IoT
10/31/2016
06:35 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Microsoft Launches Security Program For Azure IoT

As part of the program, Microsoft has partnered with security auditors who will examine customers' IoT infrastructure, find problems, and provide guidance.

Microsoft has launched a new program for its Azure cloud platform to help business customers strengthen their security posture amid the rise of the Internet of Things.

Security and privacy concerns are top of mind for IT pros as the IoT continues to grow within the enterprise. Many struggle to verify the security of their IoT infrastructure and may delay product implementation as they establish best practices.

Microsoft's new Security Program for Azure IoT is a response to customer requests for increased security assurances as they assemble and deploy IoT products, the company says.

Microsoft has partnered with security auditors to evaluate customers' IoT infrastructure, detect security problems, and provide recommendations. Customers can choose an auditor to conduct examinations from the ground up, verifying devices, assets, gateways, and communication with the cloud.

Partners so far include Praetorian, Casaba Security, CyberX, and Tech Mahindra, but Microsoft plans to add more as the program continues to grow. It will also work with standards organizations including the Industrial Internet Consortium (IIC) to create industry protocols and best practices for security audits.

"In today's connected world, the perception of security risk alone, even if not realized, can still negatively impact consumer confidence necessary for new technologies to meet their full market potential," says Paul Jauregui, VP Marketing and IoT Business Lead at Praetorian. 

High-profile data breaches have increased consumer awareness of issues surrounding data security, Jauregui explains. Adoption of enterprise and consumer IoT may suffer until vendors can address their privacy concerns.

The massive DDoS attacks on Dyn on October 21, which were launched mainly via infected IoT devices, were a wakeup call for businesses. Most of the devices used in these attacks were surveillance cameras, indicating how seemingly benign objects can cause widespread problems.

Jauregui explains how for businesses, security is both an economic and technical challenge. IoT product teams struggle to balance risk with the pressures of quickly bringing products to market.

"Resources allocated towards security-related activities throughout product development, assessment, and maintenance will increase as viable IoT business models and value creation opportunities solidify across every industry," he says.

As businesses work to solve IoT security problems, Jauregui explains how the entire ecosystem must work together. Hardware manufacturers, product teams, developers, cloud providers, product teams, service providers, and consumers need to collaborate to ensure security "from chip to cloud," he notes. 

Praetorian, as a partner in the program, will review organizations' full IoT solutions while focusing on vulnerabilities. By helping them close security gaps, Praetorian and other partner companies will help Microsoft's business customers balance risk and time-to-market.

"Solving and managing IoT security is going to take a village," says Jauregui.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
reviewwriting
50%
50%
reviewwriting,
User Rank: Apprentice
11/1/2016 | 7:53:51 AM
Re: Pending Review
Security is very essential to prevent unauthorised attck.Security program for azure IoT launched by microsoft is a great thing. I would like to appreciate it.New invention can make great changes and people look for new changes also. 

 
LigaK068
50%
50%
LigaK068,
User Rank: Apprentice
10/31/2016 | 8:45:22 PM
this is for real
hi
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6443
PUBLISHED: 2019-01-16
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.
CVE-2019-6444
PUBLISHED: 2019-01-16
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.
CVE-2019-6445
PUBLISHED: 2019-01-16
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.
CVE-2019-6446
PUBLISHED: 2019-01-16
An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call.
CVE-2019-6442
PUBLISHED: 2019-01-16
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.