IoT
10/31/2016
06:35 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Microsoft Launches Security Program For Azure IoT

As part of the program, Microsoft has partnered with security auditors who will examine customers' IoT infrastructure, find problems, and provide guidance.

Microsoft has launched a new program for its Azure cloud platform to help business customers strengthen their security posture amid the rise of the Internet of Things.

Security and privacy concerns are top of mind for IT pros as the IoT continues to grow within the enterprise. Many struggle to verify the security of their IoT infrastructure and may delay product implementation as they establish best practices.

Microsoft's new Security Program for Azure IoT is a response to customer requests for increased security assurances as they assemble and deploy IoT products, the company says.

Microsoft has partnered with security auditors to evaluate customers' IoT infrastructure, detect security problems, and provide recommendations. Customers can choose an auditor to conduct examinations from the ground up, verifying devices, assets, gateways, and communication with the cloud.

Partners so far include Praetorian, Casaba Security, CyberX, and Tech Mahindra, but Microsoft plans to add more as the program continues to grow. It will also work with standards organizations including the Industrial Internet Consortium (IIC) to create industry protocols and best practices for security audits.

"In today's connected world, the perception of security risk alone, even if not realized, can still negatively impact consumer confidence necessary for new technologies to meet their full market potential," says Paul Jauregui, VP Marketing and IoT Business Lead at Praetorian. 

High-profile data breaches have increased consumer awareness of issues surrounding data security, Jauregui explains. Adoption of enterprise and consumer IoT may suffer until vendors can address their privacy concerns.

The massive DDoS attacks on Dyn on October 21, which were launched mainly via infected IoT devices, were a wakeup call for businesses. Most of the devices used in these attacks were surveillance cameras, indicating how seemingly benign objects can cause widespread problems.

Jauregui explains how for businesses, security is both an economic and technical challenge. IoT product teams struggle to balance risk with the pressures of quickly bringing products to market.

"Resources allocated towards security-related activities throughout product development, assessment, and maintenance will increase as viable IoT business models and value creation opportunities solidify across every industry," he says.

As businesses work to solve IoT security problems, Jauregui explains how the entire ecosystem must work together. Hardware manufacturers, product teams, developers, cloud providers, product teams, service providers, and consumers need to collaborate to ensure security "from chip to cloud," he notes. 

Praetorian, as a partner in the program, will review organizations' full IoT solutions while focusing on vulnerabilities. By helping them close security gaps, Praetorian and other partner companies will help Microsoft's business customers balance risk and time-to-market.

"Solving and managing IoT security is going to take a village," says Jauregui.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
reviewwriting
50%
50%
reviewwriting,
User Rank: Apprentice
11/1/2016 | 7:53:51 AM
Re: Pending Review
Security is very essential to prevent unauthorised attck.Security program for azure IoT launched by microsoft is a great thing. I would like to appreciate it.New invention can make great changes and people look for new changes also. 

 
LigaK068
50%
50%
LigaK068,
User Rank: Apprentice
10/31/2016 | 8:45:22 PM
this is for real
hi
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer,  6/14/2018
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften Technologies,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-0363
PUBLISHED: 2018-06-21
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulne...
CVE-2018-0364
PUBLISHED: 2018-06-21
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSR...
CVE-2018-0365
PUBLISHED: 2018-06-21
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protecti...
CVE-2018-0371
PUBLISHED: 2018-06-21
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a craf...
CVE-2018-0373
PUBLISHED: 2018-06-21
A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to improper ...