6 ways the Internet of Things will transform enterprise security

Even benign consumer appliances could pose dangers to enterprises

1 2 Page 2
Page 2 of 2

In a survey conducted by SANS, IT managers said their biggest concerns with Internet-connected devices related to smart buildings, industrial control systems, medical devices and consumer devices.

"The use of embedded computing in those devices, versus layered operating systems and applications in PCs and servers that IT is accustomed to managing and securing, will cause major breakage in existing IT management and IT security visibility," Pescatore said.

4. The IoT will enable physical and physiological damage

While online threats mainly affect data, in an IoT world there will be physical and physiological risks as well, said Michael Sutton, vice president of security research at Zscaler.

Hackers have already shown how IP-enabled insulin pumps, glucose monitors and pacemakers can be compromised to cause physiological damage to the wearer of such devices. Attacks like those enabled by Stuxnet show how physical equipment can be damaged via cyberattacks.

With the IoT, such attacks will also be possible against such products as cars, smart heating, ventilation and air conditioning systems, Web-enabled photocopiers, printers and scanners and virtually every other device with an IP address. The only reason that attackers haven't gone after such devices already in a major way is because there is so much other low-hanging fruit to attack, Sutton said.

In many cases, the bad guys won't even need software or hardware flaws to compromise a device. One of the biggest dangers companies will face in a world where everything has an IP address is configuration errors, Sutton said. Many of the devices that companies allow on their networks, like IP-enabled printers, photocopiers and webcams, will be put online with default settings that allow almost anyone with web access to take control.

5. The IoT will create a new supply chain

In a majority of cases, enterprises will have to either rely on device manufacturers for patching, firmware and operating system support or find a way to support the technologies on their own. Many of the devices that connect to the enterprise network in the not-too-distant future will be from companies that traditional IT security organizations are not familiar with.

"Like BYOD, traditional enterprises will need to adapt to developing policy and systems that integrate with and potentially manage many more devices than IT has ever worked with before," said Jason Hart, CEO of Identiv, a vendor of device authentication and identity management technologies.

"In addition to employees bringing new enabled devices into the physical and virtual work places, traditional non-connected devices, from a coffee machine to new ergonomic chairs, will place new workloads on IT support and information security," Hart said.

The vendors that will succeed in an IoT environment are those that can help enterprises manage the complex interdependencies there will be between new IP-enabled devices and the enterprise network, said Chris Yapp, a fellow of the British Computer Society and an independent security consultant.

Companies that have experience managing complex technology integrations will be the ones most likely to succeed in an IoT environment, he said. More often than not, traditional IT and security vendors are well behind the curve in understanding how the IoT trend will affect corporate IT, he said.

"The challenge for existing suppliers is that they tend to have a narrower focus and will take time to build the partnerships and in-house skills or acquisitions to compete," with the systems integrators, Yapp predicted.

6. The IoT will exacerbate the volume, stealth and persistence of online attacks

In theory at least, the threats posed by a completely interconnected world are not very different from the threats faced by most IT organizations today. Many companies are already intimately familiar with the challenges posed by smartphones, tablets and other wireless-enabled devices. What is different with the IoT is the sheer scale and scope of the challenge.

"The IoT includes every device that is connected to the Internet," said Kevin Epstein, vice president of advanced security and Proofpoint, a security-as-a-service vendor in Sunnyvale, Calif.

That includes everything from home automation products including smart thermostats, security cameras, refrigerators, microwaves, home entertainment devices like TVs, gaming consoles to industrial control machinery and smart retail shelves that know when they need replenishing.

Dealing with the sheer scale of the problem could be a huge challenge for IT organizations.

"The challenges are around volume, stealth and persistence of attacks," Epstein said. Even with current campaigns, attackers are able to relatively easily penetrate enterprise defenses, Epstein said. "Now imagine the volume of attacks increased by [ten-fold]... and no one could turn off the sending devices."

This article, 6 ways the Internet of Things will transform enterprise security, was originally published at Computerworld.com.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Copyright © 2014 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Shop Tech Products at Amazon