This is the second installment in a three-part series. Be sure to read part 1 for the more information on unified endpoint management.

In the first installment of this series, we traversed each component of the unified endpoint management (UEM) hierarchy of needs, which consists of devices and things at its foundation, apps and content at the next level, followed by people and identity.

With that in mind, let’s get acquainted with the new kid on the UEM block, the Internet of Things (IoT), and share key considerations for your organization’s future planning to achieve business transformation. You may not be used to managing and securing things alongside your smartphones, tablets, laptops, desktops and wearables, but their visibility, manageability and security is no less relevant for enterprises.

Watch the on-demand Mobile Strategy Webinar with Forrester

Managing the IoT

Before we delve too deeply into the IoT and its newfound place at the table, let’s first try to wrap our heads around exactly what these things are. And if you were hoping for a one-sentence description, sorry to disappoint: There is no general agreement on what constitutes an IoT device.

Device types range from sensors and actuators present in manufacturing operations to connected cars. Whether or not you’re aware of their presence, there are billions of them already up and running, and they will only continue to grow in number over time.

Each IoT device serves its own purpose for everyday businesses, whether it’s helping to boost operational efficiency, manage resources more efficiently or provide better customer experiences. Across these use cases, they’re generating, transmitting and storing massive amounts of data. This data can be used advantageously when the right resources are in place but can just as easily present adverse impacts when overlooked.

Not If, But When

As the sheer number of IoT devices grows, so do the security concerns. Increasingly, data is being transmitted outside traditional operational networks to cloud-based IoT platform solutions. This puts pressure on IT organizations to secure the devices in addition to their data at rest and in transit. But if IT professionals plan to mitigate these risks, they must first manage the IoT devices themselves.

According to the new thought leadership paper, “Mobile Vision 2020,” a commissioned study conducted by Forrester Consulting on behalf of IBM, “For most organizations, IoT is not a question of ‘if,’ but ‘when.'”

The findings from this study revealed that mere management of these devices will not be enough for IT and security professionals. They are also grappling with several strong concerns, including data leakage, privacy violations and external threats.

Who Is Accountable for IoT Security?

One near-term challenge your organization will face is the difference in focus and responsibilities between operational technology (OT) and IT teams. OT has traditionally focused on keeping the lights on, running the plant and building products efficiently. According to the Forrester report, “IoT is typically managed by [OT] as part of their operations.”

Conversely, IT has been more concerned about making information accessible to employees while securing access to organizational data. IT manages networks, servers and devices such as smartphones, tablets, laptops and desktops.

The explosion in the number of IoT devices with network access has begun and will blur the lines between IT and OT responsibilities. As time goes on, “organizations will begin to move from device-specific to device-agnostic management. By 2020, 42 percent of organizations will be taking [a] more centralized approach, up from just 26 percent today,” Forrester stated.

To make this centralized approach a reality, organizations must:

  1. Formalize the individual or teams responsible for managing all endpoints.
  2. Consolidate the disparate tools that they currently use to manage smartphones, tablets, laptops, desktops, wearables and IoT devices.
  3. Utilize UEM to view, manage and secure all endpoints, plus their users, apps, content and data, all from the same place.

Creating a Centralized Approach

Is an IoT device just another endpoint? In short, no. Since there is such a wide assortment of IoT devices serving distinct purposes, there are many ways in which they can introduce more security risk to organizations. Consequently, there needs to be a process in place to view, manage and secure these devices and their data.

Given the diversity of things and the complexity around how they’re used, the process for doing so is far from simple, especially if your organization fails to take a centralized approach. Hence the significance of the UEM management model, which is a perfect fit for the challenges introduced by IoT devices.

Here are a few examples of the ways enterprises can get started with UEM to manage things and their data:

  • Manage things that use application program interfaces (APIs) for management (e.g., Google Android, Microsoft Windows 10, Android Things, Windows IoT).
  • Manage devices that provide client management for other things (e.g., Linux agent).
  • Manage and secure the devices that control or collect data from things.
  • Secure the IoT Gateways that collect data from things.

Do you have the right teams, processes and technology in place to address these use cases? Chances are you’re addressing at least one of them, but how centralized is your approach?

Managing IoT Devices

A few years ago, we could not have gone an entire week without hearing about the latest web-based security breach. Today, we routinely hear about IoT devices being compromised or used to carry out cyberattacks. The Dyn distributed denial-of-service (DDoS) attack is a good example of the growing and unprecedented IoT security risks.

To account for these risks, it’s important to manage IoT devices much like you would a mobile device or a desktop. Your organization should make sure its IoT devices comply with corporate policies. Do you, for example, have the most current operating system and firmware updates? Are you aware of any new or unknown applications that have been added to your devices? Can you prevent a noncompliant device from entering your network? The OT data from one compromised IoT device could negatively impact operational efficiency — or worse.

It All Comes Down to Endpoint Management

Endpoint management professionals understand these security risks and know the best practices, so it’s no surprise that IoT device management is migrating to traditional endpoint management. Moving forward, “88 percent [of surveyed IT and security professionals] predict they will be managing these devices by 2020,” according to Forrester. So, while IoT devices may not be a traditional endpoint, UEM is well-suited to address the looming challenges.

Where will your organization stand in 2020? Do you know the individuals or teams who will be responsible for securing the IoT devices? What solutions will you use to manage them?

Watch our on-demand webinar, “Forrester Forecasts 2020: Is Your Mobile Strategy Aligned?” to begin formulating your action plan with expert input on UEM and the IoT from Wes Gyure, IBM MaaS360 portfolio offering manager, and special guest Chris Sherman, senior analyst at Forrester.

In the final installment of this series we’ll explore the fourth and final component of the UEM hierarchy of needs and provide your organization a full representation of the critical aspects that should be considered for its business transformation venturing into the 2020s.

Watch the on-demand Webinar: Is Your Mobile Strategy Aligned?

More from Endpoint

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.  Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats.Signature-Based Antivirus SoftwareSignature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique to the respective…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

3 Reasons to Make EDR Part of Your Incident Response Plan

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident Response Plan? Incident response (IR) refers to an organization’s approach, processes and technologies to detect and respond to cyber breaches. An IR plan specifies how cyberattacks should be identified, contained and remediated. It enables organizations to act quickly and effectively…