Securing and managing the enterprise Internet of Things
A future where the Internet of Things spreads exponentially is almost certain. Seemingly everybody wants these devices: consumers for the helpful features and manufacturers for the ability to collect data about the product and consumers’ use of it.
Paul Calatayud, Palo Alto Networks’ CSO for the Americas, sees the IoT evolving into a new form of distributed computing powered by 5G and ever-increasing bandwidth speeds. The result will be intelligent, programmable devices that operate without human interaction or input.
“Any product in your home that has a dial, button, or screen will be connected – including locks, refrigerators, stoves, and so on. Everything from cars, pets and even ourselves will be connected,” he predicts.
“Today, we check our vitals once a year, and doctors make decisions based on very little data. If your body had sensors monitoring your vitals, that data could be analyzed by artificial intelligence systems and provide medically relevant information to proactively better your health. One day, you may get a text message saying there could be a health issue if you don’t come into the clinic.”
Vast amounts of data
The amount of untapped data all around us is immense, and the potential benefits of collecting and analyzing it are limitless, he feels.
But the security issues associated with these advancements are going to drastically change how we trust this new connected world.
“As a society, we are quick to embrace innovation, but we are also quickly learning that data, privacy, and technology have to be kept in check. Self-driving cars are a fantastic technology, but what will determine their sustained use will not be innovation, but rather how much we trust it,” he says.
“Security will soon become critical for sustainable innovation and, as the IoT space grows, more critical to consumer trust than ever before.”
Preventing IoT devices from becoming a point of entry
We’re still relatively far from the point at which IoT devices become the standard, but the dangers associated with their current use in the enterprise environment are real and pressing.
Adversaries are going after connected devices that are not being looked at or managed the same way traditional IT assets are. They are trying to take advantage of these devices and turn them into permanent, difficult-to-spot entry points into corporate networks.
“The real danger for large enterprises is that these devices go undetected and unmanaged from a cyber vulnerability point of view. The vendors of these IoT devices are not actively managing the threats, and even if a vulnerability is announced and a patch provided, most users don’t know what to do with this information,” says Calatayud.
“CISOs should be most concerned with how these devices interconnect and communicate within their networks. The first step towards minimizing risk is to segment networks to reduce their exposure to the bad guys. I advocate for smart segmentation, i.e., do it in such a way you can observe their activity and behavior. This is often best achieved by using firewalls, so that the communications can be monitored and analyzed.”
In the long run, better awareness and management is key to improve the security of IoT devices in the enterprise. “Companies should select vendors that care about security to ensure the lifecycle of exploits and patches can be closed, similar to how PCs and Macs are managed,” he adds.