Joining the Internet of Things phenomenon can generate valuable information for your business, but it also creates vulnerabilities that can threaten your digital assets.
Has your company joined the Internet of Things phenomenon yet? Gartner projected that 8.4 billion connected "Things" would be in use by the end of 2017—up 31 percent from 2016. By the year 2020, Gartner predicts more than 20 billion devices will be connected.1
An Internet of Things (IoT) network can produce new data and helpful insights to help your business understand device performance and in turn improve the services you deliver to your customers and the efficiency of your business processes. But at the same time, with all the data that’s generated (much of it personal), an IoT network introduces new vulnerabilities. It's critical to consider the security implications.
One of the biggest data security challenges with the IoT is the nature of the “Things” on the network. The majority of devices were not built as computing devices. They were made to perform functions such as controlling heat and air conditioning, monitoring the performance of manufacturing machines, and tracking vehicle activities. Such devices typically do not possess the required computing power, storage and memory to support data security and data privacy or security is simply overlooked by manufacturers.
Proven Best Practices Mitigate Security Risks
Your IoT security strategy should address both the physical aspect of protecting connected devices as well as the cyber aspect—protecting the data generated and transmitted to and from devices. Physical security and ensuring devices will operate requires field engineers to visit devices.
But there’s also several best practices that your internal IT team can apply to your IoT devices in order to address the cyber security aspect and mitigate the security risks. Here are a few that we recommend prioritizing:
- Device Profiling – IoT networks typically rely on devices from multiple manufactures with various open source and proprietary operating systems. Each device will also require varying levels of computing resources and network bandwidth. It’s important to document each endpoint and add it to your asset inventory for tracking and monitoring. This will enable you to streamline security maintenance and support.
- System Patching - This is important, not only for ensuring security, but also for maintaining sufficient device performance. Some devices may be limited in their ability to allow patching, or patching may be more complex than end users are capable of. Ideally, you want your InfoSec team to apply patches through a centralized platform.
- Password Management – Many IoT devices utilize default passwords provided by vendors that are difficult to change. In some cases, they cannot be changed at all. If a hacker breaches a vendor of IoT devices and gains access to their password list, they may then be able to control your devices. Work with your vendors to configure your devices so you can easily change passwords on a recurring basis.
- Data Analysis – Analyzing data generated by your IoT devices helps you identify unusual activity so you can take proactive measures to protect your network. This is particularly critical for IoT devices that produce and transmit sensitive data.
- Encryption - Encryption protocols should be in place for data transmitted to and from your IoT devices. It’s important as well to make sure your protocols are updated regularly. With new attacks emerging all the time, older encryption methods may leave you vulnerable.
It’s also vital to run penetration testing at the hardware and software levels before deploying IoT devices to customer sites or for remote use by employees. Devices may have vulnerabilities, and you need to understand what they are before you put them out there in the hands of the public or your end users.
Protecting Your Reputation and Earning Customer Trust
Delivering IoT data security is not a one-and-done scenario. Your InfoSec team will need to apply a constant effort and respond to new threats as they emerge. IoT technologies will also continue to evolve and thus require new security measures.
We recommend following best practices such as those presented above because data security is an area where you don’t want to innovate. It’s best to stick with data security standards in your IoT implementations. The easiest way to do this is by working with an established and proven IoT technology platform that’s based on industry standards for data security and data privacy.
It all comes down to protecting the privacy of your data by encrypting all sensitive information in transit—to and from your IoT devices. Not only will you be defending your digital assets, you will also be complying with regulations, maintaining your brand reputation, and earning your customers’ trust.
- “Gartner Says 8.4 Billion Connected "Things" Will Be in Use in 2017, Up 31 Percent From 2016,” Gartner press release, 7 February 2017: https://www.gartner.com/newsroom/id/3598917.