In a previous post, we covered some critical components of a security strategy that helped IT pros keep their jobs by preventing a security breach. We discussed topics like configuration management and enforcement, patching, and threat detection as just a few of the ways organizations can take basic security steps to avoid the nasty consequences we see in the news nearly every day. In the next few posts, we’ll drill a little deeper into some related topics that are truly shaking up the security landscape from the standpoint of added challenges and new ways organizations are both coping with and being compromised by malicious attacks.
Internet of Things
The Internet of Things (IoT) has burst on the scene, first in the consumer world, and increasingly in corporate environments. A thing, in the Internet of Things, can be an individual with a medical monitor, any type of unit with a tracking or monitoring sensor, or a smart business device; it is virtually anything that can be assigned an IP address and connected to the network. And according to Cisco, there will be 25 billion devices, or things, connected to the Internet in 2015, with that number predicted to double by 2016.
So here lies the rub for organizations of all types, many still struggling to address the challenges of effective device management and security in the world of mobility and the BYO phenomena. With the advent of the IoT, you as an IT administrator must inventory, manage, maintain and secure any number of new, heterogeneous devices. This is in addition to your traditional managed devices, over which you have corporate control of applications and operating systems. And while these new devices are designed to share critical data to empower the workforce, their innate design also offers up a greater opportunity for attack.
Altering the IT Security Landscape
How so? To enable an internet connection, every device must have an operating system embedded in its firmware. Unfortunately, this firmware is not designed to run security software, and opens the devices to new opportunities for exploitation. Organizations must understand the extra security challenges brought on by this litany of connected smart devices:
It’s clear that the IoT is here to stay and will grow exponentially as more smart devices enter both our personal and business lives. In order to keep your IT environment well managed and as secure as possible, this added layer of complexity and its protection must be given a well-considered risk/reward evaluation, and be added to the macro level schema for the implementation of all broadened endpoint security initiatives.
There are resources and tools to help you and your team create and maintain a secure IT infrastructure. Read our recent whitepaper: Protecting Your Network and Endpoints with the SANS 20 Critical Security Controls.