A Secure IoT Strategy in 3 Steps
It’s hard to get a clear picture of the Internet of Things (IoT). After all, “Things” is a vague term by necessity. These are devices that don’t fit into any larger category of endpoint, so there’s no simple explanation of what “Things” entails. They’re scattered, unstructured, to the corners of your infrastructure—sending information in strange unilateral directions, each living within a set of laws unique to itself.
And what makes them hard to manage is what makes them easy to exploit.
Because each one of these “Things” is built to do one very specific task, they can’t be securely governed by the same rules that govern your typical IT infrastructure. Treating IoT like IT means letting the unique channels used by these “Things” go unmonitored. This lack of control makes each of these “Things” not just a potential way into your network, but potentially the easiest way.
Most organizations are years away from a secure IoT strategy. Honestly, even the tools in the cybersecurity industry are lagging behind the challenges posed by IoT. Because of this, “Things” are an endless source of fun for PenTest engineers and bad actors—they area data channels to which all your carefully built security infrastructure is blind. “Things” are spots without nerves. They can be cut into without setting off any alarms.
Okay, enough bad news. I have good news too.
IoT can be secured. And since there isn’t really a tool out there to provide a solution, IoT security has less to do with specific technology than with methodical preparation and process. To close these inlets, you have to systematically and carefully identify every one of the “Things” in your network, then segment them into their own world where you can create the host of dedicated rules IoT requires.
This segmentation is the only way to avoid massive vulnerabilities going unchecked in your network.
And to help, we created this bird’s-eye view of IoT best practices—a graphical layout of how it should sit within your network and within your security policy. I’m hoping we’ve made this easy to grasp not only to help shore up security, but also to relieve some of the anxiety most CISOs or Security managers feel when they think about IoT.
You can see it all here: This is what IoT should look like, in 3 steps.