Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

02:30 PM
Bill Kleyman
Bill Kleyman
Connect Directly
E-Mail vvv

Deconstructing the Possibilities and Realities of Enterprise IoT Security

Organizations are rushing to leverage Internet of Things solutions but struggle to design the information technology architectures that will lock down the data these devices create.

When we think of the Internet of Things, most people usually fall back to the kinds of devices they're familiar with, such as a Nest thermostat or a Philips Hue smart light. However, today IoT components are finding their way, at lightning speed, into places such as healthcare, the enterprise, and certainly the data center.

Let me give you a specific example. Raritan recently came out with a line of "smart racks" that take environmental monitoring to the next level. These data center–ready IoT technologies are tested to withstand billions of hours of runtime in the world's most data-intensive environments. One of those IoT components are environmental sensors located throughout the rack. From there, they help isolate hot spots, optimize cooling, prevent downtime, and even maintain security through integration with smart locks. Furthermore, these IoT devices gather data, which then feeds into a data center infrastructure management platform, allowing data center and business leaders to make better decisions.

At UPS, IoT sensors help protect the environment by monitoring delivery truck mileage, speed, and overall engine health. Coupled with big data solutions, UPS is also able to effectively monitor packages and optimize entire routes. And, fairly recently, Microsoft and Rolls-Royce collaborated on advanced operational intelligence to airlines. This is similar to what GE is doing with its jet engines. The benefit? Ground crew technicians can identify wear and tear on specific components before the airplane even lands. From there, they can have repair and parts teams ready to cut maintenance windows down dramatically.

[Hear Bill Kleyman speak about The 6 Core Components of IoT -- And How to Secure It All at Interop ITX on May 2 in Las Vegas. Register with Promo Code DR200 and save $200.]

By the numbers, according to IDC, the IoT market is showing absolutely no signs of slowing down, with an expected size of $1.4 trillion in 2021. However, when it comes to enterprise adoption of IoT devices, there are concerns. How do you design the right IoT use case? Can it mesh with your existing network and data center systems? Most of all, what about security: How do you process and protect data such as personal identifiable information or personal healthcare information? Organizations want to leverage IoT solutions but are struggling to understand how to design the right architectures and, most importantly, how to leverage and quantify the data that these devices create.

IoT Meet Edge Computing
There is no doubt that data center and business leaders are actively investing in IoT solutions. In the latest AFCOM (Association for Computer Operations Management) State of the Data Center Industry study, a report I helped co-author, we found that 81% of respondents view the primary purpose for expanding edge compute capacity is to support and enable IoT; four in 10 respondents already have either deployed or plan to deploy edge computing. Why this is important is because the goal of edge computing is to process data and services as close to the end user or source as possible. IoT pretty much fits this use case exactly.

In the modern enterprise organization, it's critical for leaders and IT professionals to both conceptualize IoT components and how they can apply these concepts to their own organization. This is an architectural and business exploratory process to really understand where connected devices can bring value to the business. Whether it's connected trucks or enhanced engines, your approach to connecting a part of your organization into the digital realm will be unique.

A lot of times, enterprises think that a connecting device has to be something new. However, in many situations, we're digitally transforming analog systems. For example, by fitting their massive cranes with IoT sensors, a construction company would be able find faults in seconds rather than troubleshooting for hours. To that extent, which analog systems do you have in your IT infrastructure that could be digitized? Where are the data points that you'd like to gather or learn more about? For many organizations, these are potentially big benefits and all part of the IoT revolution. But to really understand the possibilities of enterprise IoT, you will need to take a multifaceted approach:

  • Evolution of the edge. It's critical to understand that edge solutions help deliver and process data much close to the user. And, when it comes to IoT, edge is a major enabler.
  • IoT security based on context. IoT security is never linear. The best security models will always take a contextual approach to device access and interrogation.
  • The "smart" data center. Your data center is becoming much smarter. From bots to intelligent racks, these are all IoT devices that need security and efficiency.
  • Hacking as an economy. The bad guys have made an industry out of hacking and have economized the process. It's critical to know how much your data is worth on the Dark Web and why considerations around IoT are key to good security best practices.
  • Key factors in designing and IoT security strategy. Combining edge, the components of IoT, business use cases, and a good overall security strategy are the keys to designing a secure IoT architecture. Beyond that, ensuring data security will be a top priority.

Not only must we continue to educate around IoT, it will be up to the leaders and innovators to find good use cases and proper designs.

Related Content:


  Bill Kleyman brings more than 15 years of experience to his role as Executive Vice President of Digital Solutions at Switch. Using the latest innovations, such as AI, machine learning, data center design, DevOps, cloud and advanced technologies, he delivers solutions ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
4/26/2018 | 1:34:23 PM
Re: Practical Security for IOT
Hey Jim - First of all, thank you for reading and commenting. Securing home IoT devies is actually not so bad. There are some good tips when it comes to making sure your home devices work. Here are a few thoughts:

1. Create a seperate network ONLY for IoT devices.

2. Only allow devices to join your network via known MAC addresses. This will prevent any unwanted devices from trying to get in. In fact, on your seperate network, you can restrict any device joining it unless you specifically entered in the MAC address yourself.

3. If you have a hub at home - like a Wink, for example - make sure that it remains up-to-date.

4. Keeping your devices firmware and software updated is key. It's not always easy, we have a lot of devices at home. However, look at your apps regularly to see if there are updates. 

5. Newer routers have some really cool 'fencing' solutions which prevent people from parking outside your house and spoofing your WiFi - look for networking gear which can provide a bit more security like that.

6. Passwords upkeep is important. Again, if you're connecting through a centralized hub - changing your password every now and again is a good idea. 

7. If you've got things like sensors, actuators, or something else that collects and then delivers data to a centralized aggregation engine - make sure that VM, server, or machine is locked down as well. Virtualization is a great way to centralize your VMs and ensure networks and data remain secure.

8. If you're working with a hub or some kind of centralized IoT platform, restrict access, ensure complex passwords, and make sure to check for updates regularly.

Of course, there are even more tips out there depending on the kind of devices you're using. But this is a good start.
[email protected],
User Rank: Apprentice
4/26/2018 | 12:31:48 PM
Practical Security for IOT
As a homeowner with IOT and even more so as a security professional whose company has a lot of IOT, I am very concerned about security.  But I have yet to read an article that provides concrete suggestions other than to separate IOT devices from other devices (which ones? how?) and to change passwords (how?) and to block unused ports/services (how?) and keep software updated (big-time how?).  

I am not trying to be smart or critical and I realize this would be different for most devices.  But front line people (and that includes consumers) need a way to get actionable information, not just generic suggestions.  

Let me know if I can be part of the solution.  I'll be happy to do something, if someone can point me in the right direction.  


Jim ANderson
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-04-07
Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to .
PUBLISHED: 2020-04-06
An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.
PUBLISHED: 2020-04-06
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server.
PUBLISHED: 2020-04-06
An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only.
PUBLISHED: 2020-04-06
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name.