By 2020, Gartner estimates there will be 20.4 billion connected devices in the global Internet of Things. Augmenting the Internet of Things with sensors and actuators changes the game. The IoT becomes an example of the more general class of cyber-physical systems. This includes smart grids, homes and cities. It also connects virtual power plants and intelligent transportation. The potential of this technology is exciting. But we can’t avoid asking one question. “What happens when these interconnected devices get hacked?”
The scale of security risks in the IoT era is much greater than in the pre-IoT environment, and the “attack surface” is much larger. Therefore, there is a need to protect ALL IoT devices from unknown vulnerabilities. Consider how many of these devices collect and store sensitive user data such as email addresses and credit card numbers. If that isn’t problematic enough, read this nightmarish scenario. Imagine how a coordinated cyberattack could bring New York City to its knees.
It’s critical for any business who wishes to take advantage of IoT technology to have a detailed plan for how to secure these devices and systems. Choosing the right security solutions and/or vendors is an important part of any IoT plan. Here are some guidelines to help you make the right decisions about how to pick the best security systems and vendors for your IoT strategy.
How to Choose an IoT Security Vendor
First, the good news. Consulting services in the IoT security market can help everyone. Companies of all sizes can secure a variety of functions at the endpoint and in the cloud. But, there is also bad news. Most IoT security products from established IT security vendors are still developing. Some even remain in the proof-of-concept stage. That in mind, here is our advice on how to get the best value and fit from potential IoT security vendors.
Lead with Security Assessments
Vendors are hard at work, improving their security product and service offerings. In the meantime, you can still rely on experienced consultants to assess your IoT vulnerabilities. Hiring an outside company is worth it. They can assess integration points in your network for IoT implementations. Also, they can determine gaps in capability and infrastructure. There are other areas they can look into as well. The consultants can assess your risk exposure from IoT-related initiatives. They can also examine your organization’s security posture.
Rely on a Cloud-Based Security Service
The IoT is dependent on cloud-enabled devices. Therefore, you can’t go wrong by working with a proven cloud-based security service. These cloud consultants can help you monitor, detect, and respond to security concerns. It doesn’t matter if they’re related to your IoT deployments or not. They also work for more conventional computing devices. We can safely assume cloud-based services will play an indispensable role in IoT security. This is comforting as contractors figure out how to protect all these new interconnected devices.
Choose IOT Product Vendors with a Hardware Foundation
Finding the right IoT security product vendor is more challenging. You want a vendor that will provide a hardware root of trust. This is essentially a technical foundation to secure a wide variety of functions at the endpoint. Here is something that is also important. Some vendors promise real-time visibility and oversight over every network-connected IoT device. Make sure they can show you an easy-to-understand interface capable of fulfilling that promise. You want to be able to identify a potential breach or problem with minimal delay.
How to Select an IoT Security Solution
When it comes to IoT security systems and technology, cost is not an insignificant factor. When you evaluate possible IoT security solutions alongside your budget, pay attention. Notice how improved visibility and device control will impact your organization’s risk exposure. You most likely want security solutions that come with technical support. The systems that provide this will give you the best possible value. Here are other key considerations:
Cryptographic Key Provisioning and Management for IOT
The first place to start with IoT device management is encryption. You want secure cryptographic key provisioning when you deploy a large number of IoT devices simultaneously. This means having a process for provisioning new IoT devices by downloading software, patches, or other updates regularly to keep up with threats. That in mind, I recommend IoT leaders use a scenario-driven approach in selecting discovery and provisioning solutions, and not attempt to acquire a “one size fits all” product or service at this stage.
Detect IoT Devices in Enterprise Networks
You also need a system to detect IoT devices in your enterprise network when they are part of proprietary or non-IT-standard engineering networks or if they aren’t continuously connected. Use this system to build an effective IoT “asset database” complete with attributes and entitlements for access by those devices. By defining device access credentials in this way, you can better recognize when a device exhibits abnormal behavior suggesting a possible breach or security risk.
Secure Your Endpoints
This is a classic data security best practice, and even more important in the IoT era. You need to protect endpoints across your organization in cases which traditional authentication and cryptography cannot be implemented, whether due to resource constraints or long device life cycles that outlive encryption effectiveness. In high-risk environments or activities, you should also set up anti-tampering functions for your interconnected devices to ensure strong device identity and security. And do not forget to safeguard sensitive data from any humans who interact with interconnected devices!
Hackers Are Ready for the IoT. Are You?
Now that you have some guiding principles to understand IoT, I want to leave you with a sense of what you’re facing in terms of cyberattackers. In the first six months of 2017, IoT attacks increased by a staggering 280% over the previous six months. This means that malicious actors are already hard at work finding vulnerabilities in your interconnected devices and systems. We want you to be ready for them.
Contact our security team. They’re ready to help you be armed and prepared.