GSMA Intelligence’s Enterprise in Focus survey is out. It is our third annual survey, contacting more than 2,800 enterprises to capture their attitudes towards IoT. As a part of it, together with Pelion, we have also prepared a report which asked enterprises what they are thinking about and doing with IoT security.
The responses suggest enterprises are progressing on their IoT security journey, which is encouraging. For example, it is clear there is a level of appreciation of the importance of IoT security: the proportion of enterprises which have changed their security practices as a result of their IoT deployments has remained relatively unchanged, at around 85 per cent for the last two years. While the number is not going up, this is still progress, since enterprises used to perceive IoT security as an afterthought (or burden to bear) and treat it as a hygiene factor. In fact, our research also shows a shift in the reasons why enterprises have adapted their security practices to IoT deployments.
85 per cent of enterprises have changed their security practices. Why is this data point important?
For the second year running, the proportion of enterprises which have changed their security practices as a result of their IoT deployments was around 85 per cent. We can be pessimistic that not every business is as security-minded as we want them to be. However, 85 per cent is still a significant majority of enterprises…and who ever thought 100 per cent was possible? But, why is this 85 per cent important? Because we can now say that a significant majority of enterprises care about IoT security enough to take steps to ensure they can rely on the IoT data to make business decisions. After all, if they cannot trust the integrity of said data, they cannot use it to make business decisions or automate work processes.
If enterprises say they have changed their security practices, what have they actually done?
For a start, unsurprisingly, more enterprises still indicate security features are the most important factor in their IoT solution purchasing decisions. The survey also revealed enterprises are more likely to build security features in their IoT solutions from what they are familiar with, of enterprise IT and cloud security. While this is not wrong (there is no wrong or right way), applying IT and cloud security to IoT only addresses part of the three common IoT threat scenarios. Across any IoT solution in any sector and application, the three common security attack scenarios are attacks to devices, cloud servers and the communications networks. We infer from the survey that while enterprises are increasingly aware of the importance of IoT security, they are still mainly fitting traditional IT/cloud security concepts to their IoT deployments. IoT security is more than IT/cloud security.
Why have enterprises changed their security practices?
Are they changing because they have to do by law or are there other reasons? As the chart, below, illustrates (click to enlarge), there are a spectrum of motivations for making changes to security policies, with traditional compliance reasons on one end and an active goal on the other.
Why is it important to uncover the motivation behind enterprises’ behaviours? Because we can infer their security journey progress based on their stated reasons and actions. Let us examine the different reasons starting with the most active and aspirational reason.
What next for enterprises?
Our survey revealed enterprises have good intentions but have not always executed on those yet. To get them further on their security journeys, they need remember two immediate factors. First, IT security is not the same as IoT security. For example, simply taking what cloud vendors offer as IoT security may not be sufficient for their IoT solutions. Secondly, they might consider alternative approaches. To know what is happening in their IoT deployments is an important first step. To be able to monitor and remotely manage IoT devices in the field provides enterprises control. Even better is for enterprises to obtain optimal features in their IoT solutions with performance, cost and security in mind. Apply IoT security considerations to IoT deployments. Stop forcing IT security to address IoT security challenges.
– Yiru Zhong – lead analyst, IoT and enterprise, GSMA Intelligence
The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.Subscribe to our daily newsletter Back