Cybersecurity problems are an evergreen topic for security stack vendors and a nightmare for enterprises. IoT security adds another layer of complexity as it involves thousands (sometimes millions) of devices. It’s vital to have a good security strategy prior to deploying new IoT systems.
Why IoT Security Matters?
IoT systems comprise physical electronic devices—usually sensors and gateways—cloud environments, analytics programs, and other back-end tools. News on hackers attacking IoT devices is becoming commonplace. Such attacks add several risks for corporate assets causing significant service and financial impact.
According to a recent report, 10% of US consumer devices are hacked each year. IoT devices are an easy target for hackers due to the unmonitored nature of these devices. Manufacturers of the past didn’t design such devices with cybersecurity in mind. Usage of legacy operating systems and poor device management doesn’t bode well amid the ever-growing
Last year, there was a report of a casino that had their internal network breached through an internet-connected thermometer in an aquarium. The hackers gained access to the network through the thermometer. Once inside the network, they found a database of high roller patrons. The hackers extracted the aforementioned database through the thermometer and into the cloud. This example illustrates how vulnerable these devices are and how enterprises often take a surprisingly nonchalant approach towards IoT security.
How Can Organizations Proactively Handle Security Flaws?
Organizations big and small must take proactive steps to maintain full control of their IoT devices. They should adequately monitor, isolate, and segment them within their own network.
Common proactive techniques include stronger, always-unique passwords and authentication mechanism, access privilege control, and device protection (e.g. device health attestation). Other methods that work well are threat protection, information protection, and better device management.
Advanced technologies, such as endpoint protection platforms, are also emerging onto the scene.
The State of Enterprise Security Policy and Enforcement?
Mature IoT security standards are unavailable today to help organizations reinforce their systems. Standards such as the Online Trust Alliance provide a framework for setting better security policies. In addition, using security guidelines for connectivity protocol standards for secure data (e.g. Bluetooth, WiFi etc.) can also help. Moreover, IoT standards groups such as IoT consortium group also provide some guidance to the rapidly evolving IoT security sub-industry.
However, IoT standardization can neither be one size fits all nor a one-time affair. Well-established enterprise-wide security policies driven by technology and business needs are necessary to overcome the myriad of IoT security shortfalls.
As IoT systems and technologies mature, there’s a silver lining for enterprises. There are murmurings of simpler solutions to secure IoT systems effectively.
A Secure Sphere in an Insecure World
One such example of a positive trend in the IoT security space is the recently launched Microsoft’s Azure Sphere. Sphere includes hardware, an operating system along with a cloud security service. It delivers security, intelligence, and functionality to microcontroller-based (MCU) devices. MCU devices are a critical component in an IoT system. They stand as the heart of billions of smart sensors deployed today.
End-to-end security systems like Azure Sphere can help protect IoT endpoints, the data communication pipeline, and the cloud applications on which they depend. More vendors and solutions providers need to learn from Mircosoft. Better security benefits stakeholders at all levels of the IoT stack. More importantly, better security is vital to the future of IoT because if vast networks of interconnected devices and systems prove insecure, jeopardizing the businesses and users they were meant to aid, then the IoT revolution may hiccup and fall away.