Security concerns should not hold back investment in the IoT

The conventional wisdom has it that IoT security, or the lack thereof, is a disaster waiting to happen. Machina Research, however, argues that this is largely a myth. According to the report, the grand vision of the IoT as everything connecting to everything is so distant that it makes little sense to future-proof all of today’s deployments for it. At least for the next ten years, what we refer to as the IoT will be driven by the Subnets of Things used in relatively controlled settings. Most of today’s security requirements can be met incrementally, with proper planning and already available solutions.

In principle, the security layer should be enabled in IoT deployments by design, rather than retroactively when all else is said and done. Yet in reality, the viability of this maxim tends to depend highly on what is actually being deployed.

“Individual products can, and should, be secured by design, and developers who fail to do so are asking for trouble,” The report author, principal analyst Aapo Markkanen explained. “That said, when the project is not about a single product but a complex system, comprising multiple products supplied by different vendors at different times, the scope for doing pretty much anything ‘by design’ is limited. That is often the case especially in the Industrial IoT, where brownfield deployments are the norm. In these environments, security is more of a systems-integration issue than a design issue.”