Internet of Things security spending is expected to reach $1.5 billion this year, according to a new Gartner survey, marking a 28 percent increase from 2017.
Vendors and solution providers in the space told CRN that they agree with Gartner's report that IoT security spending will keep growing. For solution providers, the report points to greater opportunities to provide more professional services.
"It's actually becoming a pretty big topic for us as of late," said Mark Jones, CEO of Black Lake Security, an Austin-based managed services provider.
Black Lake began offering IoT security products and services more than a year ago through vendor ForeScout, and that decision is already starting to pay off. Jones estimates that between products, services and consulting revenue, IoT security now accounts more than 20 percent of Black Lake's annual revenue. He expects IoT security revenue to increase this year by roughly 58 percent.
That large increase in revenue, Jones said, is spurred by the fact that end customers typically spend two-to-five times on services following the sale of an IoT security product. Gartner's report shows that professional services are the largest opportunity in IoT security, expected to account for 62 percent of spending this year.
"It really spurs off a lot of services, which we like," he said.
This projected increase in IoT security spending — which Gartner projects will double in three years to $3.1 billion in 2021 — is driven in part by the legions of new devices coming online within the business environment.
Like ForeScout, IoT security vendor Armis focuses on these largely unmanaged devices, which range from smartphones and tablets to smart TVs and smart cameras. One device that has seen an explosion across the company's 25 business customers, which includes Fortune 100 companies, is the Amazon Echo. According to a company survey last fall, 82 percent of its customers had the Amazon voice control system in their business — sometimes even in the boardroom or executive offices.
"It's another example of devices in the environment that’s listening around and nobody monitors where those devices are, what they are doing, and where are they sending all that information," Yevgeny Dibrov, CEO and co-founder of the Palo Alto-based company, told CRN.
The fallout from having an unmanaged device like the Echo in the office was underscored by Armis research last fall that uncovered a Bluetooth vulnerability that would allow hackers to take over unpatched Echo devices, spread malware and gain access to information coming in and out of a business' network. Amazon was informed of the vulnerability and issued a security update before Armis' research was published.
Armis, which works with channel partners like Optiv and INNO4, aims to help businesses eliminate this "IoT security blind spot" by letting them see every device in and outside the network. The software platform can then continually profile devices on the network for anomalies and malicious activity and disconnect them when necessary.
"The understanding of the IoT security footprint is so big today that most of the devices connected are unmanaged," Dibrov said.
This issue of monitoring threats coming in and out of unmanaged devices extends to industrial businesses, such as oil and gas companies and electric grids, which are running networks that are, in some cases, decades old and weren't built with security in mind, according to Patrick McBride, CMO of New York-based Claroty.
Claroty is an industrial IoT cybersecurity vendor that focuses on creating visibility and monitoring threats within an industrial company's operational technology networks, which can include anything from robots and sensors to pumps and systems that control large generators.
McBride told CRN that Claroty's business is evenly distributed between U.S. and international customers. When the company started in 2014, the original go-to-market plan was the channel, but over time, demand has ramped up to the point where Claroty is now getting inbound calls from potential customers.
There have been a few factors leading to more companies securing their industrial networks, McBride said. While the regulatory environment accounted for the first push, the rising awareness of cyber attacks made against industrial systems and the cost of handling them has encouraged more companies to take it seriously.
While many companies are waking up to the fact that they need to protect their networks that connect old and devices, there are plenty of laggards in the space. In the Gartner report, the firm said the lack of prioritization and implementation of security best practices and tools in IoT initiative planning is the biggest inhibitor to IoT security growth, potentially hampering spending by 80 percent.
"People are beginning to understand just how vulnerable those environments are," McBride said, calling the category the "softer underbelly of networks."