Security for Internet of Things
All the forecasts are clear: the IoT market is growing fast. But one thing is far less clear.If the mobile wave extended the internet into people’s everyday lives, the IoT extends it into the physical world around us.
So how best to secure IoT?
1. Take a lifecycle approach
Risk assessments are required right at the outset so you can see the security controls needed into the future. Being able to flex controls as business requirements change also means committing to continual risk management. As a result, IoT will require investment in the security measures to protect the devices and data. Perhaps the first step is to ask yourself whether you actually need IoT devices. If you do, and conclude that investment based on the security risks are justified, then what is your best approach? Would you choose patch upgrades for life or spend on reissues when the in-built security becomes obsolete?
2. Profile your devices
Being clear on the type of IoT devices you manage can help you manage your risks and your costs.
- ‘Household devices’ —These simply send and/or receive data related to a dedicated activity and may be simple or cheap to replace.
- ‘Industrial devices’ —These are relied on to manage remote sites more efficiently and are often linked to central controls. Because they are responsible for multiple data sources or sensitive information the level of security may need to be higher.
- ‘Smart city connections’—These form a nebula of hard IoT (e.g. traffic controls), autonomous devices that enter and leave the city boundary (e.g. connected cars), and utility plant. As such,organizations must decide what role their devices play and choose appropriate security controls.
3. Look at your interconnections
Bottom line, how do you secure the ways IoT devices connect to your enterprise?
- Are measures in place to secure the comms from each device to the center?
- Do devices rely on insecure connections over unprotected networks and are you paying to monitor these?
- What about the security of the web apps and cloud connections each device relies upon?
- What does the software do and does it have a more important role elsewhere?
What does this mean for your organization?
Considering IoT in context is important. It is one of the new areas of IT in which the perimeters can continually change—just as when a connected car passes through a smart city. So security must be flexible enough to respond.
Most importantly, IoT is fast becoming essential to business operations. As such it has become part of the overall IT infrastructure. So it needs to be treated as such. Security is a good place to start.