potentially difficult to manage devices from the IoT to the existing infrastructures that are already laboring to maintain good performance, availability and, above all, security? Even the most optimistic appraisal would be that there’s little to suggest we should expect the world to become more secure, and data to be more private.
We can’t decouple the Internet of today, and the enterprise systems and services (with all their inherent security challenges) from the IoT we will build on top of them. The brutal fact is that, even if we build the most secure devices imaginable, at best we are likely to see something like the current status quo.
CIOs are faced with incredible pressure to respond to challenges like better utilization of cloud, building a “mobile first” strategy, and extracting the maximum value from legacy systems. Yet they must now do so with at least one eye on the emerging opportunities and threats represented by the IoT. For their part, the security teams must begin planning how to manage the complexity of the impact of IoT on existing systems and services.
An opportunity exists for CISOs to get ahead of the impact on the enterprise, even if they have little control over the devices themselves. In fact, this may well be the most important thing they can do to prepare for the IoT; making sure the foundational elements are ready for the new world.
If they don’t, attackers won’t need to compromise the distributed complexity of the IoT, they can focus on the back end systems and services they already know and love, and simply wait for the data to come to them.