Securing the Internet of Things: Best Practices for the Enterprise
By Phil Skipper, Head of Business Development, Vodafone Internet of Things [NASDAQ:VOD]
Businesses across every industry— from healthcare, to manufacturing, to automotive, to retail—are adopting powerful Internet of Things (IoT) technologies to gain better data insights from physical devices and make real-time decisions that help save costs, improve efficiency and enhance safety.
Yet, with the adoption of any new technology comes the potential risk of third-party hacking and security breaches. It’s this reason that has put IoT security top of mind for businesses today—according to Vodafone’s 2016 IoT Barometer, 30 percent of businesses surveyed are either changing or restricting the scope of their IoT projects in an attempt to reduce security risk.
While businesses are right to be cautious, there are many ways to minimize the potential security risks associated with IoT, so businesses can use the technology to its full potential. Here are the best practices to consider when developing, deploying and managing IoT applications.
Not all IoT deployments are created equal
Given news reports about wide-scale IoT security breaches, business leaders are understandably concerned about how the technology might impact their organization.
In fact, over half of leaders surveyed for Vodafone’s IoT Barometer are now more concerned about IoT security than they have been in the past. However, businesses should find solace in the fact that enterprise-level IoT applications are configured specifically with security protocols in mind. Recent IoT security breach reports mainly concern consumer products—like baby monitors and door locks—that often operate on unmanaged, unsecured public internet connections. These products are in an entirely different class than enterprise-grade devices and services. Businesses should work with IoT providers who will manage IoT deployments closely, so they can move forward with confidence.
IoT security cannot be treated with a “set and forget” mentality
When enterprises deploy IoT solutions, it’s not enough to just set security measures and assume company data will remain secure. New security risks are constantly on the horizon, and companies must regularly review and update their security policies and protocols in order to stay ahead of potential threats. Businesses should ensure all technologies that interact with their IoT solutions, such as data centers, offices, shared services centers and individual devices, are also up to date on security compliance.
Pre-deployment testing is critical
Before enterprises can deploy IoT-enabled technology, they should put connected devices and services through rigorous, repeatable tests to identify any potential security issues. These tests should occur on a sandboxed network, to ensure the new IoT technology is isolated from other technologies that are already in use. Testing IoT systems prior to deployment will ensure they behave as expected, and will interact with centralized systems in an optimized way, helping to minimize failure when they are put into the field.
Devices should operate on a ‘minimal trust model’
Once IoT solutions are deployed, businesses should implement a “minimal trust model”—meaning no individual IoT device should have unrestricted access to the company’s full IoT environment. Each device should be assigned a private IP address that is not discoverable from the public internet, which will help prevent outside hackers from accessing the device. In the event a hacker does breach a device, a minimal trust model will ensure that access to one device does not provide a gateway into an entire network.