The market for IoT security products is set to grow sharply, as the general IoT market becomes ever more ubiquitous, according to a report released this month by Gartner Research. While there are numerous drivers behind the increased demand for IoT security, a growing sense that regulatory compliance will shortly become an issue is one of the most pressing.
The report lists security as the top barrier to success for IoT initiatives, according to a survey on IoT adoption conducted by Gartner. A big part of the problem, the report said, is that businesses often don’t have full control over which devices and software are being used at each level of a given IoT project.
“We expect to see demand for tools and services aimed at improving discovery and asset management, software and hardware security assessment, and penetration testing,” he said in a statement. “In addition, organizations will look to increase their understanding of the implications of externalizing network connectivity.”
According to the report, US$570 million of the $1.5 billion due to be spent next year on IoT security will go toward professional services, rather than endpoint security offerings or security gateways. That number will climb to a little over $2 billion by 2021, part of the $3.1 billion that Gartner says will be spent that year.
Regulatory issues might not be the prime mover behind IoT security spending this year, but 2019 and onward will see an increasing proportion of that spending driven by compliance with infrastructure protection and privacy regulations.
One example of those new rules is the European General Data Protection Regulation, which takes effect on May 25 of this year. It will impose stiff fines and penalties on companies that do business in the EU – which is to say, most major tech firms – and don’t comply with the GDPR’s provisions. Those include the right for users to view data that companies store about them and clearer disclosures about what data is being collected for. Most relevant to the IoT is a provision called “privacy by design,” which requires that organizations “implement appropriate technical and organizational measures … in an effective way … in order to meet the requirements of this Regulation and protect the rights of data subjects.”