CBI’s Senior Vice President of Security Solutions Chris Burrows participated in a panel discussion as part of the 2019 IoT Tech Connect event, hosted April 29 at the Michigan Science Center in Detroit. Read on for a look at the Internet of Things through the lens of cyber security.
The event brought hundreds of tier 1 automotive suppliers, auditors and visionaries together to trade ideas and best practices on the Internet of Things. While much of the conversation naturally focused on mobility and automotive, the need for cyber security around IoT is becoming increasingly important, as evidenced by two of the day’s other breakout sessions.
Is Regulation Needed for IoT?
Security Mentor CSO and former State of Michigan CSO Dan Lohrmann moderated a panel discussion around regulation and other topics to drive better security in IoT, where CBI’s Chris Burrows spoke alongside Interworks President Caston Thomas and current Michigan CSO Chris DeRusha to a receptive audience of IoT practitioners, white hat hackers and fellow CSOs.
The primary points of discussion were the government’s role in regulating technology and whether such efforts in the past have been effective. A great example of such regulation is the Do Not Call List, a well-intentioned regulatory measure that helped to curb unwanted spam calls at first until the lack of auditing and accountability led unscrupulous companies to employ automated tactics like bots to work around the law. While official policy can have a tough time keeping pace with technology, the panel concurred that people and businesses are motivated by profit.
Regulation around IoT security can take the form of measures that impact profit, whether negatively with tangible consequences for companies who fail to secure their products or positively by mandating minimum security compliance requirements for suppliers to win contracts. If you can help companies to meet a clear compliance checklist of IoT security requirements, you put them in position to provide viable tech solutions to their customers and drive profitability in the future.
Burrows stated, “Government regulation has a reputation as an innovation staller and adds new costs to running a business. However, the new societal risks of increasing the number of IoT devices from 25 billion to 75 billion devices over the next five years warrants some type of government action.”
The panel concluded overall that government should not regulate IoT heavily but rather should provide clear and specific guidance on how companies can secure their environments with incentives to boost profitability. This kind of guidance is particularly helpful regarding affordability of security solutions for the SMB sector, whose companies typically don’t have a dedicated CISO or CSO who is both engrained in the business and can drive security.
“Just about every business depends on technology to operate. Having a secure infrastructure not only benefits the company itself but also all the other companies that are interconnected in this digital economy,” commented Burrows.
Why not Security as a Service?
Other sessions highlighted the advent and adoption of “X-as-a-Service,” a service delivery model with the X being any kind of acute technology where demand is high but resources are limited. While Infrastructure as a Service, Platform as a Service and other technologies were swimming in the alphabet soup of XaaS, there was nary a mention of security. This begs the question, why not cyber security as a service?
Security as a Service may sound farfetched to the untrained ear, but security-focused companies like CBI have service offerings that bring this concept to life tangibly, right now, in the form of Security Operations Centers, managed technologies, advisory services and more. With our cyber security experts at the ready, CBI can help shoulder the security burden for enterprises to defend the Internet of Things and beyond.
