The world of IT security is a journey with no arrival date and many twists and turns and not everyone takes the same path. The everyday challenges are monumental. This becomes even more amplified when you’re trying to manage and secure Internet of Things (IoT) devices. More and more, IoT seems to represent the Internet of Threats and while these devices are intended to make our lives easier, these devices have also introduced new opportunities for hackers to take advantage.
Although many areas are impacted by IoT, the Healthcare industry seems to be one of the most impacted given that IoT can bring numerous benefits provided it is properly secured. Just think back to your last visit to your doctor’s office, urgent care or hospital visit, there are numerous devices that are used to provide care and most are connected to a network.
In searching for the right balance, it is equally important to understand that traditional technology maps will not ensure the correct path. Much more is needed than just a firewall, an anti-malware or file encryption program. In fact, all these methods and applications are needed and more.
To understand what is needed, recognize there is a new paradigm for Internet security when dealing with alternatives. Functionality is not enough with security as an afterthought. The goal for any organization is to create a commercially viable IoT security system.
• There is no definitive roadmap to a “commercially reasonable security” system. The consensus in the security industry is that there is no consensus. Yet, there are options for a map that include government guidelines and regulations which may assist in reaching the end goal.
2) The likelihood of failure: Given the movement to Internet technologies and the threat of “cybercriminals,” the chance of an intentional failure is high.
3) Known, anticipated security threats: Assume that the Internet is a hostile environment and take extra steps to protect the information. Enterprises must also assume it is possible there may be an employee with motivation to sell information to competitors.
4) The state of the art: There is a contrast between point solutions, which address single vulnerabilities, and enterprise wide frameworks.
5) The availability of standards: There is a confusing array of technical standards from which to choose. Compounding the problem is that, although official standards exist, they are not always commercially implemented — or are implemented inconsistently.
6) Segmentation / Virtual Switching – leveraging this, via a Software Define Networking (SDN) architecture, can enable secure communication of these devices particularly if you are trying to secure mobile IoT devices.
Securing mobile devices
Reports of the lack of visibility have proven to be a challenge in terms of knowing exactly what is on the network. As well, the lack of management with smartphones increase the opportunity of attacks and threaten enterprise security. The ability to see what’s on a network gives IT a better understanding of how their network is being used and by what.
The most effective method of protecting a network is using automated workflow. As there are thousands of anonymous mobile and IoT devices that may connect to a network daily, it becomes impossible to account for all of them.
It can be costly to keep the enterprise network safe from hacking, however, it would be costlier not to.