{"id":6099,"date":"2019-01-03T09:45:19","date_gmt":"2019-01-03T15:45:19","guid":{"rendered":"https:\/\/www.poweradmin.com\/blog\/?p=6099"},"modified":"2019-01-03T12:49:57","modified_gmt":"2019-01-03T18:49:57","slug":"best-security-practices-for-enterprise-iot","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/best-security-practices-for-enterprise-iot\/","title":{"rendered":"Best Security Practices for Enterprise IoT"},"content":{"rendered":"<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"color: #000000;\"><strong><span style=\"font-family: verdana, geneva;\">By Des Nnochiri <\/span><\/strong><\/span><\/p>\n<p>\u00a0<\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">Internet of Things (IoT) security ranks as a major concern for many enterprises. A 2018 survey of over 600 IT decision-makers worldwide conducted by 451 Research found that 55% of those polled rated IoT security as their top priority. It\u2019s easy to see why.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\"><br>\n<a href=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2019\/01\/internet-of-things.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-6117 size-medium\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2019\/01\/internet-of-things-300x162.jpg\" alt=\"\" width=\"300\" height=\"162\" srcset=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2019\/01\/internet-of-things-300x162.jpg 300w, https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2019\/01\/internet-of-things.jpg 305w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"><\/a><\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">As well as any \u201csmart, connected\u201d devices deployed by an enterprise to enhance its own operations, many organizations also have to contend with the presence of consumer-grade hardware such as smart watches, fitness trackers, smart speakers, and other devices brought in by employees. These devices may piggyback onto corporate internet connections and wireless networks\u2014often without the knowledge or oversight of IT and security personnel.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<h2><span style=\"font-family: verdana, geneva;\">Security Challenges Posed by the IoT<\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">The Online Trust Alliance (OTA), an initiative of the Internet Society, has identified a number of key areas of concern regarding unregulated and\/or poorly-configured devices of the IoT. These include:<\/span><\/p>\n<p>\u00a0<\/p>\n<ul>\n<li><span style=\"font-family: verdana, geneva;\">Simple or non-existent user interfaces, making it hard for users to access or configure IoT devices.<\/span><\/li>\n<li>\n<p><span style=\"font-family: verdana, geneva;\">Use of default (or hard-coded) passwords, which are easy for attackers to guess or hack.<\/span><\/p>\n<\/li>\n<li>\n<p><span style=\"font-family: verdana, geneva;\">Open hardware and software ports for IoT devices, introducing network vulnerabilities.<\/span><\/p>\n<\/li>\n<li>\n<p><span style=\"font-family: verdana, geneva;\">Limited local password protection.<\/span><\/p>\n<\/li>\n<li>\n<p><span style=\"font-family: verdana, geneva;\">Devices which lack the ability to be updated.<\/span><\/p>\n<\/li>\n<li>\n<p><span style=\"font-family: verdana, geneva;\">IoT components that \u201cphone home\u201d frequently, leaving their communication streams vulnerable to interception.<\/span><\/p>\n<\/li>\n<li>\n<p><span style=\"font-family: verdana, geneva;\">Devices that collect more data than expected and use unsecured backend services. <\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<\/li>\n<\/ul>\n<h2><span style=\"font-family: verdana, geneva;\">Enterprise Roles for the IoT<\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">In the face of these risk factors, organizations might be forgiven for shunning the use of IoT in their operations altogether. However, there are benefits to be gained from the use of IoT devices and connectivity by an enterprise.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">By tapping into the massive amounts of data that connected devices generate, organizations can exploit the IoT ecosystem to better track and monitor marketing and customer relationship functions, inform business decisions, improve utilities, save energy and physical resources, and increase business efficiency.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">So there\u2019s a big incentive for commercial organizations to plug the existing and potential security gaps that their IoT investments may produce, so as to maximize their benefits. This may be accomplished on a number of fronts.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<h2><span style=\"font-family: verdana, geneva;\">Asset Discovery and Risk Assessment<\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">These are high-sounding terms for what are essentially logical and straightforward processes:<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">\u00a0<\/span><\/p>\n<p><span style=\"font-family: verdana, geneva;\">1. Finding out what IoT devices and services are currently being used by your organization, both officially and informally.<\/span><\/p>\n<p><span style=\"font-family: verdana, geneva;\">2. Determining the risks they pose to your operational integrity, cyber security levels, and links or relationships with external agencies and third parties.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">Everything with an IoT connection should be documented, and all devices and network connections should be examined for open ports, possible weaknesses, and security vulnerability \u201cback doors\u201d that might give hostile intruders access to the system.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<h2><span style=\"font-family: verdana, geneva;\">Management and Monitoring of Endpoints<\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">Part of the attraction of an IoT deployment is its reliance on edge computing and the shifting of network administration and provisioning tasks to positions much closer to the devices that need to be served. This enables workers in the field to benefit from on-the-fly connections to information and resources.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">This approach also greatly increases the number of endpoints associated with an enterprise network. Much of the challenge of securing this ecosystem lies in the effective management and monitoring of the multiple endpoints.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\"><a href=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2019\/01\/endpoint-monitoring.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-6113 size-medium\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2019\/01\/endpoint-monitoring-300x225.png\" alt=\"\" width=\"300\" height=\"225\" srcset=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2019\/01\/endpoint-monitoring-300x225.png 300w, https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2019\/01\/endpoint-monitoring.png 601w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"><\/a><\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\"><a href=\"https:\/\/www.netformation.com\/featured\/8-best-practices-for-security-within-the-internet-of-things\/\" rel=\"nofollow\" target=\"_blank\">Cyber security experts recommend<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a> the use of \u201csecurity gateways\u201d, which are checkpoints set up at the network perimeter to enable an organization to inspect, audit, and control communications into and out of the network. These may involve dedicated hardware, security software, and network management protocols set up in accordance with the organization\u2019s own security policy.