The way we reconcile our security concerns with IoT’s inevitable integration will determine whether the revolution upgrades our lives or creates chaos.

 

Remember when the Internet of Things was more concept than reality? Those days are long gone. Demand for IoT technologies has skyrocketed in the last year, with IHS estimating 20 billion connected devices globally in 2017.

And it’s not just the smart refrigerators and Fitbits and Bluetooth speakers we see at home. IoT technologies have permeated the enterprise as well, with sensors, analytic measurement tools, and VoIP phones appearing, sometimes without the blessing or involvement of IT and security leadership. The infiltration is not unlike what we experienced more than a decade ago when the smartphone initiated a Bring Your Own Device (BYOD) revolution.

Even as Business Insider predicts business spending on IoT solutions to hit $6 trillion by 2021, the rapid adoption of IoT has come, unfortunately, at the expense of security standards. In the first half of 2017, the number of IoT attacks increased by a staggering 280%.

It’s clear that swift action is needed to address the gaping holes in IoT security that could devastate organizations and consumers alike. But with such new and rapidly evolving technology, where do we even begin?

An uphill battle

With billions of IoT devices projected to hit our networks over the next few years, we can’t stop every attack. After all, you can’t be perfect, and you can’t be everywhere. We’ll never be able to stop everything at the first layer, and that’s ok.

So, what do we do? We get even more proactive. We get even more diligent. We move as fast as circumstances allow. Remember the old NSA mantra: defense in depth.

As dry as it sounds, consistently reliable security procedures are a surefire way to prevent the majority of IoT attacks. Since IoT devices often look and feel like ordinary household objects, we may forget or even ignore the reality that they’re connected to our network. But they are, and they demand the same amount of scrutiny as traditional endpoints. It’s cliché, but it bears repeating: an ounce of prevention is worth a pound of cure.

Never take device security as a given. Manufacturers and legislators are not reliable defenders of your data. So, when an organization incorporates smart devices into its network, the same organization bears the responsibility of rolling them out with standardized policies and procedures.

This means rigorous tests to ensure security and safety along with investing in scans that reveal code vulnerabilities. This type of procedure, with a well-executed patching process, will secure devices well before they hit the network.

Separation and visibility

If the first layer is process and procedure, the second is separation and visibility. Think of it as a closed-circuit TV:  self-contained and accessible only to those with proper permissions.

We can imitate this for IoT via air gap, effectively isolating IoT systems from public networks. This can be a crucial part of a security solution for networks whose IoT systems serve critical roles. Hospitals, for example, may use network-based technologies to monitor patients and even administer medicine. In this case, an air gap would go a long way to ensure these devices are accessible by proper personnel only.

Another powerful way to increase IoT protection is to invest in visibility tools: software solutions that establish behavior baselines and then provide anomaly detection and an automated response. Firewall and antivirus technologies are highly over-leveraged in the current landscape. While they can help thwart brute force malware attacks, they often stop short of collecting information beyond the signatures of attacks they’re built to defend against.

To effectively keep pace with threats, we need more agile and responsive solutions that allow us to remain well-armed on the subtle fronts of user behavior and file movements.

The visibility and insight this provides will allow for early anomaly detection. Moreover, it can provide IT teams with power and leverage over their virtual environments, helping them overcome the pestering fear of the unknown. With this knowledge and awareness, IoT can be more safely and effectively implemented.

Domestic awareness

Oddly enough, when evaluating IoT security in the enterprise, a good place to start is at home—not just your home, but every employee’s. Whether it’s a smart refrigerator, internet-connected toys or a tablet, you cannot throw a rock down a modern street today without hitting a home with some sort of smart-home network.

Knowing that, do you trust that every employee within your enterprise has secured their smart-home devices using the same level of scrutiny and vigilance that you expect of devices connected to your network? It’s an important question, considering that many of our smart devices connect not only in the office, but to our home networks as well. That being true, how will you ensure that employees take appropriate measures to secure IoT devices not only at work, but within the confines of their homes?

Every device added to your network is another potential access point for the ill-intentioned. As with all IT, risk is part of the package. But we need to be judicious about our allowance of that risk, and we need to understand how to mitigate unintended consequences.

