IoT
10/31/2016
06:35 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Microsoft Launches Security Program For Azure IoT

As part of the program, Microsoft has partnered with security auditors who will examine customers' IoT infrastructure, find problems, and provide guidance.

Microsoft has launched a new program for its Azure cloud platform to help business customers strengthen their security posture amid the rise of the Internet of Things.

Security and privacy concerns are top of mind for IT pros as the IoT continues to grow within the enterprise. Many struggle to verify the security of their IoT infrastructure and may delay product implementation as they establish best practices.

Microsoft's new Security Program for Azure IoT is a response to customer requests for increased security assurances as they assemble and deploy IoT products, the company says.

Microsoft has partnered with security auditors to evaluate customers' IoT infrastructure, detect security problems, and provide recommendations. Customers can choose an auditor to conduct examinations from the ground up, verifying devices, assets, gateways, and communication with the cloud.

Partners so far include Praetorian, Casaba Security, CyberX, and Tech Mahindra, but Microsoft plans to add more as the program continues to grow. It will also work with standards organizations including the Industrial Internet Consortium (IIC) to create industry protocols and best practices for security audits.

"In today's connected world, the perception of security risk alone, even if not realized, can still negatively impact consumer confidence necessary for new technologies to meet their full market potential," says Paul Jauregui, VP Marketing and IoT Business Lead at Praetorian. 

High-profile data breaches have increased consumer awareness of issues surrounding data security, Jauregui explains. Adoption of enterprise and consumer IoT may suffer until vendors can address their privacy concerns.

The massive DDoS attacks on Dyn on October 21, which were launched mainly via infected IoT devices, were a wakeup call for businesses. Most of the devices used in these attacks were surveillance cameras, indicating how seemingly benign objects can cause widespread problems.

Jauregui explains how for businesses, security is both an economic and technical challenge. IoT product teams struggle to balance risk with the pressures of quickly bringing products to market.

"Resources allocated towards security-related activities throughout product development, assessment, and maintenance will increase as viable IoT business models and value creation opportunities solidify across every industry," he says.

As businesses work to solve IoT security problems, Jauregui explains how the entire ecosystem must work together. Hardware manufacturers, product teams, developers, cloud providers, product teams, service providers, and consumers need to collaborate to ensure security "from chip to cloud," he notes. 

Praetorian, as a partner in the program, will review organizations' full IoT solutions while focusing on vulnerabilities. By helping them close security gaps, Praetorian and other partner companies will help Microsoft's business customers balance risk and time-to-market.

"Solving and managing IoT security is going to take a village," says Jauregui.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
reviewwriting
50%
50%
reviewwriting,
User Rank: Apprentice
11/1/2016 | 7:53:51 AM
Re: Pending Review
Security is very essential to prevent unauthorised attck.Security program for azure IoT launched by microsoft is a great thing. I would like to appreciate it.New invention can make great changes and people look for new changes also. 

 
LigaK068
50%
50%
LigaK068,
User Rank: Apprentice
10/31/2016 | 8:45:22 PM
this is for real
hi
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
New Mirai Version Targets Business IoT Devices
Dark Reading Staff 3/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Reading Schneier's Friday Squid Blog again?
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.