By 2020, the number of active wireless connected devices will exceed 21 billion according to estimates from the technology consulting firm Gartner. For businesses, this means everything from your company’s HVAC system to the break room refrigerator will be connected. But is your IoT security ready for prime time?
The dangers of hacked baby monitors, car computers and wearables have all made headlines recently. Digitally connected devices that promise to simplify our daily lives also pose new security threats for businesses, too. While some industry analysts contend that researchers have sensationalized the risk for network attacks, the fact remains that every time you open a port to something, you create a system entry point. Sure, hackers may care little about turning the lights on and off at your office, but light sensors or HVAC systems represent a backdoor into your company’s larger network.
Currently, there have been no widely known IoT security breaches executed against an enterprise business. However, IT experts caution such an attack may just be a matter of time.
“Current IoT security is where the Internet was in 1984 – no baked-in security, encryption or authentication,” Raj Goel, the CTO of Brainlink International, a consultancy in New York told CIO last fall.
A year later, identifying and implementing effective security solutions remains a major concern for CIOs. General inexperience with constructing and deploying large-network security solutions is exacerbating vulnerability concerns.
Top 4 Enterprise IoT Security Challenges & Solutions
As your company establishes its IoT security strategy, keep the following in mind:
- Assess network vulnerabilities. Start with a comprehensive assessment of existing network security. What protections (e.g., connectivity protocols) are built into your current network security? What vulnerabilities exist that could be exploited for points of entry? How will the IoT security protocols that you develop integrate with your existing security procedure and policies?
- Secure IoT-related data. In addition to security ports of entry, your business must also consider how to store the IoT data it produces. Since not all data is immediately valuable, your business must consider the best method for securely categorizing and classifying this data for future use. Additionally, your business will need to consider just how long it intends to store this data for future use.
- Don’t discount traditional best practices. While IoT poses new challenges, many traditional best practices still apply. Experts recommend employing stringent authentication standards, segmentation, zone-based policies and stray port shut down.
- Source industry expertise. One of the biggest challenges companies face is identifying expert consultants. Few people in the IT industry have attempted to manage the sheer number of devices that are being connected via IoT ports. Consequently, the demand for experts is high, but the number of experts with IoT security experience is low. Here at Lucas Group, this is one area where we’ve seen a sharp increase in talent demand over the last year. CIOs need to be mindful that recruiting and retaining top IoT security talent won’t be easy.
Has your business started addressing IoT security concerns? I welcome your thoughts on IoT security, including expert talent recruitment, below.