Miracle or disaster?

IoT arrived in full force much earlier than anticipated. Today, we’ve suddenly been surrounded by devices that make the physical world more connected, more responsive and less secure.

The way we reconcile our security concerns with IoT’s inevitable integration will determine whether the revolution upgrades our lives or creates chaos. How will you prevent the latter?


This article was originally featured on CSO Online

Related Blog Posts

See All Blogs

GCN: Next Generation Data Centers

The norms around data access have shifted dramatically over the past few decades. Where accessing data in under a minute would have been miraculous in the late ‘90s, the new standard is measured in seconds. Even as the amount of…

Flexible Work Schedules – and the Right Collaboration Tools – Can Help Your Agency Recruit and Retain Top Talent

The Office of Personnel Management recently conducted a Federal Employee Work-Life Survey to gauge employee satisfaction across the government. The findings were pretty clear – agencies that embraced flexible work schedules and offered telecommuting options had employees that reported higher…

GCN: What’s Next in Network Automation

In 2019, modernization will be a key driver for automation in federal agencies. Previous protocols, while often well understood, were fairly rigid. As agencies move to new technologies that are more malleable and adaptable to change, they must also become…

GCN: Protecting Critical Internet Infrastructure From IoT Device Risks

As the infiltration of internet-connected devices into nearly every aspect of daily life continues to expand, so do the vulnerabilities and security risks they create for their operational networks. That includes the devices and networks used by federal agencies that…

TechTarget: Hyper-Converged Infrastructure Solutions Boost Channel

Enterprises are turning to hyper-converged infrastructure solutions because of their simple deployment model and high levels of automation. Some channel partners are cashing in on the technology shift, but traditional storage products still represent an enormous market. In this article…

Cisco Live 2018: Vendor Opens Management Console to Partners

In this article for TechTarget, Force 3's VP of Client Solutions Jason Parry weighs in on the new opportunities arising from Cisco DNA Center. In Cisco's latest nod to software, the company has opened its Cisco DNA Center to developers,…

4 Cloud Collaboration Investments You Should be Making

Cloud migration is a top priority for federal agencies, making for a rising demand for As-a-Service offerings. Meanwhile, agencies are still trying to plan and budget for cloud strategies, often from scratch. This creates a unique challenge for federal IT teams:…

GCN: Building a Better Agency Through Software Orchestration

In federal IT, there is sometimes fear that software orchestration will render the technology professional’s role obsolete. This mindset, however, is misguided. In reality, the exact opposite is true: Orchestration has the potential to not only make federal IT workers’…

3 Use Cases for Harnessing Next-Gen HCI

These days, between budgeting shortfalls and the unending data explosion, federal IT organizations face significant pressure to do more with less. This decline affected all areas of IT including software, hardware, networks and outsourced IT services. But even as funding…

NextGov: No Better Time for Software Orchestration

As agencies look to modernize, software orchestration offers an opportunity to make sure all their software is working together. It makes sense: All of your software should work together. And, once implemented, software automation and orchestration can help IT systems…

Hyper-Converged Infrastructure (HCI): Scalability and QoS

For federal agencies, hyper-converged infrastructure (HCI) offers scalability, quality of service. Federal agencies today face extensive pressure to move faster. Nowhere is this truer than in the IT realm, where teams are expected not only drive operational efficiency and reduce…

IoT & The Intelligent Edge: Defending Outside The Firewall

The Internet of Things, though still evolving, has pushed its way into the workplace. The result? CSOs are working overtime to keep up. What’s the protocol for these connected devices, and how do they fit into the existing security infrastructure?…

GCN: The Hidden Challenges of Federal IT Modernization

In the next three years, an estimated $3 billion worth of federal IT equipment will reach end-of-life status, according to former U.S. Federal CIO Tony Scott. It’s an intimidating number, and one that indicates just how far-reaching the need is…

NextGov: How Can Agencies Prepare for a Software Future?

