menu
  • Become a Customer
  • Become a Vendor
  • Contact Us
  • Shop Online
  • English

IoT: Driving Continued Growth of Next-generation Security Market

PREV
1 / 5
NEXT

IoT: Driving Continued Growth of Next-generation Security Market

THE INTERNET OF THINGS (IOT) OFFERS POTENTIAL FOR GLOBAL DISRUPTION AND VALUE CREATION, RIVALING THAT OF THE INTERNET ITSELF (AND POSSIBLY MUCH MORE),

but it is an immature domain where product and technology categories aren’t yet clearly established. Security has always been an ecosystem play in the IT side and with the convergence of IT and IoT, that ecosystem has expanded drastically.

In a Q1 survey of enterprises by 451 Research, 66.1% of respondents cited the opportunity to reduce security and compliance risk in organizations by deploying IoT technologies as leading goal. This included monitoring for security breaches, loss prevention, and public and workplace safety.


 

WHAT ARE THE SECURITY RISKS?

The thing-centric side is very new to the IT world and has not traditionally been part of the regular IT rigor around security. But now thing-centric components are in communication with internet-centric components and with that comes a larger attack surface area.


 

Thing-centric IoT Device Vulnerabilities:

  • Built to last for decades, these devices can exceed their effective encryption technology.
  • They are designed without any kind of security or they can’t support security.
  • Construction hinders the ability to remotely patch the endpoints if a vulnerability is discovered.
  • They are open to exploitation by hackers which in turn could lead to more serious network hacks.
  • Their identity doesn’t include robust access control mechanisms, enabling hackers to gaining control by mimicking the devices.

In the world of IoT, networking protocols may have been developed with essential communication as the only function in mind. This creates other opportunities for vulnerabilities.

Thing-centric Network Vulnerabilities:

  • IoT networks and endpoints may not have adequate encryption.
  • Devices employ hundreds of protocols, some of which are well recognized by enterprises — ZigBee, Thread, MQTT — increasing their vulnerabilities, especially if there is a lack of strong encryption.
  • IoT networks are often flat compared with typical IT networks, compromising more critical functionality.
  • The flat topology also creates exposure to centralized management or data systems.

Since most of these assets could be in the field for years, with no easy way to secure, patch and monitor the assets, their risks are compounded.

Impact to Internet-Centric Security:


  • Thing-centric data could contain malware, so it needs to be inspected, stored, separated, sanitized and sandboxed to eliminate any possibility of an executable code entering the system.
  • Surface area also increases from the physical to the virtual world with vulnerable applications, compromised machine identities, policies and entitlements being targeted for violation, leading to an increase in the security footprint on the IT side as well.

 

 


 

 

 

 

Atul Damani is the Chief Technology Strategist, Westcon-Comstor, responsible for supporting the company’s strategic selection, development and introduction of new and disruptive technologies in the channel.

For more information on the Internet of Things check out this IoT primer from Information is Beautiful.