Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

News

November 12, 2020 |

Shadow IoT

A big security problem can become a bigger opportunity for channel pros who can detect, secure, and manage rogue smart devices connected to business networks.

BUSINESSES HAVE STRUGGLED for decades with “”shadow IT””—printers, laptops, smartphones, cloud services, and more being installed or subscribed to by users without permission or knowledge of an IT admin. In that same vein, users are now connecting smart devices of various kinds to the corporate network, giving rise to the term “”shadow IoT.””

It’s a much bigger problem too, according to Zeus Kerravala, principal analyst at ZK Research, “because the scope has broadened. Things you never would have connected before are now connecting.” As an example, he cites the Target breach from a few years ago. “The AC system was compromised, and it was on the same network as the point-of-sale system.” When the hackers went through the AC system to the POS server, red flags theoretically should have gone up and the AC system should have been immediately quarantined.

The problem, essentially, is “”a lack of proper controls and visibility on the part of IT and security staff,” says Keven Beaver, principal information security consultant at Principle Logic. Once users connect these systems they’re staying connected and flying under the radar.

Security risks are inevitable, Beaver says. “These devices can have vulnerabilities— unsecure configurations, weak passwords, missing patches, and so on—that can be exploited, leading to the compromise of business systems across the network.”

The work-from-home rush as a result of the coronavirus pandemic has made corporate networks somewhat more at risk from shadow IoT, adds Kerravala. “You may have a secure VPN from a user to the corporate network, but that’s a dedicated pipe for all the home devices as well. Xboxes, garage door openers, smart ovens, and more could be compromised and become back-door access points to the company.”

Securing IoT devices can be tough, says Kerravala, because many are made as low cost as possible and never designed to be secure. They also find and connect to networks with no help from users.

One particular area of concern is healthcare, where IoT devices range from large and expensive, like network-enabled MRI machines, to small and transient ones carried by visitors. “This area really is life and death,” Kerravala says. Beyond that, healthcare systems are juicy targets for hackers.

“People think hackers go after credit cards,” says Kerravala, “but they really want medical information. If they know your illness they can prey on your hopes with phishing emails.” If a family member has cancer, for instance, any email offering a webinar on a new treatment will have a higher click rate. Healthcare IoT devices are often the access point to such information.

With businesses grappling with the complexity of shadow IoT, it’s an opportunity for channel pros and IT integrators to help them get proper tools and infrastructure in place for management and protection, says Kerravala, who adds that there are scanning tools available that look up devices by their MAC address in the Manufacturer Usage Description database. “You can search for devices, find any issues, resolve them, and analyze their network’s baseline behavior.””

For example, he says, “”If you find an Android device that connects to Peleton.com once a day, you can track it to an exercise cycle. You need to know what all these devices are, set a baseline of normal activity, then catch a device when it changes its normal routine. If the coffee machine connects to the accounting server, it needs to be quarantined.”

Once you find devices, the next step is to manage and secure them. Modern tools like those mentioned earlier will trace where these devices connect, says Kerravala. “Network access control vendors like ORDR and Forescout specialize in IoT security.” Beaver suggests dedicated IoT discovery and risk management systems provided by vendors such as Securolytics.

MSPs can then offer a managed service to monitor and mitigate any rogue devices in the future.

Kerravala has one final word of advice for channel pros about capitalizing on shadow IoT: “Chaos is opportunity for a channel partner to become a trusted partner to customers.”

Image: iStock


Editor’s Choice

Future of Customer Service: Will AI Take Over?

March 28, 2024 |

As customers push for faster, better service, many MSPs are thinking about incorporating AI in some capacity to up the ante.

MSP360 Bolsters Managed Backup Solution With Full Sharepoint Backup and Restore, Object Lock, and More

March 25, 2024 |

MSP360 CEO Brian Helwig details the latest improvements in its managed backup solutions and teases some new opportunities down the road for its partners in an exclusive ChannelPro interview.

Peer to Peer: Aurora’s Philip de Souza shares his secrets to creating a successful MSSP

March 19, 2024 | Philip de Souza

“It’s important that we understand when it comes to this whole MSP world that it’s all about the customer.”

3 Critical Steps to Getting the Most Out of Your Microsoft Purview Investment

March 8, 2024 | Chris Clark

Microsoft Purview is a complex solution because it’s so comprehensive. Fortunately, MSPs are well-positioned to help.


Related News

Growing the MSP

Explore ChannelPro

Events

Reach Our Audience