IoT: Challenges of securing IP-enabled devices

A few years ago, the idea of home and office appliances being connected to a network, may have seemed like something out straight out of science fiction. Today, however this is fast becoming a reality, as technology continues to develop and evolve, increasing in complexity and sophistication.

Commonly referred to as the 'Internet of Things' (IoT), we are now seeing a surge in everyday appliances being IP-enabled and connected to the network, a trend which seems set to continue.

However, the benefits of IoT, while often cited as significant, have been countered with talks of increased security risks, which could be substantial, particularly when this trend is applied to critical infrastructure, forming target points for nation states and criminal organizations intent on accessing confidential data and information.

What are the vulnerabilities posed by IoT?

Analyst group Gartner projects that by 2020, the number of IP-enabled devices, not including PCs, tablets and smartphones, will hit 26 billion units globally, while IDC's assessment concludes at 212 billion units. These numbers are significant, as each device represents another potential entry-point for hackers to launch targeted attacks on enterprises. With more devices communicating and sharing potentially confidential and sensitive data, coupled with the emergence of unprotected networks, the worrying conclusion is the creation of a considerable number of new vulnerability points for targeted attacks on enterprises.

Secondly, vendors with little or no security expertise are likely to develop these low margin IP-enabled devices often at a low-cost. Due to this, it is common to find basic security features absent in these devices. Moreover with the majority of these devices differing in purpose, utilizing different operating systems and working on a myriad of networks and systems, the challenge to protect the devices and the communication between them has exponentially increased.

The third major risk faced by IoT security is the devices' connection to cloud-based applications and services. New data is constantly being uploaded, processed and deposited in this cloud, and yet the current scenario is one that sees IoT data falling outside the realm of data leakage laws. Moreover, data collection is often vague, with little clarity on access controls and management, resulting in further complexities to segment and secure these massive volumes of data.

How to secure the Internet of Things

Fortunately, with overlaps in the world of the IoT and devices/endpoints, cloud/datacentre and the network, securing the multitude of potential attack points exists. This involves leveraging the same strategy as other IP-based communications.

Firstly, it is important to identify and understand which devices are part of the IoT network. Crucial knowledge about the nature of IoT devices is one of the stronger approaches in making decisions to protect the device and manage its data, similar to the security functions currently in existence for mobile endpoints. If a device is infected with malware, for example, it can be blocked from accessing the IoT network.

With widespread growth of new and unknown forms of malware, it is increasingly vital to ensure IoT devices are protected against potential threats. As IP-enabled devices differ in functionality, the most logical solution is to secure these devices at a network level rather than an endpoint level, overcoming the limitations present in endpoint security functions. Depending on the support of inspection of IoT communications protocol, IoT can also leverage on existing network security solutions like firewall and IPS. In addition, by using the Zero Trust principles of least privilege access with granular segmentation, enterprises can secure IoT data and application access.

To conclude, while the IoT may offer potential for improving the way that enterprises and government currently operate, it is fundamental to overcome the biggest challenge faced: the regulation surrounding IoT data collection system and the way these records will be used, shared and secured. To achieve this, it's imperative for enterprises, governments and standard organisations to collaborate and leverage expertise to overcome IoT's complex, multi-faceted security vulnerabilities.

Yong Shu is the Senior Regional Sales Director for China at Palo Alto Networks

Join the CSO newsletter!

Error: Please check your email address.

Tags Networkingsecurity

More about CrucialGartnerIDC AustraliaIPSPalo Alto Networks

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Yong Shu

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts