Securing IoT requires a shift to a security fabric

One of the key takeaways I had coming out of RSA 2020 is that security must shift away from the traditional point product approach to a fabric architecture. At the event, I interviewed a CISO that had a strong opinion that “the current approach with security is not working, has not worked and will not ever work” and I whole heartedly agree with that.

Despite spending billions on cybersecurity, security teams are falling behind because protecting the organization is an asymmetric challenge.  Security professionals need to protect an increasingly larger number of entry points while the bad guys just have to find one way in.  Every mobile phone, cloud application, branch office and remote employee is an entry point.

The growth of the internet of things (IoT) makes this problem exponentially more difficult. 

When I talk to organizations about their digital transformation plans, much of it is based on IoT without the term “IoT” being used.  I recently got a tour of a new soccer stadium in Totteham, UK where everything is connected — fan kiosks, point of sale devices, digital signs and more.  Not once did the IT director giving the tour call it IoT; there’s an expectation now that everything will be connected.

IoT may sound futuristic, and, indeed, many people see it that way, but it has already arrived. And the influx of IoT devices takes the growth of asymmetry from linear to exponential, placing an urgency on trying to reverse this curve.