IT and Business Insights for SMB Solution Providers

IoT Compliance: Page 2 of 2

IoT's poor security history means more regulations in the future. By James E. Gaskin

Some companies see these gaps as opportunity, he adds, like Palo Alto Networks getting FedRAMP authorization for IoT. MSPs and systems integrators, meanwhile, have plenty of work ahead, Kirstein says. IP cameras were some of the earliest popular IoT devices, so the number of legacy cameras in use that need upgrading or replacing may create a wave of MSP service requests. "Legacy devices need to be isolated, since they often can't be secured at the endpoint." Different customers will need different levels of network separation or configuration.

Keeping up with new compliance guidelines for IoT will be tricky, since the low-cost, low-margin devices don't get much post-sales support from small vendors in the space. In addition, IoT is becoming ubiquitous. Besides the hospital use cases mentioned earlier, office buildings are adding IoT to conference rooms, along with building controls such as HVAC and elevators. Kirstein adds, "IoT for operation in manufacturing is often overlooked as critical infrastructure."

Kirstein recommends using U.K.-based as a resource. The NIST regulations from the Cybersecurity Improvement Act will roll out slowly, with plenty of attention with each iteration.

In the meantime, Kirstein advises monitoring IoT devices for compliance purposes with the same rigor you apply to other network devices, but remember that device resources will limit security functions, and "patching and upgrading may not be viable."

Image: iStock

About the Author

James E. Gaskin's picture

JAMES E. GASKIN is a ChannelPro contributing editor and former reseller based in Dallas.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.