There is a lot of talk about the Internet of Things (IoT), about the rapidly expanding number of smartwatches, fridges, medical devices, and more collecting and sharing data. Already, the number of connected “things” exceeds the world’s population, representing only 0.06% of all devices that could potentially leverage IoT in the future. And yet, in some ways, our definition of IoT depersonalizes the impact these devices are having, changing expectations, our ideas of privacy and security, and how we work and live.
In a recent article on Connected World, we talked about how consumer expectations have carried over into the workplace, with employees bringing new devices and “things” to connect to the network, introducing new security risks and management challenges. In the article, Securing People in the Age of the IoT, we outline the challenge to correctly provisioning this complex array of devices with the proper security settings, configurations, software, access, and content that employees need to remain productive. The reality is, today’s employees are much more self-reliant - and therein lies the problem.
We need to think more about the Internet of People - and less about the Internet of Things.
Shadow IT represents the unsanctioned download or use of devices, applications or “things” to remain productive. Employees are accustomed to flexibility and choice - to provisioning their own devices, troubleshooting their problems, and downloading their own software to remain productive. We’ve seen a rapid decentralization of IT spending, which has in turn created new security risks. When users circumvent IT, critical gaps open up in visibility and security. A “top-down lockdown” approach often focuses on restrictions, blacklisting devices and apps and creating walls that employees will continue to try to circumvent.
Arming your organization against the Internet of People - the unique threats of internet-enabled “things” with these new employee expectations and behaviors - requires a combination of security training as well as a recognition of the relationship between users and the variety of devices and applications they bring to the workplace.
By focusing on people and their relationships, IT can create a user-centric environment that focuses on automation, smart groupings of users/devices/settings/apps, and self-service to allow employees to self-provision with the proper security configurations. At the same time, it’s important to recognize that many IoT devices today were not built to be managed, underscoring the importance of process and training in reducing risk.
As we mention in the Connected World article, organizations are being challenged is to build foundational practices in IT endpoint management that can adapt to changing technologies.
“What was new this quarter will be next year’s commonly accepted best practice for securing devices. Building processes now to adapt to the technology and employees of tomorrow is essential to ensure continued success. IoT will continue to grow and the Internet of People will always be with us.”