Gartner Blog Network


IoT Endpoint Security Standards Emerging

by Erik T. Heidt  |  December 13, 2017  |  Comments Off on IoT Endpoint Security Standards Emerging

Do you need security standards that can be used to evaluate or design IoT Endpoints?
Answers are coming!

There is an often repeated story arc that security, risk, audit and industry standards proceed through in their early development.This occurs in an organic manner responding to market forces. Once demand for guidance reaches a critical mass someone takes the first step and puts stakes in the ground. This puts forward an “best effort” to fill the guidance vacuum (perceived or real), and relieves the pressure to “get it right” that inhibits parties from rapid action. There is reputational risk and heavy lifting that is taken on by early movers, but once a credible attempt is made it unlocks barriers to participation and progress. In effect this enables a transition to broad discussion and successive refinement. Operating system hardening, PCI/PHI protection and cloud security all followed a similar story arc in their early days.

Here in late 2017 this trigger point has been reached for IoT Endpoint security.

In July of 2017, Underwriters Laboratories (UL) began publishing the UL 2900 series “Software Cybersecurity for Network-Connectable Products” and which has been extended with supplements for biomedical, industrial control and life safety systems. This is resulting in a number of collaborative efforts including partnerships with ANSI, other standards bodies and industry.

This is not to say that any of these groups were waiting for someone to act. Many organization have been working on IoT Endpoint security standards for quite some time, but once someone publishes these efforts change. This shift results in across the board increases in efficiency and an acceleration in progress for all parties.

If you need to design or evaluate IoT Endpoint or Gateway security, the key takeaways are:

  • Credible (and testable) IoT Endpoint security standards are available now.
  • 2018 will see a number of complimentary standards published across industry and geopolitical boundaries.
  • Organizations should expect suppliers to be aware of these these standards, and able to discuss compliance (or gaps).

As always, please share comments, insights and additional information below.

Here are some resources:

Thanks,
Erik

Category: internet-of-things  security  

Erik T. Heidt
IoT Agenda Manager, Research VP
5 years at Gartner
26 years IT Industry

Erik Heidt is the IoT Research Agenda Manager for Gartner for Technical Professionals (GTP). Mr. Heidt covers Internet of Things (IoT) architecture, strategy and execution as well as security and risk management within the IoT context. Mr. Heidt focuses on developing and delivering research related to the architecture, development and operation of IoT for both users and suppliers. Mr. Heidt has more than 26 years of industry experience, with a significant focus on information security and risk management. Read Full Bio




Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.