Securing the IoT

Taba Zimmerman

The Internet of things has been around since computers were first connected to each other and are made up of network-connected devices such as phones, fitness trackers, cars, and the system controls that provide power and water to our homes.

"In its simplest form, The Internet of Things is just a rather large network formed by connecting so many devices to it."

So, if the IoT is just another network, how can we secure it properly? Ideally, we would first hold manufacturers to a set of security standards established by the government, including:

  • Data encryption at both rest and in transit 

  • Personalized passwords being used instead of default passwords

  • Ensuring security patches and updates are installed 

Also, retailers should include information regarding how long the manufacturer will support security updates and customers should have incentives such as providing discounts to those who use the security included as an additional layer of defense. Enabling privileged access management controls that require password changes regularly and enhance security controls that ensure only authorized users can access and configure them is one of the best ways to protect IoT devices for organizations.

The Department of Homeland Security has specified a list of strategic principles for securing the IoT:

  • Incorporate Security at the Design Phase - Security should be evaluated as an integral component of any network-connected device. While there are notable exceptions, economic drivers motivate businesses to push devices to market with little regard for security.

  • Promote Security Updates and Vulnerability Management - Even when security is included at the design stage, vulnerabilities may be discovered in products after they have been deployed. These flaws can be mitigated through patching, security updates, and vulnerability management strategies.

  • Build on Recognized Security Practices - Many tested practices used in traditional IT and network security can be used as a starting point for IoT security. These approaches can help identify vulnerabilities, detect irregularities, respond to potential incidents, and recover from damage or disruption to IoT devices.

  • Prioritize Security Measures According to Potential Impact - Risk models differ substantially across the IoT ecosystem, as do the consequences of security failures. Focusing on the potential consequences of disruption, breach, or malicious activity is critical for determining where in the IoT ecosystem particular security efforts should be directed.

  • Promote Transparency across IoT - Where possible, developers and manufacturers need to know their supply chain, namely, whether there are any associated vulnerabilities with the software and hardware components provided by vendors outside their organization. Increased awareness can help manufacturers and industrial consumers identify where and how to apply security measures or build in redundancies.

  • Connect Carefully and Deliberately - IoT consumers, particularly in the industrial context, should deliberately consider whether continuous connectivity is needed given the use of the IoT device and the risks associated with its disruption.

For more information regarding these principles, you can access the Department of Homeland Security’s IoT Fact Sheet and Strategic Principles documents by clicking here.

BeCloud stays current with the latest trends so you can focus on growing the business!

Let the experts handle your IT management, helpdesk, and security.