TechCentralTechCentral
    Facebook Twitter YouTube LinkedIn
    Facebook Twitter LinkedIn YouTube
    TechCentralTechCentral
    NEWSLETTER
    • News

      Willington Ngwepe to step down as Icasa CEO

      10 August 2022

      Samsung unveils its latest foldable smartphones

      10 August 2022

      Cape Town’s DataProphet expands funding to R165-million

      10 August 2022

      The tech proves it: South African women are better drivers than men

      10 August 2022

      BT, Seacom sign ‘strategic alliance’ for enterprise services

      10 August 2022
    • World

      Disney tops Netflix in streaming subscribers

      11 August 2022

      Jumia says it’s past peak losses, shares jump

      10 August 2022

      Elon Musk sells $6.9-billion of Tesla to avoid Twitter fire sale

      10 August 2022

      Nvidia issues profit warning on slump in demand for graphics cards

      8 August 2022

      Buterin: Mining on Ethereum Classic won’t affect Merge

      8 August 2022
    • In-depth

      The length of Earth’s days has been increasing – and no one knows why

      7 August 2022

      As Facebook fades, the Mad Men of advertising stage a comeback

      2 August 2022

      Crypto breaks the rules. That’s the point

      27 July 2022

      E-mail scams are getting chillingly personal

      17 July 2022

      Webb telescope’s stunning images of the cosmos

      12 July 2022
    • Podcasts

      e4’s Adri Führi on encouraging more women into tech careers

      10 August 2022

      How South Africa can woo more women into tech

      4 August 2022

      Book and check-in via WhatsApp? FlySafair is on it

      28 July 2022

      Interview: Why Dell’s next-gen PowerEdge servers change the game

      28 July 2022

      Demystifying the complexity of AI – fact vs fiction

      6 July 2022
    • Opinion

      SIU seeks to set aside R215-million IT tender

      19 July 2022

      No reason South Africa should have a shortage of electricity: Ramaphosa

      11 July 2022

      Ntshavheni’s bias against the private sector

      8 July 2022

      South Africa can no longer rely on Eskom alone

      4 July 2022

      Has South Africa’s advertising industry lost its way?

      21 June 2022
    • Company Hubs
      • 1-grid
      • Altron Document Solutions
      • Amplitude
      • Atvance Intellect
      • Axiz
      • BOATech
      • CallMiner
      • Digital Generation
      • E4
      • ESET
      • Euphoria Telecom
      • IBM
      • Kyocera Document Solutions
      • Microsoft
      • Nutanix
      • One Trust
      • Pinnacle
      • Skybox Security
      • SkyWire
      • Tarsus on Demand
      • Videri Digital
      • Zendesk
    • Sections
      • Banking
      • Broadcasting and Media
      • Cloud computing
      • Consumer electronics
      • Cryptocurrencies
      • Education and skills
      • Energy
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Motoring and transport
      • Public sector
      • Science
      • Social media
      • Talent and leadership
      • Telecoms
    • Advertise
    TechCentralTechCentral
    Home»Promoted Content»IoT security must be built in, not bolted on

    IoT security must be built in, not bolted on

    Promoted Content By Obscure Technologies and Palo Alto Networks3 November 2020
    Facebook Twitter LinkedIn WhatsApp Telegram Email

    The Internet of things (IoT) is being driven by domestic use as well as business projects, with the average American household already running 11 connected devices. The roll-out of 5G will drastically boost that already high figure, with “an explosion of connected devices in the home, and in your car and on your body”, according to a study by Deloitte.

    These numbers confirm that companies must become IoT players because that is the way the entire world is evolving. It’s easy to see the benefits and exciting possibilities, yet it’s also easy to overlook the new threats that come each time an additional device accesses your network, participants heard during a recent TechCentral C-suite discussion sponsored by Palo Alto Networks and Obscure Technologies.

    “There’s no doubt that IoT is going to open the door for innovation, but from the threat aspect, it doesn’t matter whether you are in oil and gas, power, security, or banking — the vulnerability of IoT being unencrypted and vulnerable is the same for everyone,” said Trevor Coetzee, the SADC regional director for Palo Alto Networks.

    Trevor Coetzee

    Ideally, security must be addressed when an IoT project is in its infancy, if not before. Advocate Lufuno Khorommbi, MD of cyberlaw at Orizur, said cybersecurity was unfortunately still treated as an addition rather than a core requirement, both from the technical and the legal side. The recent introduction of the Protection of Personal Information Act has seen everyone running around trying to become compliant, but there is a widespread lack of appropriate governance, she said. “Very few companies are actually doing awareness and education. There’s too much ignorance in terms of the legal side of things, and around cybersecurity governance in general.”

    Lufuno Khorommbi

    Cash distribution company SBV has approached it from the right angle, believes its chief security officer Ian Keller. “I sit with the C-suite and represent security at the board, and security is part and parcel of what my company does. It’s front of mind the entire time — nothing happens without security. When we bring in a new product that’s connected to the Internet, it comes past our team to make sure it’s secure and it’s looked after,” he said. “But I have to add the caveat that it has been a very long and hard slog to change the mindset from pure physical security to cybersecurity.”

