IoT Nightmare – Promise and Risk

IoT Tree

Today there are 9 billion devices connected to the Internet. As we move forward to a day where most devices will be Internet connected this growth trend will not subside. The day of IoT (Internet of Things) is upon us. IoT are takes what were once considered non-computerized devices and gives them a processor, software and network connectivity. Effectively these devices become “smart” because they contain a small computer and are connected to a network or the network of network – the Internet.
These devices can be smart televisions, smart thermostats, home/building automation systems, medical devices, etc. Noting these changes in the industry we are in for an explosive growth of the IoT and it will significantly impact business small and large. The Internet of Things brings with it some of the headaches of BYOD (Bring Your Own Device) with entirely new ones we will have to address. Some of the many challenges are:

Security

With so many connected devices we will see infinite options for exploitation by cybercriminals. Unlike mature operating systems of desktops, servers and even mobile devices these devices will offer little protection from the endless risk the inject into the enterprise. They can both be used by malicious and unknowing employees to leak sensitive information and even intellectual property out of the enterprise.

As Symantec researcher Kevin Haley detailed in his “2014 Predictions from Symantec”,
“With millions of devices connected to the Internet—and in many cases running an embedded operating system—in 2014, they will become a magnet for hackers. Security researchers have already demonstrated attacks against smart televisions, medical equipment and security cameras. Already we’ve seen baby monitors attacked and traffic was shut down on a major tunnel in Israel, reportedly due to hackers accessing computer systems via a security camera system.”

Privacy

Privacy these days seem to be of growing importance to users as the risks and costs come into clear view. Modern IoT devices will collect, transmit and store all kinds of data in places that will have real world privacy consequences. These will not be in the realm theory but come in direct costs, vulnerabilities, and repercussions. As the reality of these issues starts to sink in, the uproar will eventually become predictably palpable.

Patching

With the myriad of devices and their lack of standardization we are in a place where there is more risk than one would like. Hopefully, a unified standard will emerge — but right now there is none.  This lack of maturity mirrors that of the early days of modern desktop operating systems.

Standards Matter

Open industry standards support are absolutely critical for any technology. Unfortunately, IoT isn’t as mature or standards based as its traditional desktop/server or even mobile space. Noticeably the standards are a work in progress and time will certainly improve them.

Takeaway

IoT isn’t going away but our embrace of this new technology should be measured. We ought take some simple steps to minimize our risks:

  • Minimize the presence of IoT devices in your enterprise until you can quantify the risk and address them.
  • If any of these devices are to be deployed then take steps to minimize risks with policy, training and technology.
  • Always take a “defence-in-depth” or layered approach in securing these devices
  • Include these devices in your security audits, pentests and patch management plans.
  • Add IoT to your policies so that users understand the risks and their responsibility to protect the enterprise. Require them to read and sign them on a yearly basis.

While it is clear that IoT has immense promise we need to assess and address the risks it brings to bear. Like all other technology, it an immense potential. Notwithstanding, we have to be diligent in how we invest in and deploy IoT to extract the greatest return.

What’s your experience with IoT? What are doing to minimize your risks and maximize your benefits?

Joseph P. Guarino has a long history of producing business results with the application of information technology. Joseph's expertise span over 15 years in the private sector at leading technology firms and consulting organization. With Evolutionary IT, he saw a market need to bring his transformative knowledge and expertise to firms in the New England area and worldwide. Joseph is driven by a strong desire to see customer's thrive with the best business solutions. Evolutionary IT evolved out of this desire to bring a new level of quality IT solutions, align them with business goals and give customer's a competitive edge.
Posted in IoTTagged ,  |  4 Comments

4 Responses to "IoT Nightmare – Promise and Risk"

Leave a reply