The security requirements of the Internet of Things will reshape and expand over half of all global enterprise IT security programs by 2020 due to changes in supported platform and service scale, diversity and function, according to Gartner.
The research firm said the power of objects in the IoT to change the state of environments will cause chief information security officers (CISOs) to redefine the scope of their security efforts beyond present responsibilities.
"Securing the IoT expands the responsibility of the traditional IT security practice with every new identifying, sensing and communicating device that is added for each new business use case," said Earl Perkins, research VP at Gartner.
Functions that are delivered as purpose-built platforms using embedded technology, sensors and machine-to-machine (M2M) communications for specific business use cases signal a change in the traditional concept of IT and the concept of securing IT.
"Real-time, event-driven applications and nonstandard protocols will require changes to application testing, vulnerability, identity and access management (IAM) — the list goes on,” said Perkins.
Handling network scale, data transfer methods and memory usage differences will also require changes as do governance, management and operations of security functions.
Perkins said CISOs should not automatically assume that existing security technologies and services must be replaced. Instead, they should evaluate the potential of integrating new security solutions with old.
“At this time, there is no 'guide to securing IoT' available that provides CISOs with a framework for incorporating IoT principles across all industries and use cases," he said. "However, it is possible for CISOs to establish an interim planning strategy, one that takes advantage of the 'bottom-up' approach available today for securing the IoT.”