The internet of things has made its way into every aspect of business. Just like the BYOD revolution, it brings with it a host of security issues. The two movements are a lot alike, but they are also vastly different and even tied together. The more devices that are connected to things, the more risk there is on both sides, but also the more flexibility is added to business.
It’s estimated that by 2020, there will be 24 billion connected devices, outnumbering human connections by far. Since so many of them are connected on so many levels, there are few degrees of separation from each.
The issue is that these devices have the ability to have unauthorized and unsecured access to the same network that holds sensitive device, and this is happening on an enterprise level. So, there is a scramble to create software and modified hardware that will allow for both access and security.
Define IoT Devices
So what are IoT devices? Loosely they can be defined as any device that is connected to the internet or intranet that gathers data and can use that data to initiate an action or influence an outcome.
However, they are also small components that add smart capabilities to the devices that host them. Consumer products such as thermostats, smart TVs and refrigerators benefit from communications, sensor reading, and video and sound recording. In industry, IoT devices include such things as copy machines, HVAC systems, VoIP phone systems and intelligent subsystems.
These devices can be controlled using any cross platform browser based HMIs, and some can be controlled from BYOD devices as well as those provided by the company.
Generally speaking, there are fewer BYOD devices, and they are much more expensive, like smart phones and tablets. There are thousands of IoT devices, and sometimes they only cost a few dollars each. These unsecured devices are being employed rapidly at the enterprise level.
The key to securing these devices is to identify which of them have communication capability. If they connect to your network and send out any alerts or contact outside networks, like the manufacturer for warranty updates or firmware support, it must be added to your list of enabled devices, and be sure that the outside connection is secure.
Evaluate the Benefits of Connection
Don’t simply connect a device to your network because it is capable of being connected. Evaluate the benefits of it being connected, and only connect devices that have a real benefit of doing so.
If the benefit is only marginal, disconnect it and determine how to secure it by either contacting the manufacturer or determining a method of your own.
Create a Separate Smart Device Network
If you have individuals who bring their own smart devices, create a separate network for them to isolate them from other devices that could be potentially compromised.
This isolates vulnerable things from potentially unauthorized and insecure devices that are attached to the network temporarily for work purposes. This isolation will offer at least one more layer of safety.
Disable Universal Plug and Play
Plug and play has its conveniences, but disabling it allows you to check every device that connects to the network for security, and that they are connected to the proper network segment, such as the one for smart devices.
This ensures that no device, no matter how insignificant cannot be used to compromise the network.
Update Firmware if Possible
Not every device will have the ability to be updated, but when possible firmware should be updated with the latest security patches. Ask manufacturers what steps they are taking to secure devices that you use.
Take responsibility for Security
The kicker of the situation is that BYOD devices are in plain sight and it is clear what capabilities they have. It’s just that what security risks they pose are often hidden in personal apps and settings. Some phones are now offering the ability to sign into a completely different and protected profile for work purposes, isolating the apps such as a REST API or other business applications that could be otherwise compromised.
Either way, it is the responsibility of both the employer and the employee to maintain company security regardless of who is using what device. All apps and programs not related to work that can be closed should be, and if possible signed out of. Apps that run in the background should be force closed until the device is no longer being used for work purposes.
As BYOD expands into the Internet of Things, the issues of security will need to be paramount in everyone’s minds. It’s astonishing that at enterprise level, these potential security breaches walk through the front door every single day. It’s the responsibility of IT, management, and employees to make sure these devices are secure yet usable.
As more devices are connected and employees continue to bring their own devices, these problems will be ones we continue to face. However, with careful planning, we can come up with workable solutions.