SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
2 Apr 2015

How IoT is changing enterprise security

The Internet of Things (IoT) is the linchpin of many future innovations in both wireless and mobile technologies. However, the connected universe brings with it some heavy baggage to enterprises.

There are a multitude of security and privacy challenges to address when considering a foray into IoT, but a good place to start is in defining what your company means by Internet of Things.

Despite all the talk about IoT, there is still quite a bit of confusion around what, exactly, constitutes the Internet of Things. "The first big problem that many enterprises face is having their own definition of what they mean by the Internet of Things," said Gartner analyst Earl Perkins. "So that they can then actually define how they want to approach it from a cyber security perspective." As you plan your IoT deployment, consider the goals you have for introducing it into your business. How you define the IoT for your organization will depend largely on what you want to get done and what tools it will take to make that happen.

However, there are some common threads when it comes to the moving parts of the system. Brian Partridge of 451 Research, said that it usually takes a device, a network, and some sort of cloud service. "At each of those layers, there is a potential for security challenges or issues if they aren't architected right from the beginning," Partridge said. At the base level, IoT is about interconnectivity, which often breeds complexity. According to Ondrej Krehel, founder and principal of cybersecurity firm LIFARS, LLC, that often leads to problems for IT security.

"Complexity – in its nature – it's the biggest enemy of security," Krehel said. In moving towards the Internet of Things, keep in mind that each piece you add to the system is multi-faceted, requiring other pieces to keep it secure and running efficiently. And, all of these pieces for a system designed with one thing in mind – data.

Protecting the data

Data is the lifeblood of IoT. As such, your security implementation for IoT should center around protecting it. Device-level security and application-level security are worth investing in, but the data layer remains the top value proposition.

Regarding the collection and transmission of IoT data, Partridge said there are three main challenges facing security professionals in IT:

  1. Confidentiality challenge – Keep data from people who shouldn't have access to it
  2. Integrity challenge – Ensure that data being generated is passing along a network without being modified, detected, or spoofed in the middle; the integrity of data on the move
  3. Authentication challenge – Making sure the data you're getting is coming from a known source; that it is authentic
     

IoT is still a novel concept to many knowledge workers, and it will be for quite some time. Perkins said employees need to understand that it breaks up the traditional form factors of collecting, processing, storing, and distributing data. Because of that, many traditional forms of IT security will not be effective in IoT.

Perkins also mentioned that we need to be aware of the sheer volume of data that will be collected by connected devices and management systems. "With the Internet of Things now, the whole concept of big data just got bigger," Perkins said. "Because, now, you're going to be literally flooding networks with information, with data, that wasn't on those networks before."

Guarding the gateways

Consider the terms "data" and "database." If you're like me, that doesn't invoke the image of something in constant motion. Most IT folks know better, but a database is often equated with a bank, and protecting money in a bank is different than protecting it while it's moving in an armored car.

The reality is that data is constantly moving, and the pathways along which it moves are drastically altered by the Internet of Things. This is where the interconnectivity really comes into play in IoT security. In a deployment of connected things, there are contact points where data is exchanged among the various pieces of the network. It is at those checkpoints that Krehel believes you should focus.

"There are various checkpoints where you need to scrutinize that connectivity," Krehel said. "It's not, now, just about the device that's connected securely, it's about that interaction. Interaction is the key here." Typical IoT devices don't have much processing capacity to be able to handle, perhaps, security code, Perkins said. When you're talking about IoT, Partridge said, you're talking about chips that fit in the dimple of a golf ball.

So, the discussion has to altered to find the correct way to protect these devices and the data they create and transmit. One example is a gateway, also called a proxy or broker, to manage data security on behalf of many types of devices. These are a part of the checkpoints earlier referred to by Krehel.

The reason it is absolutely necessary to protect these checkpoints and gateways is because they will become the prime targets for cyber crime in the enterprise. "You can be sure that people who want to hack into the systems, or cause problems, they're going to go after network gateways, network points where these different types of Internet of Things networks feed data or receive commands," Perkins said.

Understanding the opportunities

Partridge is often asked if IoT should be avoided due to the security challenges it presents, and his answer is no. There are plenty of options to help you navigate the process and they are growing. The focus is shifting from security implemented alone on devices and software to security of interaction and flow. According to Krehel, security is becoming a matter of both technology and services.

The opportunity is presenting itself for security providers to step in and offer security as a service for those checkpoints, for those interactions, so the company can continue to focus on gleaning data. You might not be able to do it on your own, designing the full set of protocols and integrations, Krehel said. It's becoming more acceptable to forgo designing the process wholistically, instead relying on a third-party to provide some of the security for you.

"The companies that come in and audit, and consult, and build a plan of attack for how to mitigate security risk in these new environments – big checks are going to written for that," Partridge said. Another opportunity presented by IoT, according to Perkins, is understanding The Internet of Things as a revolution in security in and of itself. We can begin to apply security technology and security capability with the connected things.

A consumer example would be your connected home telling you if someone broke in, or there is a carbon monoxide leak. Or a retailer could use it to track stolen goods with internet-connected security tags. Ultimately, the Internet of Things presents new technological opportunities across the board. And, if properly implemented, could present a host of new opportunities for your business as well.

Tags:
trends data protection
Source:
ZDNet
1972
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015