Mapping Session results: IoT Security

At this year’s Structure Connect, Gigaom Research hosted a collaborative Mapping Session for conference attendees on securing the Internet of Things. Mapping Sessions tap the collective wisdom of our analysts and other thought leaders to tease out the most disruptive trends shaping a space over the next 12-24 months. We integrate feedback from these sessions into our research planning, and many of the sessions directly inform our Sector Roadmap reports.

The IoT Security Mapping Session was a success, and we thank everyone who attended for their participation. Some key themes that emerged from the session included:

Device proliferation will have a substantial destabilizing effect on security. 

Users will experience “security fatigue” as the scope of personal device management extends beyond the smartphone to watches, other wearables, household devices, and automobiles. Users cannot be expected to maintain any level of personal policy management, and it will be incumbent upon every participant in the value chain – from app developers to hardware manufacturers to network service providers – to compensate.

Developers will experience fatigue, too.

Talented developers are already in short supply, and the fragmented nature of the IoT will make this worse. While standards are in flux and every new form factor brings a unique set of requirements, developers will scramble to extend their skill sets while delivering on a growing workload, creating massive opportunities for the introduction of security holes.

Networks will stumble.

The current crop of networking options are not suitable for the types or volume of traffic the IoT will create in just a few years. The IoT will generate vastly larger numbers of connections of substantially smaller size, with a wide variety of QoS requirements, and very different monetization allowances. New networks that rise to meet these challenges will need to be both secure and resilient, which could be a challenge for nascent technologies with an emerging revenue model.

An “awareness event” is inevitable – and positive.

A massive, damaging security meltdown is inevitable, and the participants felt that ultimately, such a breach would be positive for the security community, driving greater urgency behind open standards initiatives.

The “security underwriter” will rise.

Most of the participants agreed that there was a tremendous opportunity for a security underwriter – essentially a next-gen certificate authority – to step in and verify that  an IoT ecosystem is secure. There was less agreement on whether one party would have the resources to audit the entire chain, and everyone agreed that the challenge of certifying a constantly-changing collection of third-party APIs would be daunting.


We welcome your feedback on these and other disruptive trends. Have we missed anything that you believe will be key to shaping this market over the next two years? Continue the discussion by leaving a comment below.

Mapping session panelists.

Cormac Foster, Research Director, Gigaom Research

Rich Morrow, Analyst, Gigaom Research & Founder, quicloud

Lee Doyle, Analyst, Gigaom Research & Principal Analyst, Doyle Research