HERE’S SOME IRONY. A majority of organizations (71 percent) already implementing Internet of Things (IoT) devices are using them for physical security, yet 41 percent of those same organizations say their top concern is cybersecurity. And if they are adding those devices to the corporate network and implementing IoT projects themselves—which many of them are—they are right to be concerned.
These and other findings are detailed in a recent Cradlepoint Business Intelligence Report, The State of IoT 2017-2018, conducted by Spiceworks. The report shows nearly half of companies surveyed are adding IoT devices to their network even though those same devices are vulnerable to botnet attacks like Mirai and Reaper.
The research also reveals that IT pros overwhelmingly prefer to use internal resources for all aspects of IoT implementation and support. For example, 62 percent plan to house data collected from IoT devices/sensors on their own resources or infrastructure, while 57 percent plan to secure IoT devices themselves.
Those findings are “disturbing,” according to Ken Hosac, vice president of IoT strategy and business development at Boise, Idaho-based Cradlepoint Inc., a provider of cloud-managed networking solutions over wired and wireless broadband. A security camera, for example, may seem inconsequential, “but some of these botnets have demonstrated that [a] camera has code that can be vulnerable,” he says.
While IT pros are certainly thinking about IoT security, he adds, they “are very used to deploying traditional enterprise devices, and they have good tools for managing those devices and managing the security. With IoT that isn’t the case. You can’t go out and buy an intrusion prevention/detection client for IoT devices, and right now a lot of folks are struggling with ‘Do I trust this device on my network?’”
With this struggle comes opportunity for channel pros, he says. “I think it gives partners the ability to open up discussions with their customers around the notion of creating virtual networks specifically for IoT devices.”
Cradlepoint recently rolled out a software-defined perimeter solution designed to help companies do exactly that. Called NetCloud Perimeter, it provides a cloud-based private network over any internet connection to secure and isolate connected devices, including M2M, IoT, and mobile hardware.
“Assume the IoT device will get hacked, but put it on a network where you can limit the access,” says Hosac of the strategy Cradlepoint recommends. “We’ve been promoting the concept of a parallel network, either a separate network or a software-defined segmentation.”