Welcome to my first blog post in my new role within the Gartner security analyst team. I am starting a series of posts on two relatively new areas of Gartner security coverage.
The first will comment on security and risk management issues and concerns with the industrial control and automation infrastructure found in many enterprises, especially those involving critical infrastructure such as utilities, oil and gas firms, manufacturing, transportation, and others. Gartner refers to this infrastructure as “operational technology” (OT) to distinguish it from traditional IT infrastructure. Gartner refers to OT as hardware and software that detect or cause a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise. Technologies such as SCADA, process control networking and distributed control systems are examples of OT. Media coverage regarding OT has grown in frequency as vulnerabilities are discovered and threats to OT systems and networks increase in frequency and sophistication.
The second will comment on security and risk management issues and concerns for what the markets now call the “Internet of Things”, or IoT. As many of you already know, The IoT is the network of physical objects that contains embedded technology to communicate and sense or interact with the objects’ internal state or the external environment. It ranges across myriad industries and examples, from devices to monitor health and exercise to smart watches to traffic flow sensors to intelligent smoke alarms to— well, you get the idea. The IoT is currently one of the most interesting concepts for innovators and entrepreneurs, and design ideas and product proposals are ricocheting across the market faster than professional ice hockey players. While not all of the IoT demands enterprise-class security, there are enough concerns about privacy and misuse of data or device to merit consideration.
Gartner has already published research in OT and the IoT, and some security research has also been published on these fields as well. But the growth and position of these technologies for enterprise users and consumers demand more, and research in 2014 will focus on areas such as embedded systems security, securing smart cities, and business continuity/disaster recovery concerns in a world of OT and the IoT. We welcome your comments as we tackle some of the major security issues of the day for OT and the IoT here in this blog. Let’s get the discussion started.