SIMPL, among other solutions, supports the rapid creation of cloud-connected IoT devices from the ground up, while fully securing them to send and receive data in the cloud. Antony Savvas looks at the state of the IoT data security and management market.
According to analyst firm MarketsandMarkets, the global IoT security market is projected to grow from US$24.2 billion in 2024 to US$56.2 billion by 2029, at a compound annual growth rate (CAGR) of 18.4% during the forecast period.
This market includes identity and access management (IAM), data encryption and tokenisation, device authentication services, secure communication protocols, private key infrastructure (PKI) certificate lifecycle management, security analytics and virtual firewalls.
And according to Mordor Intelligence, the IoT data management market is expected to grow at a CAGR of 16.6% between now and 2026. This growth covers solutions including 18 data integration, security, analytics and storage solutions. Market drivers
When it comes to security spending, the growth is down to organisations facing significant financial losses and reputational damage because of increasing cyber-attacks on IoT devices. The particular risk in the IoT sector is that every device and every system usually have their own specific firmware, which is software that controls the device or facility itself.
And since hardly any guidelines or binding specifications have existed in this area for device manufacturers to boost security, hackers and criminals have been attacking the unprotected.
This may change with the European Commission’s Cyber Resilience Act (CRA), for instance, which is intended to address data security problems surrounding devices and systems with network connections, from printers and routers to smart household appliances and industrial control systems.
To press manufacturers, distributors and importers into more protective action, with the Cyber Resilience Act, they face significant penalties if security vulnerabilities in devices are discovered and not properly reported and mitigated.
“The pressure on the industry is growing immensely,” says Jan Wendenburg, CEO of cyber security firm ONEKEY. “The financial f ines for affected manufacturers and distributors are severe: up to €15 million or 2.5% of global annual revenues.”
Under the Act, suppliers active in the European Union market, must now prepare to complete a Cyber Resilience Readiness Assessment, if they want to avoid facing large fines. That said, the market sales for IoT security show organisations are already increasingly adopting security solutions to help protect against threats like device hijacking, data theft, supply chain intrusions, and widening ransomware attacks.
Key players
Key players in the IoT security market, says MarketsandMarkets, include Microsoft, Fortinet, Amazon Web Services, IBM, Intel, Cisco, Thales Group, Infineon, Atos, Palo Alto Networks, Mobileum, Entrust, NXP Semiconductors, MagicCube, Claroty, Ordr, Armis, Nozomi Networks, Keyfactor, Particle Industries and Forescout, among others.
Microsoft, for instance, offers capabilities for its Defender security protection that promise to bring the same level of vulnerability management, threat detection and response for enterprise IoT devices, previously only available for managed endpoint devices.
The Defender for IoT offering provides extended detection and response (XDR) coverage to IoT devices like digital signage, conference room systems and operational technology (OT) devices, which have all been prone to software vulnerabilities and attacks from cyber criminals.
With Defender for IoT, agentless monitoring secures ‘things’ connected to IT networks, voice over IP systems, printers and smart TVs, for instance. And it allows firms to gain the essential visibility into devices without additional configuration, through a deployable network sensor that can collect all network data needed for discovery, behavioural analytics and machine learning. Microsoft adds that artificial intelligence (AI) is being used to augment IoT threat intelligence generally.
Government agencies, such as US National Institute of Standards and Technology (NIST), are also investigating IoT security technology on a number of fronts, including protocols, security assurances, use cases, applications and current services, to help drive further data security development to better protect companies and end users.
Zero trust
An emerging concept to help improve data protection is zero trust, which eliminates implicit trust from IT systems, and assumes that every user and everything on the network is a threat to data security. It treats all data traffic as untrusted, requiring strict identity verification for every user, device and process before granting any permissions.
Such an approach acknowledges that the biggest threats to security can come from lateral movement within a network, so if something untoward is detected on it, then it has to be stopped and quarantined there and then. Companies accepting this principle are now adopting zero trust network access (ZTNA) systems.
Network segmentation
As a first step to adopting ZTNA, organisations should move towards network segmentation. This is the practice of dividing networks into different logical segments, such as IoT connected portions, and having complete control of the traffic going through and between those segments. It is designed to reduce the attack surface, preventing threats from spreading laterally throughout an organisation.
To do this, businesses need a full view of all networks within the organisation. You must have visibility into the network, application, workload and process levels, as well as a view into multi-clouds or on-premise data centres where data assets are distributed across all geographies.
However, while technology methods like ZTNA are expected to become essential, it isn’t just technology that is needed to protect apps and data, it is also policy. IT governance, audit and compliance policies as part of a framework must be adopted by organisations with the full backing of their boards.
By combining ZTNA, for instance, and working to a framework, companies can potentially see costs related to any data breach coming down. Spiralling cyber insurance costs are a problem across industries, as a result of wider and more serious cyber security threats. Organisations working to a framework may well see their cyber insurance costs better controlled, as they can demonstrate to insurers that they are more prepared to deal with a breach, and therefore have a better chance of curtailing it, and reducing its damage.
While the IoT data management and protection market may well be growing, now is the time for the whole ecosystem to step up to the plate to help keep out the rogues.
Comment on this article via X: @IoTNow_ and visit our homepage IoT Now
