Securing the Internet of Things: Best Practices for the Enterprise
By Phil Skipper, Head of Business Development, Vodafone Internet of Things
Businesses across every industry–from healthcare, to manufacturing, to automotive, to retail – are adopting powerful Internet of Things (IoT) technologies to gain better data insights from physical devices and make real-time decisions that help save costs, improve efficiency and enhance safety.
Yet, with the adoption of any new technology comes the potential risk of third-party hacking and security breaches. It’s this reason that has put IoT security top of mind for businesses today –according to Vodafone’s 2016 IoT Barometer, 30 percent of businesses surveyed are either changing or restricting the scope of their IoT projects in an attempt tolessen security risk.
While businesses are right to be cautious, there are many ways to minimize the potential security risks associated with IoT, so businesses can use the technology to its full potential. Here are the best practices to consider when developing, deploying and managing IoT applications.
Not all IoT deployments are created equal
Given news reports about wide-scale IoT security breaches, business leaders are understandably concerned about how the technology might impact their organization. In fact, over half of leaders surveyed for Vodafone’s IoT Barometer are now more concerned about IoT security than they have been in the past. However, businesses should rest assured that enterprise-level IoT applications are configured specifically with security protocols in mind. Recent IoT security breach reports mainly concern consumer products–like baby monitors and door locks–that often operate on unmanaged, unsecured public internet connections. These products are in an entirely different class than enterprise-grade devices and services. Businesses should work with IoT providers who will manage IoT deployments closely, so they can move forward with confidence.
"Businesses should ensure all technologies that interact with their IoT solutions, are up to date on security compliance"
IoT security cannot be treated with a “set and forget” mentality
When enterprises deploy IoT solutions, it’s not enough to just set security measures and assume company data will remain secure. New security risks are constantly on the horizon, and companies must regularly review and update their security policies and protocols in order to stay ahead of potential threats. Businesses should ensure all technologies that interact with their IoT solutions, such as data centers, offices, shared services centers and individual devices, are also up to date on security compliance.
Pre-deployment testing is critical
Before enterprises can deploy IoT-enabled technology, they should put connected devices and services through rigorous, repeatable tests to identify any potential security issues. These tests should occur on a sandboxed network, to ensure the new IoT technology is isolated from other technologies that are already in use. Testing IoT systems prior to deployment will ensure they behave as expected, and will interact with centralized systems in an optimized way, helping to minimize failure when they are put into the field.
Devices should operate on a ‘minimal trust model’
Once IoT solutions are deployed, businesses should implement a “minimal trust model” – meaning no individual IoT device should have unrestricted access to the company’s full IoT environment. Each device should be assigned a private IP address that is not discoverable from the public internet, which will help prevent outside hackers from accessing the device. In the event a hacker does breach a device, a minimal trust model will ensure that access to one device does not provide a gateway into an entire network.
Enterprises should seek a single service provider
IoT data often originates with devices that live at the edge of the IoT ecosystem–such as connected cameras or cars. That data has a long journey to a data center, and if a security breach happens during any part of the journey, a company’s data could be at risk. To protect valuable assets, enterprises should seek to work with a single network provider that can secure data as it moves from device SIMs, through wireless and core networks, to data centers. Companies will also benefit from working with a provider that can offer hosting and private cloud environments for their applications, to ensure data never leaves the provider’s protection. A complete solution will give the network provider a holistic, end-to-end view of the potential risks that may face data at any stage.
Security breaches are an unfortunate reality in our modern IT landscape. While there is no guarantee of total data protection when it comes to IoT or any other network technology, businesses can work with technology providers to implement precautions that will protect valuable data, their business operations and their customers.