Maryland DGS 16 - The Internet of Things and Its Impact on Government - Sann
-
Upload
government-technology -
Category
Government & Nonprofit
-
view
108 -
download
2
Transcript of Maryland DGS 16 - The Internet of Things and Its Impact on Government - Sann
The World of Connected Things Wallace Sann, CISSP-ISSEP, CIPP/G, CCSK
US Public Sector [email protected]
1
2
3
IoT Landscape
Threat Landscape
Visibility
2
IoT Device Growth
3
PC
BYOD
IoT
1990 2015 2020
0
5 Billion
30 BillionThe Internet of Things is the
network of dedicated
physical objects (things) that
contain embedded
technology to sense or
interact with their internal
state or external
environment.
The growth of IoT is being driven by several factors
Source: Goldman Sachs Global Investment Research, 2014; “A history of storage”, Mkomo.com, 2010; Gartner, 2014; Harbor Research, 2014;
Footnote: 1: Goldman Sachs Global Investment Research, 2014; 2: “A history of storage”, Mkomo.com, 2010;
4
Cheap Processing costs declined 60X in last 10 years1
Cheap Storagecosts declined 23X in last 10 years2
Cheap Bandwidth costs declined 40X in last 10 years1
Cheap Sensorscost declined 1X In the last 10 years1
Commoditization
Wireless Coverage Globally pervasive, reliable and fast
Cloud Computing Compute and storage ubiquity
Global Positioning Satellite (GPS)Connected everywhere
Data PlatformsTech to handle unstructured data
Technology
Revenue GenerationDesire for new revenue streams
Cost SavingsDemand for continual productivity gain
Business ModelsCosts declined 40X in last 10 years
Land and ExpandDesire for recurring revenue
Economics
2020 TIMEFRAME
High Economic impact of IoT
Source: Cisco IBSG, 2013; Gartner, 2014; Harbor Research, 2014;
Footnote: 1“IoT Value at Stake” Cisco Internet of Everything (IoE) Value Index. 2“Economic Impact” McKinsey Global Institute. 3GDP based on 2% growth forecast, CIA World Fact book. 4Harbor Research, 2014
5
$11.1 TrillionMcKinsey High
Estimate2
$14.4 Trillion
Cisco Estimate1
IoT “Value” expected to surpass GDP of Germany by the 1st half of next decade
$4.5TGDP of
Germany3
Relative size$3.9TMcKinsey Low Est.2
Barriers to adoption
Source: Goldman Sachs Global Investment Research, 2014; 2010; Gartner, 2014; Harbor Research, 2014; “Market development & ins ight”, IBM, 2014 6
StandardsThere’s a lack of them
RegulationNot enough, but also too much…
VendorsVendors are siloed by vertical
CollectionToo many sources, too little structure
ManagementHow do you store Brontobytes of data?
AnalysisMethods for analysis are nascent
Security & privacyMore data to protect
Data
SpecializationCustomized solutions are not scalable
Data IntegrationHow do you use the data effectively
Security & privacyMore devices, more threat vectors
ComplexityNo platforms, must build from scratch
ProcessFragmentation
Vendors are proliferating within these siloed environments
Source: Harbor Research, 2014; McKinsey Global Institute, 20157
IoT Device / Solution Vendors by Physical Environments
Personal Home CityFactory LogisticsRetailVehiclesOffice WorksiteMedical
Without standards or platforms, each vendor in each vertical environment tends to build their own respective specialized solution stack from scratch
1
2
3
IoT Landscape
Threat Landscape
Visibility
8
IOT THREATS ARE TODAY
IoT security will be critical for driving value growth
By 2020, over 25% of identified attacks in enterprises will involve IoT, though IoT will account for
less than 10% of IT security budgets.
Gartner Group 20159
5 out of 6 large
companies is hit
with targeted
attacks today
A Perfect Storm of Threats Creating New Security Needs
1.
Attacks are Becoming More Sophisticated
10
5 out of 6 large
companies is hit
with targeted
attacks today
5 out of 6
large
companies is
hit with
80%Global 2000 hit
by targeted attacks2.5x
Increase in losses from targeted attacks yoy
A Perfect Storm of Threats Creating New Security Needs
11
1. Attacks are Becoming More Sophisticated
2.
Attacks Targeting Devices that Corporations Can’t See
5 out of 6 large
companies is hit
with targeted
attacks today
50%Of Enterprises lack visibility
on mobile73%Of connected devices
are unmanaged at top 10 ForeScout
accounts
A Perfect Storm of Threats Creating New Security Needs
12
1. Attacks are Becoming More Sophisticated
2. Attacks Targeting Devices that Corporations Can’t See
3.
Attack Surface Area is Growing Exponentially
5 out of 6 large
companies is hit
with targeted
attacks todayManagedUnmanaged
BYOD IoT
5 out of 6 large
companies is hit with
targeted attacks today
Time
De
vic
es
30BConnected devices by
202010Number of
connected devices per employee by
2020
IoT Security Spend
2016 = $358M
2018 = $547M
IoT security spend by category in 2020
Source: Gartner - Predicts 2016: Security for the Internet of Things (Dec 2015); IDC Security Market Forecast (254562 & 253371)13
% of Spend Security Method
50% Discovery, provisioning & authentication
33% Network segmentation and isolation
17% Other IoT security
100%
A Perfect Storm of Threats Creating New Security Needs
1. Attacks are Becoming More Sophisticated
2. Attacks Targeting Devices that Corporations Can’t See
3. Attack Surface Area is Growing Exponentially
4.
Fragmented Security Tools
14
Firewall
EDR
Antivirus
CASB
UBA
SSO
Auth
Deception
Content
VM
PAM
WAF
Email(cloud)
TIP
NAC
NGFWSWG
ATD
DLP
EMM
SIEM
4/5Security alerts
are false positives70
Average number of security tools used by large enterprises
1
2
3
IoT Landscape
Threat Landscape
Visibility
15
How confident are you that you know all your IoT devices on your network?
IoT Discovery
16
1 2 3 4 5
On a 5-point scale
not confident confident
26.3%
23.7%
20.9%
14.6%
14.6%
60%
40%
Not at all
A little
Pretty much
Almost sure
Quite confident
17
ASSESS
DISCOVER
CLASSIFY
1010011010001
1101001001
001101
00101101101
110010101101
1010011010001
1101001001
011001001101
1010011010001
1101001001
011001001101
110010101101
1010011010001
1101001001
00101101101
011001001101
00101101101
110010101101
1010011010001
110010101101
110010101101
00101101101
Security starts with Visibility
18
BLOCK
SEGMENT
NOTIFY
Less Privileged
Access
Guest
Network
Corporate
Network
Quarantine
Data Center
Identifies gaps in compliance and enforces actions to mitigate risks
Enable Control to enforce action and mitigate risk
Automate your infrastructure through Orchestration
19
Network
Integrations
OS
Integrations
Device
Integrations
SIEM
VA
ATDATD
Insight
VA Scan
IoC Hunting
Orchestration
20
Action
Network
Integrations
OS
Integrations
Device
Integrations
ATDATD
Insight
SIEM
VA
EMM
PAM
…
Biggest challenge of IoT Security
21
2015 NASCIO Survey
http://www.nascio.org/Publications/ArtMID/485/ArticleID/385/Value-and-Vulnerability-The-Internet-of-Things-in-a-Connected-State-Goverment22
Thank you!