Organizations contemplating Internet of Things (IoT) deployment projects must look at both past and future challenges through the lens of security. Enterprise data security is not a new topic, but for many companies, IoT deployments present new challenges because they extend the perimeter by introducing thousands of additional endpoints, each of which represents a new opportunity for exploitation.
Four Steps to Secure Your IoT Deployment
Security leaders need to look beyond traditional considerations when launching IoT deployments. Below are four key focus areas to help analysts maximize the value and minimize the risks associated with connected devices.
1. Prioritize Security
If enterprise security isn’t already a priority, analysts working on IoT projects should put it at the top of the list before considering anything else. Even though the primary purpose of an IoT deployment is to enhance interactivity with customers and bring more control to remote devices, every feature and function built into the project must be secure by design.
2. You Can Run, But You Can’t Hide
Even the smallest and least visible endpoints are discoverable. Your IoT devices may be insignificant in terms of functionality and cost, but some bot scouring IP addresses is sure to find them eventually. Once found, they will be attacked by automated functions that search tirelessly for vulnerabilities.
That single entry point can provide access to enterprise resources, and advanced threat technologies can plant components on company systems that hibernate and run at a future date, leaving no trace of where, when or how they gained access.
3. Plan to Be Wrong
Once your IoT devices leave manufacturing, it’s possible that they will never again be touched by human hands. They may be housed inside other devices or appliances that only connect wirelessly. But that version of the device may also require updates to address vulnerabilities and improve functionality.
Your design needs to include secure methods to deliver updates automatically. This can be tricky, because the access rights you design can also be discovered and used to deliver code that mimics valid functionality, but also provides backdoors to the devices and connections to the enterprise.
4. The End Is in Sight
Technology products don’t live forever. While customers may use devices long after their intended lifespan, changes in the technology landscape can cause problems that were never anticipated when the products were conceived and produced. That’s why it’s important to build in some kind of end-of-life function that can be used to deactivate IoT devices when necessary.
In the case of consumer products, this function could alert customers to a change of capability when the company terminates support for the device. Commercial products may need to meet more rigorous contractual conditions that should be spelled out clearly at the time of sale.
Weathering the IoT Storm
The IoT world is still in development, and there are plenty of unknowns that will become problems as deployments become more complex. To weather the storm, keep security at the center of all IoT project planning and consider how to address the most complex issues from the very start.
Listen to the podcast series: 5 Indisputable Facts About IoT Security
Freelance Writer and Former CIO