IoT’s Infancy and What It Means for Capital Markets Firms
As the Internet of Things grows in popularity, companies are figuring out what it's advantages are even as they fear its very real security issues.

Like many people using Internet of Things (IoT) devices, I all too often forget that they are vulnerable to cyber threats. In fact, I did not realize how many internet-enabled gadgets I own. As more of these devices enter the workplace, it is worth investigating what firms can do to protect themselves from cyber-attacks.
One basic step companies can take is to set up a separate Wi-Fi network where IoT devices can connect without touching the corporate network—and therefore, its sensitive data. Guest Wi-Fi networks were developed during the bring-your-own-device (BYOD) debate of several years ago. But IoT may still seek out similar devices to “talk” to that may be on the protected network, and, more worryingly, these still provide computing power for attackers.
As I reported in my feature this month, at first blush, controls around IoT seem like an easy extension of BYOD policies, although these also offer an interesting challenge to security professionals, particularly since there is very little in-built protection, according to William Beer, a principal at consultancy EY.
“These devices don’t necessarily have the same level of security built in as some other systems, so it requires a considerable mind shift in the security industry, especially now that they are struggling to support organizations,” Beer says. “They’re struggling to offer services to firms with existing technology and now you’re going to add in IoT, so there needs to be a wakeup call to the industry not to repeat the same mistakes many years ago when internet security was starting out.”
Joshua Satten from Sapient says one of the questions around IoT is its growth, since the technology is still in its infancy. “IoT is emerging as a new technology and that’s where it becomes very difficult for companies,” Satten says. “It’s hard to adapt new technologies and create protections around them if it’s still being developed.”
Satten notes that there are still many issues around privacy and data collection that need to be hashed out as well as determining which appliances really need to be IoT-enabled. What is important from both experts’ perspectives is that businesses shouldn’t repeat the same mistakes from years ago, by believing these new technologies will not be brought into offices until they are fully developed or secure. These devices are already in the workplace, so it’s important to begin awareness programs as soon as possible.
Whether firms like it or not, many of their employees have already brought IoT devices to the office. Many have their own IoT-enabled technologies at home that can communicate with their home laptops, illustrating how pervasive the technology can become. As an example, how many employees have internet-enabled security systems or door cameras that transmit live footage to smartphones?
Likewise, keeping track of just how connected you are is important from a security perspective. If you’re carrying an iPhone, an iPad, a Tile key, a Kindle, a laptop, a smartwatch, a Fitbit, or a handheld videogames console in your bag, that’s at least seven connections to the company network that need to be monitored. Factor in the external connections these create to home IoT devices, and that number expands enormously. It’s these awareness programs, more than anything else, that will really start protecting the company.
Moving Beyond
The challenge for IoT devices with respect to their widespread use by capital markets firms is how they go about moving beyond just helping people learn how to spell or find their missing car keys. “There are two strands within IoT,” says EY’s Beer. “The first is how it can be used by employees, and the second is how banks can potentially use these kinds of technologies to help create innovative services for clients.”
According to Beer, a good business case has to be developed for why IoT devices—particularly personal speakers and personal trackers—should be in the workplace before they are fully vetted. Other devices like personal trackers can provide important health information for employees with serious conditions, but like all IoT devices, they must also be robust enough to protect that personal information and ensure that it isn’t compromised or stolen.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
EU banks want the cloud closer to home amid tariff wars
Fears over US executive orders have prompted new approaches to critical third-party risk management.
Growing pains: Why good data and fortitude are crucial for banks’ tech projects
The IMD Wrap: Max examines recent WatersTechnology deep dives into long-term technology projects at several firms and the role data plays in those efforts.
Waters Wavelength Ep. 317: Bitdefender and Transilvania Quantum
This week, Bitdefender’s Adrian Coleșa and Transilvania Quantum’s Sorin Boloș join to discuss security vulnerabilities in quantum computing.
Investing in the invisible, ING plots a tech renaissance
Voice of the CTO: Less than a year in the job, Daniele Tonella delves into ING’s global data platform, gives his thoughts on the future of Agile development, and talks about the importance of “invisible controls” for tech development.
Evalueserve tames GenAI to boost client’s cyber underwriting
Firm’s insurance client adopts machine learning to interrogate risk posed by hackers
Waters Wavelength Ep. 316: Finbourne Technology’s Toby Glaysher
This week, Toby Glaysher, chairman at Finbourne Technology, joins the podcast to discuss the asset servicing industry.
State Street’s interop play for FX and easing technical debt
Waters Wrap: About six years ago, State Street partnered with Interop.io to tie together its GlobalLINK suite of platforms. Anthony explores how this plays into the “reuse” mantra.
As costs rise, buy-side CIOs urge caution on AI
Conference attendees encouraged asset managers to tread carefully when looking to deploy AI-driven solutions, citing high cost pressures.