Portal targets large-scale risk management on Internet of Things

Growing concerns about the security of the evolving Internet of Things (IoT) have elicited a variety of industry responses, the latest being a push by Verizon Enterprise Solutions to scale its digital-certificate creation and management tools to support IoT deployments with tens of millions of connected units.

The new enterprise portal – launched this week in Australia, Europe, the US and other major geographies – provides an interface for enterprise customers to access the company's Managed Certificate Services (MCS) platform, which has been designed to facilitate the process of authenticating objects and machines connected to next-generation autonomous networks.

When using such a service, devices that were not centrally authenticated would be prohibited from connecting to the IoT environment – protecting that environment and allowing the company in question to manage the environment according to a range of established and new business rules.

Centralising this capability should help support applications requiring strict verification of device identity, such as smart grids and other control networks or higher-level functions requiring user identification.

“We are at the tip of the iceberg when it comes to the growth of the Internet of Things,” said Mike Denning, vice president of Global Security for Verizon Enterprise Solutions in a statement.

“A lot of enterprises are asking about the best way to secure connected objects. Like any other device connected to the network, we are helping clients to develop the best safeguards depending on their specific implementation as well as their business and regulatory requirements.”

IoT deployments have gained currency in security circles this year as a growing range of devices contributes to the global flood of information, much of it falling under the control of regulations requiring protection of private information.

Statistics from security group ISACA, which recently released a guide to evaluating the risk inherent in IoT deployments, suggested that IoT concerns were already surfacing at many organisations.

Concerns about growing use of wearable devices such as fitness trackers – which have been demonstrated to be rather generous in their sharing of personal information – have bolstered concerns around survey findings that consumers think they're better at protecting data than they are.

Read more: Windows users exposed to fraudulent Yahoo and Google sites

With some 43 percent of organisations in ISACA's recent IoT Risk/Reward Barometer already said to be using IoT or planning for an IoT deployment within the next 12 months, and enterprise respondents saying they felt IoT's risks outweighed its benefits (in direct contrast to consumers, who felt benefits outweighed risks by a margin of 1.5:1), the need for services like Verizon's is likely to grow as IoT deployments expand.

Such a platform addresses several of the nine points on ISACA's IoT risk management framework, which addresses issues such as controlling access to devices, establishing the identity of those accessing the devices, how devices are to be updated, how personal data is to be monitored and protected, and how data is to be shared.

“Connected devices are everywhere—from obvious ones, like smart watches and Internet-enabled cars, to ones most people may not even be aware of, such as smoke detectors,” said Robert Stroud, international president of ISACA and vice president of strategy and innovation at CA Technologies, in a statement.

“Often, organizations can be using IoT without even realizing it—which means their risk management stakeholders are not involved and potential attack vectors are going unmonitored.”

A 2014 IDC analysis predicted the market for IoT technology and supporting services would grow at 8.8 percent annually through 2017, when it will be worth an estimated $US7.3 trillion.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Upcoming IT Security Events

Join CSO for the day@#csoperspectives and hear from @kimzetter @LeviathanSec

3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today

Don't miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)

Join the CSO newsletter!

Error: Please check your email address.

Tags wearable devicesCA TechnologiesIDC Researchconnected devicessymantecInternet of Things (IoT)verizondigital certificatesISACAs

More about CA TechnologiesCSOEnex TestLabISACAIT SecurityVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place