IoT Security - A Holistic Approach Is The Answer

Sunil David, Regional Director - IoT, AT&T AT&T Inc. is a media company whose mission is to inspire human progress through the power of communication and entertainment. The organization brings together premium video content, a large base of direct to consumer relationships, highspeed networks optimized for video and advertising technology to lead the next revolution in technology, media and telecommunications.

The rapid rise of a new generation of connected, intelligent devices collectively known as the Internet of Things or IoT is more than just the latest digital disruption to impact businesses of all sizes. The IoT presents vast opportunities for organizations to improve internal efficiencies, serve customers better, enter new markets, and even build new business models. More IoT devices are coming online each and every day. Through connected devices, health care is improving patient care; for example, a diabetic patient’s blood sugar level can now be monitored remotely, enabling a quick response to a possible life threatening situation.

The way we drive is also being transformed with advances that enhance safety through features such as handsfree communication or automated response to potentially dangerous situations. For industry and manufacturing, connected devices are being used to create more efficient, productive systems that can track shipments of grain across oceans or monitor oil well pumps, among other capabilities. Even if you are not utilizing the IoT today, you soon will be and your suppliers and customers will be as well.

As IoT devices become crucial for keeping up with fast evolving markets, business and technology leaders must be mindful of the security implications of this new technology. The scale of connected devices greatly increases the volume of data and the complexity of cybersecurity. The challenge grows further as IoT devices are deployed to control infrastructure, such as factory operations and supply chains. Cybersecurity is already top of mind for many organizations. But IoT deployments make it much tougher for C-suite executives to answer the question that corporate boards are asking with growing frequency: Has the IoT increased our exposure to cyber threats?

Building security from the start into IoT devices and their connecting networks is key to protecting a growing IoT infrastructure. This proactive approach will set the foundation for a strategy that integrates IoT security with existing cybersecurity policies and systems. Such a strategy will also encompass the entire IoT ecosystem not just your own devices, data, and applications, but those of your partners and customers as well.

The fundamental objective of every IoT security initiative must be to build in security at the ground floor. A more disciplined approach to IoT initiatives gives you an opportunity to implement
security strategies in front of growing the IoT wave, rather than after you’ve been swamped by it.

The approach requires collaboration among manufacturers, software developers, consultants, and other partners, because IoT security must be robust across every device, sensor, operating system, and application in the ecosystem.

IoT security requires a multilayered approach multiple threat types across IoT devices, data, and networks require a variety of cybersecurity methods including a proactive approach to identifying and responding to threats.
1.Device layer(mobile, IoT, office/fixed)
2.Connectivity layer(securing the network)
3.Data and Application layer(securing workloads and applications)
4.Threat Management(detection and response)

It’s easy to feel overwhelmed by the scope and complexity of the fast materializing IoT era. You can, however, begin to reduce that complexity, first by understanding the security implications that connected devices introduce and then by building a framework for securing your IoT ecosystem.

IoT security requires a multilayered approach multiple threat types across IoT devices, data, and networks

As your organization inevitably moves into the brave new world of the IoT, we’ll leave you with four questions based on a standard framework for securing IoT deployments that every CEO should ask his or her team about securing the IoT.

1.Have we done an all inclusive risk assessment that considers the IoT as a part of our overall risk?
Identify the types of risks data and physical/ operational that every IoT deployment introduces. This will help you to apply security controls that are commensurate with each level of risk. Regardless of the device type, every connected device should meet baseline security requirements.

2.Are our data and connected devices secured when deploying new IoT solutions?
When ever possible, isolate IoT data and networks from existing IT systems. This will help to reduce an attacker’s ability to launch broader cyber attacks on mission critical systems. And given the massive increase in connected devices and data volumes, consider adding automated processes to monitor data and identify threats.

3.Are we aligned,from leadership to the front line, on IoT security and strategy?
Communicating often with your board of directors will help ensure that corporate leaders clearly understand the opportunities and risks of IoT deployments. It’s also critical that every business unit understands the unique security considerations that IoT devices introduce.

4.Have we defined legal and regulatory guidelines covering new IoT devices and deployments?
It’s important to evaluate the security capabilities and responsibilities of your business partners, customers, and IoT product and service providers. Establishing clear security protocols and lines of accountability is critical to minimizing weak link scenarios.

The IoT era is just beginning, and many aspects of securing it remain a work in progress. Organizations in every industry are already reaping the benefits of IoT implementations. By approaching the IoT strategically, and with security at the core of every connected device, your organization can begin to capture new business value while keeping potential risks in check.