IOT Security: The Ecosystem – components and managers

The IOT ecosystem has many components.  What is key here is to acknowledge the fact the ecosystem is already there.  Some believe that the ecosystem is still evolving, while some believe that the ecosystem is already there.  A neat classification of the following major areas:

Things Consumer: Home Security, Smart Locks, Appliances, Smart Bed, Smart Lights, Watering / Garden, Connected Car, Fitness/ Health, Smart Watches,.

Things Enterprise: Smart Logistics, Smart Factory, Smart Grid, Smart Retail, Smart Agriculture, Smart Cities, IOT security, Smart Healthcare.  

Internet Infrastructure: Hardware connectivity platforms, Boards, Chipsets, Software Platforms, Analytics and Data storage platforms.

Broadly, this will fall under:  ‘Things’, ‘Infrastructure’ and ‘Application’.  Each of these layers will have their own security challenges.   We will take an approach which takes the above three components of the ecosystem separately and then finally holistically.  Gartner predicts that there will be 26 billion things on the Internet.   Digitization and automation of these devices will open up new security challenges.  With Big Data entering the enterprise, it will put real time business processes at risk.  Consumer privacy due to various devices accessing consumer data is another security challenge.  Finally data – both consumer and enterprise driven will be open to data related risks.

What most ecosystem managers don’t realize is about their locus standi on change – when IOT happens.  The ecosystem manager should realize that there are three positions. Firstly, one can ignore the whole thing and therefore underplay the potential risk.  Secondly, one can study and anticipate, and then be prepared and invest in upgrade of threat intelligence and response systems. Thirdly, one can react when things come.  The locus standi will determine the protection of the stakeholder’s interests  – whether it is an enterprise or a consumer.   

Ecosystem managers are not formal roles or individuals – sometimes even full enterprises become ecosystem managers.   Why? Because,  IOT ecosystems will transcend enterprises and consumers and will be hybrid ecosystems.   Fixing roles, accountability and responsibility is key for managing security.   So in our next article – we will see how a ‘CISO’ or an ‘Ecosystem Security Manager’ role can be evolved.  This is one thing many security gurus miss out.