Menu

IoT FEATURE NEWS

Is it Possible to Secure IoT?

By

The sheer scale of IoT, and the speed with which it has achieved this scale, boggles the mind. It touches almost every aspect of personal and business life. Experts forecast that there will be more than 33 billion IoT devices deployed by 2020 – just three years from now. That’s 4.3 internet-connected devices for every person on the planet.

Of course, IoT is not one easily defined category. There are a variety of IoT devices and categories, each with its own implications.

  • Consumer IoT includes the connected devices we are most familiar with, such as smart cars, phones, watches, laptops, connected appliances and entertainment systems.
  • Commercial IoT includes things like inventory controls, device trackers and connected medical devices.
  • Industrial IoT covers such things as connected electric meters, waste water systems, flow gauges, pipeline monitors, manufacturing robots and other types of connected industrial devices and systems.

Given the scope and variety of these connected devices in industries that touch every corner of our lives, the implications for networks, and especially security, are huge.

The Threat Landscape Expands
Increasingly, IoT devices are being woven into local, national and global networks—including critical infrastructures—creating hyper-connected environments of transportation, water, energy, communications and emergency systems. Healthcare agencies, refineries, agriculture, manufacturing, government agencies and even smart buildings and cities all use IoT devices to automatically track, monitor, coordinate and respond to events.

While automating decisions and processes at machine speeds can generate revenue, improve our quality of life, make us more productive and even save lives, it also introduces new risks and expands the threat landscape.

1. Some of the data passing from, to or among connected devices contains personal information that can be exploited, including locations, names and addresses, ordering and billing information, credit card and bank information, medical records or government-issued ID numbers.

2. When compromised IoT devices are connected to IT networks, they can become a conduit for breaches or the injection of malware.

3. Compromised industrial and commercial IoT devices can be used to make changes on the manufacturing floor. Operations technology, SCADA and industrial control systems actually control physical systems, not just the bits and bytes of traditional IT networks, and even the slightest tampering can sometimes have far-reaching— and potentially devastating—effects.

4. Increasingly, IoT technology is also being integrated into the nation’s critical infrastructure. Transportation systems, chemical refineries, wastewater systems, energy grids, culinary water and communications systems all use IoT devices. The cascading effect of a serious compromise can be potentially catastrophic.

IoT Security Lags
The challenge is that many IoT devices were never designed with security in mind. IoT security challenges include weak authentication and authorization protocols, insecure software, firmware with hard-coded back doors, poorly designed connectivity and communications, and little to no configurability. And most IoT devices are “headless,” with limited power and processing capabilities. This not only means they can’t have security clients installed on them but also that most can’t even be patched or updated.

The risk is real. Just last fall, compromised IoT devices were gathered into a massive botnet, causing the largest denial of service outage in history. Unfortunately, the general response by the security industry has been woefully inadequate. Yes, the expo floor at this year’s RSA Conference was filled with vendors promoting devices and tools to soothe the IoT worries of organizations. The problem is that the network teams that need to test, deploy, manage and monitor these devices are already overwhelmed.

Dozens of isolated devices with separate management interfaces have placed a strain on limited IT resources. Large enterprises already need to manage an average of 30 security consoles, connected to hundreds of security devices that usually operate in isolation. This makes gathering threat intelligence a cumbersome and time-consuming task, often requiring the hand correlation of telemetry data in order to identify malware or compromised systems.

And now, specialized security tools being created and promoted for IoT are going to expand the number of deployed hardware-based and virtual security devices even further.

Rethinking Your Security Strategy
The reality is that IoT cannot be treated and secured as an isolated, independent network. It interacts across your existing extended network, including endpoint devices, cloud, traditional and virtual IT, and OT. Isolated IoT security strategies simply increase overhead and reduce broad visibility. Instead, security teams need to be able to tie together and cross-correlate what is happening across their IT, OT, IoT and cloud networks. Such an approach enables visibility across this entire ecosystem of networks, allowing the network to automatically collect and correlate threat intelligence and orchestrate real-time responses to detected threats.

This requires a rethinking of security strategy. A distributed and integrated security architecture needs to cover the entire networked ecosystem, expand and ensure resilience, secure compute resources and workloads, and provide routing and WAN optimization.

New solutions have been developed that solve the challenge of security sprawl by integrating your security infrastructure together into a single, holistic framework. This allows you to effectively monitor legitimate traffic, including IoT devices, check authentication and credentialing, and impose access management across your distributed environment through an integrated, synchronized and automated security architecture managed through a single pane of glass.

A Safer Digital Horizon
IoT has worked its way into every facet of life – and so quickly that manufacturers usually didn’t stop to think about building security into their products. Organizations are re-architecting their security measures with a more comprehensive approach that enables connectivity while ensuring safety. They are using advanced security solutions designed to help defend against the continually evolving threat landscape that threatens the success of their digital business and the emerging digital economy.

About the author: John Maddison has more than 20 years of experience in the telecommunications, IT Infrastructure and security industries. Previously, he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that, John was senior director of product management at Lucent Technologies.




Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]


SHARE THIS ARTICLE
Related Articles

Rising Edge Computing Investments to Reach $350B by 2027, According to IDC

By: Alex Passett    3/27/2024

Worldwide spending on edge computing is expected to surge (and then keep going) for the foreseeable future, according to the International Data Corpor…

Read More

ZEDEDA Adds Lisa Edwards as New Board Member, Seeks Opportunities to Strengthen Operations and Scale

By: Alex Passett    3/26/2024

Earlier this morning, ZEDEDA announced the addition of Lisa Edwards to its board of directors.

Read More

An Existing IoT Collab, Emboldened: Digi International and Telit Cinterion Transform Solutions with 5G RedCap Integration

By: Alex Passett    3/25/2024

The ongoing industry collaboration between Digi International and Telit Cinterion signals strong support for the mainstream showcasing of 5G for IoT a…

Read More

Telit Cinterion's 5G LGA Modules, Powered by Snapdragon from Qualcomm, to Create a Big Leap in IoT Connectivity

By: Alex Passett    3/25/2024

Telit Cinterion recently unveiled its FE990B34/40 LGA family of modules, powered by the Snapdragon X72 5G Modem-RF System from Qualcomm Technologies, …

Read More

Embracing Innovation in Mining: The Role of Network-Aware Applications in the Digital Transformation

By: Special Guest    3/21/2024

Shabodi leverages private 5G network capabilities and enables the development of network-aware applications to enhance operational efficiency, automat…

Read More