Office1 Blog

Securing the IoT: What You Need to Know

January 24, 2018 | by Curtis Buhrkuhl

The typical trajectory for new technologies goes something like this:

  1. Initial developers make it just accessible enough for other techies to play with it.
  2. Development proceeds to a point where it can be marketed to businesses and consumers.
  3. Hackers figure out how to exploit the technology’s vulnerabilities to steal data or cause other mayhem.
  4. Manufacturers retrofit security measures onto the technology.
  5. Repeat steps 3 and 4.

Few new technologies are designed with security in mind from the ground up. The Internet of Things (IoT) is no exception: In their rush to get cool new devices out the door, manufacturers have cut corners on security, or failed to even consider it. As more IoT devices and applications make their way into the enterprise, this state of affairs will represent a major security risk—and a big headache for IT.

 

Info-graphic | Securing the IoT: What You Need to Know (1/2).png

 

Security and Your IoT Projects

If you are involved in evaluating (or actively executing) a project involving IoT devices, here are some security-related aspects you should consider:

  • Communication protocols: IoT devices are not limited to standard Web protocols (HTTP or HTTPS); there are myriad communication protocols in use by various IoT devices in the market. The more protocols involved in your system design, the more complex and difficult it will be to secure.
  • Device constraints: IoT devices typically feature low power consumption, with limited processing power and data storage. This limits the sophistication of the security measures that can be implemented on the devices.
  • Data capture: An effective security framework will have a way to capture data traffic information—what device communicated at a given time, what communication protocol was used, which entity initiated the communication, and so on. Without this data, and a solid, intuitive reporting tool, it’s extremely difficult to diagnose and fix security issues.
  • Patching: Like traditional servers and workstations, IoT devices will need to be patched and updated from time to time. Many devices will need periodic firmware updates as well. How easily this can be accomplished for a given device should be an important factor in the buying decision.
  • Environment: Don’t forget the other parts of the infrastructure—the servers, operating systems, network, and data storage—that make up an IoT deployment.

Next Steps

IoT devices and applications are expected to proliferate over the next few years, and some of them will come with compelling stories about increased business productivity, reduced costs, and enhanced process monitoring and control. It will be your job as an IT professional to make sure the benefits are not outweighed by the risks. It’s only a matter of time before your business starts making noises about implementing an IoT solution of some kind. Here are some things you can do now to get ahead of the curve:

 

Info-graphic | Securing the IoT: What You Need to Know (2/2).png


  • Establish standards and processes: Don’t wait until a pallet of IoT devices arrives on your loading dock to figure out how to manage them. Use the considerations described above, and others specific to your IT environment, to set up policies, standards, evaluation procedures, and configuration guidelines ahead of time.
  • Guide the business in the right direction: Remind them that total cost of ownership and ROI are not the only metrics for evaluating a solution, especially one based on still-evolving technology such as IoT. Security, scalability, and ease of maintenance are just as important.

Whether you have the resources and skills in-house to manage these systems yourself, or decide to engage a managed security services team to help, being proactive will set you and your business on the path to IoT success.

 

Pitfalls and Solutions eBook | Office 1

 

Categories: Security, Internet of Things

Curtis Buhrkuhl

About Curtis Buhrkuhl

Curtis was born and raised in Americas finest city San Diego and has been with Office1 since 2015. Curtis has been intrigued by computers and tech since he was a kid and it all started by building computers in middle school and now he is currently providing consultation to our clients to organize and build their networks. Helping to bring companies both startups and established businesses into the cloud. By partnering with Amazon Web Services we have been able to successfully introduce them to a new innovative desktop experience.