Opinion: Businesses must address risks in order to accelerate digitalisation
Hamid Qureshi, territory sales manager EMEA and Middle East at nCipher Security discusses IoT security
The 2019 nCipher Global PKI Trends Study reveals that, while cloud-based services and the Internet of Things (IoT) devices are exploding in their application at unprecedented levels, enterprises – both here in the Middle East and across the world – are failing to prioritise security to counter cyber threats. This has left businesses open to significant and dangerous vulnerabilities.
A key finding of the study is that enterprises in the Middle East (particularly Saudi Arabia and UAE) see critical threat in four main areas: Protecting the confidentiality and integrity of data pulled from IoT devices; delivery of patches and updates; device discovery; and monitoring device behaviour. More importantly, they see these threats likely to be unchanged in the next 12 months.
According to the research, businesses believe that in the coming year, key IoT security capabilities will hinge on delivery of patches and updates, device authentication and protecting confidentiality and integrity of data, device discovery and monitoring device behaviour – not far off, as you can see, from their existing concerns.
This means, concerted corrective action must be taken now. However, not all businesses are equipped to take concrete steps towards this either. This is not due to lack of will, but rather because many entities – as the study revealed – say they face the twin challenges of having the right resources and the right talents to drive the digital journey forward in deploying and managing the public key infrastructure (PKI).
Organisations are also challenged by a lack of clear ownership, while new applications, PKI technologies, and external mandates and standards are also perceived as the biggest areas of change and uncertainty. Many businesses also state that the incapability of existing PKI to support new applications, insufficient skills and lack of ability to change legacy apps are further concerns when it comes to enabling applications to use PKI. In fact, less than half of the respondents of the study had PKI specialists on staff and a good majority do not believe there is one function responsible for managing PKI, which goes against the spirit of best practices.
In fact, looking ahead, cloud-based services are only going to continue to gain further momentum, with 56% of IT security professionals stating that such services are most likely to be driving the deployment of applications that make use of PKI. This is followed by 46% stating mobile devices and 37% citing IoT as the driving force.
Compared to the rest of the world, where the use of internal corporate certificate authority (CA)s continues to be most popular for PKI deployment, in the Middle East, 68% of respondents cited externally hosted private certificate authority as a managed service versus 60% who stated internal corporate CAs as their preferred choice.
In the next two years, an average of 42% of IoT devices in use will rely primarily on digital certificates for identification and authentication. IoT – and here in the region, cloud-based services – will continue to grow supporting PKI deployments.
With the use of an IoT device as a network entry point and capturing data from an IoT device seen as a potential security risk, protecting the confidentiality and integrity of device data is the most important IoT security capability today.
With primary concerns clearly spelt out, the question then is: How can organisations ensure they can fool-proof their systems? The key, no doubt, is tech innovation – a core area of focus for nCipher – which has played an important role in enabling organisations across the region to protect data and address security vulnerabilities.
In summary, it is important than ever to invest not only in mobilising resources but also in honing talents to drive the ongoing focus on digital transformation. Ensuring the highest standard of cybersecurity is not just an option, but a strategic imperative that organisations must strenuously pursue as a business-critical function in this new and ever-accelerating era of digitalisation.