FEATURE: IOT
//////////////////////////////////////////////////////////////////////////
ORGANISATIONS ALSO NEED TO
ENSURE THE SECURITY MEASURES
THEY’RE USING TO DEFEND THEIR
IOT DEPLOYMENTS HAVE THE
FLEXIBILITY BUILT-IN TO ALLOW THEM
TO CONTINUALLY ADAPT TO THE
DYNAMIC THREAT LANDSCAPE.
approach offers the ideal solution, allowing
organisations to deploy IoT assets as
modular pieces that are introduced
incrementally, visibly and intentionally.
Ofer Maor, Director of Solutions
Management at Synopsys
drills help to ensure that the organisation can
identify and mitigate any breach promptly.
Can a company truly win if
the adoption of these types of
technologies can expose the
organisation to a new set of security
risks, but without adoption, they are
in danger of being left behind?
Make no mistake, adoption of IoT
technologies is mandatory for organisations
to stay ahead of their competitors and
continue meeting the demands of their
customers. Organisations therefore
need to improve their ability to adopt
these technologies without introducing
unacceptable risk. An application network
These assets are exposed as APIs, which can
be configured under a ‘zero-trust’ model,
creating layered defences that prevent the
API from trusting new entrants prematurely.
As organisations continue to add new
technologies at pace, this approach is vital
to allowing them to simultaneously minimise
and mitigate the associated risks.
Can you explain how giving security
providers visibility over every IoT
entry point makes the organisation
more secure?
Without visibility into the systems and
how they connect, a company is playing
Russian roulette; it’s not whether they’ll get
breached, but when. The bad actors are
focused solely on breaching, while the good
ones presumably have regular ‘day jobs’;
and the bad actors need to succeed only
once, while the good ones need to succeed
always. If, on the other hand, systems
are explicitly registered, access points are
explicitly recognised and interconnections
are actively maintained, then the good
actors can concentrate their limited
resources on defending known assets and
accesses, and architects and security teams
can ensure individual compromises cannot
spread more broadly.
Moreover, building in automatic visibility
into every new system allows for building
automatic security into each of them – and
this is the ‘secure by design’ principle to
which security professionals aspire.
How do you see APIs benefitting the
IoT ecosystem in the long-term?
The main benefit that APIs bring is the ability
to stitch together IoT deployments within a
wider ecosystem of other applications and
capabilities across the business.
When IoT assets are exposed internally
as APIs, they form part of an application
network which provides a way of connecting
IoT capabilities with other applications, data
and devices.
In this model, these assets are reusable
across the business, removing the need for
IT to create point-to-point connections for
every IoT deployment.
As such, APIs become the ‘digital glue’,
providing a future-proof way of combining
IoT with other business systems to create
a rich ecosystem that gets the most
benefit from IoT deployments. n
50
INTELLIGENTCIO
www.intelligentcio.com