The Internet of Things (IoT) is ballooning—predicted to generate up to $11 trillion per year by 2025 As the IoT expands, so does the threat of cyber-attacks, detailed in recent HFS coverage. Baseline standards for the regulation of IoT device security are on the horizon—security providers large and small, multi-faceted and IoT-specific, are moving toward end-to-end solutions. To keep pace and continue innovating, it is critical that all leaders responsible for IoT initiatives find the right provider to fully secure their devices and device-networks—thereby securing the entire IoT ecosystem, allowing their teams to focus expertise on business-critical activity.

IoT security is simply not optional anymore. Leaders should be deep in contemplation of emerging legislation.

In April, we published a wake-up call for those who hadn’t made cybersecurity an essential element of their IoT strategy. It was a stark warning that regulators would soon enforce a baseline standard to ensure that not a single device could give an attacker access to an entire network. Well, we told you so…

The UK government is preparing to do just this and at the start of May is entering a consultation phase to determine what course of action to take. Their desire for the IoT and all its devices to be “secure by design” includes labeling products that classify as such; initially, the labels will be adopted voluntarily to guide buyers, while plans envisage that retailers will only be able to sell devices that meet a new code of practice.

The US, in parallel, is taking a second shot at passing the IoT Cybersecurity Improvement Act through Congress; it aims to ensure a baseline standard for all federally purchased IoT devices with a clear view that many manufacturers and vendors will subsequently include the standards across their business and commercial offerings.

The release of a European standard also hopes to drive the future regulation of IoT devices.

IoT innovation will stall without intrinsic security.

Security vendor Palo Alto Networks’ Cloud Security Summit had a key theme: Security allows enterprises to innovate, and enterprises must embed it into strategy and planning when the innovation itself—IoT in this case—is fueling risk. This echoes HFS’ 2018 IOT Services Blueprint; security is both a critical factor and barrier to IoT success, and leadership must consider it at every step of a project.

The available surface area for cyber-attacks is rapidly expanding. McKinsey predicts that IoT coverage will expand 15% to 20% through 2020 and even more beyond that, generating a potential $11.1 trillion each year by 2025. The World Economic Forum names cyber-attacks as the biggest concern facing businesses in advanced economies.

5G, Edge, and Cloud all feed the ever-increasing risk. Telecom giants are investing in 5G (see O2’s recent announcement), demanding greater levels of protection, while the MIT Technology Review announced that attacks directly from the cloud would be one of 2019’s big challenges.

In Exhibit 1, we can see that business leaders recognize the threat that is on their doorstep.

The biggest service providers are rapidly mobilizing to address security in every facet of their solutions

A shortage of skilled professionals is one of the key reasons that most enterprises prefer to outsource security-related services; leading providers are pushing toward end-to-end security solutions, allowing enterprises to better allocate resources and focus on core activities.

In HFS’ Top 10 Managed Security Services 2019 report, we predicted the future would align with the UK government’s vision for “security by design.” The biggest service providers will use security as a business enabler rather than as a bolt-on, ensuring it is ingrained in every service—not only for the IoT.

Separately, Palo Alto spent over $1.2 billion across five acquisitions between February 2018 and February 2019 as it continued its move to a subscription-based, all-encompassing security model and away from individual product or support offerings.

IoT-focused security vendors are rolling out end-to-end solutions

IoT startups are getting attention—many proclaim end-to-end solutions protecting entire networks rather than piecemeal patches. A marketplace is building rapidly; the selection of emerging solutions below aligns with the latest legislative efforts in both the UK and US, to ensure that every device in a network is secure by design, and that distributed networks are protected throughout.

• Karamba Security, once solely an automotive-focused cybersecurity vendor, recently announced its intentions to diversify into the Edge, Industry 4.0, and IoT spaces. Karamba’s solutions can be implemented independently of developers and third parties; focusing on prevention, it takes care of the security aspect allowing clients (many of which are the original manufacturers) to focus on functionality and innovation.
• Armis Security treats every IoT device as a threat, ensuring they remain “visible” (businesses don’t see 40% of devices) and limiting access to devices and networks to only necessary users.
• MagicCube’s solution secures transactions on any IoT device regardless of maker or function, having noticed a gap in the market where most IoT devices, including cars and medical devices, weren’t given the same level of protection as mobile phones; the same legacy technology couldn’t secure modern devices and their networks because of their ever-increasing diversity.
• VDOO’s “end-to-end platform” covers security analysis, implementation, and certification, allowing IoT makers to ensure security standards are met to focus on functionality.
• Xage Security incorporates blockchain to “tamperproof” the entire threat surface of an IoT network, creating a “cybersecurity foundation for increased automation and more robust data.” The more IoT nodes there are, the more secure the network becomes, combating one of the IoT’s biggest challenges.
• Iotic’s digital twin replicas of IoT systems allow for the security and interoperability of “dumb machines.” The digital twin interacts, not the devices; sources and equipment are never exposed.

The Bottom Line: Providers know that cybersecurity must be end-to-end. If your enterprise is late to the party, say goodbye to any IoT innovation.

As legislation swoops in to enforce IoT security, enterprises must be outcome-driven in their selection of a cybersecurity vendor—capturing the C-Suite and CFO’s attention. To maintain forward motion of IoT innovation, the right partner is critical—a vast vendor market is developing for enterprises, and they must be sure to choose an end-to-end solution for their business need.