February 20, 2017

Six Best Practices for Securing Your Internet of Things (IoT) in Healthcare

Tags: , , , , , ,

The world of IT security is a journey with no arrival date and many twists and turns and not everyone takes the same path. The everyday challenges are monumental. This becomes even more amplified when you’re trying to manage and secure Internet of Things (IoT) devices. More and more, IoT seems to represent the Internet of Threats and while these devices are intended to make our lives easier, these devices have also introduced new opportunities for hackers to take advantage.

Although many areas are impacted by IoT, the Healthcare industry seems to be one of the most impacted given that IoT can bring numerous benefits provided it is properly secured. Just think back to your last visit to your doctor’s office, urgent care or hospital visit, there are numerous devices that are used to provide care and most are connected to a network.

In searching for the right balance, it is equally important to understand that traditional technology maps will not ensure the correct path. Much more is needed than just a firewall, an anti-malware or file encryption program. In fact, all these methods and applications are needed and more.

New paradigms
To understand what is needed, recognize there is a new paradigm for Internet security when dealing with alternatives. Functionality is not enough with security as an afterthought. The goal for any organization is to create a commercially viable IoT security system.
• There is no definitive roadmap to a “commercially reasonable security” system. The consensus in the security industry is that there is no consensus. Yet, there are options for a map that include government guidelines and regulations which may assist in reaching the end goal.
The goal for any company is to first define what a commercially reasonable security device offers.
• And yet there still has been no specific definition of “commercially reasonable security” among security analysts.
So, what to do? There are some guidelines. When undertaking the mission of an IoT security system, consider these factors that should be included in a security component:
1) Prepare for the expenditure: The cost of not implementing security can include fines, legal liabilities and the loss of business due to the customer’s loss of confidence.
2) The likelihood of failure: Given the movement to Internet technologies and the threat of “cybercriminals,” the chance of an intentional failure is high.
3) Known, anticipated security threats: Assume that the Internet is a hostile environment and take extra steps to protect the information. Enterprises must also assume it is possible there may be an employee with motivation to sell information to competitors.
4) The state of the art: There is a contrast between point solutions, which address single vulnerabilities, and enterprise wide frameworks.
5) The availability of standards: There is a confusing array of technical standards from which to choose. Compounding the problem is that, although official standards exist, they are not always commercially implemented — or are implemented inconsistently.
6) Segmentation / Virtual Switching – leveraging this, via a Software Define Networking (SDN) architecture, can enable secure communication of these devices particularly if you are trying to secure mobile IoT devices.
It is not unusual for proprietary methods as used in products to become the de facto standards. Business and audit-based criterion provides benchmarking to define “reasonable security” within specific contexts.
Securing mobile devices
Wireless networking is built into virtually every new mobile device, so increasing the number of threats are expected.  Data losses, financially motivated attacks and other potential exposures are growing.  Generally, creating a common approach to wired and wireless security should involve a plan for managing wireless diversity since enterprises can expect to support a variety of consumer grade smart phones.
Challenges of mobile IoT
The role of mobile devices is to identify what’s on the network and to connect mobile devices with IoT and intelligent switches. The move to smart buildings has created significant challenges for IT and enterprise leaders.
Reports of the lack of visibility have proven to be a challenge in terms of knowing exactly what is on the network. As well, the lack of management with smartphones increase the opportunity of attacks and threaten enterprise security. The ability to see what’s on a network gives IT a better understanding of how their network is being used and by what.
IT divisions need to be able to identify and profile every device that is connected to the network. This becomes more challenging as unknown wireless and wired IoT devices flood networks.
The most effective method of protecting a network is using automated workflow. As there are thousands of anonymous mobile and IoT devices that may connect to a network daily, it becomes impossible to account for all of them.
Therefore the IT department must create an automated system to manage the whole action to reduce the risk with minimal effort from IT.
It can be costly to keep the enterprise network safe from hacking, however, it would be costlier not to.
Contact us here to schedule an IoT Security whiteboard session and business strategy planning meeting

  • This field is for validation purposes and should be left unchanged.