The Internet of everything (IoE) is not only a focus among this week's Black Hat event in the US, but also in Hong Kong's CLOUDSEC 2014, hosted by Trend Micro.
Kicked off today at the Hong Kong Convention and Exhibition Center, the event aims to address the security implication of the interconnectivity of smart devices, personal clouds, wearable technology, big data networking and the Internet.
"In IoE, information security will come under further scrutiny as its role becomes even more crucial in supporting digital enterprises" said Ken Low, executive director of CLOUDSEC 2014, also chairman of APAC executive council at Cloud Security Alliance.
For enterprises that leverage IoE technologies for customized and personalized services can address protection from the backbone infrastructure, according to Bill McGee, SVP & GM of Cloud and data center security at Trend Micro.
McGee noted IoE attacks can be categorized into four different types: 1) a direct attack towards the front-end IoE devices, like home monitoring systems; 2) an indirect attack via the back-end data center to take control of the front-end devices; 3) an attack towards the back-end infrastructure to capture data related to the IoE devices; 4) an attack via the front-end IoE devices to access and capture sensitive customer data.
Although most data is collected and generated at the IoE devices, McGee said protection at the front-end largely relies on the manufacturers and it is difficult to bring "add-on" security at this level.
To meet market and consumers' demand, many IoE players are rushing to get their products to the market, putting device security a second priority, added McGee.
"Many of the IoE players are startup businesses and cloud computing is often the backbone," he said. "Back-end is where the more serious issues can arise."
He suggested enterprise to focus on protecting the back-end infrastructure, which includes the cloud environment, virtual machines, network and data encryption.
"Organizations should seize the opportunity to automate and optimize security as part of their data center operations," said McGee. "With the proliferation of IoE, though security principals remain the same, the approach to security must change."
Changing security approach
One of the changes in security approach is the move from a static towards adaptive strategy. As more IoE players rely on cloud computing for dynamic and scalable computing power, McGee said their security approaches should also be adaptive to provide automated provisioning that is specific to the platform and usage.
He added security has also moved away from hardware-centric by adding appliances to the data center, towards software-based security.
When asked about security vendors' role towards the IoE ecosystem, McGee added Trend Micro's currently focus on partnering with service providers, instead of with front-end device providers.
"The business model remains unclear at the front-end device adoption," he said. "But this market could change and move very quickly."