Embeddedadvisor
US
APAC
EUROPE
  • Home
  • Insights
  • Whitepaper
  • Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Go to...
  • Home
  • Insights
  • Whitepaper
  • Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
  • Categories

  • IP Design
  • Telecom
  • Wearables and Sensor
  • Consumer Electronics
  • IoT
  • More
      • Industrial Computing
Go to...
  • Categories

  • IP Design
  • Telecom
  • Wearables/Sensor
  • Consumer Electronics
  • IoT
  • Industrial Computing
×
#

Embedded Advisor Weekly Brief

Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Embedded Advisor

Subscribe

loading

THANK YOU FOR SUBSCRIBING

  • Home
  • Insights
  • IP Design
Editor's Pick(1 - 4 of 8)
left
Safeguarding Most Important Wealth - Intellectual Property

Richard Caron, CIO & VP of Business Process Management, Isola Group

Only IPv6 has the backbone to carry the IoT

Richard Jimmerson, CIO, ARIN

Leveraging Operational Excellence through IoT in Aerospace

David Jarvis, VP/CIO, Honeywell Aerospace

Artificial Intelligence in Our Innovations

Joseph S. Codispoti, Chief Intellectual Property Counsel, BEDGEAR

5 Misconceptions Executives and Engineers Have about Patents

Steven G. Saunders, Co-Chair Intellectual Property Department/ Patent Attorney, Nutter

Blockchain: When Reality Meets Utopia

Nathaniel Karp, Chief Economist, BBVA Compass

How Autonomous Vehicles Perceive and Navigate their Surroundings

Anand Gopalan, CTO, Velodyne LiDAR, Inc.

Industrial IoT - Automating EnterpriseWorkflows: Adoption and Growth Patterns

Yogi Sikri, Enterprise Mobility, Workplace and IoT Leader, DXC Technology

right

Some Simple Steps You can Take to Keep Devices Secure

By Aaron Gette, CIO, The Bay Club Company

Tweet

Aaron Gette, CIO, The Bay Club CompanyAaron Gette, CIO, The Bay Club Company

Many enterprises consider IoT strategic to their future, but most still take a disjointed approach to IoT security. The state of adoption varies widely among industries with manufacturing companies investing the most in IoT, while retail and financial services are pushing the boundaries. While governments, healthcare, and utilities are moving much slower, due in part to these new systems complying with regulations, especially in healthcare. Despite the marketing dollars promoting smart cities with fully integrated IoT systems, most governments have deployed point solutions.

The biggest challenges in deploying IoT revolve around security and privacy. This disjointed approach to security however, may be due to a lack of expertise and skillset. No single approach has won out, but finding people with the right skills is another mechanism that makes IoT security a challenge. That’s a serious issue, particularly in terms of crunching all the data that flows in from IoT systems. Most enterprises have yet to take advantage of edge computing, which may be one of the most important parts of IoT.

Most companies that have deployed IoT devices are using them to collect data and send it to the cloud or a data center for processing. Which may not be the best use case, deep analysis of archived data sets can provide insights, but real-time monitoring enables IoT systems to make corrective action due to failures or dangerous circumstances. This requires compute power at the edge in IoT devices. There is a direct correlation between the speed at which you can process the data and its value to the organization. Handling analysis at the edge also reduces the network bandwidth needs to move data to the cloud.

"While self-updating devices might seem great to a facilities manager, they can open the door to two-way communications that will bypass all network security monitoring controls"

IoT devices at the edge mean potentially dealing with hackers connecting to them and managing the security exposure that brings. This presents a large and somewhat easy target as we saw with the recent DDOS attack exploiting consumer IoT devices that had default passwords in place. Gartner estimates that there are over 6 billion connected things in use, that’s a lot of possible portals for potential hackers. A large issue with these devices is that they’re not always built with security in mind, which is why they can be the back door to a system that’s otherwise guarded.

There are some simple steps you can take to keep devices secure, updating firmware on systems is crucial along with a policy for strong passwords that are cycled often. If you’re going to be connecting a large number of devices, creating a separate network for those devices that customers and employees don’t access is a must. Using some secure network practices can prevent the newly connected things from compromising other assets, so it won’t exploit other devices and grab passwords or sensitive information. Take the time to completely understand the information you’re willing to share, inventory the devices that are available to the public. If your exposure threshold is met, then it’s likely something you don’t want connected to the Internets.

