With every passing holiday season, the number of Internet-connected, electronic devices that fill our homes continues to grow, from smart assistants like Amazon Alexa and Google Home, to the video-doorbell Ring, to the now-ubiquitous Nest thermostat. These Internet-of-Things (IoT) devices have quickly changed our daily lifestyles, and we don’t expect this trend to slow down anytime soon.
As the number of consumer-focused IoT devices continues to expand, businesses are quietly increasing their use of Internet-connected devices as well. These devices include broadly used technology such as printers, security cameras, Bluetooth keyboards and HVAC systems, as well as industry-specific devices such as manufacturing sensors, MRI machines, metal detectors and more. And as the use of all these devices grows, the potential security threats associated with them increase as well. Simply put, more Internet connections and “endpoints” in a business means more opportunities for hackers to exploit—but unfortunately, many businesses are not set up to deal with this issue.
It’s a growing concern for businesses in a diverse set of industries. Gartner predicts that the overall enterprise and automotive IoT market will grow to 5.8 billion endpoints in 2020 (growing 21% year-over-year). Enterprises in sectors including healthcare, manufacturing, hospitality, retail and others have realized that the number of unmanaged—and sometimes even unknown—IoT devices in their facilities continues to grow, raising management and security concerns.
A recent Forrester survey of 403 technology decision-makers in business found that 69% of them estimated that half of all devices on their enterprise networks were IoT devices that could not be managed via traditional security tools. As a result, 79% of these executives were “very to extremely concerned” about device security.
This new, hyper-connected environment has already spawned high-profile security attacks. The WannaCry ransomware crypto-worm famously infected more than 230,000 computers in 150 countries and took down half of the hospitals in the UK, after malware infected out-of-date Windows XP devices. The U.S., U.K. and Australia publicly said North Korea was behind the attack. There also have been more pointed, and creative IoT-related security incidents: Hackers stole a reported 40 million customer credit-card numbers from Target due to a breach of a third-party HVAC system used by the company, and security company Darktrace said last year that hackers stole a casino’s database of high-roller gamblers via a thermometer in a lobby aquarium.
Often, device manufacturers do not develop their products with security in mind, which increases the need for companies to deploy technology and policies to discover, manage and enforce the use of IoT devices. We think there is a sizable market for such solutions—which is one reason we’re excited to announce our investment today in Ordr*.
Ordr, based in Santa Clara, Calif., has an innovative approach to securing managed and unmanaged IoT devices. Taking a network approach by focusing at the device packet-flow level, Ordr’s technology can take inventory of devices, monitor their behavior and create a device flow snapshot to understand vulnerabilities in a network and provide protection against intruders. By doing so, Ordr allows security teams to write policies for firewalls and to micro-segment devices on networks so they only connect with other devices and networks that they need to. The technology also provides insight into all devices across a network in a single view.
The company is led by experienced network-and-security executives including CEO Greg Murphy, the former CEO of Zenreach who was previously the VP of business operations at Aruba Networks; Chief Product Officer Pandian Gnanaprakasam, previously the chief development officer and VP engineering at Aruba; and Chief Scientist Sheausong Yang, the former chief architect and VP technology at Aruba.
Ordr’s products help security personnel address a top budget priority while supporting the rapid expansion in IoT devices, which are increasingly needed by companies becoming more software-centric in this age of digital transformation. We are excited to partner with the Ordr team to help promote a more connected, but also secure, business environment.