menu
  • Home
  • Categories
    • Video
    • Events
    • Podcasts
    • Business Intelligence
    • Digital
    • Innovation
    • Investment
    • Mobile
    • Startups
    • Technology
    • TI Magazines
  • Coworking Spaces
  • Subscribe
  • Submit Content
    • Submit an Article or Video
    • Coworking Listing Request
  • About
    • Past Editions
  • Advertise
  • Contact
search
close

TechInvest Magazine Online

Technology Investment News

search

Main Menu

  • Home
  • Categories
    • Video
    • Events
    • Podcasts
    • Business Intelligence
    • Digital
    • Innovation
    • Investment
    • Mobile
    • Startups
    • Technology
    • TI Magazines
  • Coworking Spaces
  • Subscribe
  • Submit Content
    • Submit an Article or Video
    • Coworking Listing Request
  • About
    • Past Editions
  • Advertise
  • Contact

Follow TechInvest

Categories

  • Video
  • Work Spaces
  • Events
  • Podcasts
  • Business Intelligence
  • Data
  • Digital
  • Finance
  • Gaming
  • Innovation
  • Investment
  • Mobile
  • Social
  • Startups
  • Technology
menu

TechInvest Magazine Online

TechInvest Magazine Online

Technology Investment News

  • Home
  • Categories
    • Video
    • Events
    • Podcasts
    • Business Intelligence
    • Digital
    • Innovation
    • Investment
    • Mobile
    • Startups
    • Technology
    • TI Magazines
  • Coworking Spaces
  • Subscribe
  • Submit Content
    • Submit an Article or Video
    • Coworking Listing Request
  • About
    • Past Editions
  • Advertise
  • Contact

The time to think about IoT security is now!

February 27, 2018 by Leon Adato, Head Geek™, SolarWinds

The recent legal action against the developers of Mirai, a bot net which quickly paralysed large parts of the Internet in 2016, has brought IoT security back on the radar for many people. There’s talk of a new smart device every month, and though the concept of a smart lightbulb or smart coffee machine may seem archaic, research by Telsyte predicts that Australian households will more than double the number of internet connected devices they own by 2021, to over 30 devices.

This highlights a point worth making about the securing up the Internet of Things (IoT). In an industry that’s rapidly moving from being worth millions to billions, it’s clear for most IoT vendors security is second to speed-to-market. While this has provided plenty of content opportunities for humorists like @InternetofShit, the impact of poorly conceived and executed IoT devices extends far beyond satire.

It’s up to us IT pros, to more often and more explicitly, point out that implementing secure IoT requires both strategic and tactical actions. Strategic because if our organisations have even an inkling that they might consider IoT technology, then policies and procedures need to be hammered out before the first device even enters the doors. From a tactical perspective there’s a high chance the first IoT device is already on the premises and the IT team is just last to know.  So, you need to take action now to find and manage those devices.

Strategy

Arguably strategy is the trickier hurdle to navigate. It takes time. Strategy requires you to navigate office politics, obtain management buy-in and deal with a lot of questions. But strategy is also what’s going to ultimately save your business by helping you avoiding a massive breach.

In my not-so-humble opinion, your corporate policy regarding IoT devices (defined as anything beyond smartphones, tablets, laptops and watches that connect to networks, be they the internet, corporate, personal, Bluetooth or otherwise) should start with a framework something like this:

  1. To be considered, vendors must commit to:
    1. Certifying the security of their device.
    2. Publishing changes in advance of each new version of the device “operating system.”
    3. Informing customers when they are changing the choice of hardware components and sub-components for future production runs of the device.
    4. Provide a manual/internal update process as an alternative to an internet-wide push.
  2. Meanwhile, corporate adopters—departments or the management sponsors of the project—must agree to budget for both funds and staff which allow for:
    1. Security review and testing, including penetration testing, as part of the adoption cycle.
    2. Ongoing reviews and testing of the vendor’s hardware and software updates prior to rolling to production.

Complex strategy like this is going to increase the cost of ownership of IoT devices significantly. It’s going to create friction and frustration among both management, who want the benefits, and us IT professionals, who don’t want the added hassle. But it’s also going to drive secure results and is really the only logical way forward.

Tactics

Now that you have a sense of the kind of planning that’s needed long-term, there are also the tactics you can put in place straight off the bat.

I want to start with something you should already have in your toolbox: a NetFlow analyser. Central to the NetFlow protocol is the ability to expose “conversations,” or the transfers of data between two specific endpoints via the same port and protocol, that are occurring across your organisation. NetFlow is most commonly used to figure out where large bandwidth usage is going, but it can be just as easily used to track the hundreds or thousands of small conversations. This means that you can leverage one of the tools you likely already have to identify IoT-like behaviour in your environment, as well as monitor which external sites are receiving connections from inside your environment.

Another tool you should have but many organisations don’t is an IP address management (IPAM) tool. While this is a must-have for organisations of any size irrespective of the IoT question, IoT gives you one more reason to love the tool you have, or justify the one you need if you’re unlucky enough to not already have one. Why? Because IoT devices take up IP addresses, a lot of them. Additionally, IoT devices have MAC addresses that fall within a single vendor’s grouping. So, your IPAM tool can help automatically identify and report on IoT devices in the course of the normal operation of business.

Finally, the last tool in your tactical arsenal is a relative newcomer to the monitoring party: deep packet inspection (DPI). DPI is similar to NetFlow in that an interface in the middle of IoT traffic is used to slurp up packets and analyse them for the source and destination IP, port and protocol. This information is used to categorise the packet by usage, such as business application, social, streaming media, potentially malicious, etc. The intended use case is to determine whether packets are moving slowly due to a network issue or a problem at the application level, but the applicability to IoT should be obvious.

Why it Matters

This is all very important because above all, we’re really talking about significant risks to personal safety and corporate security here. With IoT set to take over Australian households, there’s no doubt we’ll see similar rise in connected devices in the workplace. In the last 12 months alone, we’ve seen on a global scale security flaws exposed in children’s toys, baby monitors, corporate HVAC systems, cars, pacemakers and insulin pumps. It’s time to take a proactive approach to IoT security that covers both the strategic and tactical posture.

Tweet
Pin
Share1
1 Shares

Filed Under: Digital Innovation Mobile Submitted Articles Technology

You may also like

Mar 31, 2023 Data Digital Innovation Investment Technology

NetApp’s 2023 Cloud Complexity Report highlights the shifting demands of a multicloud environment

NetApp® (NASDAQ: NTAP), a global, cloud-led, data-centric software company, has released the 2023 … (more...)

Mar 31, 2023 Business Intelligence Data Innovation Investment Startups Technology

A Data-driven Startup Dossier for Sourcing and Screening by VCs

Until recently, startup sourcing and screening was a manual process, more art than science. … (more...)

Mar 31, 2023 Technology

Global Health (ASX:GLH) tech-up Woolies

Tech company Global Health has joined with Woolworths subsidiary HealthyLife initiative to build an … (more...)

About TechInvest

TechInvest Magazine is an online and quarterly print magazine published by Metrix Publishing and distributed as an insert in the Australian Financial Review nationally.

About Metrix Publishing

Metrix Publishing delivers quality information to the professional business community via print and digital news publications.

Follow TechInvest Online

View our Privacy Policy

Copyright ©2023 TechInvest Magazine Online · Metrix Publishing · Privacy Policy · Website by Oracle Digital