IoT security: Access comes in all shapes and sizes

William Culbert, director of Solutions Engineering, Bomgar

While there are many benefits for embracing the mainstream adoption of the Internet of Things (IoT), such as improved efficiencies, cost savings and enhancing customer experience, it can also bring issues of security to the forefront.

The UK governments new National Cyber Security Strategy, announced in November, describes the expanding range of devices being integrated into our daily lives through the internet as one of the key vulnerabilities to businesses. The IoT will create unprecedented opportunities for exploitation that will affect the 43% of organisations expected to have adopted IoT by the end of this year.

There have been many recent examples of security breaches which have fuelled security fears and are keeping IT managers, CTOs and CISOs awake at night – from the hacking of baby monitors to remotely hijacked cars. However, one of the biggest threats to any business large or small, is understanding who has access, or the ability to access the network, from what devices, and at what level, says William Culbert, director of Solutions Engineering.webcast-174185

One of the most talked about, and high profile, cases from 2013 was with US retailer Target. Hackers gained access to the Target system via a third party air-conditioning company, who was given unrestricted and unmonitored access to Target’s network.

Hackers exploited the access privileges and stole customer credit card details, costing the company $252million and significant reputational damage. This serves as an example where tighter access management was needed and if it had been in place a costly hack could have been avoided.

With the adoption of IoT, access will come in many shapes and sizes. From an MD using their laptop in the office, to a cleaner with a smartphone accessing the company’s wireless network to listen to music. The increased number of devices trying to connect to networks, means that businesses have to prioritise and control user access if they want to ensure they have the adequate security levels in place.

whitepapers-nerc-cipPrivileged Access Management (PAM) solutions have been designed to help businesses manage, control and fully audit access to their networks. By implementing this additional level of security, businesses are able to easily authenticate all connectivity requests to their internal network. This ensures that no matter what individual or device is making the request, they must first be approved. They are then granted access to specified assets on the network at an agreed time.

PAM will help to render the machine to machine connectivity issue that comes with the IoT void. If a device is not recognised, it will not be allowed to access the system or any information. In the case of a breach, it will become much easier to identify quickly and lock systems down. The business will be able to pinpoint the vulnerable user and the corrupted device.

saComprehensive management of devices will be the lynchpin that holds enterprise IoT security measures together. Ensuring that all devices have updated security software and are registered against users with associated levels of access will be a major consideration for all businesses.

It is clear that UK businesses will need to start future proofing their security posture as IoT adoption continues to progress both in corporate and mainstream life. Coupled with the fact that hackers and cybercriminals are growing in numbers and becoming increasingly sophisticated and creative in their efforts, selecting the right solution that provides the management and security capabilities to support IoT strategies has never been more vital.

The author of this blog is William Culbert, director of Solutions Engineering

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

Recent Articles

What private blockchain means to telcos

Posted on: August 2, 2021

While the telecoms sector is yet to fully embrace blockchain technology, Jonas Lundqvist, CEO at Haidrun, says that the arrival of private blockchain may change that and unlock a massive potential for telecom service providers to create new businesses and revenue streams.

Read more

The Chinese market is expected to lead the development of V2X

Posted on: August 2, 2021

According to a new research report from the IoT analyst firm Berg Insight, there were about 0.7 million cars with V2X capabilities on the roads at the end of 2020. This number is expected to grow to 35.1 million by 2025. Communications between vehicles has been discussed for more than two decades, but with few

Read more