IoT Security: Thing-centric Vulnerabilities Drive Internet-centric Security Opportunities 66.1 % of all industries implementing IoT solutions are looking to reduce security and compliance risk*. *https://451research.com/report-short?entityId=89564 THING-CENTRIC: Elements required to get devices talking to each other— edge computing, connectivity modules, operating systems, wearable technologies, edge gateways. Thing-centric IoT Device Vulnerabilities: > Exceed effective encryption technology > Designed without any kind of security > Can’t support security > Hindered ability to remotely patch endpoints > Open to exploitation leading to network hacks > Easily mimicked Thing-centric Network Vulnerabilities: > May not have adequate encryption > Increased vulnerability due to number of protocols > Flat compared with typical IT networks > Exposure to centralized management or data system. INTERNET-CENTRIC: Infrastructure and services required to complete an IoT solution— bandwidth, connectivity, middleware and application platforms, big data and cloud, systems integration, managed services and consulting. Thing-centric Impact on Internet-centric Security > Thing-centric data could contain malware and needs to be: • Inspected • Stored • Separated • Sanitized • Sandboxed > No easy way to secure, patch and monitor the assets, compounding risks > Surface area also increases from the physical to the virtual world: • Vulnerable applications • Compromised machine identities • Targeted policies and entitlements • Increase in the security footprint Driving Internet-centric Security Opportunities > New IoT use cases > Emerging standards and protocols > Legacy devices and things