Survey: Security Concerns Slow Down IoT DeploymentsPreventing Ransomware and Other Malware Attacks Is Top of Mind for Enterprises
Worries over ransomware and malware are slowing down enterprise IoT deployments, which is a reflection of the reputational and customer relationship risks at stake, according to a new survey.
See Also: 2021: The Cyber-Attack Outlook
Although security requirements may mean IoT projects will take longer, it also means that enterprises are cognizant of how a growing number of devices on networks introduces new attack vectors (see: 'Smart' Factories Could Face Unique Attacks: Report).
"The risks with IoT potentially increase because of the diversity of deployments and technologies in IoT networks - general enterprise security is much more standardized and so easier to deploy and keep updated," says Alexandra Rehak, chief analyst with the London-based consultancy Omdia and head of its internet of things practice.
The Omdia-Syniverse IoT Enterprise Survey polled 200 enterprises between January and March in North America and Europe that have deployed IoT devices. It was commissioned by Syniverse, which offers private networks for fleets of IoT devices.
Of all enterprises polled, 86% reported that IoT projects were delayed or constrained by security.
Security Drives Up Costs
The survey covered companies in healthcare, financial services, manufacturing, retail and hospitality and transportation. Their concerns over security vary. For example, the manufacturing industry is most worried about unauthorized devices joining the network. Healthcare and finance rank regulatory and compliance concerns high.
Security concerns over IoT are driving up the cost of the deployments. Enterprises reported that security was consuming 10% to 30% of the overall IoT budgets. For retail and healthcare, it was even higher. Half of the respondents in those verticals reported spending between 20% to 30% of the Iot budget on security.
The top security concerns were ensuring data integrity, plus network and device security, according to the survey.
To deal with those issues, enterprises are using strategies that include network-based IoT security policies, real-time monitoring of systems and traffic, dedicated IoT security teams and regular vulnerability assessments, the survey shows. They're also focusing on end-to-end encryption.
The Private Network Option
For the network component, more than half of enterprises are putting IoT devices on a private network that's separate from the public internet. The type of connectivity to those networks can range from LTE to low-power wide area networks, or LPWANs.
The survey says that 40% of respondents were using LPWANs, which is appealing to the retail and hospitality industries. LPWANs are suited to IoT devices running on batteries and have a low data transfer requirement.
Using a private network has control advantages, says Dan Klaeren, senior director of product management at Syniverse.
"An enterprise can control and manage every device, monitor the activity, apply policies to devices and control all aspects of the network," he says. "When utilizing a public network, the enterprise will only be able to use utilize whatever capabilities (e.g. administration, application of policies, etc. are offered by the public network provider."
Of the survey respondents, 97 percent says they're using a private network for IoT or considering it. But the two primary concerns with private networks are costs and whether a private network offers adequate geographic coverage and mobile support, the survey says.
"Enterprises will want to understand exactly how private networks can make their lives easier and how private network providers will help with transparency and controls around the costs of IoT deployment and ongoing management, in the post-COVID-19 recovery period," the survey notes.
What to Consider
Rehak says that when considering an IoT deployment, enterprises need to consider security at all layers. That includes at the device/chipset, application, network and cloud levels. To block intrusions, the security controls need to be end-to-end, she says.
Also, scalability is a large concern. IoT projects often start small, but if the devices prove their worth, a project will invariably become larger. The security controls must be able to keep up.
"Security solutions need to support this and be able to delivery scalability without falling over/becoming too costly in terms of either money or processing requirements," Rehak says.
Another consideration is the lack of a single IoT security standard, she says. Buyers should make sure that a security product can support different connectivity scenarios or types of cloud services.
"Some types of connectivity technologies - notably cellular - have in-built security (via the SIM in case of cellular), but IoT deployments typically use more than one type of connectivity," Rehak says. "So going for solutions that are technology-neutral (interoperable with multiple technologies) is likely going to be important."