By now, you’ve probably gotten your hands on more than one nontraditional network device—a smart speaker, a smart thermostat, a smartwatch. Though their nomenclature would suggest a lot of forethought and testing, it turns out IoT security issues are rife in the burgeoning ecosystem.
And much to the chagrin of system administrators everywhere, they’re making their way onto corporate networks.
To give you an idea of the scope of IoT’s exponential growth, let’s take a step back in time to 2008. Ah, remember 2008? It was the year of The Dark Knight, Apple’s App Store launch, and Tina Fey’s Sarah Palin impression on SNL. It was also the year that Cisco announced there were more internet connected devices than people.
That’s a lot of chatter.
And all of this talk surrounding IoT’s utility is already having a major impact on industries around the world. IHS Markit’s M2M and IoT analyst, Sam Lucero, notes automation, integration, and servitization will have a marked impact on the global economy.
What we should all keep in mind, however, is that consumer-level objects are opening up a giant can of worms for sysadmins.
As IoT devices make their way onto corporate networks in the form of smart door locks, web-connected light bulbs, and smart thermostats, IT peeps need to be able to telegraph potential IoT security issues and effectively safeguard their organization’s invaluable data.
IoT security issues
The major malfunction with IoT device security lies in the fact they are, by their very nature, quite basic and usually poorly coded.
Case in point: A 2015 survey by online authentication provider Auth0 found that 85% of IoT developers admitted to being pressured to get a product to market before adequate security could be implemented. In spite of this alarming statistic, and despite innumerable attacks on an array of IoT objects, device manufacturers remain stalwart in their pursuit of profitability over user security.
This fact becomes glaringly obvious when examining the IoT children’s toy market. Take, for example, the Q50 Smartwatch for children. Marketed as a way to help parents easily communicate with and keep track of their kids, bugs in the watch would allow hackers to intercept all communications, remotely listen to the child’s surroundings, and spoof the child’s location.
Imagine what a hacker could do with the smart TV in your conference room.
The greatest hurdle sysadmins face with regard to network compliance is the sheer lack of regulation surrounding the IoT ecosystem. Though there may soon be IoT security requirements coming down the pike, it is currently the responsibility of IT professionals to audit devices for compliance.
Even when broadband oversight is implemented, existing IoT objects produced prior to such regulations will continue to flood the market. Historically, manufacturers of vulnerable devices have avoided recall scenarios, as third-party components are often to blame. Instead, device manufacturers are more likely to quietly discontinue the product, or to provide patch updates. The issue with the latter outcome is the general inability of end-users to sniff out these updates on their own.
Most folks are aware their router and other traditional network devices are connected to the internet and require routine updates. Smart fridges, televisions, and vehicles, unfortunately, don’t fall under that same category. This lack of education on the part of end-users, experts say, will result in decades worth of vulnerable devices flooding the marketplace.
All this is to say that the more we surround ourselves with IoT devices, the more potential vulnerabilities we expose ourselves to. Sysadmins will need to be aware of the potential risks IoT devices pose if they’re intent on keeping their networks secure for the long haul. The good news is that we’ve already done some of the legwork for you.
IoT security tips for sysadmins
IT professionals, consider implementing a few of these IoT security best practices as you move to further secure your network for the future.
For devices that simply appear on your network, you can take three approaches—none of which offer an ideal solution:
- Ban everything and wait for employee complaints to roll in
- Try securing each device on the network
- Create a vLAN for each type of device
For devices deployed internally at the request of your boss:
- Do your research into the device
- Make sure your boss knows the risks of BYOD
- Put a robust disaster recovery plan in place to mitigate the impact of an exploited device
- Be involved with the process of getting approved devices onto the network
If you haven’t considered the potential vulnerabilities IoT will introduce to your network security, now is the time.
IoT technology applications
IoT is already making an impact on the global economy—and the real-world applications of this technology are expanding rapidly.
Combining information derived from both machines and secondary sources has been shown to greatly increase the value of the connected machine.
Salesforce.com, for example, integrates machine performance data with traditional CRM and social media data to offer targeted, proactive solutions—improving customer service delivery.
IoT is also simplifying data collection and analysis.
In the logistics industry, for example, electronic logging devices (ELDs) automatically log GPS and driver duty status data through the connection of hardware and computing systems. Meaning, truckers no longer have to manually record mandated Hours of Service data.
Likewise, commercial aircraft engines typically produce many terabytes of data per flight. With IoT (and the proactive examination of operating parameters the technology makes possible), carriers can reduce unnecessary maintenance and shorten resolution times when issues do arise.
Automation and integration, together, have forced many organizations to shift from selling products to more service-oriented models through a process known as servitization.
Automakers, for instance, have shown an increased interest in “mobility as a service” due to the increasing prevalence of autonomous vehicles.
Soon, customer relationships will be built around negotiated outcomes, rather than pieces of equipment.
The future of IoT security
Though the future of Internet of Things regulation may be uncertain, what’s clear is that IoT security issues pose an ever-increasing threat to your organization.
There’s no better time than now to begin assessing these risks in relation to your business, and to start developing a plan to maintain the security of your network. Now, pour yourself another cup of coffee, and start drafting that email to your boss. “RE: Your New Smart Watch.”