May 22, 2019
Organizational Issues that are making IoT a security risk
Something unusual has happened with the incorporation of IoT technology into business organizations: it is breaking down the dominance of the IT department as the sole custodian of all things tech. This is because IoT technology is tending to be introduced by operation lines and not initiated by the IT department. Line of Business managers are discovering individual IoT technologies that solve specific problems and initiating their use. As a result, IT is tending to be left out of the security oversight loop.Because IoT is often being introduced piecemeal by LOB, rather than in a coordinated fashion, there is no analysis of how each new IoT piece creates security risks as it begins sharing data with other “things.” They are introduced as-needed to address discrete needs throughout the organization. Basically, because there are an almost infinite number of possible endpoints, identifying all the possible security vulnerabilities becomes an exceptionally difficult thing to nail down. It is sort of a whack-a-mole situation.The key obligation of C-suite executives is to recognize not only the powerful opportunities that IT represents, but to take action to centralize the oversight of both IT and IoT. IT and IoT need to be taken out of their silos and given focused attention. It is also important to recognize that existing areas of expertise resident within IT may not include the specialized knowledge to manage IoT. IoT is more complex than older, more well-understood IT infrastructure. IoT interoperability, for instance may mean understanding individual IoT applications and how they can interact. Much of IoT isn’t out of the box technology. Interoperability means greater value for IoT, but it has to be done within a framework focused on security. This will put IT and IoT at the center of business operations and strategic planning and development. Managed Service providers who focus in IoT technology can also bring the specialized knowledge that may not be available in-house. IoT represents a significant IT sub-field that may be best served by utilizing the experience of an external provider that can also bring a big-picture approach to the problems of IoT within the larger organization. However you do it, understand that IoT is a technology that allows your organization to dynamically respond to changes in the working and operational environment, increase sales and customer service, improve employee productivity and help address risk management; just remember that all of those benefits bring data protection and operational security along for the ride.