author photo
By SecureWorld News Team
Wed | Sep 15, 2021 | 3:15 AM PDT

It is hard to believe, but true. The first network of smart devices was developed way back in the early 1980s.

Now, George Jetson's reality is nearly our own, and Rosie the Robot is somewhat interchangeable with any number of IoT devices like Alexa, Roomba, or Ring video doorbells—although these devices still lack Rosie's emotions.

Today, organizations are also embracing a record number of Internet of Things (IoT) devices to accomplish objectives.

These devices interweave with each other, creating an essential fabric in our data collection methods, manufacturing operations, and much more.

Securing your IoT environment

But what about securing this technology and the data flow coming from an army of IoT environments?

Ellen Boehm, Vice President of IoT Strategy and Operations for Keyfactor, and Blake Wood, Director of Business Development for Thales Cloud Security, joined a SecureWorld Remote Sessions webcast to discuss securing the ever-growing IoT ecosystem.

Boehm described how every organization's use of IoT might be different, and it's likely been in use much longer than most of us typically think of:

"When we say IoT, there are a lot of things that already are considered IoT and have been connected maybe even for decades. You think about connected control systems, for example, or things that we're collecting data on, and we're sending back information to the mothership before we even had the term IoT," said Boehm.

Wood reminded the audience this field was originally termed Machine to Machine (M2M), and that IoT has grown far beyond earlier expectations:

"I'm an old timer IoT guy. I started back when it was called M2M, or Machine to Machine, and things have changed a lot, obviously. But back then, we were trying to get to a place where we could have perpetually connected devices, talking IP with rich applications, and stuff like that. I think we're there. We're way beyond there," said Wood.

Fast forward to today and our IoT technology, which can provide real-time or near real-time data. However, along with the opportunity from these devices comes increased risk and possible vulnerabilities when the proper security measures are not put in place.

Mitigating the risks of IoT security threats

With the growth of IoT, how does your business protect against the potential risk of your Internet of Things environment?

A Zero Trust philosophy can help you navigate current threats, get a handle on the IoT lifecycle, and improve your overall security posture.

Here are four areas to pay attention to when securing your IoT networks, pulled straight from the experts in this Remote Session.

1. Discover sensitive data in your IoT ecosystem

One best practice is to put resources into discovering what information could be leaking through. Wood, of Thales Cloud Security, worked in the financial industry and found leaking, for instance, credit card information:

"I'm just going to do a quick little story about that. I used to work in the payment industry. And for PCI, we have SIM systems, things like that. What we discovered after some time but didn't know it. Our SIM system was picking up credit card numbers. In some of the data that was flying around in the ether there behind our firewall, a very secure PCI-compliant system, we were actually picking up credit card data in the clear."

2. Encrypt sensitive data in the cloud

Nearly 60% of data is not encrypted in the cloud, according to Wood's research.

"We've had a long time to adjust to the cloud, to understand encryption, to understand what to do with sensitive data. I think privacy regulations are going to help with that. But that's sort of astonishing that we're not approaching, or getting up into the 70, 80, or 90% area, where we have more of that data encrypted," he said.

3. Secure encryption key

Encryption is essential, but it is also going through some turning points, according to Keyfactor's Boehm.

"We're in this in this phase of trying to figure out what is the best and most secure way to encrypt, to authenticate to devices. You know, we've used keys and certificates and things like that for a while now. But in some cases, we've seen that they've been hard-coded, that they're not protected.… You have got to make sure that you do have sufficient encryption throughout the life of this IoT device, because it's going to be continuing to connect to the internet, it's going to continue to collect data, and you want to make sure that that data is protected," she said.

Boehm also discussed in-depth monitoring of the life of your devices in the second part of the session.

4. Control user access

Keeping a mindset on who is using your networks and who could potentially hack into them is one of the most important aspects of protecting against cyberattacks when information may be located in different places such as the cloud.

"We really have to design for Zero Trust if you want to be safe—if you want to make sure that nobody can get at our data, nobody can hack into our system easily," Wood said.

More: securing the IoT lifecycle

The Remote Sessions broadcast, which is now available on-demand, also included these areas of focus:

  • Statistics and informative dialogue about the current threat framework
  • Walking through a growing IoT ecosystem
  • Best practices for securing devices
  • Starting the most secure initiative possible, including when handing off to a trusted vendor
  • Bringing structure to "The Wild West" when it comes to the IoT lifecycle

The speakers also share a surprising tidbit about where the future of IoT security systems is headed.

Watch this SecureWorld webcast, "IoT Lifecycle: Securely Capturing the Power of Connectivity," on-demand here.

[RESOURCE: 2021 Thales Data Threat Report]

Comments