3 reasons to be wary of the Internet of Things

IT and security experts discuss why companies and consumers alike should be careful about deploying ‘smart’ appliances and devices that connect to the Internet and offer steps to protect against security and privacy threats.

Page 2 of 2

Concern No. 2: Threat to enterprise data and network security

“Businesses should be wary of IoT in terms of connected devices and the security of their networks,” says Reggie Best, chief product officer, Lumeta. “Any device with built-in network connectivity creates a risk, a so-called backdoor connection that could be exploited for data exfiltration,” or a DDoS attack. As a result, “enterprise IT managers need to be constantly aware of when new devices connect to the network, identify the types of devices and know where in the network these devices are located,” he says. “If a smartphone joins a guest wireless zone of the network, it's likely expected behavior. If a ‘smart’ refrigerator connects to the payment card zone, however, that's a different story.”

“IoT devices represent a tremendous blind spot for organizations,” says Rehan Jalil, CEO, Elastica, a provider of cloud app security. “Aside from questions regarding what data is stored on these devices, there are broader issues around what data is transmitted from these devices and where that data ultimately lands,” he says.

“Questions around data governance have always been central to security and IoT is no exception.” And “making a multimillion-dollar investment in IPS and firewalls is of little benefit when employees can easily copy data to the cloud.”

And unfortunately, “most company’s BYOD policies don’t cover IoT,” notes Rob Clyde, vice president, ISACA International, a global association of 115,000 professionals that helps enterprises maximize the value of their information and technology.

“ISACA’s recent IT Risk/Reward Barometer study reveals that only 11 percent of companies have a BYOD policy that also addresses BYOW (bring your own wearables), even though 81 percent in the same survey said that employees bringing wearable devices to work represents an equal or greater risk than bringing their smartphones or tablets to work,” Clyde says.

To limit potential breaches and protect sensitive data, “company policy should dictate whether wearable devices are allowed in the workplace, what types are allowed and what security is required,” he advises. “For example, restrict employees’ wearable devices to only connect to the Internet via a cellular or guest network.”

Concern No. 3: No good, comprehensive way to manage all of these IoT devices

“When looking at the current state of the Internet of Things, the industry lacks one glaring success factor: a set of standards for application program interfaces (APIs), which are credited as being the building blocks of the IoT – and are essential for managing all of these disparate devices,” explains Lee Odess, general manager, Brivo Labs.

“In order for IoT devices to efficiently and securely communicate, and be properly managed, APIs need to essentially speak the same language. So creating a standardized API will make a world of difference,” he says. 

“IoT is creating a surge in the number of mobile devices, with the number of M2M devices expected to surpass 40 billion by 2020,” says Frank Yue, senior technical marketing manager, F5 Networks. “That’s five times more M2M devices than consumer wireless devices.”

“The scale issue is not the volume of traffic, but the type, frequency and cadence,” Yue continues. “M2M devices do not behave the same as consumer devices. These devices are typically low-energy, short interval update types of devices.” And while “the size of the communication is small, the issue is they send regular updates consistently throughout the day causing a tsunami of connections and data at periodic intervals,” he says. “How will the service providers build an infrastructure that has these regular surges of traffic that may surpass baseline or average traffic by a significant multiple of existing traffic patterns?”

“The complexity of creating and maintaining an IoT system, which includes sensors, actuators, communications protocols, and device provisioning processes, among others, poses unique challenges,” says Annie Hsu, associate strategy director, frog, a product strategy and design firm. And “finding a browser-like solution for the IoT won't be straightforward.”

| 1 2 Page 2
NEW! Download the State of the CIO 2017 report