IoT cybersecurity’s worst kept secret
By improving access to data and taking advantage of them in fundamentally different ways to drive profitability, IT security executives are rapidly changing perceptions of their office.
Although making better sense of and use of data may be standard fare in other areas of the enterprise, who knew that modern IoT cybersecurity solutions would become network security’s newest professional lever? Actually, we should have seen it coming, because digital transformation always starts with visibility and that’s exactly what market-leading IoT cybersecurity solutions are delivering.
In fact, modern IoT cybersecurity solutions are founded on visibility. But there’s visibility and “visibility”. For example, while it’s nice to have an inventory of connected device-types, when device-specific attribution is lacking not only are downstream integration opportunities hamstrung but use-cases that drive profitability can’t even be considered.
From a security perspective, without a device’s firmware-level details, including OS specifics, application version and serial number, the timely correlation and remediation of known vulnerabilities is not possible. And when we’re talking about use-cases that enforce Service Level Agreements (SLAs), inform more effective preventive maintenance scheduling, support validation testing aimed at lengthening device lifecycles or provide procurement with the intelligence required to plan, buy and capture contractually negotiated benefits more effectively, these details are crucial.
In the healthcare sector, the ability to correlate patient outcomes to specific care-delivery protocols is nice, but having the ability to drill down to the actual patient-specific medical device configurations that were utilized (within the protocol) is a game changer.
Among other strategic benefits, it takes the idea of “registry” to an entirely new level. Regardless, these same data will soon be used to validate several value-based initiatives, including value-based purchasing (VBP) programs and emerging/alternative shared-savings-based reimbursement models.
The point is, some solutions can provide basic utilization metrics of devices communicating via commonly known protocols and others are providing extraordinary levels of performance detail, regardless of how unique or exotic they may be.
And when the coverage is comprehensive and the data fidelity and quality are legit, they not only serve to bridge long-standing gaps in the workflows of IT/IS professionals, maintenance/operational engineers, supply chain/procurement departments, and yes, even financial offices, but they reveal clear opportunities for these groups to collaborate on bottom-line-driven initiatives like never before.
So, the questions CISOs should be asking cybersecurity vendors should not be solely limited to matters of cybersecurity. CISO investigations should be expanded to include cross-functional interests around what additional data can be effectively parsed from the networks they design/manage and then streamed to the operational systems that can benefit.