IoT
10/31/2016
06:35 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Microsoft Launches Security Program For Azure IoT

As part of the program, Microsoft has partnered with security auditors who will examine customers' IoT infrastructure, find problems, and provide guidance.

Microsoft has launched a new program for its Azure cloud platform to help business customers strengthen their security posture amid the rise of the Internet of Things.

Security and privacy concerns are top of mind for IT pros as the IoT continues to grow within the enterprise. Many struggle to verify the security of their IoT infrastructure and may delay product implementation as they establish best practices.

Microsoft's new Security Program for Azure IoT is a response to customer requests for increased security assurances as they assemble and deploy IoT products, the company says.

Microsoft has partnered with security auditors to evaluate customers' IoT infrastructure, detect security problems, and provide recommendations. Customers can choose an auditor to conduct examinations from the ground up, verifying devices, assets, gateways, and communication with the cloud.

Partners so far include Praetorian, Casaba Security, CyberX, and Tech Mahindra, but Microsoft plans to add more as the program continues to grow. It will also work with standards organizations including the Industrial Internet Consortium (IIC) to create industry protocols and best practices for security audits.

"In today's connected world, the perception of security risk alone, even if not realized, can still negatively impact consumer confidence necessary for new technologies to meet their full market potential," says Paul Jauregui, VP Marketing and IoT Business Lead at Praetorian. 

High-profile data breaches have increased consumer awareness of issues surrounding data security, Jauregui explains. Adoption of enterprise and consumer IoT may suffer until vendors can address their privacy concerns.

The massive DDoS attacks on Dyn on October 21, which were launched mainly via infected IoT devices, were a wakeup call for businesses. Most of the devices used in these attacks were surveillance cameras, indicating how seemingly benign objects can cause widespread problems.

Jauregui explains how for businesses, security is both an economic and technical challenge. IoT product teams struggle to balance risk with the pressures of quickly bringing products to market.

"Resources allocated towards security-related activities throughout product development, assessment, and maintenance will increase as viable IoT business models and value creation opportunities solidify across every industry," he says.

As businesses work to solve IoT security problems, Jauregui explains how the entire ecosystem must work together. Hardware manufacturers, product teams, developers, cloud providers, product teams, service providers, and consumers need to collaborate to ensure security "from chip to cloud," he notes. 

Praetorian, as a partner in the program, will review organizations' full IoT solutions while focusing on vulnerabilities. By helping them close security gaps, Praetorian and other partner companies will help Microsoft's business customers balance risk and time-to-market.

"Solving and managing IoT security is going to take a village," says Jauregui.

Related Content:

Kelly is an associate editor for InformationWeek. She most recently reported on financial tech for Insurance & Technology, before which she was a staff writer for InformationWeek and InformationWeek Education. When she's not catching up on the latest in tech, Kelly enjoys ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
reviewwriting
50%
50%
reviewwriting,
User Rank: Apprentice
11/1/2016 | 7:53:51 AM
Re: Pending Review
Security is very essential to prevent unauthorised attck.Security program for azure IoT launched by microsoft is a great thing. I would like to appreciate it.New invention can make great changes and people look for new changes also. 

 
LigaK068
50%
50%
LigaK068,
User Rank: Apprentice
10/31/2016 | 8:45:22 PM
this is for real
hi
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.