Worldwide spending on Internet of Things security will hit $1.5 billion in 2018, a 28 per cent increase from 2017, according to a new report from Gartner.
However, the analyst company warns that IoT security is being left up to line-of-business units, with a lack of overall business strategy, poor “security by design”, and little control over the technology within connected devices.
Its report, Forecast: IoT Security, Worldwide 2018, says that IoT-based attacks are already a reality. A recent Gartner survey found that nearly 20 per cent of organisations have experienced at least one IoT-based attack in the past three years.
“In IoT initiatives, organisations often don’t have control over the source and nature of the software and hardware being used by smart connected devices,” said Ruggero Contu, research director at Gartner.
“We expect to see demand for tools and services aimed at improving discovery and asset management, software and hardware security assessment, and penetration testing. In addition, organisations will look to increase their understanding of the implications of externalising network connectivity.”
These factors will be the main drivers of growth in IoT security, with spending hitting a forecast $3.1 billion in 2021, according to the company.
How the market breaks down
The report forecasts that endpoint security spending will be roughly one-third of the value of professional services security spending this year: $373 million against $946 million. Meanwhile, gateway security spending is predicted to hit $186 million.
However, in 2021 professional services security spending is likely to exceed $2 billion, with endpoint security hitting $631 million, and gateway security $415 million.
Despite healthy year-on-year growth in worldwide spending into the next decade, the report predicts that the biggest inhibitor to the growth of IoT security will be a lack of prioritisation and implementation of security best practices and tools. This will hamper spending on IoT security by 80 percent: an extraordinary figure.
No co-ordinated strategy
“Although IoT security is consistently referred to as a primary concern, most IoT security implementations have been planned, deployed, and operated at the business-unit level, in cooperation with some IT departments to ensure the IT portions affected by the devices are sufficiently addressed,” said Contu.
However, coordination via common architecture or a consistent security strategy is all but absent, and vendor product and service selection remains largely ad hoc, based upon the device provider’s alliances with partners or the core system that the devices are enhancing or replacing.”
While basic security patterns have been revealed in many vertical projects, they have not yet been “codified into policy or design templates to allow for consistent reuse”, continues the report.
“As a result, technical standards for specific IoT security components in the industry are only now just starting to be addressed by IT security standards bodies, consortium organisations, and vendor alliances”, it adds.
This absence of “security by design” comes from a lack of specific and stringent regulations. Going forward, Gartner expects this trend to change, especially in heavily regulated industries, such as healthcare and the automotive sector.
By 2021, Gartner predicts that regulatory compliance will be the prime influencer for IoT security uptake – hence the significant uptick in spending.
Internet of Business says
As Gartner says, spending is up. But the consistent theme in all 2018 IoT security reports has been exactly the same: users’ approach to the specific problem of securing IoT implementations is lax, device manufacturers are rushing to market to compete, and strategy is poor at board level.
Meanwhile, regulations are playing catchup with the market, just as the law is years behind the advance of AI in other areas of the connected world.
The result of all this is a vacuum where an IoT security policy should be, even as people are throwing money at the problem. As the IoT grows, this poses a serious challenge to decision-makers, who are leaving the big decisions to line-of-business departments that may lack both a big-picture view and the relevant security expertise.
Hopefully, Gartner’s name and reputation will persuade more people to see the subtext beneath the healthy spending figures.
• Just some of our 2018 security coverage so far:-