IT leaders are in a tough spot when it comes to all of these connected devices. Customer experience is invaluable, so the sky is falling mentality because customer syncs a Fitbit through an edge device is not a reason to panic. IT leaders have to balance the potential risks without being over bearing, finding the right balance will be critical going forward, especially since the possible exposure is massive. There is no question that most IoT devices need better security. These threats are real and have to be addressed with organizational changes as well as policy changes.

IoT devices pose a huge security threat, as a recent DDoS attacks made very clear. However, most enterprises that are leveraging IoT have yet to realize that changes are needed. Not just IT security, but organizational changes driven by the executive team are key. Enterprise’s making only structural changes to the business can do little to help defend against the scenarios where many of these devices are being purchased and approved without the knowledge of IT or the CISO’s team. Examples include door locks and light bulbs bought by Facilities, or beacons installed by Operations or Marketing. There are reports of penetration testing of networks, where a hacker can exploit weaknesses prior to an attack that inadvertently opened the IoT locks of doors of a building, IoT light bulbs made to flicker, and HVAC systems heating or cooling that cause other support systems to fail.

The attack vector opened by devices that have historically never needed IT approvals requires organizational change that includes a culture that empowers all employees to think differently about their security exposure. Requiring that IT or those CISOs approve all of them is unrealistic and untenable. One enormous issue with IoT devices is that the internal communications capabilities ostensibly call home to get firmware updates. While self-updating devices might seem great to a facilities manager, they can open the door to two-way communications that will bypass all network security monitoring controls. There are other monitoring tools that can track all independent wireless signals, but with most organizations inundated with smartphones, tablets, wearables, and wireless laptops, that may not be a realistic defense strategy.

There is also the issue involving oversight when moving from standard devices to IoT devices that often means a higher price tag. While that will almost certainly drive more scrutiny, it’s oversight from the perspective of cost and not security. A business manager won’t be thinking security when dealing with seemingly innocuous items, and that is one of most important culture things that have to change. Executives can be trained to recognize if the device has its exploits, like Bluetooth or cellular capabilities outside standard Wi-Fi. Similar to the way that organizations were required to change their security thinking when printers and scanners needed their own IP addresses, they need to change purchasing and oversight procedures to deal with IoT.

CIOs and CISOs cannot do this on their own and many executives will struggle with this kind of change unless it comes from the CEO, or the CFO who controls the approval on all purchases.

Changing approval processes and adding training can be a tough recommendation to make and uphold. The damage to your business and exposure of your customer’s data by your HVAC, door locks, and light bulbs will be much more costly.

tag

inventory

Read Also

5 Misconceptions Executives and Engineers Have about Patents

5 Misconceptions Executives and Engineers Have about Patents

Steven G. Saunders, Co-Chair Intellectual Property Department/ Patent Attorney, Nutter
Blockchain: When Reality Meets Utopia

Blockchain: When Reality Meets Utopia

Nathaniel Karp, Chief Economist, BBVA Compass
How Autonomous Vehicles Perceive and Navigate their Surroundings

How Autonomous Vehicles Perceive and Navigate their Surroundings

Anand Gopalan, CTO, Velodyne LiDAR, Inc.
Industrial IoT - Automating EnterpriseWorkflows: Adoption and Growth Patterns

Industrial IoT - Automating EnterpriseWorkflows: Adoption and Growth Patterns

Yogi Sikri, Enterprise Mobility, Workplace and IoT Leader, DXC Technology

Weekly Brief

loading
Top 10 IP Design Service Companies - 2020
Top 10 IP Design and Solution Companies - 2020

IP Design Special

Featured Vendors

  • The Western Design Center: Guiding The Past, Present And Future Of Microprocessor Technology
    The Western Design Center: Guiding The Past, Present And Future Of Microprocessor Technology
  • LN2: Novel Phy Decoding Engines for Improved IOT Connectivity
    LN2: Novel Phy Decoding Engines for Improved IOT Connectivity
  • Fractal Technologies: One-Stop-Shop for IP Design Validation
    Fractal Technologies: One-Stop-Shop for IP Design Validation
  • Brass Roots Technologies: Specialist IP Core-Powered Solutions
    Brass Roots Technologies: Specialist IP Core-Powered Solutions

I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

Copyright © 2021 Embedded Advisor. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy.
follow on linkedin follow on twitter
This content is copyright protected

However, if you would like to share the information in this article, you may use the link below:

ip-design.embeddedadvisor.com/cioviewpoints/some-simple-steps-you-can-take-to-keep-devices-secure-nid-40.html?utm_source=google&utm_campaign=embeddedadvisor_topslider