Internet of Things Era to Rapidly Change Business Processes and Security
The Internet of Things (IoT) is already changing how companies operate at almost every level of their business and in their interactions with clients and personnel. According to Business Insider, there are 1.9 billion interconnected devices today, with an expected 9 billion by 2018. By then, the number of IoT devices in use will surpass the number of smartphones, tablets and PCs combined. This represents a major opportunity for companies since the most valuable IoT applications will almost certainly be used by enterprises.
Top Enterprise Applications for the Internet of Things
Libelium, a wireless sensor networks platform provider, has released a list of IoT sensor applications for a smarter world, which is grouped in 12 different subjects such as industrial controls, e-health and smart water. The following are some of the top applications:
- Smart Cities: Waste management and the detection of trash levels in containers to optimize trash collection routes.
- Smart Environment: Air pollution and the control of CO2 emissions from factories, car pollution and toxic gases from farms.
- Smart Water: Water leakages, the detection of liquid presence outside tanks and pressure variations along pipes.
- Retail: Supply chain control and the monitoring of storage conditions along the supply chain and product tracking for traceability purposes.
- Industrial Control: Asset indoor location by using active (ZigBee) and passive (RFID/NFC) tags.
This list is useful in helping people and companies realize that we are in the IoT era and that there are huge opportunities and challenges around that concept.
Along With New Technology Comes Risk
Organizations and companies are actively deploying interconnected devices in their infrastructure at an exponentially increasing rate while trying to improve operations, meet the demands of the mobile workforce and, of course, reduce costs. Enterprises are taking advantage of the IoT by sharing information in their own network, but the problem is that the adoption of this new path for critical data also comes with unknown and yet-to-be-discovered security vulnerabilities.
A few years ago, the only wireless protocol was Wi-Fi, and it took many years and several revisions of the protocol to offer mature solutions to secure the transmission of data. Now, consider that there are many new IoT protocols that cannot be detected with traditional scanners and are floating around trying to connect and share information, such as Bluetooth, ZigBee, NFC, Thread and Nike+. That’s a new world of protocols that are in the early phases of development and, based on experience, they can be considered immature and relatively insecure.
Let’s imagine that you usually share your morning run with your friends by connecting your shoes to your computer with the Nike+ protocol. Today, you decided to take these shoes to the office, where a computer that is connected to the corporate network with access to critical information is paired with your footwear without notice. A malicious user can attack your shoes and have an open door to your data, all without raising an alert from detection systems since they are not even looking in that direction.
These vulnerabilities are real, emerging and can seriously affect an enterprise’s operations.
Are Enterprises Ready to Adopt the IoT?
A study released by HP Security Research reviewed 10 of the most popular devices in some of the most common IoT niches and revealed an alarmingly high average number of vulnerabilities per device. The following are some of the highlights of the study, which demonstrate potential problems and consequences for early adopters:
- Seventy percent of devices used unencrypted network services.
- Sixty percent of user interfaces were vulnerable to cross-site scripting.
- Eighty percent of devices failed to require a password with sufficient complexity and length.
Enterprise security policies currently in place do not incorporate the IoT, while companies usually adopt a bring-your-own-device posture when trying to apply some control over their network. These are two very different concepts. The IoT includes not only personal devices, but also emerging technologies to control an environment, such as security controls activated by sensors. Administrators must refrain from mixing the concepts and should begin including the IoT in their risk management program in order to address security and privacy concerns and, as a result, the integration into company policies.
An in-depth, multilayered defense would be the correct approach to attacks on IoT security from the following fronts:
- Education and awareness for employees about the risk of IoT devices;
- Network isolation for devices that introduce connections points;
- Security assessment for your environment looking for the latest technologies in the IoT.
The Internet of Things Is Here to Stay
IBM has just unveiled a new cloud-based service for the IoT as an extension for its existing platform to help developers connect across devices. Also, Red Hat recently published an article about the IoT coming to enterprises that discusses a three-tier architecture for making the IoT a reality. It is clear that the IoT is here to stay and is reshaping companies’ environments and technological requirements within the IT infrastructure to support it.
We are in an era where it is possible to collect data from everywhere in our environment, infrastructures, businesses and even ourselves. This massive amount of information is creating a new ecosystem of opportunities for the enterprise around its storage, analysis and accessibility. The IoT is becoming the next technological revolution that we will all participate in one way or another. We are all heading toward a future when practically everything will be connected and available to us.