The growth of the Internet and increase in adoption of devices has brought a new set of security challenges for enterprises - IoT security. As a decision maker, here are a few things you need to know about IoT security in the enterprise.
What Does IoT Security Mean for the Enterprise?
Although there's a lot of talk about IoT these days, honestly, there is still a lack of clarity on what exactly constitutes the Internet of Things. More importantly, what does it mean for the enterprise?
"The first big problem that many companies face is having their own definition of what they mean by the Internet of Things," said Gartner analyst Earl Perkins. "So that they can then actually define how they want to approach it from a cyber security perspective."
As you deploy IoT in your business, keep in mind what goals it will fulfill. How you define the IoT for your organization will depend largely on what you want to get done and what tools it will take to make that happen.
According to a study by Verizon, organizations across sectors are harnessing IoT technologies to increase revenues, improve operational efficiencies and find new ways to do things.
Understand your need for deployment and goal that will be fulfilled. This is almost half the work done.
Data is the life of most things today, and definitely so for IoT. As such, your security implementation for IoT should center around protecting it. Both device layer and application-layer security are essential keeping in mind the way data is handled.
Brian Partridge of 451 Research believes there are three main challenges facing security professionals in IT:
- Confidentiality challenge - Keep data from people who shouldn't have access to it
- Integrity challenge - Ensure that data being generated is passing along a network without being modified, detected, or spoofed in the middle; the integrity of data on the move
- Authentication challenge - Making sure the data you're getting is coming from a known source; that it is authentic
Deployment and implementation is one thing, but a clear understanding of specific threats that you face is something more important. Understand your organization's risk surface and risk exposure. Once you have that create a plan for compromises and have an action plan of what to do when that happens.
Is That Thermostat a Cause of Worry?
Honestly, there is no simple answer to this. It actually depends on what this means for your business. One thing is for sure that these devices are now being used as attack vectors because they are easy to breach. The Target breach happened through a point-of-sale terminal. A thermostat on your network can be an easy entry-point. Since this is attached to your IT infrastructure, you can imagine how serious this might get.
Haven't People Already Learned About Security Issues From Other Industries Too?
Well, most of the learning is from the computer industry, and yes, people have learned a lot from past mistakes. The problem is always going to be those low-cost, low-quality devices. It is those devices that will kill us, and there is little you can do to stop your employees from using them at work.
Simple numbers - a $1000 computer will have a good support team but will that be true for a 50 cent thermostat? I don't think so.
So, Now What?
Be aware and keep your eyes and ears open. Take security more seriously. The problem is a hard one, but we will solve this together. This is not what will kill us, but there are many things we have to work on together so that this problem can be fixed. Ultimately, you have to agree that the Internet of Things presents new technological opportunities across various dimensions. If properly implemented, it could offer a host of new possibilities for your business as well.