Endpoint Security , Governance & Risk Management , Internet of Things Security

IoT in the Enterprise: Managing Risk and Control

KPMG Experts Offer Security Advice for IoT Deployments
Piers Hogarth-Scott and Katherine Robins of KPMG Australia

Enterprises want to make greater use of connected devices to develop new services and gain new efficiencies, but security is a paramount concern.

See Also: Deep Dive into the State of Open Source Security, License Compliance and Code Quality Risk

Large IoT deployments, which could encompass millions of sensors, increase the attack surface, says Piers Hogarth-Scott, who leads KPMG's IoT practice in Australia.

Some of the sensors have limited capabilities; they grab a bit of data and push it to the network, which limits the type of security technologies that be applied, says Katherine Robins, a partner in KPMG's cybersecurity practice. "Depending on what the sensors are, there isn't a lot of compute for you to be able to put a security stack on these things," she says.

For example, some devices many not be able to use security certificates. Often, that means the security is pushed downstream to a controller or an edge network within an organization, she says.

"These are all of the things that people worry about when they're talking about IoT," she says.

In this video interview with Information Security Media Group, Hogarth-Scott and Robins discuss:

  • The security challenges around managing large numbers of remote IoT devices;
  • How organizations are managing detection, response and recovery for IoT devices;
  • Why there's increasing demand for basic security verification of IoT devices.

Hogarth-Scott is a partner at KPMG's Digital Delta in Australia. He is national leader for KPMG's IoT practice and is chairman of the executive council for the IoT Alliance Australia.

Robins is partner with KPMG's cybersecurity services in Australia. She formerly was a partner with Deloitte Australia and the principal security expert for Telstra's chief technology office.


About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.