Internet of Things security; whose job is it anyway? There's a marked difference of opinion on who should take the Internet of Things security bull by the horns, according to a report that was released by Canonical on Wednesday.
After Internet of Things (IoT) security attacks made headlines last year, including the Marai attack in September, it's obvious that security should be top of mind for all of the players in the value chain, but Mike Bell, executive vice president of IoT and devices at Canonical Ltd. , said there was a split on who was responsible for it.
"It was not surprising that security came up as a key challenge," Bell said. "I think what was interesting was that when asked the question 'Whose responsibility should it be to insure IoT devices are secure?' we had a complete split of opinion on who was responsible."
According to Bell, if a product is going into an enterprise, the IT security team should be responsible, but overall someone needs to take ownership over the end-to-end security.
"It's interesting to see that a lot of people saw security purely as a manufacturer's issue or a vendor, or a supplier issue rather than it being an issue that they (organizations) have to own," he said. "It was interesting to see that no one really feels that they own the problem. That was one of the key takeaways."
Of the 361 IoT professionals who took part in the report, 57% supported standardization of IoT software and infrastructure in order to improve IoT security.
There were more than 23,000 news stories published last year that were about the threat of IoT security, and 21% of the survey respondents believed that security issues were over blown by the media while 79% believed that the coverage was accurate. The majority also responded that IoT security issues could have been underplayed last year.
Bell said that telcos could provide a key piece of the security jigsaw puzzle, especially in the cloud security space.
"Some of the telcos are now producing analytics solutions and I think there's a great opportunity for that type of industry to take advantage of IoT," he said. "Telcos are in a position to use their capabilities -- especially where they have their own value chain -- to help companies deploy IoT."
Also looming large for IoT's emergence was the dearth of skilled employees. The report found that 68% of the businesses in the survey were struggling to find qualified employees for their IoT ambitions. The hardest IoT employees to hire were those with knowledge of big data and analytics with 35% of the IoT professionals saying they struggle to recruit in this area.
Big data and analytics know how were identified as the most important skill set for IoT professionals with 75% responding that it was key for anyone that claimed to be an IoT expert.
Source: "IoT Business Models," Canonical
"The skills piece [of the report] was interesting," Bell said. "Things like big data have large representation in IoT. Many of the use cases for having IoT include the ability to have local analytics, real-time analytics or just taking data and moving data from a device into a cloud to do traditional big data. Access to skill sets that are necessary for big data is a challenge."
When it comes to businesses ramping up IoT solutions, Bell said it was important for them to hire new employees.
"You can also build knowledge internally but hiring will get you there quicker as opposed to developing in-house," he said. "Hiring the right skill sets will accelerate your development."
Other recommendations from Bell included adopting standard, off the shelf components instead of developing them internally, finding uses cases that can be beneficial across a cross section of an organization and having a clearly defined return on investment (ROI) in place at beginning.
— Mike Robuck, Editor, Telco Transformation