Vulnerabilities / Threats

4/24/2018
02:30 PM
Bill Kleyman
Bill Kleyman
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
100%
0%

Deconstructing the Possibilities and Realities of Enterprise IoT Security

Organizations are rushing to leverage Internet of Things solutions but struggle to design the information technology architectures that will lock down the data these devices create.

When we think of the Internet of Things, most people usually fall back to the kinds of devices they're familiar with, such as a Nest thermostat or a Philips Hue smart light. However, today IoT components are finding their way, at lightning speed, into places such as healthcare, the enterprise, and certainly the data center.

Let me give you a specific example. Raritan recently came out with a line of "smart racks" that take environmental monitoring to the next level. These data center–ready IoT technologies are tested to withstand billions of hours of runtime in the world's most data-intensive environments. One of those IoT components are environmental sensors located throughout the rack. From there, they help isolate hot spots, optimize cooling, prevent downtime, and even maintain security through integration with smart locks. Furthermore, these IoT devices gather data, which then feeds into a data center infrastructure management platform, allowing data center and business leaders to make better decisions.

At UPS, IoT sensors help protect the environment by monitoring delivery truck mileage, speed, and overall engine health. Coupled with big data solutions, UPS is also able to effectively monitor packages and optimize entire routes. And, fairly recently, Microsoft and Rolls-Royce collaborated on advanced operational intelligence to airlines. This is similar to what GE is doing with its jet engines. The benefit? Ground crew technicians can identify wear and tear on specific components before the airplane even lands. From there, they can have repair and parts teams ready to cut maintenance windows down dramatically.

[Hear Bill Kleyman speak about The 6 Core Components of IoT -- And How to Secure It All at Interop ITX on May 2 in Las Vegas. Register with Promo Code DR200 and save $200.]

By the numbers, according to IDC, the IoT market is showing absolutely no signs of slowing down, with an expected size of $1.4 trillion in 2021. However, when it comes to enterprise adoption of IoT devices, there are concerns. How do you design the right IoT use case? Can it mesh with your existing network and data center systems? Most of all, what about security: How do you process and protect data such as personal identifiable information or personal healthcare information? Organizations want to leverage IoT solutions but are struggling to understand how to design the right architectures and, most importantly, how to leverage and quantify the data that these devices create.

IoT Meet Edge Computing
There is no doubt that data center and business leaders are actively investing in IoT solutions. In the latest AFCOM (Association for Computer Operations Management) State of the Data Center Industry study, a report I helped co-author, we found that 81% of respondents view the primary purpose for expanding edge compute capacity is to support and enable IoT; four in 10 respondents already have either deployed or plan to deploy edge computing. Why this is important is because the goal of edge computing is to process data and services as close to the end user or source as possible. IoT pretty much fits this use case exactly.

In the modern enterprise organization, it's critical for leaders and IT professionals to both conceptualize IoT components and how they can apply these concepts to their own organization. This is an architectural and business exploratory process to really understand where connected devices can bring value to the business. Whether it's connected trucks or enhanced engines, your approach to connecting a part of your organization into the digital realm will be unique.

A lot of times, enterprises think that a connecting device has to be something new. However, in many situations, we're digitally transforming analog systems. For example, by fitting their massive cranes with IoT sensors, a construction company would be able find faults in seconds rather than troubleshooting for hours. To that extent, which analog systems do you have in your IT infrastructure that could be digitized? Where are the data points that you'd like to gather or learn more about? For many organizations, these are potentially big benefits and all part of the IoT revolution. But to really understand the possibilities of enterprise IoT, you will need to take a multifaceted approach:

  • Evolution of the edge. It's critical to understand that edge solutions help deliver and process data much close to the user. And, when it comes to IoT, edge is a major enabler.
  • IoT security based on context. IoT security is never linear. The best security models will always take a contextual approach to device access and interrogation.
  • The "smart" data center. Your data center is becoming much smarter. From bots to intelligent racks, these are all IoT devices that need security and efficiency.
  • Hacking as an economy. The bad guys have made an industry out of hacking and have economized the process. It's critical to know how much your data is worth on the Dark Web and why considerations around IoT are key to good security best practices.
  • Key factors in designing and IoT security strategy. Combining edge, the components of IoT, business use cases, and a good overall security strategy are the keys to designing a secure IoT architecture. Beyond that, ensuring data security will be a top priority.

Not only must we continue to educate around IoT, it will be up to the leaders and innovators to find good use cases and proper designs.

Related Content:

 

Bill is an enthusiastic technologist with experience in a variety of industries. This includes data center, cloud, virtualization, security, AI, mobility, edge solutions, and much more. His architecture work includes large virtualization and cloud deployments as well as ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
QuadStack
50%
50%
QuadStack,
User Rank: Author
4/26/2018 | 1:34:23 PM
Re: Practical Security for IOT
Hey Jim - First of all, thank you for reading and commenting. Securing home IoT devies is actually not so bad. There are some good tips when it comes to making sure your home devices work. Here are a few thoughts:

1. Create a seperate network ONLY for IoT devices.

2. Only allow devices to join your network via known MAC addresses. This will prevent any unwanted devices from trying to get in. In fact, on your seperate network, you can restrict any device joining it unless you specifically entered in the MAC address yourself.

3. If you have a hub at home - like a Wink, for example - make sure that it remains up-to-date.

4. Keeping your devices firmware and software updated is key. It's not always easy, we have a lot of devices at home. However, look at your apps regularly to see if there are updates. 

5. Newer routers have some really cool 'fencing' solutions which prevent people from parking outside your house and spoofing your WiFi - look for networking gear which can provide a bit more security like that.

6. Passwords upkeep is important. Again, if you're connecting through a centralized hub - changing your password every now and again is a good idea. 

7. If you've got things like sensors, actuators, or something else that collects and then delivers data to a centralized aggregation engine - make sure that VM, server, or machine is locked down as well. Virtualization is a great way to centralize your VMs and ensure networks and data remain secure.

8. If you're working with a hub or some kind of centralized IoT platform, restrict access, ensure complex passwords, and make sure to check for updates regularly.

Of course, there are even more tips out there depending on the kind of devices you're using. But this is a good start.
jla56@sbcglobal.net
50%
50%
[email protected],
User Rank: Apprentice
4/26/2018 | 12:31:48 PM
Practical Security for IOT
As a homeowner with IOT and even more so as a security professional whose company has a lot of IOT, I am very concerned about security.  But I have yet to read an article that provides concrete suggestions other than to separate IOT devices from other devices (which ones? how?) and to change passwords (how?) and to block unused ports/services (how?) and keep software updated (big-time how?).  

I am not trying to be smart or critical and I realize this would be different for most devices.  But front line people (and that includes consumers) need a way to get actionable information, not just generic suggestions.  

Let me know if I can be part of the solution.  I'll be happy to do something, if someone can point me in the right direction.  

Regards,

Jim ANderson
New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff 11/16/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19406
PUBLISHED: 2018-11-21
kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.
CVE-2018-19407
PUBLISHED: 2018-11-21
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
CVE-2018-19404
PUBLISHED: 2018-11-21
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= ...
CVE-2018-19387
PUBLISHED: 2018-11-20
format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure.
CVE-2018-19388
PUBLISHED: 2018-11-20
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue.