IoT take up increases, but security concerns linger

Erik Brenneis, pictured, director, IoT, for Vodafone, said: “What matters now is not whether a business should adopt IoT, but how. Organisations planning and implementing their own initiatives need benchmarks and best practices that can help them maximise their returns.

“In 2015’s report, we started exploring these best practices through our Sophistication Index, which proved to be one of the most popular elements of the Barometer. This year we’ve gone further: right across the report we’ve looked in much more detail at exactly which approaches businesses are taking in their IoT projects, and which aspects have the biggest impact on return on investment (ROI).”

The latest Barometer report features five key areas, including security. According to the findings, 18% of businesses responding said concern about security was a potential barrier to their wider adoption of IoT, while 33% identified IoT security as an ‘unknown quantity’. This, says Vodafone, shows risks aren’t yet well understood, whilst organisations have yet to develop the skills and processes needed for them to respond effectively.

Nevertheless, 60% of respondents says their employees have the skills to manage IoT security and 69% say they have the necessary processes in place.

Interviewed as part of the research, Philips Lighting said ‘You need to have the skills and the structures. Security is much more than the right software code – it has to do with the processes you install and you have to ensure a holistic approach to security’.

Commenting, Matt Hatton, founder and CEO of Machina Research, said: “There is nothing fundamentally different about IoT security and, while there is no silver bullet, there are a number of things that enterprises should be doing.

“The first is to identify threats to your specific situation and act proportionately to the risk, focusing effort and resource on the most threatened and sensitive data. Second is to pick your partners carefully as the chain is only as strong as the weakest link, and identify security challenges both within each element and end-to-end. Finally, the enterprise should accept that there will be a security breach and ensure that the impact of any such breach is mitigated.”