Vulnerabilities / Threats

02:30 PM
Bill Kleyman
Bill Kleyman
Connect Directly
E-Mail vvv

Deconstructing the Possibilities and Realities of Enterprise IoT Security

Organizations are rushing to leverage Internet of Things solutions but struggle to design the information technology architectures that will lock down the data these devices create.

When we think of the Internet of Things, most people usually fall back to the kinds of devices they're familiar with, such as a Nest thermostat or a Philips Hue smart light. However, today IoT components are finding their way, at lightning speed, into places such as healthcare, the enterprise, and certainly the data center.

Let me give you a specific example. Raritan recently came out with a line of "smart racks" that take environmental monitoring to the next level. These data center–ready IoT technologies are tested to withstand billions of hours of runtime in the world's most data-intensive environments. One of those IoT components are environmental sensors located throughout the rack. From there, they help isolate hot spots, optimize cooling, prevent downtime, and even maintain security through integration with smart locks. Furthermore, these IoT devices gather data, which then feeds into a data center infrastructure management platform, allowing data center and business leaders to make better decisions.

At UPS, IoT sensors help protect the environment by monitoring delivery truck mileage, speed, and overall engine health. Coupled with big data solutions, UPS is also able to effectively monitor packages and optimize entire routes. And, fairly recently, Microsoft and Rolls-Royce collaborated on advanced operational intelligence to airlines. This is similar to what GE is doing with its jet engines. The benefit? Ground crew technicians can identify wear and tear on specific components before the airplane even lands. From there, they can have repair and parts teams ready to cut maintenance windows down dramatically.

[Hear Bill Kleyman speak about The 6 Core Components of IoT -- And How to Secure It All at Interop ITX on May 2 in Las Vegas. Register with Promo Code DR200 and save $200.]

By the numbers, according to IDC, the IoT market is showing absolutely no signs of slowing down, with an expected size of $1.4 trillion in 2021. However, when it comes to enterprise adoption of IoT devices, there are concerns. How do you design the right IoT use case? Can it mesh with your existing network and data center systems? Most of all, what about security: How do you process and protect data such as personal identifiable information or personal healthcare information? Organizations want to leverage IoT solutions but are struggling to understand how to design the right architectures and, most importantly, how to leverage and quantify the data that these devices create.

IoT Meet Edge Computing
There is no doubt that data center and business leaders are actively investing in IoT solutions. In the latest AFCOM (Association for Computer Operations Management) State of the Data Center Industry study, a report I helped co-author, we found that 81% of respondents view the primary purpose for expanding edge compute capacity is to support and enable IoT; four in 10 respondents already have either deployed or plan to deploy edge computing. Why this is important is because the goal of edge computing is to process data and services as close to the end user or source as possible. IoT pretty much fits this use case exactly.

In the modern enterprise organization, it's critical for leaders and IT professionals to both conceptualize IoT components and how they can apply these concepts to their own organization. This is an architectural and business exploratory process to really understand where connected devices can bring value to the business. Whether it's connected trucks or enhanced engines, your approach to connecting a part of your organization into the digital realm will be unique.

A lot of times, enterprises think that a connecting device has to be something new. However, in many situations, we're digitally transforming analog systems. For example, by fitting their massive cranes with IoT sensors, a construction company would be able find faults in seconds rather than troubleshooting for hours. To that extent, which analog systems do you have in your IT infrastructure that could be digitized? Where are the data points that you'd like to gather or learn more about? For many organizations, these are potentially big benefits and all part of the IoT revolution. But to really understand the possibilities of enterprise IoT, you will need to take a multifaceted approach:

  • Evolution of the edge. It's critical to understand that edge solutions help deliver and process data much close to the user. And, when it comes to IoT, edge is a major enabler.
  • IoT security based on context. IoT security is never linear. The best security models will always take a contextual approach to device access and interrogation.
  • The "smart" data center. Your data center is becoming much smarter. From bots to intelligent racks, these are all IoT devices that need security and efficiency.
  • Hacking as an economy. The bad guys have made an industry out of hacking and have economized the process. It's critical to know how much your data is worth on the Dark Web and why considerations around IoT are key to good security best practices.
  • Key factors in designing and IoT security strategy. Combining edge, the components of IoT, business use cases, and a good overall security strategy are the keys to designing a secure IoT architecture. Beyond that, ensuring data security will be a top priority.

Not only must we continue to educate around IoT, it will be up to the leaders and innovators to find good use cases and proper designs.

Related Content:


Bill is an enthusiastic technologist with experience in a variety of industries. This includes data center, cloud, virtualization, security, AI, mobility, edge solutions, and much more. His architecture work includes large virtualization and cloud deployments as well as ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
4/26/2018 | 1:34:23 PM
Re: Practical Security for IOT
Hey Jim - First of all, thank you for reading and commenting. Securing home IoT devies is actually not so bad. There are some good tips when it comes to making sure your home devices work. Here are a few thoughts:

1. Create a seperate network ONLY for IoT devices.

2. Only allow devices to join your network via known MAC addresses. This will prevent any unwanted devices from trying to get in. In fact, on your seperate network, you can restrict any device joining it unless you specifically entered in the MAC address yourself.

3. If you have a hub at home - like a Wink, for example - make sure that it remains up-to-date.

4. Keeping your devices firmware and software updated is key. It's not always easy, we have a lot of devices at home. However, look at your apps regularly to see if there are updates. 

5. Newer routers have some really cool 'fencing' solutions which prevent people from parking outside your house and spoofing your WiFi - look for networking gear which can provide a bit more security like that.

6. Passwords upkeep is important. Again, if you're connecting through a centralized hub - changing your password every now and again is a good idea. 

7. If you've got things like sensors, actuators, or something else that collects and then delivers data to a centralized aggregation engine - make sure that VM, server, or machine is locked down as well. Virtualization is a great way to centralize your VMs and ensure networks and data remain secure.

8. If you're working with a hub or some kind of centralized IoT platform, restrict access, ensure complex passwords, and make sure to check for updates regularly.

Of course, there are even more tips out there depending on the kind of devices you're using. But this is a good start.
[email protected],
User Rank: Apprentice
4/26/2018 | 12:31:48 PM
Practical Security for IOT
As a homeowner with IOT and even more so as a security professional whose company has a lot of IOT, I am very concerned about security.  But I have yet to read an article that provides concrete suggestions other than to separate IOT devices from other devices (which ones? how?) and to change passwords (how?) and to block unused ports/services (how?) and keep software updated (big-time how?).  

I am not trying to be smart or critical and I realize this would be different for most devices.  But front line people (and that includes consumers) need a way to get actionable information, not just generic suggestions.  

Let me know if I can be part of the solution.  I'll be happy to do something, if someone can point me in the right direction.  


Jim ANderson
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-02-22
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5...
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc...
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file...
PUBLISHED: 2019-02-22
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parser...
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcom...