https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Best Practices


Shutterstock

IoT security

DigiCert Survey Indicates IoT Security Will Be Big Business for Solution Providers

  • Written by Frank J. Ohlhorst
  • November 16, 2018
IoT security concerns indicate a potential opportunity for solution providers brave enough to venture into managed security.

Mention IoT in a room full of cybersecurity professionals and you are more than likely to hear groans, protestations, and perhaps, the sounds of apathy. Nevertheless, IoT adoption is exploding and many enterprises are deploying the technology unaware of the security implications. For the channel, awareness and knowledge can become powerful tools for bringing security to those enterprise, while also addressing the concerns of corporate CSOs.

Security solutions vendor DigiCert recently commissioned a study by ReRez Research to discover the specific challenges enterprises are encountering with IoT implementations. The study included a survey of some 700 enterprise organizations in the U.S., U.K. Germany, France and Japan from across critical infrastructure industries.

DigiCert's Mike Nelson

DigiCert’s Mike Nelson

“The survey gave us some critical insight into how enterprises are adopting IoT and what their major concerns were.” said Mike Nelson, vice president of IoT security at DigiCert.

The survey revealed that security and privacy topped the list of concerns for IoT projects, with 82 percent of respondents stating they were somewhat to extremely concerned about security challenges. For the channel, that should prove to be good news. With a significant majority expressing IoT security concerns, solution providers can quickly address those concerns with education and solutions to protect privacy and reduce risk. It is a market that is only bound to grow. There is no denying that IoT is growing exponentially, Today there are nearly three devices attached to the internet for every human on the planet. According to IDC Research, that ratio will soar to 10 to 1 by 2025. The survey also revealed IoT security is the top concern, with 92 percent of companies saying it will be extremely important in the next two years.

“Securing IoT devices is still a top priority that many enterprises are struggling to manage; however, integrating security at the beginning, and all the way through IoT implementations, is vital to mitigating rising attacks, which can be expected to continue,” Nelson added. “Due diligence when it comes to authentication, encryption and integrity of IoT devices and systems can help enterprises reliably and safely embrace IoT.”

That said, enterprises are still facing many challenges, ranging from understanding the implications of security for IoT, to the actual implementation process, where many missteps have occured. However, to better understand those implications, it is important to determine the size and types of enterprise most at risk.

Top vs. Bottom Performers

To give visibility to the specific challenges enterprises are encountering with IoT implementations, respondents were asked a series of questions using a wide variance of terminology. Using standard survey methodology, respondents’ answers were then scored and divided into three tiers:

Top-tier: Enterprises experiencing fewer problems and demonstrating a degree of mastery mitigating specific aspects of IoT security.

Middle-tier: Enterprises scoring in the middle range in terms of their IoT security results.

Bottom-tier: Enterprises experiencing more problems that were much more likely to report difficulties mastering IoT security.

IoT Security Missteps

Respondents were asked about IoT-related security incidents their organizations experienced within the past two years. The difference between the top and bottom tiers was unmistakable. Companies struggling the most with IoT implementation are much more likely to get hit with IoT-related security incidents. Every single bottom-tier enterprise experienced an IoT-related security incident in that time span, versus just 32 percent of the top tier. The bottom tier was also more likely to report problems in these specific areas:

  • More than six times as likely to have experienced IoT-based denial-of-service attacks.
  • More than six times as likely to have experienced unauthorized access to IoT devices.
  • Nearly six times as likely to have experienced IoT-based data breaches.
  • 4.5 times as likely to have experienced IoT-based malware or ransomware attacks.

These security incidents were not trivial. Among companies surveyed that are struggling the most with IoT security, 25 percent reported IoT security-related losses of at least $34 million in the last two years.
For solution providers, the bottom tier may prove to be an area where services and solutions can be sold to help address the numerous security problems being caused by rapid IoT adoption. In essence, solution providers can address the five areas where costs were incurred over the past two years. Respondents indicated that those five critical costs amounted to monetary damages, lost productivity, legal/compliance penalties, lost reputation and even stock price.

However, an overwhelming majority (80 percent) of top-tier enterprises reported no costs associated with the missteps encountered by the bottom tier. Top-tier enterprises attributed their security successes to these practices:

  • Encrypting sensitive data
  • Ensuring integrity of data in transit
  • Scaling security measures
  • Securing over-the-air updates
  • Securing software-based encryption key storage

“When it comes to accelerating implementations of IoT, it’s vital for companies to strike a balance between gaining efficiencies and maintaining security and privacy,” Nelson said. “This study shows that enterprises that are implementing security best practices have less exposure to the risks and resulting damages from attacks on connected devices. Meanwhile, it appears these IoT security best practices, such as authentication and identity, encryption and integrity, are on the rise and companies are beginning to realize what’s at stake.”

That becomes the definition of opportunity for solution providers, where those solution providers can become the purveyors of best practices to the bottom tier enterprises. DigiCert recommends the following best practices to bring better security to IoT environments:

  • Review risk: Perform penetration testing to assess the risk of connected devices. Evaluate the risk and build a priority list for addressing primary security concerns, such as authentication and encryption. A strong risk assessment will help assure you do not leave any gaps in your connected security landscape.
  • Encrypt everything: As you evaluate use cases for your connected devices, make sure that all data is encrypted at rest and in transit. Make end-to-end encryption a product requirement to ensure this key security feature is implemented in all of your IoT projects.
  • Authenticate always: Review all of the connections being made to your device, including devices and users, to ensure authentication schemes only allow trusted connections to your IoT device. Using digital certificates helps to provide seamless authentication with binded identities that are tied to cryptographic protocols.
  • Instill integrity: Account for the basics of device and data integrity to include secure boot every time the device starts up, secure over the air updates, and the use of code signing to ensure the integrity of any code being run on the device.
  • Strategize for scale: Make sure that you have a scalable security framework and architecture ready to support your IoT deployments. Plan accordingly and work with third parties that have the scale and expertise to help you reach your goals so that you can focus on your company’s core competency.

Solution providers should be able to quickly adopt those recommendations and build an IoT security practice, which should address the majority of concerns revealed by the survey.

Tags: Agents MSPs Best Practices Channel Research Security

Most Recent


  • Update
    Acronis Updates CyberFit Partner Program Amid Rapid Service Provider Growth
    The updates include several programs and promotions for all types of partners.
  • Cloud Roundup
    Cloud Computing News: Broadcom-VMware, Google-Anthropic, Red Hat, More
    A new week is kicking off with a slew of cloud updates.
  • Word new on fire
    Skyhigh Security Partners Get New Global Partner Program
    This is Skyhigh Security's first partner program since the company's launch last March.
  • uc
    BYOC and Partnering for Unified Communications Success: A Winning Strategy for Service Provider Growth
    Service providers can enter cloud telephony market with external voice capabilities for UCaaS platforms.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Cloud computing concept
    Cloud Computing Adoption Isn’t Slowing — Need to Convince Clients?
  • CF Top Gun 51 with new logo
    2021 Top Gun 51 Nominations Are Open — Apply Now!
  • USB drive
    A Coup and a Theft: Why MSPs Can’t Let Clients Get Lax About USB Security
  • Ransomware skull and crossbones
    JBS Did What it 'Needed to Do' with $11 Million Ransom Payment

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

Abundant IoT, Advisors Tackle the eIoT Opportunity

February 6, 2023

Top 20 Stories in January: Avaya, Microsoft, IBM, AWS, Datto, More Layoffs

February 6, 2023

Cloud Computing News: Broadcom-VMware, Google-Anthropic, Red Hat, More

February 6, 2023

Industry Perspectives

View all

The Software Patching Problem – Solved

February 3, 2023

How to Break Through the Growth Ceiling

February 1, 2023

5 Things to Look for in a UC Partner

January 31, 2023

Webinars

View all

Next-Generation MSP Platform: The Building Blocks for Your Business

February 15, 2023

The SMB Opportunity: How to Sell and Service the SMB Market, Capture Customers and Expand Your Business

February 23, 2023

How To Boost Your Business With White-Label UCaaS

February 28, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 117: Cato Networks, Video Killed the Podcast Stars

Retired Astronaut Capt. Scott Kelly Previews His CP Expo Keynote

December 21, 2022

Fusion Connect Eyes Future with Intrado UC, Managed Network Customers

September 23, 2022

RingCentral Focused on Hybrid Work, Microsoft Teams, Other Integrations

September 23, 2022

Twitter

ChannelFutures

.@AbundantIoT is putting more focus on the enterprise, CEO Vince Bradley tells Channel Futures.… twitter.com/i/web/status/1…

February 7, 2023
ChannelFutures

January's #topstories in channel include @Avaya @GTTComm @Broadcom @awscloud @citrix @Salesforce @Datto… twitter.com/i/web/status/1…

February 6, 2023
ChannelFutures

.@Acronis announces #CyberFit partner program updates. dlvr.it/Sj2FZQ https://t.co/z7lRdIRo9R

February 6, 2023
ChannelFutures

More #Avaya trouble: Lawsuit against company by bondholders claims "massive fraud." dlvr.it/Sj2DZT https://t.co/4Q1E7JAXXf

February 6, 2023
ChannelFutures

.@DellTech adds new #APEX delivery options for #delltechnologies partners. dlvr.it/Sj29c6 https://t.co/3qEEYpnOBX

February 6, 2023
ChannelFutures

There are some familiar names in @coxbusiness and @Rapid_Scales recent partner awards. dlvr.it/Sj1zm6 https://t.co/0BuGwBrnvM

February 6, 2023
ChannelFutures

RT @Channel_Expo: We know your mind is on the #BigGame this week, but don't take your eye off the ball! #EarlyBird rates for #CPExpo & #MSP…

February 6, 2023
ChannelFutures

Learn about @bluewavetg's latest deal. dlvr.it/Sj1wrV https://t.co/NCdmJ4OFkf

February 6, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X