IIoT security tips and trends for 2020
December 17, 2019 By BlueAlly
It’s an exciting time to be in the industrial IoT security space. Having recently joined Cisco’s IoT security business unit as product manager for Cyber Vision, I’ve enjoyed seeing how the industry has evolved in just the past couple years. Current trends point clearly to opportunities for robust IIoT deployments.
The acquisition of companies that offer point products can be considered market validation for a given technology sector. Now is that time for IIoT security, as what was niche becomes mature and more broadly accepted in the market. Cisco has been part of that activity, as we acquired Sentryo last summer. I expect that the industry will see more acquisitions in the coming year.
While M&A activity is a good sign for maturing technologies, it can make security investment decisions challenging for organizations. You want to make sure the technology provider you invest in today will be around tomorrow. Here are a few factors to consider when deciding with whom to invest your time and money:
- Company stability: Do you have confidence that the company you may invest in will be there three, five, or ten years down the road? How mature and scalable are their product development, professional services, and technical support capabilities? Is that company profitable or is it surviving on venture capital?
- R&D/Investment: Does the company have the resources to invest in innovation while scaling their operations?
- Strategy: What is the company’s strategy over the next one, three, and five years?
Security embedded at the edge
At Cisco, we believe security should be at the edge. That’s one of the primary reasons why we acquired Sentryo. Sentryo was the only provider in the IoT security market that we felt had a true edge architecture. What do I mean by “edge architecture”? It’s putting processing power in devices like routers, switches, and gateways to increase scale, lower costs, and have less impact on the network. And in the industrial space, not burdening those networks is paramount.
Edge computing isn’t a new concept. Virtualization and containerization make the evolution of security at the edge a natural progression. That’s why our first Cyber Vision hardware sensor uses our IC3000 Industrial Compute platform. And considering a big part of our business is making those edge devices, you can see why Sentryo was the logical choice and how well their model fits with our business. They were the puzzle piece we needed to complete the integrated IIoT cybersecurity, networking, and IT cybersecurity picture.
As you plan and execute IoT deployments in 2020, look for ways to leverage edge computing and edge architecture to improve scalability, lower costs, and reduce network impact.
From convergence to collaboration
We humans are at our best when we work together and rely on each other’s strengths. It’s very heartening to hear that OT and IT are coming to this conclusion. And as with most human interactions, this is happening through small steps that establish a foundation of trust upon which they can build with each successful interaction. So, if this is so human, where does the technology come in?
Each group needs both the ability to discover and analyze data points that are relevant to each, and more importantly, to have a mutual understanding of the significance of those analyses to their counterparts. Consider, for example, a scenario where the IT security operations center (SOC) discovers that a device has security vulnerability (CVE) score of 9.2, and that device is part of a mission critical industrial process. The SOC must understand how to communicate that threat to their OT colleagues, and how to best collaborate on the appropriate means of remediation or mitigation. Without this ability, it’s like covering one eye and losing full vision of the situation.
The OT/IT convergence won’t happen overnight. It will take deliberate effort and hard work from both OT and IT professionals. In the coming year, organizations should look closely at the tools they use and how those tools hinder or help their efforts to align with the other organization.
Security is critical to the success of any IIoT deployment and, fortunately, industry trends point to solid solutions for ensuring that industrial processes are protected. It will be exciting to see how these security solutions enable new IIoT use cases in 2020.