The IoT, Cloud and Security

msftone blog25

A new era in machine-to-machine communications is dawning with futuristic concepts, such as smart milk cartons and bridges that can self-diagnose structural defects, now entering the mainstream. But the integuments of this emerging ecosystem, commonly referred to as the Internet of Things, would still be dumb as doorknobs were it not for the advent of cloud computing.

IoT promises a world of devices and things newly outfitted with Internet smarts that will be able to monitor, communicate and respond when their environments change.  

All that new information is going to need to be gathered and interpreted, a task that can easily outstrip IT's own in-house server capacity. So it is that the cloud, as one observer put it, may just be the secret weapon in the Internet of Things. That’s because the cloud functions as the equivalent of a big data center offering the system scale that will allow IT to host and store the massive increase in the amount of data heralded by IoT.

The potential upside is huge – The McKinsey Global Institute says IoT has the potential to create economic impact between $2.7 trillion to 
$6.2 trillion annually by 2025 – and like the BYOD movement that brought mobile devices into the workplace, it’s inevitable that IoT devices will permeate many businesses.

And as IT administrators take proactive measures to mesh IoT with their cloud deployments, they’ll need to put to rest qualms about potential security vulnerabilities, which always accompany technology transitions.

Some best practices from the Cloud Security Alliance include the following:

  • Be proactive about privacy. Inform users about the data being collected and extend the option of opting out. Perform an early impact assessment that takes into account any concerns among affected stakeholders before implementing IoT capabilities.
  • The rollout of IoT promises a future with more deployments of hardware for collecting information, such as video cameras and sensors. Thus, ensure the adequate provisioning of authentication, encryption and integrity protections throughout the IoT infrastructure in order to guarantee both the confidentiality and the integrity of the data being collected.
  • Layered, security protections are your best bet for guarding the IT infrastructure against attackers seeking to use IoT as a way into the corporate network. As systems are designed, it’s wise to architect security functionality before deployment. Threat modeling, such as the approach based on Microsoft SDL, can assist with the process.
  • Share threat information with other industry peers, security vendors, and trade organizations.

IoT in the enterprise creates a new set of logistical problems that will doubtless keep the midnight oil burning in a lot of companies. But a measured approach can help security teams get ahead of the challenge to mitigate the risks.

Copyright © 2015 IDG Communications, Inc.