Essential Guide

IT security tutorial: Channel partner tips for new tech

A comprehensive collection of articles, videos and more, hand-picked by our editors
Get started Bring yourself up to speed with our introductory content.

IoT tutorial: Mitigating security risks in connected environments

In this IoT tutorial, we examine the key security vulnerabilities that your clients face in connected environments and offer strategies to mitigate the risks.

With the rise of technologies such as software-defined networking, hyper-converged infrastructure and the Internet of Things, customers are facing new security vulnerabilities as the attack surface of their IT environment shifts in dramatic ways.

To help channel partners address these issues, we conducted interviews with several key industry executives who discussed how these technologies are changing the security landscape, identified important security weaknesses and shared tips on how to strengthen a customer's security posture.

In this IT security tutorial, we examine Internet of Things (IoT), an environment in which objects -- a vehicle with built-in sensors, for example -- have network connectivity and can communicate and exchange data with Internet-enabled devices and systems.

IoT tutorial: Key vulnerabilities of connected environments

The number of endpoints: By networking objects such as cars, buildings, factory facilities, homes, refrigerators, among others, a corresponding expansion in the number of endpoints that are vulnerable to data intrusion occurs, requiring a security posture that monitors more objects, devices and data across the network.

According to Jerome Buvat, Capgemini Consulting's expert in digital transformation and strategy, vulnerabilities for IoT or connected devices can come from multiple sources, such as the end-point device itself, the communication channel or the remote updates being deployed on the end-point devices.

Object/system design: Most objects or systems that are now connected to the Internet were not designed to be secured in a connected environment, Buvat said. For instance, in the case of cars, the on-board systems were designed to be wired and were reasonably secure to that purpose or use. However, as cars are being increasingly connected through wireless plug-in devices -- which may not even require authentication -- devices become vulnerable to cyberthreats.

Vulnerabilities for IoT or connected devices can come from multiple sources, such as the end-point device itself, the communication channel or the remote updates being deployed on the end-point devices

Lack of standards: There are few standards that govern how to securely connect objects that have network connectivity to a company's enterprise, said Mark Jacobsohn, senior vice president at Booz Allen Hamilton, who oversees the firm's investment in the Internet of Things.

Connections to mobile devices: Rob Chee, principal security architect at Force 3, a network security company based in Crofton, Md., said many objects connected to the network are monitored and managed using apps on mobile devices. Having mobile devices connected to IoT creates a further expansion of the attack surface. Companies will have to examine how mobile devices plug into IoT and consider security around the apps they use to control objects and the data that's collected from IoT sensors.

IoT tutorial: Mitigation strategies

Chee's recommendations include:

  • Implement a mobile device management (MDM) program that consists of policies to oversee who has access to corporate mobile devices as well as guidelines that specify how the devices are secured, tracked and managed. By implementing MDM, companies can restrict the potential attack vector associated with the new IoT data coming in and ensure that attacks are not introduced into the network.
  • Employees at customer sites should be trained on how to use devices that have access to a company's corporate network. Employees should know what apps to use and what they can and cannot download on their devices.
  • Implement a mobile application management (MAM) program that allows companies to enforce security for IoT data at the application level. Many mobile apps that monitor and manage the IoT can act as another attack path to the network. MAM can restrict what mobile applications that manage IoT data can do on a mobile device. For example, MAM software can stop data from being transferred from one device to another. By using MAM tools, not only can companies better manage their IoT information by implementing restrictions on what that application can do, but they also encrypt the IoT data leaving the device and protect data received by that application.

Jacobsohn recommended:

  • Deploy behavior-based analytics technology to detect unusual patterns of data access.
  • Use radio-frequency identification tags to remotely track individuals as they use their devices. This will provide a better understanding of an individual's location when they access data and can help detect lost or stolen devices. With the use of tools to prevent data theft, security administrators can remotely erase data from the device.

This IoT tutorial is part of an IT security tutorial on emerging technologies. The tutorial also examines SDN technology and hyper-converged infrastructure.

Next Steps

Plan your IoT roadmap to reap future profits.

Find out about important channel trends shaping 2016.

Learn about IoT security issues in healthcare.

Explore Information Security magazine's special edition on IoT security.

This was last published in January 2016

PRO+

Content

Find more PRO+ content and other member only offers, here.

Essential Guide

IT security tutorial: Channel partner tips for new tech

Join the conversation

4 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What are the top challenges for securing IoT environments?
Cancel
There are several key challenges to securing IoT, and the article does a pretty good job of listing the major ones. Perhaps the biggest is the lack of a single industry standard for IoT security. It’s kind of like the VHS vs. BetaMax standards for VCRs. Competing standards leave some pretty big gaps for IoT security to adequately address and cover.
Cancel
That definitely hits the key points of IoT security, which are all the more important in a connected environment because one weak link in the IoT security chain can really cause a problem.
Cancel
I want information about securing the Internet of Things.
Cancel

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close