As indicated by many commentators, cybersecurity will be a key issue as connected devices become more widespread. With many companies using off-the-shelf components and cloud services which they do not have control over, questions over the supply chain and a lack of awareness mean that many of these objects have serious inbuilt security flaw, and devices lack basic protections, like encryption or adequate password systems.
Industry analyst Gartner Inc. has outlined some of the security implications of the IoT in its most recent report, including a possible black market exceeding $5 billion for fake sensor and video data; this report also says IoT projects could be significantly delayed, with 75 percent taking twice as long as expected.
The firm says more than half of major new business processes and systems will incorporate some element of the Internet of Things (IoT) by 2020. The impact of the IoT on consumers’ lives and corporate business models is rapidly increasing as the cost of ‘instrumenting’ physical things with sensors and connecting them to other things — devices, systems and people — continues to drop.
“Uses of the IoT that were previously impractical will increasingly become practical,” said W. Roy Schulte, vice president and analyst at Gartner. “The IoT is relevant in virtually every industry, although not in every application. There will be no purely ‘IoT applications.’ Rather, there will be many applications that leverage the IoT in some small or large aspect of their work. As a result, business analysts and developers of information-centric processes need to have the expertise and the tools to implement IoT aspects that play a role in their systems.”
Gartner has made the following predictions for the IoT.
Through 2018, 75 percent of IoT projects will take up to twice as long as planned.
Gartner expects three out of four IoT projects to face schedule extensions of up to 100 percent with the consequent cost overruns. The more ambitious and complicated the project, the greater the schedule overruns. For some projects, compromises will be made to keep them on-schedule, leading to significant weaknesses in performance, security or integration into existing processes. In the mid-to-long term, these compromises will require that the IoT project be refactored and perhaps even recalled and redeployed.
“Product-centered enterprises will be the worst affected,” said Alfonso Velosa, research vice president at Gartner. “They will seek to launch smarter, connected products, although this will often be a reactive, tactical approach that seeks to address their competition’s IoT product. However, even for enterprises conducting internally centered projects that may focus on cost reductions, there will be people issues. Most of these issues will center on the normal introduction of a new technology model. It will be complicated by emerging business models that will require process and cultural change. Addressing both of these will lead to projects going over schedule.”
By 2020, a black market exceeding $5 billion will exist to sell fake sensor and video data for enabling criminal activity and protecting personal privacy.
The nature of IoT solutions, how they are deployed, and the types of data they generate and consume are giving rise to new security and privacy implications that organizations must begin to address. This is a rapidly escalating risk to the organization, bringing complexity unfamiliar to most IT and business leaders.
“The IoT has enormous potential to collect continuous data about our environment,” said Ted Friedman, vice president and analyst at Gartner. “The integrity of this data will be important in making personal and business decisions, from medical diagnoses to environmental protection, from commands to modify actions of machinery to identification and authorization of physical access. A black market for fake or corrupted sensor and video data will mean that data can be compromised or substituted with inaccurate or deliberately manipulated data. This scenario will spur the growth of privacy products and services, resulting in an extensive public discussion regarding the future of privacy, the means to protect individual privacy, and the role of technology and government in privacy protection.”
By 2020, addressing compromises in IoT security will have increased security costs to 20 percent of annual security budgets, from less than one percent in 2015.
As use of IoT devices grows, however, the unique requirements of IoT architecture, design and implementation over multiple industry segments and scenarios will also grow. As a result, the average security budget for IT, operational technology (OT) and IoT security requirements will respond to the growth of IoT devices across all business segments and scenarios, rising from less than one percent of annual security budgets in 2015 to 20 percent in 2020.
“Major cybersecurity vendors and service providers are already delivering roadmaps and architecture of IoT security, in anticipation of market opportunity,” said Earl Perkins, research vice president at Gartner. “Small startups delivering niche IoT security in areas such as network segmentation, device-to-device authentication and simple data encryption are offering first-generation products and services, including cloud-based solutions where applicable. Large security vendors have already begun acquiring some of these IoT startups to support their early roadmaps and fill niches in their portfolios.”
More detailed analysis is available in the report “Predicts 2016: unexpected implications arising from the internet of things.”