The number of devices connected to enterprise networks is skyrocketing. One reason is mobile computing. Mobile workers in the US now carry on average 3 mobile devices, according to a recent survey by Sophos. Fifteen years ago, each of those workers would have connected to the network through a single desktop computer. The number of devices storing business data and connected to the network per employee has tripled (or quadrupled for those employees who still have desktop computers in addition to their mobile devices). And unlike the devices of a decade or more ago, many of these devices have been selected and configured by employees themselves, regardless of whether or not the organization has officially adopted a Bring Your Own Device (BYOD) policy.
Another reason for the increase in devices is the ongoing rapid adoption of special-purpose networked devices, a trend that Gartner and others now refer to as the Internet of Things (IoT). Gartner defines the IoT as “the network of physical objects that contain embedded technology to communicate and sense or interact with their internal states or the external environment.” Examples include surveillance cameras, environmental monitoring systems, and factory automation systems. Gartner says that there were 0.9 billion of these devices in 2009, but by 2020 there will be 26 billion—a 30-fold increase.
All those devices and connections create risk for data confidentiality and integrity, which is why Gartner is now predicting the rise of a new executive role, the Digital Risk Officer. According to Gartner:
More than half of CEOs will have a senior "digital" leader role in their staff by the end of 2015, according to the 2014 CEO and Senior Executive Survey by Gartner, Inc. Gartner said that by 2017, one-third of large enterprises engaging in digital business models and activities will also have a digital risk officer (DRO) role or equivalent.
By 2020, 60 percent of digital businesses will suffer major service failures due to the inability of the IT security team to manage digital risk in new technology and use cases. IT, operational technology (OT), the Internet of Things (IoT) and physical security technologies will have interdependencies that require a risk-based approach to governance and management. Digital risk management is the next evolution in enterprise risk and security for digital businesses that are expanding the scope of technologies requiring protection. . . .
The advent of the Digital Risk Officer is another sign of just how vast are the changes taking in place in enterprise IT. Connected corporations are becoming hyperconnected as the number of devices multiplies. Services are moving to the cloud, and access is moving from cubicle-tethered desktops to smartphones and tablets. Networks, many now running at speeds of 10G or faster, are supporting more devices and more types of data than ever before.
As Gartner points out, when access is everywhere, risk is everywhere. BYOD and the IoT can make enterprises more agile and productive, but they also introduce new vulnerabilities and security hazards. The next data breach could come from a smartphone, tablet, or networked sensor (many of which were designed without security in mind).
But risk management isn’t the only challenge facing enterprise management teams grappling with the implications of their hyperconnected infrastructures. Keeping security in mind, they should look for ways to re-engineer services and processes to take full advantage of the connectivity and agility enabled by BYOD and IoT. The goal should be to create not only IT services that are more extensive and secure, but also a workforce that is more productive and enthusiastic.