This is the second installment in a three-part series. Be sure to read part 1 for the more information on unified endpoint management.

In the first installment of this series, we traversed each component of the unified endpoint management (UEM) hierarchy of needs, which consists of devices and things at its foundation, apps and content at the next level, followed by people and identity.

With that in mind, let’s get acquainted with the new kid on the UEM block, the Internet of Things (IoT), and share key considerations for your organization’s future planning to achieve business transformation. You may not be used to managing and securing things alongside your smartphones, tablets, laptops, desktops and wearables, but their visibility, manageability and security is no less relevant for enterprises.

Watch the on-demand Mobile Strategy Webinar with Forrester

Managing the IoT

Before we delve too deeply into the IoT and its newfound place at the table, let’s first try to wrap our heads around exactly what these things are. And if you were hoping for a one-sentence description, sorry to disappoint: There is no general agreement on what constitutes an IoT device.

Device types range from sensors and actuators present in manufacturing operations to connected cars. Whether or not you’re aware of their presence, there are billions of them already up and running, and they will only continue to grow in number over time.

Each IoT device serves its own purpose for everyday businesses, whether it’s helping to boost operational efficiency, manage resources more efficiently or provide better customer experiences. Across these use cases, they’re generating, transmitting and storing massive amounts of data. This data can be used advantageously when the right resources are in place but can just as easily present adverse impacts when overlooked.

Not If, But When

As the sheer number of IoT devices grows, so do the security concerns. Increasingly, data is being transmitted outside traditional operational networks to cloud-based IoT platform solutions. This puts pressure on IT organizations to secure the devices in addition to their data at rest and in transit. But if IT professionals plan to mitigate these risks, they must first manage the IoT devices themselves.

According to the new thought leadership paper, “Mobile Vision 2020,” a commissioned study conducted by Forrester Consulting on behalf of IBM, “For most organizations, IoT is not a question of ‘if,’ but ‘when.'”

The findings from this study revealed that mere management of these devices will not be enough for IT and security professionals. They are also grappling with several strong concerns, including data leakage, privacy violations and external threats.

Who Is Accountable for IoT Security?

One near-term challenge your organization will face is the difference in focus and responsibilities between operational technology (OT) and IT teams. OT has traditionally focused on keeping the lights on, running the plant and building products efficiently. According to the Forrester report, “IoT is typically managed by [OT] as part of their operations.”

Conversely, IT has been more concerned about making information accessible to employees while securing access to organizational data. IT manages networks, servers and devices such as smartphones, tablets, laptops and desktops.

The explosion in the number of IoT devices with network access has begun and will blur the lines between IT and OT responsibilities. As time goes on, “organizations will begin to move from device-specific to device-agnostic management. By 2020, 42 percent of organizations will be taking [a] more centralized approach, up from just 26 percent today,” Forrester stated.

To make this centralized approach a reality, organizations must:

  1. Formalize the individual or teams responsible for managing all endpoints.
  2. Consolidate the disparate tools that they currently use to manage smartphones, tablets, laptops, desktops, wearables and IoT devices.
  3. Utilize UEM to view, manage and secure all endpoints, plus their users, apps, content and data, all from the same place.

Creating a Centralized Approach

Is an IoT device just another endpoint? In short, no. Since there is such a wide assortment of IoT devices serving distinct purposes, there are many ways in which they can introduce more security risk to organizations. Consequently, there needs to be a process in place to view, manage and secure these devices and their data.

Given the diversity of things and the complexity around how they’re used, the process for doing so is far from simple, especially if your organization fails to take a centralized approach. Hence the significance of the UEM management model, which is a perfect fit for the challenges introduced by IoT devices.

Here are a few examples of the ways enterprises can get started with UEM to manage things and their data:

  • Manage things that use application program interfaces (APIs) for management (e.g., Google Android, Microsoft Windows 10, Android Things, Windows IoT).
  • Manage devices that provide client management for other things (e.g., Linux agent).
  • Manage and secure the devices that control or collect data from things.
  • Secure the IoT Gateways that collect data from things.

Do you have the right teams, processes and technology in place to address these use cases? Chances are you’re addressing at least one of them, but how centralized is your approach?

Managing IoT Devices

A few years ago, we could not have gone an entire week without hearing about the latest web-based security breach. Today, we routinely hear about IoT devices being compromised or used to carry out cyberattacks. The Dyn distributed denial-of-service (DDoS) attack is a good example of the growing and unprecedented IoT security risks.

To account for these risks, it’s important to manage IoT devices much like you would a mobile device or a desktop. Your organization should make sure its IoT devices comply with corporate policies. Do you, for example, have the most current operating system and firmware updates? Are you aware of any new or unknown applications that have been added to your devices? Can you prevent a noncompliant device from entering your network? The OT data from one compromised IoT device could negatively impact operational efficiency — or worse.

It All Comes Down to Endpoint Management

Endpoint management professionals understand these security risks and know the best practices, so it’s no surprise that IoT device management is migrating to traditional endpoint management. Moving forward, “88 percent [of surveyed IT and security professionals] predict they will be managing these devices by 2020,” according to Forrester. So, while IoT devices may not be a traditional endpoint, UEM is well-suited to address the looming challenges.

Where will your organization stand in 2020? Do you know the individuals or teams who will be responsible for securing the IoT devices? What solutions will you use to manage them?

Watch our on-demand webinar, “Forrester Forecasts 2020: Is Your Mobile Strategy Aligned?” to begin formulating your action plan with expert input on UEM and the IoT from Wes Gyure, IBM MaaS360 portfolio offering manager, and special guest Chris Sherman, senior analyst at Forrester.

In the final installment of this series we’ll explore the fourth and final component of the UEM hierarchy of needs and provide your organization a full representation of the critical aspects that should be considered for its business transformation venturing into the 2020s.

Watch the on-demand Webinar: Is Your Mobile Strategy Aligned?

More from Endpoint

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

X-Force Prevents Zero Day from Going Anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

8 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read