Cyber Security

Managing Cyber Security Risks: The Internet of Things (IoT)

Leading technology analysts predict the Internet of Things (IoT)  as the next big installment for the technology landscape.  To put into perspective, over 20 billion devices will connect to IoT.  These devices could be managed through a single pane of glass brings a variety of possibilities to the table.  IoT would completely revolutionize the way we interact in our daily lives, as well as how we conduct business.  Processes could also be monitored and managed anytime from anywhere with an internet connection. For instance, manufacturing, retail and healthcare companies could implement this technology to significantly improve efficiency, reduce bottlenecks and increase profitability.

Security concerns slow the adoption of IoT in vertical markets like healthcare, retail, financial and government.  Devices placed in an IoT environment experience malicious attack within the first minute of being connected.   The majority of devices do not have the processing power or storage needed to host endpoint security software.  In addition, many devices do not have the capability to automatically update their firmware with security protection.  This also leaves many devices open to malware, DDOS and man-in-the-middle attacks.

How would organizations address the security vulnerabilities associated with this technology?  They would need to partner with leading security OEMs and/or 3rd party service providers to create a comprehensive IoT security strategy. According to Gartner, four categories segment the market:

IoT Market Segments

Cyber Security

IoT security has become a hot topic for businesses and consumers.

Embedded trust: These vendors have products that provide a hardware root of trust. Some of these include device firmware, virtualization, operating systems and execution environments. In addition, these vendor products provide protection from software-based threats and are useful for protecting against physically invasive attacks.  For example, Axran application protection solutions protect keys, data and intellectual property in IoT and embedded software.

Device identity and key/credential management: Vendors offering IoT scale-federated device management implementations make up this segment. To elaborate, products from these vendors support IoT-specific identity, access and relationship management needs for devices, services, machines, customers and partners. These are frameworks with capabilities to generate, store, manage and deploy high-volume keys and certificates at IoT scale.  For example, Gemalto offers cryptographic tools, hardware security modules, remote credential activation and cloud based security.

Real-time visibility and control: This category includes vendors that offer security products that can sniff and scan IoT networks and every connected device.  They can also monitor, track, alert, detect and respond to specific threats.  Solutions such as ForeScout’s CounterACT provide in-depth visibility using a combination of active and passive monitoring techniques to discover devices the instant they enter the network—without requiring agents.  In addition, CounterACT classifies and assesses these devices and virtual instances, then continuously monitors them as they come and go from the network.

Professional services: This category includes IoT security product vendors that offer professional services.  For instance, security organizations would utilize their channel partners more in providing a broader range of support to customers with significantly more efficiency.


Cyber Security

Cyber security tools are continuing to evolve, addressing security vulnerabilities in IoT devices.

In conclusion, the promise of what IoT can bring to businesses and consumers has spurred many companies to develop solutions focused around security vulnerabilities.  Technology leaders, and security and risk management leaders should work with security consultants to:

  • Assess integration points in their networks for IoT implementations, and determine gaps in capability and infrastructure.
  • Assess risk exposure from IoT-related initiatives, and assess their organization’s security posture.
  • Keep a record of all their assets, from sensors to large industrial equipment, and have visibility into their whole IT networks and topologies.
  • Analyze regulatory exposure to security requirements.
  • Work on developing in-house security expertise, and familiarize themselves with successful implementations in their verticals (with the help of partnerships or consortia activities).
  • Assign enterprise ownership for technologies not already claimed by a business unit.
  • Join neutral consortia activities to gain access to IoT ecosystems.

This strategy of collaboration will go a long way to mitigate security vulnerabilities for organizations looking to implement an IoT environment.


Share this Post