IoT in the Enterprise: Managing Risk and ControlKPMG Experts Offer Security Advice for IoT Deployments
Enterprises want to make greater use of connected devices to develop new services and gain new efficiencies, but security is a paramount concern.
Large IoT deployments, which could encompass millions of sensors, increase the attack surface, says Piers Hogarth-Scott, who leads KPMG's IoT practice in Australia.
Some of the sensors have limited capabilities; they grab a bit of data and push it to the network, which limits the type of security technologies that be applied, says Katherine Robins, a partner in KPMG's cybersecurity practice. "Depending on what the sensors are, there isn't a lot of compute for you to be able to put a security stack on these things," she says.
For example, some devices many not be able to use security certificates. Often, that means the security is pushed downstream to a controller or an edge network within an organization, she says.
"These are all of the things that people worry about when they're talking about IoT," she says.
In this video interview with Information Security Media Group, Hogarth-Scott and Robins discuss:
- The security challenges around managing large numbers of remote IoT devices;
- How organizations are managing detection, response and recovery for IoT devices;
- Why there's increasing demand for basic security verification of IoT devices.
Hogarth-Scott is a partner at KPMG's Digital Delta in Australia. He is national leader for KPMG's IoT practice and is chairman of the executive council for the IoT Alliance Australia.
Robins is partner with KPMG's cybersecurity services in Australia. She formerly was a partner with Deloitte Australia and the principal security expert for Telstra's chief technology office.