The Internet of Things offers a host of powerful new capabilities that are transforming our daily lives and the way businesses and government entities operate, but with this comes new vulnerabilities that present challenges to our privacy, data security and network safety.
Devices have quickly become highly intelligent and connected. In the consumer space, wearables, home automation, and the ubiquitous smart phone have resulted in everyone uploading more data to the internet than ever before. Furthermore, cloud and IoT have fundamentally altered the consumption of media and buying behaviors.
In the commercial space, IoT solutions across all vertical markets promise better visibility, analytics, facilities management, and cost-control, as well as higher levels of automation and efficiency. IoT also offers better security solutions for tracking and analyzing mobile assets. In the public sector, municipalities are embracing smart cities, and law enforcement is equipping officers with body-worn cameras. And while all of these developments are great opportunities for the channel, IoT has inevitably created a great deal of risk.
Too often, security is merely an afterthought when designing IoT ecosystems. Hackers are also increasingly motivated by weaknesses around IoT such as unprotected points on a network. These points are low-hanging fruit. Compounding the problem is the fact that many IoT devices can’t be updated to patch security vulnerabilities. And employees may or may not understand what’s permissible and what’s not.
Creating clear divisions between public and private networks could mitigate some of this, but many installers aren’t utilizing VLANs for segmentation. Many times, they’re not even changing default user names and passwords during initial configuration, resulting in automated attacks becoming a significant threat. There are little to no regulations and frameworks around IoT security. Furthermore, regulations during design and manufacturing, and within end-customer user policies, are still lagging.
As more IoT devices come into play and risk factors continue to escalate, it’s critical to understand the associated business opportunities. Here’s what we need to teach our customers:
- Put significantly more emphasis on security during design and development. Security is a process with an ongoing life cycle;
- Ensure that security training and policies address IoT;
- Implement recurring vulnerability assessments and a patching strategy;
- Don’t forget segmentation – separate public from private on the network and utilize VLANs.
- Know your devices and your data. Have a security plan for each.
- Usernames and passwords should be set uniquely per IoT device immediately and updated periodically. Never use blanket passwords.
- And, finally, consider new vendors, solutions and services that meet IoT and IoT security demands.
The Internet of Things has certainly created a new realm of possibilities, but don’t let this threaten your customers’ most valuable assets. With the right strategy, you can be the hero, and make some money while doing it.
Reyna Thompson, Vice President, Product Management, SYNNEX Corporation