表紙
市場調査レポート

コネクテッドシステムのセキュリティ管理

Managing Security for Connected Systems

発行 VDC Research Group, Inc. 商品コード 322434
出版日 ページ情報 英文 14 Pages
納期: 即日から翌営業日
価格
本日の銀行送金レート: 1USD=101.32円で換算しております。
Back to Top
コネクテッドシステムのセキュリティ管理 Managing Security for Connected Systems
出版日: 2014年12月23日 ページ情報: 英文 14 Pages
概要

IoT環境におけるコネクテッドシステムはエンタープライズITネットワークに比べ、より多くの攻撃ベクトルにさらされる可能性があり、さらにその状況はIoTに接続される無数のデバイスによって悪化する可能性があります。多くのITエンドポイント&ネットワークセキュリティベンダーがIoTに一部または全面的に対応しているマネージドセキュリティサービスを提供しているものの、IoTデバイスおよびシステムの特異的な側面に焦点を当てたサービスを提供しているベンダーはほとんどありません。セキュリティベンダーは自社のマネージドセキュリティソリューションをIoT向けに改良し、さらに特定産業向けに的を絞るなどすることで、IoT市場での収益化の機会を得られるでしょう。

当レポートでは、OEM組込みデバイスエンジニア、システムインテグレーター、IT管理者、企業幹部などを対象に行った調査の結果から、コネクテッドシステムのセキュリティ管理に用いられる製品およびサービスについて調査し、技術タイプ/製品カテゴリー・産業部門・地域別の成長機会の分析、戦略的課題、主要動向、その他の市場影響因子の分析などをまとめています。

本レポートについて

目次

エグゼクティブサマリー

  • 主要調査結果

セキュリティとメトカーフの法則

マネージドセキュリティソリューション

  • 表1:IoT/クラウドベンダーの選定におけるセキュリティの重要性
  • 表2:組織のコネクテッドデバイス/システムで一般的に利用されているマネージドセキュリティサービス:回答者のタイプ別
  • 表3:マネージドセキュリティサービスにおけるポリシー&アプリケーション管理の利用
  • 表4:マネージドセキュリティサービスにおけるシステム脅威監視・対応の利用

マネージドセキュリティベンダー

  • 表5:マネージドセキュリティサービスベンダーの選定基準の重要性

見解・分析

目次

This report contains an analysis of products and services used to manage the security of connected systems as well as an analysis of key strategic issues, trends, and other factors impacting the market for these solutions. Market analysis, critical considerations, and growth opportunities will be offered across the following dimensions: technology types/product categories, industry sectors, and geographic regions. The report integrates selected findings from VDC's recent connected systems survey of OEM embedded device engineers as well as systems integrators, IT administrators, and executives. (Full survey data is provided as a separate Excel spreadsheet.)

What questions are addressed ?

  • What are the challenges associated with managing the various measures needed to secure connected devices?
  • What business opportunities do managed security services open up for OEMs, systems integrators, and other parties?
  • What are the unique managed security requirements for IoT devices?
  • How does connectivity both hinder and help security efforts?

Executive Summary

Connected systems in the IoT are potentially open to many more attack vectors than are enterprise IT networks, which is exacerbated by the billions of devices being connected to the IoT. Although many IT endpoint and network security vendors offer managed security services that are partially or wholly applicable to the IoT, few vendors offer such services that focus on the unique aspects of IoT devices and systems. Security vendors have the opportunity to capitalize on the nascent IoT market by tailoring their solutions to managed security services for IoT, especially through focusing on vertical market solutions and through the addition of global threat intelligence. VDC recently conducted a survey of OEM engineers and IoT implementers to gauge the state of security for connected embedded systems, with selected findings presented.

[Data available in full report.]

Key Findings

  • Security solutions for the IoT are often implemented by IT administrators or engineering services firms, rather than being integrated by OEMs into connected devices and systems.
  • Use of reactive security event response is much more common than use of proactive threat intelligence for IoT systems.
  • Security solutions for IoT-specific systems are rare today, and many customers must choose among solutions adapted from traditional enterprise IT security and/or enterprise mobility management.

Security Corollaries to Metcalfe's Law

The original version of Metcalfe's Law1 stated, “The systemic value of compatibly communicating devices grows as the square of their number.” Metcalfe's Law predated by decades the Internet of Things, but as a device-centric theory rather than user-centric one, it is actually more applicable to the IoT than to the Internet of People. What Metcalfe presumably had not anticipated, however, were a couple of corollaries to the law that have since become evident:

  • The potential attack vectors of a connected system grow exponentially with the number of devices; and
  • The number, intensity, and sophistication of hackers seeking to exploit a connected system grow with its systemic value.

A massively connected system has far more vulnerabilities than an unconnected or a modestly connected system, and hackers' attempts to breach it rise exponentially as well. The combination of these two factors further increases security risk. In a prior VDC report entitled, “Risk Assessment for Connected Systems,” we expressed this conceptually with the equation:

Risk = Vulnerability x Threat

With the number of devices connected in the IoT reaching well into the billions, the risk is clearly large and growing larger. Nevertheless, the power of Metcalfe's Law can also be applied to measures that help secure the IoT, using these corollaries:

  • The ability to secure a connected system grows with the number of devices actively monitored and managed for security; and
  • The threat intelligence that can be gleaned from attacks grows with the volume and sophistication of the attacks that are discovered.

We don't know the extent to which the growth in these security factors might exponentially match the rising risk to keep pace in an arms race against hackers. It is wishful thinking to believe that in the near term, connected systems can be protected sufficiently enough that hackers lose interest due to poor return on their investment of time and resources. (While such a state of impenetrable security won't arise soon, we could envision a tipping point decades from now when most hackers move on to do other things with their lives.) In the meantime, the security situation is likely to get worse before it gets better.

1 This is what Bob Metcalfe wrote on a presentation graph circa 1980, which has since been morphed into several popular variations.

The long-term viability of the IoT depends on substantial improvements in security. Arguably, adequate security measures already exist, but they are implemented inadequately and in an insufficient portion of connected devices and systems. OEMs and other interested parties often find them too time-consuming and too resource-intensive to implement, and users may consider them too cumbersome, although neither of those has to be the case. As hardware engineers and software developers gain experience in designing for the IoT, and as security offerings continue to improve in ways that hide some of their complexity from users, IoT security will improve.

In the preceding report of this series, “Securing Applications for Connected Systems,” we examined some of the ways that connectivity can enhance security of embedded applications. In this report, we look at solutions to centrally manage security of connected devices and systems.

Table of Contents

Inside this Report

  • What questions are addressed?
  • Who should read this report?

Contents

Executive Summary

  • Key Findings

Security Corollaries to Metcalfe's Law

Managed Security Solutions

  • Exhibit 1: Importance of security in selection of IoT/cloud vendors
  • Exhibit 2: Managed Security Services typically used with organization's connected devices/systems, by respondent type
  • Exhibit 3: Usage of policy and application controls in Managed Security Services
  • Exhibit 4: Usage of system threat monitoring and response in Managed Security Services

Selection of Managed Security Vendors

  • Exhibit 5: Importance of criteria for selecting managed security services vendors

Ideas & Insights

Back to Top