How the Internet of Things Affects Your Security Strategy

In a previous post, we covered some critical components of a security strategy that helped IT pros keep their jobs by preventing a security breach. We discussed topics like configuration management and enforcement, patching, and threat detection as just a few of the ways organizations can take basic security steps to avoid the nasty consequences we see in the news nearly every day. In the next few posts, we’ll drill a little deeper into some related topics that are truly shaking up the security landscape from the standpoint of added challenges and new ways organizations are both coping with and being compromised by malicious attacks.

Internet of Things

The Internet of Things (IoT) has burst on the scene, first in the consumer world, and increasingly in corporate environments. A thing, in the Internet of Things, can be an individual with a medical monitor, any type of unit with a tracking or monitoring sensor, or a smart business device; it is virtually anything that can be assigned an IP address and connected to the network. And according to Cisco, there will be 25 billion devices, or things, connected to the Internet in 2015, with that number predicted to double by 2016.

So here lies the rub for organizations of all types, many still struggling to address the challenges of effective device management and security in the world of mobility and the BYO phenomena. With the advent of the IoT, you as an IT administrator must inventory, manage, maintain and secure any number of new, heterogeneous devices. This is in addition to your traditional managed devices, over which you have corporate control of applications and operating systems. And while these new devices are designed to share critical data to empower the workforce, their innate design also offers up a greater opportunity for attack.

Altering the IT Security Landscape

How so? To enable an internet connection, every device must have an operating system embedded in its firmware. Unfortunately, this firmware is not designed to run security software, and opens the devices to new opportunities for exploitation. Organizations must understand the extra security challenges brought on by this litany of connected smart devices:

  • Accurate inventory of all connected devices must be maintained
  • Many security management functions for IoT devices cannot be instigated over the network
  • All network devices are open to such attacks as distributed denial of service—the reality is more devices = more opportunities
  • Patching of firmware can be difficult and take much longer than with its software counterpart
  • Endpoint configuration enforcement and password management for IoT devices can be challenging
  • All of the above add to the existing IT management task list, as well as the complexity of overall systems management and security

It’s clear that the IoT is here to stay and will grow exponentially as more smart devices enter both our personal and business lives. In order to keep your IT environment well managed and as secure as possible, this added layer of complexity and its protection must be given a well-considered risk/reward evaluation, and be added to the macro level schema for the implementation of all broadened endpoint security initiatives.

There are resources and tools to help you and your team create and maintain a secure IT infrastructure. Read our recent whitepaper: Protecting Your Network and Endpoints with the SANS 20 Critical Security Controls.