One third of organisations say the IoT is having an impact - but is it?
The IoT suffers greatly from definition creep, but security is undoubtedly a key issue
A survey has found that the Internet of Things (IoT) is already playing a major role in about one third of businesses, but that security considerations may be lagging behind.
The survey of 200 companies of all sizes and sectors in the UK and in Austria, Germany and Switzerland (DACH) was commissioned by security vendor ForeScout and carried out by analyst Quocirca. Asked the question "In general terms, how do you view the potential impact of the Internet of Things (IoT) with regard to your organisation?" approximately one third of organisations said the IoT is already having a major impact on their business (five on a five-point scale), with a similar number expecting to see this soon. The most advanced sectors in their use of IoT were IT and telecoms, retail, finance and manufacturing.
This raises questions as to what the IoT represents. Although the question posed was slightly different, a recent Computing survey of UK businesses found the IoT to be of much less importance to most businesses currently (see figure below). Asked "How important is the Internet of Things to you and your business?" only 17 per cent of organisations we polled said the IoT was important now (six or seven on a seven-point scale of importance).
The IoT suffers greatly from definition creep, and the answers you get from a survey will depend on whether you define it in terms of RFID tags, smart homes or robot-run factories. Nevertheless, there is no doubt that the importance of the IoT is growing.
The ForeScout/Quocirca survey also looked at end-points attached to the network. While the most common are PCs and laptops, smartphones and tablets are not far behind and these are being joined by smart devices, cameras, SCADA systems, point-of-sale and medical systems, among a long and growing list of categories.
Quocirca points out that this presents a security management challenge because not only do the increasing number of connected devices represent a larger attack surface, but many will not be visible on the network using traditional agent-based tools. They will also be running a variety of operating systems, many with unique customised tweaks, which may or may not be regularly patched and updated.
The biggest dangers would be from "legacy devices not intended to be on the network in the first place and devices introduced in an ad hoc way by employees and lines of business," said Quocirca analyst Bob Tarzey, adding that purpose-built IoT devices are more likely to have built-in protection.
"We have already seen a number of cases where fairly simple devices such as security surveillance cameras have been hacked and used as gateways to access the network," said ForeScout's international marketing director Jan Hof. "If a simple IoT device is widely used, the gain for the hacker would be relatively high in using it to get access to networks."
Most organisations were not confident that they could see all the devices connected to their networks (see figure above), but the biggest difficulty in implementing effective security policy was identified as getting the various IT functions (networking, security, developers and operations) to work together properly.
In terms of which are the most advanced sectors, the Quocirca survey chimes reasonably closely with recent research carried out by Computing that found IT and telecoms, manufacturing, utilities and retail to be leading the IoT charge. Security was also found to be the most important barrier to adoption across all sectors in the Computing study.