    Ian Keller

    For a service provider like Vox, the biggest challenge was knowing what a customer’s crown jewels were in terms of what needed to be protected. “The IoT has a big impact on security and on regulations, and to overcome the challenges, organisations need to know what is out there, what it’s connected to, and what their information assets are,” said Niel van Rooyen, Vox’s head of information security.

    Niel van Rooyen

    Gathering all that information was a large task, and an equally big problem was not having security built-in from the ground up but trying to bolt it on afterwards.

    How companies can best handle security around IoT devices can depend on their size as well as their business sector. Absa has a full Security Operation Centre (SOC), which makes security a lot easier to manage in a large company, said Ignus van Zyl, its lead security analyst and chief security officer for Africa Technology.

    Ignus van Zyl

    “There’s definitely a line that has to be drawn based on a company’s size, as well as what the main focus of the business is,” he recommended. “If you’re dealing with a smaller company of 40 or 50 people instead of 40 000 or 50 000, it might be worth outsourcing security, because the amount of money and effort needed to train up, manage and sustain an SOC might outweigh the benefits.”

    The larger a company, the more it should consider handling security in-house, because there was more to protect, more to be aware of, and more teams that had to interact with each other, he suggested.

    Size doesn’t matter for any company operating in a sector with heavy security requirements, Van Zyl said, because for them it’s important to have an in-house team that’s right there for any issues that arise.

    Unfortunately, staff turnover for these skills is high through an element of burnout because each incident must be treated as an actual threat, and that intensity takes its toll.

    Bramley Maetsa, head of DevOps engineering at Sasol, agreed that security should be in-house for big corporations. He also agreed that finding the right talent was tough. “We had to augment our internal teams with consultants, but as a huge organisation, we need to own the IP and have control over it,” he said.

    Bramley Maetsa

    City Power uses both in-house and outsourced security experts to protect its ICT environment, said Rachel Seabela, GM of ICT. Traditional ICT security to protect end users and their devices is augmented by security around IoT devices like the cameras in underground tunnels that house City Power’s electric cables. “We have an internal team that provides that first-line support and responds to basic user requirements or questions,” said Seabela. “We also have strategic partners that respond to the more technical issues, as we don’t have the expertise in-house to respond to them.”

    Rachel Seabela

    Many companies could easily improve their security profile if CIOs were encouraged to graduate to the CEO’s position, suggested Charles Kungwane, chief IT security officer at Motus. CEOs with an accounting background are business driven, but not sufficiently clued-up about the IT side to give it a high priority, he said.

    Charles Kungwane

    So far, the Land Bank doesn’t have any IoT devices, but information security in general is a big concern for Wilma Nel, its head of IT governance, risk and compliance. One difficulty was getting senior managers to understand the threat landscape and deal with the risks. “We have to guard against the same kind of threats that commercial banks do,” she said. “For me, the biggest headache is that as the bank goes on a digital transformation, IoT will be there, and I’m concerned about how I’m going to secure it when I don’t have the resources.”

    Wilma Nel

    For business consultancy EY, security is already embedded within its offerings as well as throughout its landscape. Annalyn Rejji, its technology infrastructure leader and head of its Africa Assurance Digital & Innovation, said one exciting thing she had seen were e-learning platforms, many of them focusing on training in the core skills required around security.

    Annalyn Rejji

    As well as needing to get closer to the board, CIOs should also take a broader look at their jobs as security practitioners, because digitisation had transformed the way they needed to operate, said Haider Pasha, senior director and chief security officer for emerging markets with Palo Alto Networks.

    Haider Pasha

    “If your task is to secure an organisation, you’re not just thinking around infrastructure anymore. We have to bring things such as incident response and security awareness into all the other areas of the business,” he said. “We have to think about identity very differently now, and even though we may not be fully in the cloud, we still have to think about how different types of users should be given different types of access, because the traditional defence model doesn’t work anymore,” he said. “We also have to think about zero trust and how to do micro segmentation.”

    Pasha told the panellists that he’d had many discussions with clients around the “unteach and teach” model. “You have to ‘unteach’ the board some of the perceptions they have of cybersecurity being a blocker and not a business enabler. You do that by talking around risk, which is critical, because if you cannot quantify the risks to the business and explain how that risk impacts a certain business priority that they have, then there isn’t a lot of value we can bring to the conversation.”

    • This promoted content was paid for by the party concerned
    Obscure Obscure Technologies Palo Alto Networks
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email
    Previous ArticleApple is all set to debut non-Intel Macs next week
    Next Article The numbers are in: TechCentral is SA’s leading B2B tech platform

    Related Posts

    How secure is your cloud?

    10 August 2022

    5 ways to make attack-path management more manageable

    10 August 2022

    Smart homes need even smarter Wi-Fi

    10 August 2022
    Add A Comment

    Comments are closed.

    Promoted

    How secure is your cloud?

    10 August 2022

    5 ways to make attack-path management more manageable

    10 August 2022

    Smart homes need even smarter Wi-Fi

    10 August 2022
    Opinion

    SIU seeks to set aside R215-million IT tender

    19 July 2022

    No reason South Africa should have a shortage of electricity: Ramaphosa

    11 July 2022

    Ntshavheni’s bias against the private sector

    8 July 2022

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2022 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.