There is little doubt the Internet of Things has now become top of mind for many enterprises and the reasons aren’t that hard to see. IoT has delivered a unique opportunity to enhance digital business in a way that goes far beyond anything previously experienced – enabling enterprises to connect their people, processes, devices and other assets in a manner that was never previously possible, right across their operations.
At the same time, as the impact of IoT gathers pace, those enterprises have to deal with a multitude of challenges that all of this rapid change brings with it. For its part, Symantec is fully engaged in making sure that industry and our customers – whether in financial, retail, manufacturing, automotive or health care – understand the fundamental differences between IT and IoT, and the particular challenges these bring.
What are they? Let me deal with just a few:
- IT is ‘Open’ and easy to install – IoT is ‘Closed’ to new software once the device leaves the factory
- IT has 3 protocols effectively: UDP, TCP, IP – IoT has thousands of protocols many of them being proprietary (hundreds in each vertical)
- IT has 5 Operating Systems: mostly Windows, Linux, OSX, iOS, Android – IoT has dozens, heavily fragmented by vertical.
There are many more such challenges to be overcome, but you get the picture.
With IoT systems closed, what impact does that have on IoT manufacturers? Above all, they will have to take on a greater burden of security than ever before. Specifically, security will need to be designed in at the manufacturing stage. Key to Symantec’s strategy in delivering against that is Symantec Embedded Security: Critical System Protection, a lightweight security client designed to secure the IoT by protecting the endpoint and embedded devices. Crucially, what SES:CSP offers manufacturers and asset owners of embedded systems is powerful signature-less, host-based protection when dealing with both managed and unmanaged scenarios – and all without compromising device performance. Symantec also has certificates to identify and authenticate the devices that have already been deployed in a billion IoT devices worldwide, as well as a code signing platform to sign software to ensure code can be trusted. Of course, manufacturers must also design their devices so that they can be updated or patched later, if required.
Meanwhile, when it comes to existing legacy networks, while customers need to see if they can retro-fit their devices with solutions like SES:CSP, certificates and code signing; in some legacy networks, it might not be possible to retro-fit all of the existing devices. So, at the minimum, customers must monitor their networks to analyze the data, in order to understand what is happening and detect any misbehavior. Such a solution will need to work across the myriad of protocols mentioned above. The good news is that advanced machine learning techniques can enable this to happen. In general, such security analytics should be used across all networks (even with newer devices) to provide insight into the networks. Of course, network protection techniques like gateways and firewalls are also valuable here.
At the same time, having spoken to (and by working with) customers across different industries, we realize that each industry has its own approach to IoT. For financial (ATM), securing the device is paramount. For industrial, the priority is analyzing the data and understanding what is happening in their network. Each and every go-to-market strategy has to reflect these differences and, with that objective in mind, Symantec is committed to delivering what is right for the customer in any given vertical.
Specifically, the Symantec approach addresses each industry uniquely, making the appropriate changes on our side to meet customer needs. We are also working closely with manufacturers and systems integrators who will play a major day-to-day role out in the field securing legacy environments, whether their focus is one specific vertical sector or whether they play horizontally across the ecosystem. In partnership with them, our aim is to make the entire ecosystem secure. Ultimately, whatever the primary focus of the customer might be, they all require one thing: the most comprehensive and robust solution to secure the IoT, which we are engaged in providing.
Global standards like Industrial Internet Consortium (IIC) and AllSeen Alliance also play a key role in shaping the future of the industry where we are participating – and we are committed to moving those standards forward. Finally, we believe that IoT will be yet another pillar that will bring value to the enterprise, along with cloud, mobile and traditional endpoint. And that makes it even more crucial that security is sufficiently thought through to ensure all enterprises are able to get one common security view across their entire organizations.
Check out our new website for more details, case studies and examples of how Symantec protects IoT today: http://www.symantec.com/iot.