Managing Security for Connected Systems
|発行||VDC Research Group, Inc.||商品コード||322434|
|出版日||ページ情報||英文 14 Pages
|コネクテッドシステムのセキュリティ管理 Managing Security for Connected Systems|
|出版日: 2014年12月23日||ページ情報: 英文 14 Pages||
This report contains an analysis of products and services used to manage the security of connected systems as well as an analysis of key strategic issues, trends, and other factors impacting the market for these solutions. Market analysis, critical considerations, and growth opportunities will be offered across the following dimensions: technology types/product categories, industry sectors, and geographic regions. The report integrates selected findings from VDC's recent connected systems survey of OEM embedded device engineers as well as systems integrators, IT administrators, and executives. (Full survey data is provided as a separate Excel spreadsheet.)
Connected systems in the IoT are potentially open to many more attack vectors than are enterprise IT networks, which is exacerbated by the billions of devices being connected to the IoT. Although many IT endpoint and network security vendors offer managed security services that are partially or wholly applicable to the IoT, few vendors offer such services that focus on the unique aspects of IoT devices and systems. Security vendors have the opportunity to capitalize on the nascent IoT market by tailoring their solutions to managed security services for IoT, especially through focusing on vertical market solutions and through the addition of global threat intelligence. VDC recently conducted a survey of OEM engineers and IoT implementers to gauge the state of security for connected embedded systems, with selected findings presented.
[Data available in full report.]
The original version of Metcalfe's Law1 stated, “The systemic value of compatibly communicating devices grows as the square of their number.” Metcalfe's Law predated by decades the Internet of Things, but as a device-centric theory rather than user-centric one, it is actually more applicable to the IoT than to the Internet of People. What Metcalfe presumably had not anticipated, however, were a couple of corollaries to the law that have since become evident:
A massively connected system has far more vulnerabilities than an unconnected or a modestly connected system, and hackers' attempts to breach it rise exponentially as well. The combination of these two factors further increases security risk. In a prior VDC report entitled, “Risk Assessment for Connected Systems,” we expressed this conceptually with the equation:
Risk = Vulnerability x Threat
With the number of devices connected in the IoT reaching well into the billions, the risk is clearly large and growing larger. Nevertheless, the power of Metcalfe's Law can also be applied to measures that help secure the IoT, using these corollaries:
We don't know the extent to which the growth in these security factors might exponentially match the rising risk to keep pace in an arms race against hackers. It is wishful thinking to believe that in the near term, connected systems can be protected sufficiently enough that hackers lose interest due to poor return on their investment of time and resources. (While such a state of impenetrable security won't arise soon, we could envision a tipping point decades from now when most hackers move on to do other things with their lives.) In the meantime, the security situation is likely to get worse before it gets better.
1 This is what Bob Metcalfe wrote on a presentation graph circa 1980, which has since been morphed into several popular variations.
The long-term viability of the IoT depends on substantial improvements in security. Arguably, adequate security measures already exist, but they are implemented inadequately and in an insufficient portion of connected devices and systems. OEMs and other interested parties often find them too time-consuming and too resource-intensive to implement, and users may consider them too cumbersome, although neither of those has to be the case. As hardware engineers and software developers gain experience in designing for the IoT, and as security offerings continue to improve in ways that hide some of their complexity from users, IoT security will improve.
In the preceding report of this series, “Securing Applications for Connected Systems,” we examined some of the ways that connectivity can enhance security of embedded applications. In this report, we look at solutions to centrally manage security of connected devices and systems.