Global Trends in IoT Security:

2019 and Beyond

Gorav Arora | CTO Office, Enterprise and Cybersecurity, Gemalto

Feb 2019
Today’s Speakers

Gorav Arora
Gemalto, CTO Office, E&C

gorav.arora@gemalto.com
@NeuronMisfiring
What is IoT?
IoT Importance

…of organizations state

that their organization is
97% operating differently due
to IoT.
 IoT meaning (…in the context of Enterprise)

Collecting and analyzing data to gather insights

and drive business value.

5
Security is a major criteria for product /
service selection
46%
Main consideration 41%

+5%
44%
Big consideration 49%

10%
Other 10%

2018 2017

65% … of respondents cite IoT security as competitive differentiator.

IoT Security is a Challenge

…of respondents see challenges when trying to

secure IoT products/services.

Top 5 Challenges
1. Ensuring data privacy
2. Size of data collected
3. Balance UX with security
4. Data sprawl
5. Ensuring secure software updates
IoT Ecosystem
Who is Responsible for IoT Security?
43%
Cloud service providers 33%
40%
IoT service providers 34%
36%
IoT security specialists 26%
32%
Manufacturers 27%
31%
API developers 25%
30%
IoT solutions integrators 20%
26%
Mobile network providers 19%
23%
The IoT device user 16%
6%
Don't know 5%
2%
Nobody is responsible 1%

2018 2017
 Most Common Technical Controls

>35% Currently Using >35% Ideally Using

1. Encryption (71%) 1. Encryption (60%)
2. Password / Hashing (66%) 2. Password / Hashing (56%)
3. Two-factor Authentication (38%) 3. Biometrics (40%)
4. Two-factor Authentication (38%)
5. Hardware Security Modules (35%)
+10% Blockchain
Is Security Improving in IoT?

+4% YoY increase in IoT security spend

… of respondents have some capability to

87% detect breach in IoT products. <50% have full
capability.
Notable Recent IoT Security Breaches
Call to all Regulators…

…respondents state that there

95% should be IoT Security
regulations.

1. Define responsibilities at each stage

2. Prescribe risk evaluation framework and controls
3. Enforcement through fines and penalties
 Foundations of Information Security
Keeping systems uncompromised Holding people responsible
Integrity Accountability

Confidentiality Availability Auditability

Keeping secrets Keeping systems available Keeping verifiable records
IoT Security Framework
Security by
Design

Learn and Roots of

Educate trust

Prepare Auth and

for Access
Breaches control

Secure the
Data
 Security by Design Goals

Secure
Secure User Secure Secure Data Secure Data Secure
Device
Identity Management Retrieval Processing Collaboration
Identity

…respondents have adopted

57% ‘Security by Design’ (up 7% from
2017).
Trust cannot be made in
isolation

(PKI) Certificates are

based on Chain of Trust
Types of Trust

Local Institutional Distributed

Blockchain
IoT
…respondents currently not using
91% Blockchain would consider using it in the
future.
Strength in Partnerships

…respondents rely on partners for IoT.

95% 1. Cloud Service Providers (50%)
2. IoT Security Specialists (44%)
3. IoT Service Providers (43%)

Benefits
1. Reduced costs (50%)
2. Gained IoT knowledge (44%)
3. Increased customer confidence in security (43%)
 Wrap Up

IoT Security remains complex and “someone

else’s problem”
Regulations will have a large impact
Simplicity is driving adoption of new
technologies/advancements
Secure by design is essential to minimize risk
Partnerships great way to maximize success
IoT Security variation across the globe
UK
Germany
Japan
USA France
India

Middle
East
Brazil
+30% Adopted Security by Design
+30% Breach detection of ANY device
+30% Security as a competitive advantage Australia
+30% Need Regulations
+20% Security is a major consideration
+20% Use of biometrics
+10% Use of encryption
+30% Definitely consider Blockchain
Q&A