7 Best Practices For IoT Security

{image 1} 

The Internet of Things, commonly known by the acronym IoT, describes the plethora of interconnected smart devices working simultaneously to sense and capture every possible notable activity on the planet today. IoT devices generate senseful data for the activities they track, and then store that data so that it can be retrieved and processed by other smart devices or humans. The advent of advanced platforms such as If-This-Than-That (IFTTT) has further opened cross-device engagement, from both a service provider perspective and an end-user perspective.

Due to huge potential benefits in automation and cost savings, IoT has gained traction with enterprises of every size. Organizations are planning to leverage IoT to harness business growth and innovation.

At the same time, however, IoT requires infrastructure and processes that can prevent exposure of critical business information or the mishandling of some critical task due to a false alarm. In the excitement of exploring the myriad ways to deploy IoT for profit, organizations can easily miss planning for the very basic security problems that can be associated with IoT devices.

Here we outline the top security practices an organization should consider when building out their IoT infrastructures.

Until a few years ago, the WiFi coverage area for most organizations was limited to locations where people work, including desk areas, refreshment areas and cafeterias. But smart devices today are moving beyond work limits, to places like parking lots and outside the boundary walls of campuses. Malicious users can easily stake out extended coverage areas, and might even attempt tampering with devices to get access to internal corporate networks and resources. Combatting such incidents requires modern security solutions and skills that work beyond traditional security measures. Because of these extended WiFi areas, the scope of security also needs to extend beyond the usual endpoints and coverage areas.

Smart devices often start with limited resource requirements, but gradually keep upgrading, looking for more network resources. When many devices try to access network resources simultaneously, organizations can experience an increased frequency of network congestion and resource crisis. For instance, if a large number of smart devices is simultaneously tasked with downloading the latest updates across limited channels, this can have a serious impact on network performance. For better control, organizations need to adopt some mechanism to monitor, limit and prioritize the resources that each device can access, and at what times.

At present, there are hundreds of IoT related vendors listed on Postscapes and Wolfram Alpha, many of which are new and unheard-of startups. These companies often have no experience with information security, and can even compromise security in an urge to cut costs or launch a product at the earliest date possible. Tech-savvy employees often discover new devices offered by these startups, attracted by promises of easy collaboration and productivity. However, devices that access network-related information and share or store it in some external location can pose a fatal security risk.

To ensure the safety of your network, do not allow users to experiment with random new devices within the network. Before considering any new device for your network, check the manufacturer details, and familiarize yourself with the ways in which the device operates and transmits sensor-based data across various channels.

Many devices use some kind of generic motherboard and open-source operating system. This infrastructure enables faster and cheaper product development, but is also prone to hacking. Use of similar components across multiple devices also means that if a bug is identified in one device, similar vulnerabilities might exist in other devices, as well. Also, since IoT is still in an evolutionary phase, there is very little or no experience and expertise available in developing a truly secure application. Use of weaker authentication mechanisms, insecure API calls, and insecure keys are just a few of the potential weak links in the security of your IoT device. Because of these possible issues, using an IoT environment for performing critical business tasks can be a risky bet. Before allowing any device in your network, you must ensure that its hardware and platform comply with appropriate security norms.

An increase in the number of connected devices produces a multi-fold increase in the amount of data generated, including actual data in the form of files and folders, and various other metadata such as configurations and settings. To handle all the volume, velocity and variety of data, additional storage capacity is obviously a must. To protect data from loss or theft, investments in data security mechanisms such as high availability and disaster recovery generate multiple returns in terms of data security and long-term savings. If your organization is using cloud-based storage, make sure that any IoT devices in your network are not flooding the costly storage area with unwanted data or unnecessarily consuming data transfer bandwidths.

Another important consideration before allowing an IoT device into your network is the ownership of the data generated by various smart devices. Device manufacturers often claim a certain level of ownership of the data generated by IoT devices. This might cause legal issues with compliance, since organizational data may be transmitted and even stored by the IoT device manufacturer outside the business premises. To ensure compliance and security, all IoT devices used in the organization must comply with all required policies and follow necessary procedures.

Due to the current explosion in the variety of IoT devices available to individuals and organizations, overall management of devices connected to a network has become a difficult task. Particularly when an organization has a BYOD policy, managing and tracking all devices is simply not possible using traditional hardware and software systems. Standardization in terms of access to network resources, protocols and ports used by the devices all must be managed, as well as the modern hardware and applications required for overall infrastructure management.

Organizations that embark on a journey into the Internet of Things need to be prepared to make investments in a variety of security practices, and allocate dedicated resources to strengthen their security initiatives. For organizations needing the highest levels of data security and compliance, hiring a security consultant or cyber security expert to develop a comprehensive security strategy for their IoT infrastructure is highly recommended.