The Internet of Things (IoT) has been predicted to be the next big installment for the technology landscape. By 2020 there will be over 20 billion devices connected to IoT. The idea of a virtual space that is mapped out by devices connected to the internet and can be managed through a single pane of glass brings a variety of possibilities to the table. IoT would completely revolutionize the way we interact in our daily lives, as well as how we conduct business. Processes could be monitored and managed anytime from anywhere with an internet connection. Manufacturing companies could implement an IoT environment to significantly improve efficiency, reduce bottlenecks and increase profitability. Retail and restaurant chains could implement IoT to significantly improve supply chain management, monitor customer movements and enhance the overall consumer experience. Healthcare facilities could implement IoT to more effectively monitor patients, manage staff and monitor multi-million-dollar pieces of equipment.
The issue that has plagued this technological breakthrough from being adopted into the mainstream is security. Devices that have been placed in an IoT environment have been shown to be attacked within the first minute of being connected. Why are IoT devices so vulnerable to malicious cyber-attacks? The majority of IoT devices do not have the processing power or storage needed to host endpoint security software. Many IoT devices do not have the capability to automatically update their firmware with security protection. This leaves many IoT devices open to malware, DDOS and man-in-the-middle attacks.
If an organization wants to implement IoT into their business processes, how can they address the security vulnerabilities associated with this technology? They would need to partner with leading IoT security OEMs and/or 3rd party service providers to create a comprehensive IoT security strategy. According to Gartner, the IoT security market is segmented into 4 categories:
Embedded trust: These vendors have products that provide a hardware root of trust, which is a requirement to secure functions at the endpoint. Some of these include device firmware, virtualization, operating systems and execution environments. These vendor products provide protection from scalable software-based threats and are useful for protecting against physically invasive attacks. For example, Axran application protection solutions protect keys, data and intellectual property in IoT and embedded software.
Device identity and key/credential management: These are vendors that offer IoT scale-federated device management implementations. Products from these vendors support IoT-specific identity, access and relationship management needs for IoT devices, services, machines, customers and partners, regardless of location and IoT scale. These are frameworks with capabilities to generate, store, manage and deploy high-volume keys and certificates at IoT scale. For example, Gemalto offers cryptographic tools, hardware security modules, remote credential activation and cloud based security to protect IoT environments.
Real-time visibility and control: This category includes vendors that offer security products that can sniff and scan IoT networks and every connected IoT device regardless of wired/wireless technology, radio frequencies used, independent of their location, providing security leaders with visibility into IoT security postures. They can monitor, track, alert, detect and respond to IoT specific threats. Solutions such as ForeScout’s CounterACT provide in-depth visibility using a combination of active and passive monitoring techniques to discover devices the instant they enter the network—without requiring agents. CounterACT classifies and assesses these devices and virtual instances, then continuously monitors them as they come and go from the network.
Professional services: This category includes IoT security product vendors that offer professional services, such as testing, design consulting, risk and security assessments, training, and compliance, in support of sale of their products. These services can also be performed by 3rd party vendors who are certified partners of IoT security OEMs. IoT security OEMs are utilizing their channel partners more in providing a broader range of support to customers with significantly more efficiency.
The promise of what IoT can bring to businesses and consumers has spurred many companies to develop solutions focused around the security vulnerabilities of the technology. While OEMs are working on improving their product and service offerings, IoT leaders, and security and risk management leaders should work with IoT security consultants to:
- Assess integration points in their networks for IoT implementations, and determine gaps in capability and infrastructure.
- Assess risk exposure from IoT-related initiatives, and assess their organization’s security posture.
- Keep a record of all their IoT assets, from sensors to large industrial equipment, and have visibility into their whole IoT networks and topologies.
- Analyze regulatory exposure to IoT security requirements.
- Work on developing in-house IoT security expertise, and familiarize themselves with successful implementations in their verticals (with the help of partnerships or consortia activities).
- Assign enterprise ownership for IoT technologies that are not already claimed by a business unit.
- Join neutral consortia activities to gain access to IoT ecosystems.
This strategy of collaboration will go a long way to mitigate security vulnerabilities for organizations looking to implement an IoT environment.
Share this Post