(This blog post was written by Aislyn Fredsall, an editorial assistant for the TechTarget CIO media group through Northeastern University’s co-op program.)
Is security no longer a major concern for the Internet of Things? Judging from an IoT panel discussion during the 2015 MIT Sloan CIO Symposium, this statement might not be as outlandish as it sounds.
The panel, titled “The Internet of Things: Challenges for a Connected World,” focused on some of the issues facing IoT, including the development of IoT technology and the obstacles of introducing it in the enterprise. Unsurprisingly, security was also among the problems discussed.
“Security’s huge and just like the rest of IT, no one is investing enough in it,” said Michael Chui, a partner of the McKinsey Global Institute and former CIO of the City of Bloomington, Ind. “IoT both increases the attack surface, or creates more vectors, [and] increases the consequences of a breach.”
But besides a few superficial references, the discourse did not actually focus on security until members of the audience specifically asked about it. It is possible that the panel planned to talk about IoT security and just did not get to it within the allotted time, but the fact that security was not a priority discussion topic is telling.
While no one would argue that security is no longer a problem at all for IoT, maybe it is not as big of an issue as it once was.
Fellow panelist Richard Soley, executive director of the Industrial Internet Consortium, placed importance on IoT security when he described how “one of the first two groups created” for the Industrial Internet Consortium was “focused on creating security use cases and applying those security use cases to all the test beds that we develop.”
However, Soley also downplayed how much progress is still needed regarding IoT security by suggesting that it is a problem that can never completely be solved. He voiced this sentiment with his mantra of “it’s going to happen” concerning security breaches.
“First of all, we need to preface any answer [about IoT security] with: It’s going to happen,” he said. “It doesn’t make sense to say we’re not going to do this because of increasing attack surface. It’s going to happen.”
Soley made it clear that breaches are inevitable but that this is not a reason to avoid or postpone adopting IoT technology. In fact, the inevitability should be embraced with IoT adoption.
“The point is we’re going to take advantage of Internet technology because it’s cheap and because we have ubiquitous connectivity,” Soley said. “If we’re going to provide any kind of data privacy we’re going to have to solve the security issues, but you’re never going to get them 100% [solved] and you shouldn’t expect to get them 100% because we don’t have it in the physical world either.”
At least for Soley, it seems that security was not discussed more during the panel because there was nothing new to say on the topic. Enterprises don’t need to develop new security innovations to confront the problems they’re facing with IoT security; they just need to fully utilize already available technology.
“I think that current security technology is perfectly up to the task; it’s just that most of us don’t bother,” he said.
Aislyn Fredsall is an editorial assistant for the TechTarget CIO media group through Northeastern University’s co-op program. She is currently in her third year at Northeastern, where she studies English.