How To Secure Your IoT Devices In The Cloud
IoT devices are vulnerable since they're mobile and their data moves freely between devices and networks.
Articles published July 31, 2017 by Kai Johnson
The Internet of Things (IoT). The cloud.
Both are terms and technologies that can be confusing and hard to fully understand. They’ve also both taken over the technology world and have drastically changed how organizations operate.
However, this takeover comes with security concerns, specifically relating to securing IoT devices in the cloud.
Before we go any further, let’s pause and define IoT and the cloud.
IoT
IoT is the concept of connecting various products and devices to the internet, and to each other. This is more than just the devices you’d expect, like cell phones and tablets, but everything from TVs, to lamps, to your thermostat. For instance, when you wake up in the morning, your alarm clock could notify your coffee maker to start brewing a fresh pot.
The Cloud
The cloud often refers to data centers that are connected to the internet, housing servers (and other technology hardware) used for hosting software applications and storing data. Cloud computing, as defined by the National Institute of Standards and Technology, is “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
Key Statistics
Research from Fortinet reveals that 95 percent of all enterprises use the cloud, and 71 percent use a hybrid cloud.
When it comes to IoT, new IoT devices are being connected and turned on at an alarming rate. According to Fortinet, more than a million new devices are going live every day. By 2020, it’s predicted that there will be somewhere between 25 – 50 billion IoT devices online. That’s a lot of devices!
IoT is Vulnerable
Fortinet predicts 25 percent of cyberattacks on enterprises will be through IoT by 2020.
IoT devices are vulnerable, as you can imagine, since they’re mobile and their data moves freely between devices and networks.
Attacks on IoT devices are already happening. Recently, there have been DDoS attacks that came through IoT devices, and Fortinet reports that IoT-based attacks are on the rise.
What Does This Mean For You?
This means three important things for your organization:
- You need to be aware of all the IoT devices on your network.
- You need to secure your IoT devices.
- You need proper management and policies in place.
Let’s break each one down into more detail.
1. Be Aware of Them
With the IoT boom, it can be difficult to recognize all of the IoT devices your organization has. Cell phones are the most popular, but there are other ones, such as machinery, online medical devices, tablets, TVs, smart cars, and more.
Document every single IoT device your organization uses and make a comprehensive list. Update this list as you add more devices, and stay on top of it as much as you can. This will give you clarity into your IoT devices, help you track them, and know which devices you need to manage and secure.
2. Secure Them
Most importantly, you need to secure your IoT devices to reduce vulnerabilities and prevent cyberattacks.
Here are four things you can do to better protect your IoT devices in the cloud:
- Consider upgrading your defenses and functions. Implementing advanced defenses and solutions can increase your security. These include: enterprise firewalls, internal segmentation firewalls, advanced threat protection, Unified Threat Management, and a security fabric that brings it all together, including devices and electronic medical records.
- Get security information and event management (SIEM) technology. SIEM is a security management tool that gives a holistic view of an organization’s IT infrastructure and security. It helps organizations look at their data from one point of view, so that any abnormal trends or patterns can be spotted easily.
- Encrypt your IoT data. Another way to protect your IoT devices is to encrypt IoT data at rest or in transit. However, this can be complicated and difficult because of the IoT device encryption limitations. Find a solution that effectively encrypts the data, giving you peace of mind that your data isn’t unprotected while being transmitted.
- Implement IoT authentication. Boost your security even more by requiring users to authenticate their identity. This could be a single sign-on, like a password or a PIN, or two-factor authentication.
3. Manage Them
Once you have a list, create a plan and policies that determines how these devices are going to be managed. If left unchecked with no rules or guidelines, people may misuse them and inadvertently cause data breaches that could’ve been avoided with a clear device management plan and device management technology.
The goal of device management technology is to protect your data on mobile devices. This reduces the risk of a mobile device being compromised, and can help secure your data, should it become compromised. Most mobile device management systems allow you to manage the users’ devices, establish a user policy, and wipe or reset the device in certain cases.
Whether it’s through apps, training, or just well-worded policies, you need to ensure your employees aren’t sharing confidential information about your business or your customers. Likewise, you should have a plan in place that preserves employee privacy and doesn’t leave your company liable to charges (that you’re using technology intrusively). You should also have a process around employee transitions, and what happens to the employee’s mobile device when they leave your organization. Does the phone get wiped, and does the employee know what to do with it when they leave? This goes hand-in-hand with mobile device management, and can benefit your organization in the long run (especially if an issue does occur).
It’s also important to understand the security and backup processes leveraged by any of your third-party providers. What are they doing to protect your data and what is their service level agreement and up-time guarantee? These and other questions around data security practices will help you identify the right vendor to put your confidence and trust in.
What do you currently do to protect your IoT devices in the cloud?