IoT security: Access comes in all shapes and sizes
While there are many benefits for embracing the mainstream adoption of the Internet of Things (IoT), such as improved efficiencies, cost savings and enhancing customer experience, it can also bring issues of security to the forefront.
The UK governments new National Cyber Security Strategy, announced in November, describes the expanding range of devices being integrated into our daily lives through the internet as one of the key vulnerabilities to businesses. The IoT will create unprecedented opportunities for exploitation that will affect the 43% of organisations expected to have adopted IoT by the end of this year.
There have been many recent examples of security breaches which have fuelled security fears and are keeping IT managers, CTOs and CISOs awake at night – from the hacking of baby monitors to remotely hijacked cars. However, one of the biggest threats to any business large or small, is understanding who has access, or the ability to access the network, from what devices, and at what level, says William Culbert, director of Solutions Engineering.
One of the most talked about, and high profile, cases from 2013 was with US retailer Target. Hackers gained access to the Target system via a third party air-conditioning company, who was given unrestricted and unmonitored access to Target’s network.
Hackers exploited the access privileges and stole customer credit card details, costing the company $252million and significant reputational damage. This serves as an example where tighter access management was needed and if it had been in place a costly hack could have been avoided.
With the adoption of IoT, access will come in many shapes and sizes. From an MD using their laptop in the office, to a cleaner with a smartphone accessing the company’s wireless network to listen to music. The increased number of devices trying to connect to networks, means that businesses have to prioritise and control user access if they want to ensure they have the adequate security levels in place.
Privileged Access Management (PAM) solutions have been designed to help businesses manage, control and fully audit access to their networks. By implementing this additional level of security, businesses are able to easily authenticate all connectivity requests to their internal network. This ensures that no matter what individual or device is making the request, they must first be approved. They are then granted access to specified assets on the network at an agreed time.
PAM will help to render the machine to machine connectivity issue that comes with the IoT void. If a device is not recognised, it will not be allowed to access the system or any information. In the case of a breach, it will become much easier to identify quickly and lock systems down. The business will be able to pinpoint the vulnerable user and the corrupted device.
Comprehensive management of devices will be the lynchpin that holds enterprise IoT security measures together. Ensuring that all devices have updated security software and are registered against users with associated levels of access will be a major consideration for all businesses.
It is clear that UK businesses will need to start future proofing their security posture as IoT adoption continues to progress both in corporate and mainstream life. Coupled with the fact that hackers and cybercriminals are growing in numbers and becoming increasingly sophisticated and creative in their efforts, selecting the right solution that provides the management and security capabilities to support IoT strategies has never been more vital.
The author of this blog is William Culbert, director of Solutions Engineering
Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow