I recently attended the quarterly face-to-face meeting of the Industrial Internet Consortium (IIC) - a rapidly growing organization dedicated to identifying, assembling, and promoting best practices for the industrial internet. This organization, which just celebrated its 1-year anniversary, has grown to over 150 members - including EMC - across a broad set of technology, manufacturing, and academic participants.
It's still early days, but we're excited about the work we're doing - building a reference architecture, and developing testbeds to prove out the concepts and the technology, driven by real-world needs. While the EMC Federation is involved from a number of aspects - VMware, AirWatch, EMC (for Enterprise Hybrid Cloud and Big Data), and Pivotal - the focus for RSA is, of course, helping ensure the security of the Industrial Internet.
Security for the Industrial Internet is particularly interesting (see my blog post) - and dangerous (see this posting from my colleague Bob Griffin), and critically important that we get right. This was validated by a recent World Economic Forum survey, in which respondents indicated that Security is the top risk for the Industrial Internet.
Within the IIC, I'm part of the IIC's Security Working Group, where we're collaborating to define a security framework that builds upon and leverages security best practices - identifying and representing what's unique for IoT, and ensuring that the testbeds follow these recommendations for strong IoT security. The testbeds will also serve to identify gaps in current security approaches or standards, so that we can address them within and across standards organizations.
This is challenging (and fun) in a number of ways. First, getting agreement on terms, scope, and content for a large document, across many different people with many different perspectives isn't easy (this is the challenging part). Second, there's a lot that we don't know. While we're confident that we'll be able to design, implement, and validate robust security in the testbeds, there are many areas left to explore due to some of the unique aspects of Industrial Internet, as it converges with, influences, and is influenced by IT (this is the fun bit).
We'll be sharing our findings in various places - you'll see my perspectives on the RSA blog, and can follow the official news on the IIC website. I'd also encourage you to visit the open, community-oriented site for the new book Enterprise IoT.
But let's bring this back to our everyday reality - how is this relevant to the security challenges that we're facing now? Two ways!
First, the reality is that there are many aspects of today's IT InfoSec challenges that are present within these IoT initiatives - and much of what we learn will be relevant for enterprises today. For example: Industrial Internet security architectures encompass pretty much the entire InfoSec stack - from hardware-based trusted computing, to PKI, encryption, and up through authentication and authorization, and privileged access to cloud infrastructure. While some of these areas are "solved problems" within traditional information security, some of them - in particular the management of authorizations, and how they map to both a risk model and to business processes - are still things that organizations are struggling with today within traditional IT.
And second, these Industrial Internet challenges and opportunities are in fact being tackled (and successfully met) by organizations today. So buckle up and join us for this journey. I promise that we'll all learn some things along the way, and be better prepared to secure our enterprises as we embrace the innovation, connectivity, and productivity advances promised by the Industrial Internet.
This post originally appeared on the RSA blog.