Nov 29 2016

The Potential Threat of IoT Devices

Businesses should conduct security assessments to identify all of the devices connected to the enterprise network and then create or alter their network access policies.

That vending machine lurking in the break room could put companies at risk. In addition to often housing unhealthy snacks, the machines may use the Internet of Things to introduce new attack vectors for hackers.

Connected intelligent devices have the potential to transform manufacturing and the supply chain, improve healthcare and increase automobile safety. IoT technology also is expected to begin pervading the workplace to help with common functions such as building management.

Consider the numbers: Eighty-five percent of global organizations are working on IoT strategies, notes AT&T in “Exploring IoT Security.” And Gartner predicts there will be nearly 21 billion IoT devices in use worldwide by 2020.

Smarten Up on Security

Security is certainly a potential downside. A 2015 analysis by HP Enterprise found that 60 percent of IoT devices had shoddy user interfaces with vulnerabilities. Worse, 80 percent of analyzed devices raised privacy concerns.

“Having embraced a bring-your-own-device strategy, organizations must now get employee devices on the enterprise network and start addressing the 21 billion IoT devices that we project will want access to the enterprise network,” warns Tim Zimmerman, a research vice president for Gartner.

“Whether a video surveillance camera for a parking lot, a motion detector in a conference room or the HVAC for the entire building, the ability to identify, secure and isolate all IoT devices — and, in particular, headless devices — is difficult to manage and secure,” he says.

Start with a security assessment identifying all of the devices connected to the enterprise network — a traditional packet sniffer can help with that task, Zimmerman says. Once the devices are identified, he advises IT leaders to create or alter their network access policies to set rules about how devices can connect and how they will be governed.