For federal agencies and their IT teams, change is inevitable. After all, it’s the nature of IT to change and grow alongside rapid innovation. Today, agencies must adapt as we shift from a hardware-centric model to an increasingly software-defined world.…

InformationWeek: Containerization Gains Traction & We’re Better for it

Cloud-based application development has taken big strides, and it's delivering benefits for enterprises such as federal agencies. Application development has forever been a thorn in the side of federal agencies. It’s tough, after all, to innovate when hampered by the…

GCN: Building a Better Backup

For public sector employees who work in national security, emergency response or disease control, data access can literally mean life or death. In the event of data loss, the consequences can be substantial, even when the immediate implications seem less…

GCN: Keeping Pace with SDN Means Embracing its Benefits

With the introduction of any new networking technology, two things are inevitable: First comes the hype, with organizations everywhere discussing whether to invest in it. Second is the panic -- particularly among the professionals tasked with implementing and adopting it.…

Channel: Cost, speed as hyper-converged infrastructure benefits

Channel partners active in hyper-converged infrastructure see an expanding set of use cases, although mission-critical applications may lag behind other HCI candidates. In this article from TechTarget, Force 3's next-generation networking director Jon Kim discusses recent developments in the hyper-converged infrastructure…

Cisco IoT Strategy Will Unleash Services Opportunities, Forge Ties With Technology Vendors

In this article from CRN, Force 3 CEO Mike Greaney joins other industry channel partners to weigh in on Cisco’s IoT Strategy featured at this year’s Cisco Global Partners SummitCisco Systems is putting its Internet of Things strategy into higher…

SDX Central: Enhancing Network Security With SDN Automation

When it comes to software-defined networking (SDN) automation, certain benefits frequently get more attention than others. Take, for instance, the simultaneous provisioning of network functions and servers, which allows applications to become available in minutes instead of days or weeks.…

For Customers, Software-Defined WAN Offers Automation, Savings, Efficiency

With benefits like automation, speed and increased efficiency, software-defined WAN promises to reduce the cost and complexity of wide area networks (WAN), while boosting real-time application performance. In TechTarget's feature SD-WAN technology offers channel partner opportunities, Force 3’s vice president…

Boosting Security in Software-Defined Networks

With the growing popularity of technologies such as software-defined networks (SDN), hyper-converged infrastructure and the Internet of Things, IT professionals must constantly prepare for new vulnerabilities in their efforts to bolster network security. In this recent guide from TechTarget, Software-defined…

How SDN builds next-gen security

As software-defined technology continues to gain traction in the federal space, agencies can expect to see a significant, positive impact on their own security posture. Those who embrace software-defined and other next-generation technologies will benefit from three key improvements that…

Force 3 at VMworld: What’s New and Next in Virtualized Computing

What was the overall atmosphere of VMworld? There was a lot of excitement around NSX, especially what the next big use case will be and what are further drivers of the technology. I think attendees were really looking for that…

Securing Your Unified Communications Infrastructure

So far in our security series, we’ve explored best practices for securing your network and data center. A few of these included: Look at What You’ve Got: Take inventory of how many servers you have, what applications are running and…

‘No Respect’ for Critical Communication Infrastructures

"That’s the story of my life, no respect! I don't get no respect I tell ya!" - Rodney Dangerfield Much like the late Rodney Dangerfield, business phones tend to not get much respect. Considering the mission critical role that communications…

Webcast Recap: Next-Generation Data Center Security Webcast hosted by FCW.com

On May 28th Force 3, Palo Alto and VMware sponsored a webcast hosted by FCW.com. The webcast focused on Next-Generation Data Center Security and featured a presentation by Air Force CTO, Frank Konieczny, with a roundtable discussion featuring Jason Parry,…

The Power of Cisco’s UC Platform is Changing Businesses

Business Advantages of Cisco Unified Communications Manager 10.5 In today's fast-paced, ever-changing business climate, in order to ensure optimal efficiency and workflow, you are forced to rely on several different business tools that must: Allow you to securely reach beyond…

Wireless Deployments: The Cost Question?

Wireless Deployments: The Cost Question? Radio Frequency engineers have a peculiar dilemma when it comes to standing up new deployments at facilities that are looking to implement Wi-Fi services. A frequent dilemma centers on the customer’s request for a pricing…

Force 3 Helps Spread Holiday Cheer at Children’s National Health System

How can we help your agency achieve its mission?

Maximize your IT investments. Learn more about solutions and services from Force 3.