Security is one of the hottest topics discussed today among enterprises, vendors, communications carriers and system integrators in the IoT ecosystem – and for good reason. An HP Research report on IoT security revealed “an alarmingly high average number of vulnerabilities per device”. These vulnerabilities include weak passwords, personal information being shared over unencrypted networks and exposure to cross-site scripting attacks. In this document, MachNation outlines the Top 5 enterprise IoT security concerns based on a survey of IoT industry leaders like ARM, Cisco, Intel, Wipro and others.
Report (Publicly available):
1. Complexity of solutions
IoT solutions are inherently complex. An enterprise-grade IoT solution typically uses technology from up to 7 vendors. Getting such a solution deployed requires technical know-how unpossessed by many enterprises. An even bigger challenge is ensuring that such a heterogeneous deployment is secure. Each IoT component must not only be rock-solid, but security experts must take extra care to apply a sound security model holistically to the entire solution from device to network to data center.
2. Complexity of vulnerabilities
IoT solution vulnerabilities span from physical hardware, to man-in-the-middle, to more traditional attacks on cloud application infrastructure. IoT also brings about vulnerabilities that arise from integration of various components. This makes IoT vulnerability assessment difficult. While existing IT security models serve as a good starting point, an enterprise must go a step further to identify viable attack vectors for an IoT solution and to determine how much security is required for its business.
3. Lack of deployment expertise
Most enterprises lack internal teams to handle the complexity and risk of connecting the unconnected. This is even true for tech-savvy firms with skilled IT departments. IoT security requires a new skill-set that enables the individual to understand the implications of IoT on business processes, operational support and security across the IoT technology stack. Many enterprises today do not have an individual with a broad understanding of security from edge hardware to cloud software.
4. Insufficiently trained end-users
Enterprises face the challenge of training users on new IoT technology systems and new procedures. Proper training brings awareness of an IoT solution’s capabilities and decreases the likelihood that a user error will lead to exposure and increased risk. Enterprises must also plan for initial training as well as supplements when new features are released. It is important that users are given training, but only the level of credentials required for effective use of the IoT solution.
5. New and unknown threats
Today’s known IoT security architectures and threats are fairly complex. However, we have just begun scratching at the surface of IoT, and as such, many of the threats have simply not been identified. MachNation has researched the presence of numerous IoT attack vectors including physical, network and application attacks, but more will undoubtedly surface as IoT solutions mature. Early-stage IoT implementations must have security plans that provide for ways to monitor and detect the so-called ‘unknown unknowns’ – no easy task indeed.
MachNation works with vendors, public and private organizations, carriers and system integrators to synthesize insights into the state of IoT cyber and physical security and help the industry plan for the future. Please follow our upcoming research on detailed IoT security approaches; enterprise best-practices to building a rock-solid, secure IoT solution; and technology comparisons of vendors’ IoT approaches.
Browse MachNation research.