The Internet of Things (IoT) is coming to enterprises and small businesses near you. With it comes security concerns. According to the 2015 Internet of Things in the Enterprise Report from OpenDNS, IoT may pose a greater threat than that of Bring Your Own Device (BYOD) and enterprise mobility.
Does that mean IoT should be banned from your business environment? Not at all. In all likelihood, you can’t stop it. People will bring their wearables just as they did and still do with their laptops, tablets, and smartphones.
What it does mean is an audit of current safety and security practices. It also entails an examination of three concerns specific to IoT and taking steps to mitigate them.
The first concern is privacy. Connected devices transmit data, but who’s receiving it? For that matter, who can access it? How easily?
It turns out a lot of people, not necessarily good ones, can. Daniel Dimov, a security researcher at the InfoSec Institute, says, “These types of [access] threats are not merely speculative. Vulnerabilities have been found and documented in several Internet-connected modules installed in cars, medical devices and children’s toys.”
Combat the privacy issue by doing your research. Know how data is protected and encrypted. Find out where it’s stored and how it’s streamed.
Also consider segmenting the network to keep IoT devices separate from other devices, applications, and systems. A final step is changing default usernames and passwords and regularly updating devices, software, and credentials.
Network security is the second concern. “Any device with built-in network connectivity creates risk, a so-called backdoor connection that could be exploited for data exfiltration,” explains Reggie Best, chief product officer at Lumeta.
IPS and firewalls are of little benefit here; with BYOD and IoT, employees can easily copy data to the cloud. They don’t do so maliciously, but the action puts the data, the business, and themselves at risk.
BYOD policies don’t necessarily cover IoT, either, but they are a good place to start. Use the BYOD policy to build one specific to IoT.
For example, wearable devices could be restricted to a cellular or guest network connection. The policy should also state what types of wearables are allowed in the workplace and what kind of security they must have.
Managing all the devices may be the trickiest part. Says Lee Odess, our VP of Marketing and Enterprise Sales, “In order for IoT devices to efficiently and securely communicate, and be properly managed, APIs need to essentially speak the same language. So creating a standardized API will make a world of difference.”
Annie Hsu, associate strategy director at frog, also speaks to the challenges found with creating and maintaining an IoT system. She says the solution won’t be a straightforward one, but that isn’t a reason to give up.
IoT poses benefits to the workplace. It’s just going to take some work to make them realities while at the same time ensuring digital and physical safety and security.
How are you responding to IoT in the workplace? We’d love to hear your thoughts either here or on Twitter (@BrivoSystems).