Risk
6/18/2013
12:51 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Frost & Sullivan: Further Progress In M2M Toward Internet Of Things Requires A Focus On Security Risks

Strong focus on security necessary to drive continued M2M deployment in enterprises

LONDON, June 18, 2013 /PRNewswire/ -- In the next phase of M2M market development that is moving towards an Internet of Things (IoT) future, security requires a holistic approach. Huge increases are expected in the number of machines and objects that communicate with humans and other machines/objects, each processing real-time (or near real-time) data. In such an M2M world, security must become a core component of an enterprise's consideration when using M2M to achieve business objectives.

"Traditional M2M deployments have security solutions embedded within the network, with the integrity of the underlying communications network being boosted by existing network security solutions," explained Frost & Sullivan Senior Industry Analyst, ICT, Yiru Zhong. "M2M value chain participants - integrated chips manufacturers, SIM card vendors, manufacturers of M2M modules and communication-enabled devices as well as connectivity network providers - have always embedded security solutions within their own products. One of the common comments from these vendors when asked about enterprise adoption of more secure hardware in the lower levels of an M2M network is that current M2M deployments do not actually require a higher level of security. However, in future scenarios, security risks could be magnified or prevalent because of the way M2M applications will be delivered."

For example, such key ICT trends as cloud computing, increasing enterprise and personal mobility, and Big Data, will affect the way security risks materialise in a generic M2M architecture. While there is no doubt that enterprise reliance on machine data and resultant intelligence will increase - especially as technology tilts the cost-benefit equation through greater efficiency, productivity, and the potential for new revenue streams - security will be a key requirement by enterprises considering M2M deployments.

"In addition to the tremendous number of devices and objects that are going to be connected through communications networks, future M2M deployments will reach deeper into enterprise operations," observed Zhong. "Coupled with the development of IoT, this will mean that enterprise M2M deployments could potentially be connected to other systems to enable a true connected-society.

The potential application of Big Data in such a setting will demand a well-defined risk analysis policy in terms of data security, trust, and privacy."

Ericsson's prediction of 50 billion connected devices by 2020 that would create a truly "networked society," has seven years to go. ICT industry participants, as well as standardisation and international bodies, are already working towards a viable and sustainable ICT framework for M2M progression. These workgroups will have to incorporate both the needs of enterprises and behaviour of digital citizens in the next generation M2M and IoT scenarios. The outcomes will go a long way in helping ICT industry participants define future security considerations and propose solutions for the safe operation of a connected world.

"Since enhanced security will begin at the lower layers of M2M architecture, M2M modules manufacturers, connectivity providers, and application enablement platform firms will all play important roles in the creation of a market leading portfolios and building a strong ROI business case for enterprises to deploy M2M," summarised Ms Zhong.

If you are interested in more information on Security Challenges in #SmartCommunities, please send an e-mail to Joanna Lewandowska, Corporate Communications, at joanna.lewandowska@frost.com, with your full contact details.

Frost & Sullivan has also launched recently the next issue of its #Smart Communities Journal. You can view the content on Slide Share.

#SmartCommunities as a hashtag reflects Frost & Sullivan's belief that ICT is a key tool for communities - regardless of their characteristics - to serve citizens and organizations more efficiently and in a sustainable manner.

About Frost & Sullivan

Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary innovation that addresses the global challenges and related growth opportunities that will make or break today's market participants.

Our "Growth Partnership" supports clients by addressing these opportunities and incorporating two key elements driving visionary innovation: The Integrated Value Proposition and The Partnership Infrastructure.

-- The Integrated Value Proposition provides support to our clients

throughout all phases of their journey to visionary innovation

including: research, analysis, strategy, vision, innovation and

implementation.

-- The Partnership Infrastructure is entirely unique as it constructs the

foundation upon which visionary innovation becomes possible. This

includes our 360 degree research, comprehensive industry coverage,

career best practices as well as our global footprint of more than 40

offices.

For more than 50 years, we have been developing growth strategies for the global 1000, emerging businesses, the public sector and the investment community. Is your organisation prepared for the next profound wave of industry convergence, disruptive technologies, increasing competitive intensity, Mega Trends, breakthrough best practices, changing customer dynamics and emerging economies?

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4594
Published: 2014-10-25
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.

CVE-2014-0476
Published: 2014-10-25
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

CVE-2014-1927
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928....

CVE-2014-1928
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulner...

CVE-2014-1929
Published: 2014-10-25
python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.