Gartner set its sights on 2020 at its Security and Risk Management
Summit this week, arguing that one of the key influences on information
security over the next five years will be the Internet of Things.
Chrisitan Byrnes, managing vice president at Gartner Inc, took the
keynote stage to predict a rapidly changing landscape in security where
companies that aren't prepared for the Internet of Things
(IoT) will inevitably be left behind. The biggest impacts to security
strategy will come in physical safety and how companies handle the vast
amounts of data produced by IoT devices.
"The data that's collected is a lot bigger because as mobile evolves
towards the Internet of Things, we're going to have orders of magnitude
more sources of data," Byrnes said. "So the data collected by 2020 is
going to be 1,000 times as much as 2015, something like that … The
organizations that collect, use and intelligently analyze the data
collected, those are the ones to succeed."
Byrnes said the traditional CIA triad
model of security - confidentiality, availability and integrity - will
see shifts because of IoT. Availability becoming a critical factor based
on a move to more real-time event-driven systems. The sheer volume of
data generated will lead to organizations accepting lower integrity data
as standard.
"Confidentiality is going to become interesting because society is
changing worldwide. Society is beginning to worry about
confidentiality," Byrnes said. "We're pretty sure that one thing that is
happening is a push towards more transparency."
This push towards transparency is potentially a significant decision
for organizations, according to Byrnes, because the amount of data
collected through IoT devices will make it more difficult to protect
everything, and the lower integrity may mean protecting it all is
unnecessary in general.
"By 2020, how transparent will your organization be willing to be?"
Byrnes asked the crowd. "If you're gathering three to ten orders of
magnitude more information, what are you going to do with it? Are you
seriously going to try to protect all of it? It's a different way of
thinking about how security operates."
The biggest shift in thinking, Byrnes insisted, will come with a
fundamental change to the CIA model by adding "safety", making it the
CIAS model. This major change will come as a direct result of the rise
of IoT.
As more and more devices become connected to the network, this will
increase risk from physical infrastructure complexity and automation,
hazard controls become part of the security landscape, and cyber attacks
can have an impact on the physical world. Byrnes said some industries
will see this faster and gave the example of automated systems giving
pharmaceuticals to patients in hospitals, or operational security
systems that control things from access to buildings to traffic lights.
"The convergence of physical security and information security is now
inevitable," Byrnes said. "As we move towards the Internet of Things,
it becomes probably the most important thing we need to think about.
Physical security has been concerned with the safety and preservation of
life and now it's going to be in your purview. You no longer have the
option to fail. The Internet of Things does not just sense what is going
on, it changes what is going on; it changes the physical world."
( Techtarget.com )
No comments:
Post a Comment