Leading businesses are stretching their boundaries and creating the fabric that connects customers, services and devices through the IoT. Security implications emerge that should be proactively addressed by enterprises looking to operate in the broad digital ecosystem and the “We Economy.”
2. The digital business era and the
rapidly growing Internet of Things
(IoT) are adding billions of devices
and data connections between
businesses, smart machines
and consumers. As connections,
data and interactions grow,
security becomes an increasingly
important and pervasive issue.
#techvision2015
2
3. Leading businesses are stretching their boundaries
and creating the fabric that connects customers,
services and devices through the IoT1
. Security
implications emerge that should be proactively
addressed by enterprises looking to operate in the
broad digital ecosystem and the “We Economy.”
Accenture Technology Labs identified five security
implications businesses should address to stretch
their digital boundaries:
Edge Autonomy
Enabling autonomous devices at the edge
Data Integrity
Making data-driven decisions at Internet of
Things scale
Big Data Security
Securing volume, variety and velocity
Security Platforms
Maximizing protection across digital
ecosystem platforms
Customer Trust
Building customer trust in a digital economy
3
SECURITY IMPLICATIONS OF THE ACCENTURE TECHNOLOGY VISION 2015
4. Edge Autonomy
Many of the smart devices entering the
marketplace are considered on the edge, such as
embedded sensors, smart meters and wearable
devices. These devices typically have fixed
functions, perform specific tasks and are set up
outside a business’ security perimeter. Some
devices connect directly to the Internet. Security
concerns for edge devices include physical
tampering, data integrity, device authentication
and privilege management.
What should organizations do? Enterprises using
edge devices must extend their security footprint
beyond their existing borders and take a holistic
approach to security planning before deploying
these types of devices. Options to evaluate include
physical protection, data encryption, network
access control, trust zones for device operation,
whitelisting for device access and intrusion
detection. Although edge devices are operating
with more autonomy, organizations must maintain
supervisory control over the devices. Security
planning should include breach scenarios
and recovery.
Data Integrity
Edge devices and the IoT generate increasingly larger
amounts of data for organizations to collect, process
and analyze. To reap the most benefit, enterprises
should ensure they can rely on the integrity of that
data. This becomes increasingly important as smart
tools trigger automatic action and make more
informed decisions.
What should organizations do? Data assurance is
key, and should be confirmed through every stage of
the data life cycle, from creation to disposal. For
devices that do not have effective security controls
built in, evaluate IoT gateways and agents to perform
these functions. Establish security policies for the
data to be collected, including how to handle
personal information. Data quality tools and audit
frameworks should scale to match the speed and
volume of operations. Remember to evaluate the
communications protocols being used; IoT protocols
offer different security capabilities, depending on the
underlying network protocol.
#techvision2015
4
5. Big Data Security
With the exponential growth in data, it’s critical
for organizations to securely process and protect
what they collect. Many traditional database
management systems cannot scale to handle the
three Vs of big data: volume, acquisition velocity
and data variety. Large data repositories being
formed also become targets for attack. Some
cloud-based storage policies make it difficult to
use data encryption effectively because of an “all
or nothing” approach.
What should organizations do? Apply the
principles of information security across all aspects
of data collection and management. Processing
tools should be carefully evaluated for security
features. Consider the variety of data elements to
be collected; some may not be sensitive on their
own, but become so when combined with other
pieces of information. Segregate the data collected
based on sensitivity level and compliance
requirements, and protect that data with
attribute-based encryption. Secure big data
platforms and monitor the access to that data.
Evaluate products that offer end-to-end
data encryption.
Security Platforms
As digital industry ecosystems develop with the IoT,
platform-based businesses offer opportunities for
growth and profitability. Digital platforms will
support machine-to-machine communications and
advanced analytics, with intelligent enterprises
benefitting from shared, cross-industry data. With
these platform capabilities, businesses must
increase their focus on security, leveraging the
platform to augment existing security intelligence.
Increased processing power, data science and
cognitive technology can help organizations
prepare for the growing wave of complex
cyber-attacks.
What should organizations do? Evaluate all digital
platforms, including cross-industry, for
vulnerabilities and monitor them for irregular
behavior. Select platforms that provide cyber-threat
assessment indicators. Threat modeling can help
organizations understand what adversaries might
target within the platforms. Identify security
threats from data collected from numerous systems
and devices into a broader ecosystem. Look for
changes in system performance or in customer
behavior that could signal threats. Use ecosystem
partners to brainstorm security challenges and
evaluate how the platform can monitor devices for
abnormal activity.
5
SECURITY IMPLICATIONS OF THE ACCENTURE TECHNOLOGY VISION 2015
6. Customer Trust
To succeed in the “Internet of Me” era, digital
businesses will need to deliver highly personalized
products and services, based on customers’ specific
habits and preferences. To meet these expectations,
businesses collect personally identifiable
information, and subsequently hold an increased
responsibility to protect the customer information
that is gathered. Organizations must apply more
stringent security measures to protect customers’
privacy, in order to build and maintain trust.
What should organizations do? Become
transparent about what data is collected and how
it will be used. Establish responsible data
management practices to protect the information.
When processing data, use privacy-preserving
analytics techniques. Innovative approaches can
appeal to privacy-wary customers, such as applying
enhanced services to protect customer data, using
anonymous services, or deploying global identity
validation services so customers have more control
over their data.
#techvision2015
6
7. Forward-thinking business
leaders who address the security
implications of the broad
digital ecosystem will be better
positioned to capitalize on the
growth opportunities available.
Establish security approaches
and potential threat responses
with your business planning,
to maximize protection across
digital ecosystem platforms and
build trust with both ecosystem
partners and customers.
7
SECURITY IMPLICATIONS OF THE ACCENTURE TECHNOLOGY VISION 2015