- Door locks controlled from anywhere in the world.
- The television that connects to the Internet.
- A garage door monitor that alerts you when the door is left open.
- A fridge that knows when to order more groceries.
It all sounds pretty sexy. And helpful.
It’s the Internet of Things (IoT) – a growing ecosystem where your devices (everything from your lightbulbs to your refrigerator to the interworking of your automobile) are connected via sensors and software, and built to transmit data over what we don’t even pretend is a secure network. The IoT has surely opened a new way of interacting with the objects around us, but does a Pandora’s box of security concerns come with it?
The 2015 Verizon Data Breach Investigation Report (our takeaways) predicted there will be more than 5 billion IoT devices by the end of this decade – a 28% growth year-over-year. As your employees begin granting their refrigerators the same level of trusted access as their work-issued laptop, it’s time to take another look at enterprise security. We must be more aware of what we’re building, how we’re protecting it, and how we’re using it.
Building Secure “Things”
Any device that connects to the Internet via embedded operating systems brings with it the possibility of being compromised. This isn’t a new concern. What is new is in the number of connected devices being built and the new access points open to vulnerabilities. Embedded operating systems aren’t known to be designed with security as a primary concern. As devices built on the Internet of Things become more prevalent and more advanced, they’ll become a more attractive target for hackers, who can use these easily corruptible devices as a means to break into corporate devices attached to the same home Wi-Fi networks. We must all pay better attention to secure application development, building devices with multiple layers of security in mind.
If not, we can all take bets on who will be the next front-page IoT attack. You don’t want to be that person (or that business).
We Need Better Security Protocols (and Wi-Fi)
Many of the concerns associated with the Internet of Things are similar to those found in Bring Your Own Device (BYOD) environments. Policies for managing lost, stolen, or compromised devices will be critical moving forward. Having this enterprise strategy in place will help mitigate the risks of data ending up in the wrong hands. You need a BYOD policy that considers the IoT and the way it works within the organization.
Some experts believe now is the time to upgrade your Wi-Fi network, arguing this is the best way to provide a secure, scalable network.
We Need Better Security Education
Many of the IoT devices begin in the consumer market, and it’s safe to assume your staff has already been wooed by many of them. Your employees are granting objects access to their home networks in exchange for data, convenience, and increased social prominence. As IT professionals, we need to help educate our teams about safe usage related to the IoT, to help them be more selective about the applications they’re granting access and what that means for proper security protocols. We need to help them to see the connection between an application asking for access and the line it may open for someone else to sneak inside their network, whether at home or at work.
Assume your staff has already jumped on the IoT bandwagon. Begin examining where the vulnerabilities and sensitivities lie so that you can better protect against them. The IoT gives us the best in terms of technology advancement and, as a result, also requires our best in security awareness and data protection.