Security of the IoT in business

By Klaus Gheri, VP Network Security at Barracuda Networks.

  • Thursday, 23rd June 2016 Posted 8 years ago in by Phil Alsop

The Internet of Things has the ability to gather and leverage data on a larger scale than ever before, and this has created a vast number of opportunities for businesses. From delivery vehicles to ATMs, air conditioning systems to CCTV cameras, the scope for connecting devices in industry appears as big, if not bigger than, the comparable consumer opportunity. However, the business world faces a major barrier to adoption; in their current state, the tools that help businesses deploy and secure IoT devices are simply not fit for purpose. 

How secure are IoT devices? 
The sheer number of IoT devices, as well as the diversity of the use cases, makes it difficult to say exactly how secure or rather, how insecure the IoT really is. However, due to its rapid evolution, it has certainly become more and more difficult for businesses to stay up-to-date with the latest IoT security threats. Typically, when companies decide to create an IoT device, the focus is placed on functionality and remote control. This leaves a critical gap when it comes to security, for there are often vulnerabilities in the system’s design and architecture and makes it possible for hackers to easily get access to the device.

If hackers can work their way into a type of web console or login, which are often linked to IoT devices, then they could try a brute force attack to access the device controls. If the device was part of a critical infrastructure, such as electricity, gas or water networks, attackers could do some serious damage to expensive equipment or even harm citizens.

Issues and barriers in securing IoT
One of the main issues is the use of weak encryption, as well as the lack of authentication schemes, which leaves IoT devices vulnerable to data theft. The device systems might also be ‘closed’, meaning they are hard to remotely maintain and update. This is a key consideration when it comes to the IoT, because once organisations have a large number of devices, it becomes very difficult from an operational standpoint to get physical access to each device to fix any flaws. 

Another key barrier to securing the IoT is that there’s simply not a ‘one size fits all’ solution. One end of the spectrum covers tiny equipment, such as wearables and intelligent lightbulbs, whilst the other covers big machine equipment. Depending on what the IoT device is, there will be a different approach that is economically viable. The challenge is finding the right security for each use case, and that’s why companies either have nothing securing their IoT network, or have something that is not designed specifically for that purpose. 

When the size of the IoT network goes into the hundreds or thousands, deploying both the device and a security solution for it becomes a logistical challenge. Before designing an IoT network, organisations must understand how to deploy the right equipment, manage the lifecycle of the device and implement sufficient security policies. 

Tools to roll-out and secure large-scale IoT deployments
Many of the current security solutions available today are so expensive that it is simply not feasible to implement them. In the search for an affordable solution, many organisations attempt to run an application that encrypts the data. In this case, there is no protection against malicious activity such as a DDoS (Distributed Denial of Service) attack. These solutions simply aren’t built to protect IoT devices on a large scale.

 
Any tool designed to provide secure, scalable connectivity for the IoT has to be relatively small, inexpensive, lightweight and mountable. It also needs to be easy to ship in large numbers and easy enough to implement and manage so that organisations don’t need to hire a whole new team of security or IT specialists. More importantly, as IoT deployment scales, businesses need something that’s purpose-built.