Virtualization Technology News and Information
ISF Announces Release of Securing the IoT: Taming the Connected World
According to the Information Security Forum (ISF), trusted resource for executives and board members on cyber security and risk management, the Internet of Things (IoT) has exploded into the connected world, promising the enablement of the digital organization and making domestic life richer and easier. However, with those promises come inevitable risks including the rush to adoption, which has highlighted serious deficiencies in both the security design of IoT devices and their implementation. Coupled with increasing governmental concerns around the societal, commercial and critical infrastructure impacts of this technology, the emerging world of the IoT has attracted significant attention. 

In an effort to support global organizations, the ISF today announced the release of Securing the IoT: Taming the Connected World, the organizations latest digest which helps security professionals better understand the security implications of the IoT. Based on external and ISF member research, and supplemented by a short series of special interest group meetings held in Finland, the Netherlands and the United Kingdom, this paper explores:

  • Definitions of the IoT
  • Technical characteristics
  • Fundamental security issues
  • Emerging security practice
  • Legal and regulatory landscapes

"The IoT has become a reality and is already embedded in industrial and consumer environments. It will further develop and become an essential component of not just modern life, but critical services," said Steve Durbin, Managing Director, ISF. "Still, at the moment, it is inherently vulnerable, often neglects fundamental security principles and is a tempting attack target. This needs to change."

The IoT is often perceived as new and cutting edge, but similar technology has been around since the last century. What has changed is the ubiquity of high-speed, low-cost communication networks, and a reduction in the cost of compute and storage. Combined with a societal fascination with technology, this has resulted in an expanding market opportunity for IoT devices, which may be broadly split into two categories: consumer and industrial IoT.

The IoT has also been described as a form of shadow IT, often hidden from view and purchased through a non-IT route. Hence, responsibility for its security is often not assigned or mis-assigned. There is an opportunity for information security to take control of the security aspects of the IoT, but this is not without challenges: amongst them skills and resources. Nevertheless, there is a window of opportunity to tame this world, by building security into it. As most information security professionals understand, this represents a cheaper and less disruptive option than the alternative. Security teams should take the initiative to research security best practices to secure these emerging devices and be prepared to update their security policies as even more interconnected devices make their way onto enterprise networks.

"The IoT can be broken down into consumer-orientated products and industrial-orientated products; however, ISF member organizations can face risks from both these aspects of the IoT as it enters the workplace by design and also by stealth," continued Durbin. "It's important that information security functions take a proactive approach to this potentially poorly secured world and ensure that the IoT does not represent a weak spot in organizational defenses. Enterprises with the appropriate expertise, leadership, policy and strategy in place will be agile enough to respond to the inevitable security lapses. Those who do not closely monitor the continued growth of the IoT may find themselves on the outside looking in."

Securing the IoT: Taming the Connected World is available now to ISF Member companies via the ISF website.

Published Tuesday, November 12, 2019 9:48 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2019>