June 23, 2015 By Kevin Beaver 2 min read

The Internet of Things (IoT) is everywhere — literally. Growing at a seemingly immeasurable rate among businesses and consumers, these smart devices are super cool now, but what does the future hold in terms of IT and security? I’m not convinced it’s going to be all that rosy when everything is said and done.

Security and the Internet of Things

I’ve always said that if a computer system has an IP address or a URL, then it’s fair game for attack. And while there is a lot of talk around the security of IoT systems, there’s not a ton of incentive for many manufacturers to actually lock things down. Even in cases where built-in security does exist, that doesn’t mean it’s going to mesh well with your enterprise information security program.

Odds are good that IoT systems are not going to be patchable in the same ways as traditional network systems. Ditto for hardening, monitoring, alerting and the myriad other security steps that need to be taken on devices connected to your network. I believe that most organizations are going to end up with a mishmash of disparate devices that enterprise security controls don’t play nicely with, if at all.

This is different than typical workstations, servers and network infrastructure systems in use today. For the most part, those tools are purpose-built, easily managed and eventually replaced with systems that work better. I believe we’re going to see IoT systems hanging around the business network for a much longer period. For these smaller, niche systems, the system life cycle is just not the same.

Whether IoT systems are present in the enterprise, in the home or somewhere in between, they are no doubt going to have an impact on information security in business. Traditional security controls may not work for IoT systems, and they could be creating business risks if left in place. What happens when they’re exploited? Who’s going to be responsible for keeping them in check? If this does indeed become a reality for your organization, what are you going to do?

Making Moves

You can’t afford to wait to act until you end up with countless devices on your network, furthering the complexity of your environment and leading to a “too little, too late” situation. You have to start thinking about how IoT systems are going to be managed or otherwise controlled over the long term. They’re going to show up, and they’re going to create security challenges. Even if it’s sight unseen today, now’s the time to start addressing IoT security. Written policies, technical safeguards for detecting and securing IoT systems and user awareness are three great places to start.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today