Top three tips for safeguarding your network when deploying IoT
Mon 18 Mar 2019 | Ken Hosac
Ken Hosac, VP of IoT strategy and business development at Cradlepoint, identifies some of the most effective ways to capitalise on IoT’s benefits while mitigating the security risks
Love it or loathe it, the Internet of things (IoT) is here to stay. Gartner’s latest predictions suggest the number of IoT devices will hit 14.2 billion globally in 2019, rising to an incredible 25 billion in 2021.
While there’s no doubting the benefits IoT can bring to many aspects of our lives, some well-documented security flaws continue to cause problems, creating significant security vulnerabilities for organisations deploying IoT without proper network management.
From novelty to necessity
Just a few years ago, IoT felt like a novelty to many people. The idea of a fridge that can tell you when you’re running low on milk is a nice idea, but how many of us actually need technology to assist us with that kind of thing? However, as applications have become more useful over time, IoT has transformed into the foundation for some truly life-changing innovations. Just a few examples of how it shapes the way we live and work today include:
Smart cities: The smart city concept has been around for a while, but advances in IoT technology have seen it become a reality in recent years. UK cities such as Bristol, London and Manchester are now publicly committed to numerous smart city initiatives that will make them safer and more efficient. A great example of this is Bristol’s use of 1,500 connected lamp posts to create a mesh Wi-Fi network across the entire city centre, dubbed ‘a canopy of connectivity’.
Emergency response: Another key area where IoT is having a major impact is in emergency response. Computer Aided Dispatch (CAD) and Electronic Patient Care Reporting (ePCR) are lifesaving innovations built on IoT technology. Elsewhere, connected dashboard cameras can be used to enable remote incident collaboration between teams in the field and experts back at base.
Deliveries and asset tracking: Anyone that’s ever ordered goods online knows how frustrating it can be to miss the delivery driver. Thankfully, IoT is revolutionising transport and logistics. Businesses can use trackers in all courier vehicles that not only allow them to plan the most efficient delivery routes for drivers, but also provide customers with real-time updates on their parcels, ensuring deliveries are never missed again.
Security remains the number one challenge for IoT
IoT’s explosive popularity in recent years has also created its biggest weakness. In a bid to surf the IoT wave, many vendors have rushed all sorts of new devices to market, often giving little or no thought to security. Newly connected devices often have default passwords, open hardware and software ports, no support for encryption and no way to update their firmware.
This leaves huge numbers of IoT devices extremely vulnerable to hackers, who can either harness them to launch large scale botnet attacks, such as the 2016 Mirai attack, or use them as the access point to pivot onto a wider business network, where sensitive information is stored.
Fortunately, there are numerous ways that organisations can enjoy the benefits IoT has to offer, while mitigating most of these dangerous network security risks they pose. Below are three of the best ways to do this:
Utilise a software-defined perimeter
While the internet itself was built on a “connect first, authenticate second” framework, when it comes to improving IoT network security, it’s far more prudent to approach it the other way around.
For example, more and more organisations are adding software-defined perimeters (SDP) that hide connections from the public internet. A client is then used to verify the identity of an IoT device (pre-authentication) and user identity (pre-authorisation) first, before granting access to any application layer. The Cloud Security Alliance has found that adopting a SDP model is one of the most effective ways to stop nearly all network attacks, including DDoS, man-in-the-middle and advanced persistent threats.
Deploy parallel networks
Another effective way to mitigate the threat posed by attacks via compromised IoT devices is to use 4G-LTE routers that create physically separate networks for specific applications. These are “air-gapped” from the secure enterprise network.
Instead of directing this network through the company’s data centre, they are instead directing parallel networks to public or private clouds – limiting access to valuable information. If hackers gained access to one of the parallel networks via a compromised device, they would be contained there, significantly limiting the amount of damage they could potentially do.
Encourage close collaboration between key departments and stakeholders
Finally, when it comes to strong IoT security, knowledge silos can be fatal. IT and security departments should make it their mission to collaborate as closely as possible with other key departments such as operations, as well as external partners and vendors with knowledge of new/dangerous hacking techniques and defensive tools.
All too often, IT managers try to go it alone, building and managing complex IoT security systems using only in-house resources. While this may work on a small scale, as organisations get bigger it quickly becomes an impossible task.
The road ahead
The security threats posed by the IoT won’t disappear anytime soon.
Thankfully, IoT device vendors are becoming a lot more responsible in their security practices, but with billions of vulnerable devices already out there and no way to update them, it will be many years before they are all eventually replaced by more secure alternatives.
Until such time, organisations looking to capitalise on the power of IoT must understand the risks they are exposed to and take the necessary steps to protect themselves accordingly.
Tags:cyber security internet of things IoT network security
Big Data Thu 14 Mar 2019Are you missing the low-hanging fruit on your data tree?
Security Tue 15 Jan 2019The blasé attitude of SMEs towards cybersecurity must end