4 unique security issues that come with IoT

  • IoT is a departure from traditional infrastructure, meaning that staff with little or no experience in such deployments will likely lead them.

  • As new classes of devices and data handling are introduced, it's impossible to predict what avenues will become susceptible to breaches.

  • The explosion in the number of connected devices means many more access points, some of which may exist outside your organization's watchful gaze.

The things that make up the Internet of Things (IoT)  are everywhere, and the spun-off data is challenging bandwidth and storage requirements. These are familiar issues in the enterprise that you definitely need to address. But as your organization ventures into the Internet of Things, you also need to give priority status to security issues.

With a wide variety of devices being deployed by unrelated vendors with no clearly established standards in place, your organization must find ways to tighten security around data and connections.

Here are four security challenges particular to IoT that your enterprise needs to learn about now — and plan to take control of quickly.

1. Unpredictable threat vectors — The old saying “we don’t know what we don’t know” has never been truer than it is now. Existing security structures are already complex and arguably insufficient to prevent known threats. As new classes of devices and data handling are introduced, it’s truly impossible to predict what avenues will become susceptible to breaches. Adding to the complexity is the fact that both new and existing security service vendors are introducing products that may or may not play well with existing security solutions. The only way to deal with the issue is to test vigorously and then assume you’ve missed several critical issues.

2. Implementation experts don’t exist — Nearly every segment of information technology is an offshoot, allowing experienced IT staff to get up to speed easily. IoT is a departure, however, meaning that staff with little or no experience in such deployments will likely lead them. The lack of expertise may lead to missteps. But unfortunately, there’s no replacement for experience.

3. Complexity of multiple connections — Enterprise technology implementations typically call upon anywhere from four-to-eight suppliers. IoT configurations lay on top of existing systems and can double the number of vendors involved in any effort, according to Steve Hilton, co-founder and president of the consultancy MachNation. Meanwhile, the lack of established standards opens vulnerabilities in the chain of custody for both data and control points. Given these circumstances, tech staff should review each component for vulnerability and develop an overarching model to secure the many connections and data translations that make up the infrastructure.

4. More physical points of vulnerability — Traditional data collection and management systems have relied on small and known numbers of access points. The explosion in the number of connected devices means there are now many more access points, some of which might exist outside of your organization’s watchful gaze. To compensate, you must implement control measures that can validate devices and their access permissions. In addition to knowing which devices are attached, you need to know what data the devices are authorized to communicate and filter that data against permitted content.

No matter the size of the deployment, as your enterprise incorporates IoT, you need to make certain that you have considered the security implications of connecting scores of devices to your infrastructure.

Certainly the devices themselves must be protected, but that level of security is only the beginning. Close the loop around the expanding network of devices before the unknown becomes a well-known threat.

Learn more about IoT security in The CEO’s Guide to Securing the Internet of Things and network security at AT&T Network Security Services.

 

 

Scott Koegler is a technology journalist with a specialization on the intersection of business and technology. All opinions are his own. AT&T has sponsored this blog post.

 

Scott Koegler Writer Sponsored Post About Scott