Grappling With Growing “Insecurity of Things”

By   ISBuzz Team
Writer , Information Security Buzz | Jun 10, 2015 07:00 pm PST

I have never seen a situation quite like it in my 22 years in the high tech industry.

I am referring to the sudden and more intense focus by executives on data security, digital trust, and intrusion protection.  During my meetings with clients in the past six months, discussions invariably shift to these topics. As breaches of corporate security have become more frequent and serious, security has ascended to the top of high tech corporate agendas

These serious challenges are becoming critical for the industry to solve. If not addressed comprehensively, quickly and systematically, these hurdles could hinder innovation, risk-taking and market growth.

Main security concerns

Currently, executives are more concerned about the security and use of corporate data by their extended network of partners. They are increasingly preoccupied with how, where, when and why electronic devices get stored, shared and analyzed. They are also becoming more vigilant about which of their customers’ devices are used for which applications, what services get delivered to whom, and at whose expense.

Recent Accenture research underscores similar concerns among consumers. Summarized in a report titled Engaging the Digital Consumer in the Connected World, the research finds that more than half (54 percent) of consumers are not always confident about the security of their personal data on the Internet.

Concerns among both audiences could stem in part from rapid market growth across industries in the Industrial Internet of Things and Internet of Things, which target businesses and consumers, respectively. In these markets, there will continue to be widespread sharing of larger amounts of data on a growing number of devices used by more people. As this happens, managing the complexity of security will become a more massive and arduous undertaking that should be at the heart of corporate strategies.

Few high tech products have enough security

Few high tech products have been designed from the start with enough security. This fact escapes many business leaders. As a result, many companies expect to run high-integrity applications on what they don’t realize are low-integrity devices, applications, and networks. These devices have a number of open interfaces with communication access vulnerabilities that heighten security risks.

In today’s markets, where every business is a digital business and every consumer a digital consumer, rarely is one company responsible for robust security throughout the ecosystem. This goal requires an abundance of collaboration, sharing and trust.

Steps to take

To address these challenges, high tech companies should consider taking these actions:

  • Nominate a chief security officer if they have not already

Companies should consider nominating a chief security officer with a direct reporting relationship to the CEO. This officer would attend meetings where senior leaders make major strategic decisions to provide recommendations for the company’s security and data privacy direction. The key is to have a chief security officer with a dedicated budget and ownership of corporate security. Accenture addresses this issue and others in a new report titled The Cybersecurity Leap: From Laggard to Leader.

  • Evaluate product and service security risks

Many companies are using development and operational approaches in  which software development methods focus on collaboration, communication, and automation between software developers and other IT professionals. These companies tend to automate and use instruments as much as possible, which gives them a competitive advantage when integrating security seamlessly into product development.

More security needs to be built into each high tech product when it is designed. And security should protect a high tech company’s products while adhering to ecosystem security requirements in which that product will be used.

  • Use proactive product testing methods

Companies should perform proactive security tests on products to prepare for breaches. Tests should anticipate what could go wrong and take steps to avoid them. For example, companies should do active penetration testing that tries to hack into their own products. The goal should be to find security vulnerabilities so they can be pre-emptively fixed.

Final thoughts

By taking these steps, companies can strengthen security strategies to build digital trust, which is all about consumers believing the company will protect their personal data. Digital trust is the high tech currency that should be traded and invested in to help gain competitive differentiation and aspire to high performance.

Once companies gain digital trust, they will be able to take advantage of IoT business and technology opportunities with more confidence. They can access more consumer data from those who trust them, use analytics to unlock more value from that data, deepen customer loyalty, and offer more revenue-generating services and applications.

By Sami Luukkonen, Senior Managing Director of Global Electronic and High Tech Industry at Accenture

sami luukkonenBIO : Mr. Sami Luukkonen leads Accenture’s Global Electronics and High Tech Industry. He graduated in 1990 with a computer science and international business degrees from Richmond, the American International University of London. He joined Accenture in 1990 and became Managing Director in 2000 and Senior Managing Director in 2012.Outside of Accenture, Mr. Luukkonen served as the chairman of Research and Innovation select group for Confederation of Finnish Industries (EK) for four years. Recently, he served as an advisory board member of the ICT 2015 initiative, a special program to reinvent the Information and Communications Technology (ICT) industry in Finland launched by the prime minister and the minister of economics.

Mr. Luukkonen is currently based in Helsinki, Finland, where he currently lives with his wife and four children. Outside of work, his Jack Russell terrier, triathlon training, hunting, reading and forestry interests keep him busy.