Last week’s RSA Conference 2017 in San Francisco came at a critical time, as organizations seek to reconcile the tremendous opportunities offered by new technologies with the the constantly evolving cyberthreats that challenge the security of enterprise apps, data, networks, and infrastructure. Nothing crystallizes this gap better than the Internet of Things.

Between 30 billion – 50 billion “things” will be connected to the Internet by 2020. And businesses will be among the biggest adopters. The latest report from Gartner indicates that 43 percent of enterprises will adopt IoT as part of their business operations by the end of this year, with even bigger uptake in the oil, gas, utilities and manufacturing sectors. IoT is rapidly transforming the way we think about connected devices, processes and information, and enabling myriad new business intelligence and operational models along the way. But it also presents daunting new security challenges.

In fact, IoT was the most-discussed topic in tweets and articles about RSAC 2017, which offered more than three dozen sessions on the subject, from “Weaponizing IoT” to “Securing IoT: Tech’s Latest Wild West.” Such heightened interest in IoT security echoes findings from the latest global survey conducted by Citrix and the Ponemon Institute (The Need for a New IT Security Architecture: Global Study on the Risk of Outdated Technologies), in which 75 percent of IT, CISO and business executives report that their organization is not fully prepared to deal with the security risks posed by IoT. Such fears are justified, as experts predict that 2017 will see further DDoS attacks via unsecured IoT devices, as well as the rise of IoT ransomware.

ponemon bannerPeople realize they’ve got to get their act together on security—not just for IoT, but across the entire complex environment that powers today’s businesses, where infrastructure is hybrid, multi-source and mobile; network boundaries are porous to the point of irrelevance; and a global, variable and mobile workforce extends beyond full-time employees to contractors and partners across the street and around the globe. According to the Cybersecurity Market Report, worldwide spending on cybersecurity will top $1 trillion between 2017 and 2021. Our own Citrix-Ponemon study shows that 98% of businesses will spend at least $1 million in the coming year on security. But will it be spent in the right way?

Complexity kills security

A full 83 percent of Citrix-Ponemon survey respondents said that the complexity of business and IT operations leaves them vulnerable. The results paint a picture of critical risks in every aspect of the environment:

  • 64 percent of survey respondents reported that they have no way to reduce the inherent risks of unmanaged data
  • 71 percent are unable to control employees’ devices and applications
  • 76 percent consider the integration of third parties into internal networks and applications to be a huge risk factor
  • Only 48 percent have security policies in place to ensure that employees and third parties only have the appropriate access to sensitive business information

Past investments have failed to address the need more often than they’ve succeeded, with many of these investments improperly or only partially deployed or too outdated to keep up with rapidly changing work patterns and just as rapidly emerging technologies and cyber-threats. In fact, 70% of survey respondents admit to making security investments they’ve been unable to deploy, and the same number report being stuck with existing security solutions that are outdated and inadequate.

Toward a truly secure infrastructure

New technologies will play a central role in reducing the risks posed by our evolving enterprise environment. Sixty-five percent of respondents believe that an improvement in technologies will improve their overall security posture and reduce risk. But loading up on point solutions isn’t going to solve all security risks. Proliferating add-ons only adds complexity while inevitably leaving gaps, and results in an unmanageable mess that’s of little use in addressing constantly evolving threats.

Instead of approaching security in an ad hoc, problem-by-problem manner, IT needs to go deeper to create a more holistic security framework that protects apps and data at all stages, in use, in transit and at rest, no matter where they’re used, on any device. A complete strategy for security technology encompasses virtualization of applications, desktops and networks; centralization of data to avoid exposure to risk on endpoints; and layered security on data sources to control access. With this secure infrastructure in place, security becomes simpler and more flexible, while people—and connected devices—can work in new ways without putting data and applications at risk.

Infrastructure-level security will also mitigate the staffing challenges facing most organizations. Seventy-two percent of Citrix-Ponemon survey respondents said that an improvement in staffing will improve their overall security posture and reduce risk, but only 40 percent are hiring effectively in a tight talent market. A more effective security framework, complemented by technologies like centralization, automation and artificial intelligence, can enable even shorthanded and less experienced teams to protect data and applications effectively.

More opportunities with less risk

The intense interest in IoT shown by RSAC 2017 attendees makes clear that businesses are serious about securing this new type of technology. And they should be—from wearable consumer products to industrial-scale intelligence and automation, IoT offers no end of thrilling opportunities. IoT can even play a role of its own in security, helping organizations collect and communicate data to help detect and stop zero-day exploits and other threats that haven’t been identified yet. A more secure infrastructure positions organizations to move confidently forward with IoT and other valuable innovations, able to ensure secure application and data delivery no matter how dynamic or complex the environment becomes. That’s the kind of security investment that really pays off.