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">Software-defined network perimeters may be constructed to hide IoT connections from the public internet. Here, client software must verify IoT device identities (a process called pre-authentication) and user identities (a process known as pre-authorization), before access is granted to an application layer. <\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<h2><span style=\"font-family: verdana, geneva;\">Network Segmentation<\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">Breaking a network into separate and individually managed sections has always been a fundamental security strategy, and for systems incorporating IoT devices this approach remains an effective one.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\"><a href=\"https:\/\/www.networkworld.com\/article\/3269247\/internet-of-things\/5-key-enterprise-iot-security-recommendations.html\" rel=\"nofollow\" target=\"_blank\">The Online Trust Alliance (OTA) recommends<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a> that all IoT devices should be confined to a separate network, which can be monitored and firewalled to meet the specific threats that they face. This will allow for the policing of incoming traffic, the profiling of traffic to identify anomalies, and the prevention of dangerous crossovers to the core network.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<h2><span style=\"font-family: verdana, geneva;\">Ongoing and Dynamic Remediation<\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">IoT technology is still in its relative infancy, and new security vulnerabilities and quirks are being discovered all the time. This imposes a need to continuously monitor vendor websites and threat intelligence databases for the latest developments, and to apply any updates and security patches as soon as they become available.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">The asset discovery and inventory of IoT devices which I mentioned previously will assist in identifying which hardware and systems require patching or remediation.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<h2><span style=\"font-family: verdana, geneva;\">Don\u2019t Forget the Basics<\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">Hard-coded and default passwords associated with IoT devices have already been a source of great joy to hackers, who have been able to exploit the lax security of unconfigured hardware in staging <a href=\"https:\/\/www.information-management.com\/opinion\/best-practices-for-ensuring-enterprise-iot-network-security\" rel=\"nofollow\" target=\"_blank\">Distributed Denial of Service (DDoS) attacks<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a> capable of taking down major portions of the internet.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">As far as is possible, default passwords and settings for IoT devices should be changed as soon as they\u2019re acquired. Passwords and access codes should also be changed regularly. Of course it\u2019s <em>never<\/em> a good idea to use the same passwords across multiple accounts or devices.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<h2><span style=\"font-family: verdana, geneva;\">Test Before Deploying<\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\"><a href=\"https:\/\/www.networkworld.com\/article\/3269165\/internet-of-things\/a-corporate-guide-to-addressing-iot-security-concerns.html\" rel=\"nofollow\" target=\"_blank\">Penetration testing<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a> involves the employment of benevolent or \u201cwhite hat\u201d hackers to stage real-time and real-world attacks on a system to establish how secure it is (or not). These kinds of tests\u2014which may be performed by trusted external contractors\u2014should be performed on any IoT hardware that you intend to include within your network. At the very least, before these devices are deployed in practice. <\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">Occasional testing may be ordered once the systems are online to give insight into how your organization\u2019s IoT deployment performs over time.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<h2><span style=\"font-family: verdana, geneva;\">Don\u2019t Forget the Users<\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">As with any security policy, buy-in and personal involvement from the people in your organization are essentials for success. So it\u2019s vital to take the necessary steps to keep stakeholders informed about policy matters and to provide regular sessions of security awareness training to instill a culture of cyber security and to foster best practices.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<h2><span style=\"font-family: verdana, geneva;\">Plan for the Inevitable<\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva;\">Finally, accept the wisdom that data breaches or security incidents will inevitably occur, no matter how many precautions you take. Equipping and training an incident response team and providing clear guidelines for how your people should respond to incidents and alerts will help minimize the impact of security incidents on your IoT deployment.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: normal; text-autospace: none;\"><span style=\"font-family: verdana, geneva; color: black;\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Des Nnochiri \u00a0 Internet of Things (IoT) security ranks as a major concern for many enterprises. A 2018 survey of over 600 IT decision-makers worldwide conducted by 451 Research found that 55% of those polled rated IoT security as their top priority. It\u2019s easy to see why. As well as any \u201csmart, connected\u201d devices [&hellip;]<\/p>\n","protected":false},"author":15,"featured_media":6116,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,42],"tags":[218,36,318,266,23,268,269,324,330,331,34,325,319,273,317,79,241,323,242,188,327,321,322,283,328,29,332,326,333,311,108,38,329,320],"class_list":["post-6099","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general-it","category-security","tag-business","tag-connectivity","tag-cyber-attack","tag-cyber-security","tag-data","tag-data-security","tag-data-storage","tag-data-usage","tag-ddos","tag-distributed-denial-of-service","tag-edge-computing","tag-endpoints","tag-enterprise","tag-firewall","tag-hacker","tag-hacking","tag-internet-of-things","tag-internet-society","tag-iot","tag-network","tag-network-management","tag-online-trust-alliance","tag-ota","tag-password-protection","tag-penetration-testing","tag-security","tag-security-awareness","tag-security-gateway","tag-security-precautions","tag-security-system","tag-security-threat","tag-smart-tech","tag-white-hat-hacker","tag-wireless-network"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/6099","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/comments?post=6099"}],"version-history":[{"count":5,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/6099\/revisions"}],"predecessor-version":[{"id":6119,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/6099\/revisions\/6119"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media\/6116"}],"wp:attachment":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media?parent=6099"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/categories?post=6099"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/tags?post=6099"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}