Digital twins are detailed electronic models that use IoT technology to update the digitised model based on changes happening to the source object.
Vishnu Andhare, a consultant with the Information Services Group (ISG), believes that IoT (IoT) digital twin technology will continue to mature rapidly because of the demand for this technology across many industries as well as the remote needs required by pandemic workforces.
With the integration of IoT into the enterprise comes the potential for cybersecurity vulnerabilities. Ian Lim, field chief security officer, Asia-Pacific at Palo Alto Networks, offered his perspective on where IoT is headed and how securing IoT needs to step up or catch up with IT security.
Major enterprise IoT trends in Asia for 2022
Ian Lim: We see private 5G gaining popularity as people capitalise on its low-latency, high-bandwidth capability. Organisations will be looking into overlaying a private 5G network to facilitate their future use cases.
Another major IoT trend will be digital twins, which is the concept of having a virtual version of a physical object. This creates the need for better connectivity with 5G technology so that any physical changes can be synced in the virtual model in a responsive and near real-time manner.
State of IoT Security in Asia
Ian Lim: The latest IoT security survey from Palo Alto Networks found that nearly all (96%) respondents reported their organisation’s IoT security needs improvement. Part of the reason is due to lack of visibility at scale because IoT falls in the grey area between security teams and operation teams. Organisations need to define their security ownership for better management and visibility over IoT devices.
Another challenge is the knowledge gap between security tools and IoT technology. For example, there are still very few tools that can interpret 5G traffic, so the tools themselves are not ready to protect an organisation from IoT attacks.
IoT use case in Asia where security needs to be addressed early on
Ian Lim: The Internet of Medical Things (IoMT) has been leveraged heavily during the pandemic and is likely to stay. Handling IoMT devices means dealing with a patient's private data and physical health, so there can be severe ramifications if IoT data is compromised.
The entire lifecycle of IoMT architecture needs to have embedded security to ensure it is secure by default. The IoMT network should also be segmented and secured with visibility, monitoring and response.
Left out in securing enterprise IoT
Ian Lim: People should be aware that many IoT devices are not secure by design. According to another IoT report by Palo Alto Networks, over 50% of IoT devices are vulnerable to medium- or high-severity attacks, making them low-hanging fruits for attackers.
The next aspect is visibility. Many organisations often don’t know all the devices that are plugged into and lack understanding of any attacks targeting them and how they can remediate the attacks.
The third question is the tug and pull of “who owns securing IoT”. Organisations should start defining IoT security ownership and promote collaboration between security teams and operation teams. Security teams will be responsible for defining strong security standards, while operation teams will need to comply with these standards and provide feedback on what works and doesn’t.
IT-Ops working together
Ian Lim: These teams should align around four common goals: visibility, context, control, and response.
Organisations need a toolset that can automatically scan all IoT devices for visibility. Then, they need the context of what the device is by understanding its functions and vulnerabilities. Machine learning can help to build knowledge of the ecosystem at large. Next is control – organisations need to identify if a device is segmented and under a specific protocol. These rules lower the probability of attacks as access is limited. Lastly, response – systems that can automatically respond to threats gives us the ability to orchestrate a response swiftly.
Key trends in IoT governance
Ian Lim: Within Asia, we are looking at regulating IT manufacturers. We want to be able to see more devices that are secure by design, hopefully using government regulations. There’s also another area where we hope to see actions from governments, which is the architecture and infrastructure these IoT devices live on.
Key trends in Persona-based IoT
Ian Lim: Some general examples include Alexa, Siri and Google Home. Persona-based IoT is use case-based as it fits in some cases and not in others. When you align a persona with an IoT device, it’s much easier for people to understand and associate the IoT device.
Key trends in sustainability initiatives around IoT
Ian Lim: We need to be conscious about how we use energy, maintain our environment, and treat waste. Because of the proliferation of IoT, billions of devices are going to come online. We need to have a very strong strategy around sustainability because of its big numbers.
Key trends in IoT-as-a-service
Ian Lim: Much like how anything can be provided as a service nowadays, we may have companies that capitalise on their understanding of a device at scale in future. Take security robots as an example, instead of having every single organisation know how to manage those robots, it makes more sense for them to outsource the management process to an IoT-as-a-service provider. However, there are also IoT devices that are very specific to manufacturing plants and factories and will require specific in-house knowledge for managing them.
Click on the PodChat player to hear Lim share his perspective on how to improve the security of IoT.
- What are the major enterprise IoT trends in Asia in 2022?
- Please describe the state of IoT Security in Asia in 2022.
- Can you cite one or two emerging IoT applications/use cases in Asia in 2022 where security needs to be addressed early on?
- What often gets left out in securing enterprise IoT?
- How should CIOs, the CISO and the IT team work with operations to improve the overall security of the entire operation?
- Coming into 2022, what are the key trends to expect on the following topics:
a. IoT governance
b. Persona-based IoT
c. Sustainable initiatives
d. IoT-as-a-services