Security and the Internet of Things: what you need to know

The Internet of Things – objects and appliances with embedded sensors and chips capable of communicating online — will result in 50 billion devices being connected to the internet by 2020, according to Gartner. From fridges and bathroom scales, to fitness bands and home thermostats, the amount of ‘things’ connected to the internet is really taking off and it’s a very exciting time for everyone. However, for many enterprises and consumers, the excitement of this new realm of connectivity is clouding the fact that, with more devices connected to the network, there comes a new array of security implications.

For the enterprise, workers will use more devices to get their work done and they will expect the business to support these devices. Except that isn’t a vision of 2020. It’s an issue businesses are facing right now and is something that a surprising number of organisations are still shying away from. Businesses have to support more devices and more applications, whether they are hosted on premise or in the cloud, and ensuring that the right security is in place is a central part of this discussion.

If we look at what developments have been made for home products, and the hackings associated with them, it was proven recently that it only takes 15 seconds to hack smart thermostats. Addressing the trend of fitness trackers, FitBits have been hacked and other fitness trackers are equally as vulnerable. Also taking a look at the new wave of smart and connected televisions, there have been countless claims that these have vulnerabilities and, worryingly, hackers can take over the built-in microphones and cameras to take a look into consumers’ lives.

Network perimeters are collapsing, and IT now has to contend with a huge number of devices and applications that may well be beyond the traditional network perimeter. As more people, devices and applications get connected, businesses will need to be able to scale their architecture to meet the growing demand. All of this has to happen without spending any more money; companies are always looking to reduce total cost of ownership of their networking infrastructure. The ability to dynamically allocate resources quickly, safely and reliably is not easy to achieve, but is essential in such a fast-changing environment.

What’s needed from businesses is a change in attitude and the need to prioritise. Cost is often still a deciding factor in why organisations aren’t prioritising investing in security solutions, but it’s important to note that the market has moved on from the days where investing in security solutions always required a large upfront cost. DDoS, a denial-of-service attack, is an attempt to make a machine or network resource unavailable to its intended users. Solutions to prevent DDoS attacks can be expensive and often causes enterprises to put off implementation. But this doesn’t have to be the case as organisations can look at implementing a DDoS-as-a-Service solution, which will still provide the protection the organisation needs, but in a more cost-friendly way. These solutions combine on-premises DDoS protection capabilities with a high-capacity cloud service and can take advantage of programmable technologies and APIs for a customised performance.

But it’s not just the security from DDoS attacks that organisations need to be thinking about. They also need to be protecting themselves in other ways too. Encrypting data and understanding who is accessing data from what device and what authority they have to access the data are all equally important. There are a variety of attack vectors out there and it’s sensible to ensure that all bases are covered.

Once cost is addressed and organisations understand that this doesn’t require a complete overhaul of IT infrastructure, the discussion should look at the sheer amount of new devices that will be entering the workplace to evaluate the security implications they could bring. Fitness trackers are something that we’re definitely seeing more of in the workplace. This means that even more data is travelling across the networks in the workspace as a result of these devices, and there is a chance that this could give hackers the opportunity to strike.

This greater willingness to embrace the Internet of Things puts most businesses in a position where they need to prepare themselves adequately for the changing ways in which employees will use technology in years to come. You can take specific steps to deal with an influx of new connected devices making their way into your organisation. Here are a few thoughts on how to prepare:

Make sure that your applications are protected

No matter what devices are connecting to the network, if you protect data at the application level, you should be in good stead. When you encrypt information at the application level, you can protect sensitive data and control access in a more fine-grained way than is possible with almost any other form of encryption. Application-level encryption can also be policy-based and geared to specific data protection mandates such as PCI DSS (PCI Data Security Standard), making it suitable for enterprises.

Plan for an influx of devices and the impact it will have on capacity and bandwidth

This can be done by estimating how many connected devices will be coming into the workplace over the next year. It could be as many as double if we look at how fast wearable tech, for example, is growing. Once this is established, think about how much extra bandwidth this will require. If there are double the amounts of connected devices, then you will probably need even more than double the amount of bandwidth.

If staff will be using wearables for business purposes, prepare guidance on the applications and acceptable use

This can be done easily by explaining company regulations regarding connected devices and offering advice from a security standpoint. If you tell your staff that corporate sensitive data could be at risk, as well as their own personal data, if regulations aren’t followed, then they are more likely to follow the guidelines.

It’s crucial that your company maintains control over who has access to your network and data

Understanding who is accessing, where from, and on what device will allow this level of control. Once this has been established, it is easier to put necessary measures in place to protect against any outsiders accessing data who could be hackers.

Technology and processes can support businesses through the changing flow of data brought on by wearable technology, but businesses must also remember the people factor and should keep employees updated on new processes and company regulations. This will help make sure that employees and processes are aligned and that business data is accessed within company policy, regardless of the shift in end-user technology.