Addressing IoT Security Challenges From the Cloud to the Edge
Key takeaways:
Securing environments with IoT devices requires a comprehensive functionality assessment as well as access control measures.
Addressing IoT security challenges is not possible without a mature security foundation, which many organizations still lack.
As organizations build a robust security architecture, their focus can gradually shift from remediation to a more proactive stance.
Despite the wide variety of cybersecurity guidelines, relatively few organizations deploying emerging technology have a mature security strategy. While cybersecurity awareness has increased, businesses with an ineffective cybersecurity posture face mounting risks. Cyberattacks themselves have become more damaging, and regulatory pressures related to security and privacy have escalated.
The Internet of Things (IoT) continues to raise the stakes, extending digital technology’s reach into the physical realm. Thanks to the interface between the digital and physical world created by IoT technologies, a cyberattack could potentially prompt various scenarios, from business disruption to industrial accidents. In addition, as IoT technology becomes more sophisticated and distributed within IT environments from the cloud to edge architectures, cybersecurity grows more complex.
The question of what to defend has also grown murkier. Decades ago, organizations using computing technology had a clear perimeter to protect. Typically, their computing and networking hardware was located in one or more buildings. Similar to how nobility erected castles in the Middle Ages, computer security professionals built a series of defenses for assets. People and processes inside a defined perimeter were largely trusted, while those outside were not.
Although the castle approach remains, its limitations have grown more apparent. One of the central IoT security challenges is its incompatibility with a perimeter-based security model focused on guarding a homogenous set of computing assets. The popularity of cloud computing and remote working pose further hurdles. The increasing risk of attacks occurring within the traditional security perimeter is another worry. As Forrester observed, the castle model tends to create a network “with a hard, crunchy outside and a soft, chewy center.” Additionally, over the past decade, a series of organizations with substantial — often multimillion-dollar security budgets focused on perimeter-based defenses — have fallen prey to attacks exposing troves of data.
Identifying What to Protect
One of the first steps in establishing a strong security foundation is to assess your various assets and related processes. Cybercriminals targeting your organization are likely to start with that same focus.
For manufacturers incorporating IoT functionality into products, this foundational stage involves addressing potential vulnerabilities early on as well as taking steps to harden products over time. While the need to incorporate baseline security in IoT devices is clear, until recently, manufacturers had little incentive to do so. Now, a growing body of legislation and regulatory precedent has spurred manufacturers to prioritize security.
“It is creating a commercial pressure [for manufacturers] to at least have a baseline security level, or you could face legal ramifications,” said Andrew Jamieson, director of technology and security at UL.
Similarly, organizations building IoT technology into an environment should assess the risk of each node on a network while addressing potential vulnerabilities created by new technology interfacing with legacy software and hardware.
Such an assessment isn’t possible without an accurate asset inventory, which is difficult to create as connected devices proliferate. “One of the biggest challenges is that there are so many different industry verticals and different kinds of devices,” said Zulfikar Ramzan, chief technology officer at RSA.
Click HERE to view the original article.