Four Core Principles of IoT Security
Security is a critical issue in every solution, and IoT solutions are no exception. Here are the four guiding principles integrators should follow to keep IoT projects as secure as possible.
1. Device security is crucial
IoT devices are the most vulnerable pieces of the IoT network, because they typically use simple processors and operating systems that may not be capable of supporting advanced security functions. They also comprise the biggest population both in terms of the number of units and the diversity of products and manufacturers. This makes securing the billions of devices IoT solutions can employ a minefield of complexity.
Worse yet, IoT devices reside outside the traditional network perimeter and are often installed and managed by non-IT organizations in open and unprotected spaces like farm fields, parking lots, and factory floors.
“While one particular IoT device may be secure, another may be vulnerable,” explains Benson Chan, senior partner at Strategy of Things. “With billions of IoT devices projected to be deployed in the next few years, hackers are increasingly focusing their efforts in this area.”
2. Secure your network
One quality all IoT devices have in common is network connectivity, without which they are truly just “things”. The network connecting the IoT devices must therefore be protected by traditional endpoint security tools like antivirus and antimalware, firewalls, and intrusion prevention and detection systems.
3. Know your devices
Device authentication is critical to network protection, and detection of an unauthorized device needs to automatically initiate appropriate action. “This action may include disconnecting the device, blocking the traffic, and notifying the administrator,” Chan notes. A first step in protecting enterprise networks should be isolating them from IoT networks, so that IoT-related breaches don’t have an opportunity to infect additional systems.
4. Automate IoT device management
Managing IoT devices is complicated by the sheer volume of units that need attention. But continuous management is a must, because each thing presents its own point of vulnerability. “Use IoT device administration and automation tools,” Chan advises. “The more IoT devices in a network, the more difficult it is to administer and manage. The use of automation tools simplifies the administration process, reduces errors and missed devices, and ensures all actions are applied consistently across all devices.”
At a minimum, administration means setting appropriately strict security levels before deployment, regularly reviewing and updating firmware, and diligently applying security patches. Decommission devices at their end of life too.
IoT security practices and tools are evolving. Regular review of systems is the only way to keep distributed networks of devices secure.
SCOTT KOEGLER is a technology journalist with 20 years’ experience writing about business, computing, and technology topics. He was CIO for three midsize companies for a total of 15 years. His work with developers, marketing, business processes, and C-level executives has allowed him to focus on the intersection of business and technology.