Fortinet Exec: 'Trusted Partners' Can Help Customers Secure The Growing Number Of IoT Devices

As the number of IoT devices explodes, so do the number of security vulnerabilities. Partners can help close that gap and boost their businesses, according to Fortinet Vice President of Strategic Programs Jonathan Nguyen-Duy.

Gartner predicts that there will be more than 50 billion IoT devices by 2020. Nguyen-Duy said Fortinet research has found that more than 70 percent of those devices will be vulnerable to attack, with 25 percent of all cybersecurity attacks by 2020 associated with IoT.

"That's why IoT security is such a prominent concern. Those concerns are one of the major issues why enterprises and organizations of all sizes are looking for trusted partners to help them address some of these weaknesses," Nguyen-Duy said at IoTConnex, a virtual IoT conference hosted by CRN parent The Channel Company.

[Related: 15 IoT Security Vendors Looking To The Channel To Drive Business]

Sponsored post

Nguyen-Duy said there are particular opportunities for partners around manufacturing, freight monitoring, production asset management, and critical infrastructure. He said all of those areas are "growth areas," and IoT will represent the "vast majority of spending" in those markets.

John Van Blaricum, vice president of global marketing at Kudelski Security, said the security solution provider is already "all over this" opportunity. He said the company has already launched defined services, advanced labs to validate hardware and software, and is designing new devices.

Van Blaricum said Kudelski is working primarily with manufacturers to date but is starting to see "a lot of interest" from companies with IoT or ICS utilization. He said a recent client advisory council also had a "growing concern" around IoT.

The reason demand is rising, Van Blaricum said, is that more and more devices such as industrial control systems are being connected to the Internet. He said those were "previously considered dumb controls," but recent proof points have shown their vulnerability.

"These are now potential vectors for attack," Van Blaricum said.

The challenge for customers, Nguyen-Duy said, is that many IoT devices are not designed with security in mind, are "headless" or don't offer an operating system or processing power to run security elements, and may have passwords hardcoded into the firmware, so they are difficult or impossible to patch or update. There is also an increasing complexity that IoT introduces into an environment, with consumer IoT, commercial IoT, and industrial IoT all entering the workplace.

However, Nguyen-Duy said these growing number of devices also present a significant opportunity for customers to achieve cost savings and better business outcomes. He said partners are in the perfect position to help customers achieve those goals around driving data-driven decision making with IoT devices, while also maintaining the security of their environments.

"[Customers are] looking for trusted partners that understand what that end user's business model looks like … and partners that really understand security and components in IoT security," Nguyen-Duy said. "I think that's the primary opportunity today for channel partners." Nguyen-Duy said this also opens up new doors for partners to add value to customer environments and drive new revenue and services streams.

Nguyen-Duy said there are three elements partners should consider when starting their clients on an IoT security strategy. First, he said partners need to help customers define what is trusted in the environment, including core and critical assets, network assets, managed IoT, and "headless" IoT. Second, he said partners should determine tolerated and allowed devices, which will be allowed but monitored and managed. Those could include corporate unmanaged IoT and BYOD devices, he said. Finally, he said partners should determine rogue or unwanted devices that will be banned from network connection.

Once partners help customers segment devices, and decide which devices they can trust, Nguyen-Duy said partners should help them segment their networks and define policies for those devices. Then, he said partners can layer on protection technologies.