Introduction and new innovations
Businesses are increasingly adopting connected technologies such as wearables and office sensors to streamline operations and boost productivity, and as a result, the Internet of Things (IoT) industry is on the up.
By 2020, there'll be more than 50 billion internet-connected objects in use, and the industry will be turning over trillions in profit annually, according to Cisco. At the same time, these devices will be generating large amounts of data. Clearly, the industry is entering a golden age.
But while there's major potential here, there are fears that cybercriminals are eyeing up IoT as a lucrative opportunity. As a result, Gartner says security spending will reach $348 million (around £260 million, AU$455 million) by the end of 2016, an increase of 23.7% on the previous year.
However, not every firm has the resources to invest in expensive security products and services. SMEs simply don't have the money, although that's not to say they have to suffer. We asked some of the industry's leading professionals for the best IoT security solutions and advice, and here's what they advised.
1. Investigate new innovation like AI
Artificial intelligence is an exciting area of tech itself, and many experts believe that its problem-solving capabilities can help businesses. Carl Herberger, vice president of security solutions at Radware, is one of those people. He encourages firms to look into the potential of AI.
"With any major development – IoT, M2M, AI – there are always going to be inherent security risks. If you think about the wider security landscape, attacks have become automated. We see more bots carry out attacks today than ever before," Herberger says.
He continues: "We really are in a state of machine cyber-warfare. But AI is also a route to manage the risks because of the speed at which it can learn to identify risk and respond. Humans are needed to oversee the infrastructure that uses AI for security and will be needed for the foreseeable future to work through problem escalations and unintended consequences, as well as inform the security strategy such as identifying the best technology to employ.
"However, we can see a time when even some of these controls are replaced by more automated processes."
2. Focus on improved device management
Ian Hughes, analyst of Internet of Things at 451 Research, says that multiple and varied endpoints are creating unlimited access for cybercriminals. Because of this, businesses need to stay protected by managing their devices effectively. He spoke to us about some of the latest security innovations on this front.
"A large number of varied endpoints provide an increased attack surface so rigorous device management is needed," Hughes says. "Emerging technologies such as blockchain are being implemented to assure the provenance of components. Communication protocols are emerging that provide no patterns for data inference. Machine learning is being put in place to find network anomalies along with traditional firewalls.
"Any products becoming IoT enabled require skilled security professionals to be part of the initial design – when they are not we get hackable system weak points such as we have seen with baby monitors and in automotive. Cloud providers have tight security but if the devices and interfaces bolted on in IoT rollouts are weak, then the whole system is compromised. Operational staff need additional training; social engineering is still a key tool for hackers."
Data encryption and hiring a CIO
3. Implement data encryption
Sukamal Banerjee, EVP of engineering and R&D services at HCL Technologies, says that as threats are growing, companies need to implement security solutions as soon as possible. He says they should focus on areas of IoT security such as data encryption and privacy protection.
"Most wireless communications and protocols in IoT are open, and the limited resources for securing sensors and smaller devices with strong algorithms for data encryption and transmission leaves them prone to attack," he observed.
"As such, a carefully considered approach to IoT security will be required. According to a recent report, 70% of internet devices used unencrypted network services. Sensitive data should be encrypted before usage with secure cryptographic keys, rendering it useless to anyone who breaches the network.
"Data privacy is the elephant in the room when it comes to IoT. People are rightly concerned about their privacy being invaded by machines and devices collecting data on their actions and movements. It will be critical to ensure these concerns don't stifle innovation. One of the best approaches would be to de-identify any data that is captured to remove any unnecessary PII (personally identifiable information) linking it to individuals in order to safeguard their privacy."
4. Manage device access
At the same time, companies should also manage who has access to their IoT operations, because data can easily end up in the wrong hands. Banerjee says: "Since IoT devices and sensors are often programmed over the air, they are more susceptible to being remotely hacked. As such, organisations will need to have a robust identification mechanism built-in, using digital signatures to ensure that only authentic commands and code being received by IoT devices and sensors are authorised."
5. Hire a CIO
However big your firm is, the threats are going to be widespread, and IoT will always be a relatively complex area. Michael Segal, director of marketing at network performance firm NetScout, says companies should think about hiring a chief information officer (CIO) to manage all IT and data-oriented operations.
"IoT-led enterprises need to be aware that every system upgrade, new connection or new third-party application added to existing IT infrastructure increases service delivery complexity, infrastructure scale, and adds to corporate risk," Segal says.
"Combined, these changes could have serious implications to the successful running of the business. It's down to the CIO, therefore, to manage the transition, maintain a sense of order, and lay the foundations for the future. The CIO will deal with new pressures placed upon them and will find themselves pulled in all sorts of directions."
6. Give equal attention to all security areas
Stuart Reed, senior director at NTT Security, says businesses need to give IoT the same level of security attention as other areas. "From a security perspective, IoT must be managed in line with an organisation's overall security strategy," he says.
"A robust and scalable security architecture is required, combined with the correct processes and user education. Plus, policies around collecting, storing and accessing sensitive data will need to be carefully considered and integrated with an organisation's security processes and compliance standards.
"This will lead to the 'visibility of things' – i.e. the need for organisations to monitor the devices themselves and also the way they are being used, and by whom. While IoT can offer business value, the risks must be balanced against the benefits."
- Also check out: Why the Internet of Things could fail
http://ift.tt/2cjuWcZ
No comments:
Post a Comment