The Internet of Things (IoT) refers to a massive conglomeration of systems and devices that are “intelligent” and connect to the internet.
Devices in the IoT range from cars to wearable devices to surveillance cameras to household appliances.
While some security breaches with the IoT may be mere annoyances, like spam ads being sent to your smart glasses or your coffee maker being surreptitiously programmed to make decaf, the potential is there for major, dangerous, disruptive security breaches as well. These risks will only grow along with the IoT.
Perhaps someday the smart egg pan will warn you via text before you pass the point of no return with respect to “over medium.”
Various estimates put the size of the IoT in the year 2020 at anywhere from 50 billion objects worldwide to 212 billion objects (which is 27 “things” for every human on earth). Now think about this: every one of those things will need to be secured and managed.
Legitimately Scary Possibilities
Not all IoT security threats are as minor as your home thermostat being reprogrammed. When you consider the number of medical devices expected to be connected to the IoT, the possibilities become far scarier. In fact, some big vulnerabilities have already been identified, and one of the first organizations to have a vulnerability exposed was none other than Google.
In 2013, security researchers discovered they could hack the building management system in Google’s Wharf 7 office in Sydney, Australia. A security vulnerability in the platform was known about, and a patch was available at the time, but Google’s control system at that office was not patched. Researchers were able to obtain the administrative password and access control panels with buttons labeled enticingly with names like “active alarms,” “schedule,” and “alarm console.” One control panel showed floor and roof plans, and diagrams of water pipes routed through the building. It’s not hard to imagine an IoT attack having dire consequences.
An Overarching Mindset for IoT Security
The IoT will challenge your concept of security as well as your ability to deliver it. It will also affect your commercial operations and your entire IT ecosystem. It’s the very shareable nature of the IoT that makes it so powerful – and that makes security so critical. Starting development of your IoT security plan now, before it takes hold, is wise. Device manufacturers will have their own security challenges, because consumers and businesses will expect a certain degree of security, and cloud providers will also have security challenges, since they are integral to the IoT. But you can’t just leave it all to other parties to take care of.
“It’s OK. The company’s website assures me this is totally safe and secure.”
Building Blocks of IoT Security
Michael Curry, vice president of WebSphere product management at IBM, designates four critical elements of IoT security:
• Physical device security – including tamper-proof technology that can immediately terminate a device’s internet connection. Secure boot technology will be able to determine if a device has been altered since the last time it was on and refuse to boot if that is so.
• Data security – that can be set according to the type of data and a business’s risk profile. End-to-end encryption can be used with sensitive information, and data masking can be used for personal or other sensitive information.
• Network security – which is probably the most understood aspect of IoT security right now. Network security with the IoT is similar to today’s internet and mobile security, and includes authorization processes for what devices can do on a server and what servers can do on devices.
• Incident monitoring and response – which starts with assuming worst case scenarios. Organizations will have to monitor in real time what’s going on in the network and be prepared to seal it off as soon as a problem is detected.
The Role of Healthy Skepticism
A certain degree of skepticism is also useful in IoT security. Having an internal specialist independently review, test, and try to breach systems is smart, and IT professionals need to feel free to think of ways devices could be leveraged in an attack. Just because manufacturers incorporate security into their devices during manufacturing doesn’t mean businesses should blindly trust that the devices are secure.
As the IoT expands into more organizations, they will have to establish new standards and technologies to secure their slice of the IoT and develop new procedures that offer vigilance and protection against lapses or outside attacks. The IoT is very much a work in progress, and getting out in front of security now can prevent bigger problems later.
With Samanage orchestrating your IT service management, you can be confident that every device in your organization is accounted for at all times. And with Samanage, all your IT asset data is instantly accessible to your IT service desk, streamlining operations and ensuring consistency of IT service delivery.