Essential Guide

Prevent enterprise IoT security challenges with preparation

A comprehensive collection of articles, videos and more, hand-picked by our editors
News Stay informed about the latest enterprise technology news and product updates.

FTC urges vendors to create Internet of Things security and privacy controls

An FTC report urges vendors to be proactive in creating Internet of Things security and privacy controls, while a Tripwire survey shows IoT devices are a growing corporate risk.

FROM THE ESSENTIAL GUIDE:

Prevent enterprise IoT security challenges with preparation

GUIDE SECTIONS

  1. Basics
  2. Risks
  3. Strategy
  4. Privacy
+ Show More

New research indicates that more remote workers connect Internet of Things (IoT) devices to corporate networks,...

while a new FTC report highlights the security and privacy concerns surrounding IoT and how vendors can mitigate risks.

Portland, Ore.-based security vendor Tripwire Inc. interviewed more than 700 IT professionals and senior decisionmakers in the U.S. and U.K., as well as over 600 consumers who work from home for its Enterprise of Things report, and found that IoT devices, like printers, smart TVs, wearables, and smart applicances, are already quite widespread.

According to Tripwire, the average employee who works from home has 11 Internet-connected devices, and 25% of remote workers have at least one IoT device connected to a corporate network. Organizations are resigned to this trend, with 67% of executives saying that business efficiencies will force the adoption of more IoT devices, despite the potential Internet of Things security risks.

Tripwire also found that CSOs are not confident in their ability to mitigate security risks stemming from IoT devices. Only 37% expect to receive additional funding to help deal with the new IoT risks; fewer than half of IT professionals polled are confident in the most common IoT devices using the most secure configuration; less than 20% are confident in the secure configuration of newer IoT devices; and approximately 33% of American execs don't believe Internet of Things security will ever catch up with technology innovation.

The FTC takes a hands-off approach to Internet of Things security

Meanwhile, the U.S. Federal Trade Commission (FTC) has recognized the growing footprint of IoT devices and the security and privacy risks associated with these new devices in a new 71-page report. In the report, the FTC includes many recommendations for IoT device vendors calling for better self-regulation of the industry.

The FTC focused the report mostly on issues surrounding the potential unauthorized access or misuse of personal data, and risks to personal safety based on that personal data, including habits and location. However, it did also note the increased risk of attacks on other systems initiated on an IoT device, and encouraged vendors to implement security best practices when designing devices, including monitoring connected devices throughout their life cycles, patching security holes and considering options to minimize data collection and storage.

The FTC did not offer suggestions for how organizations should plan security related to the Internet of Things, but noted that the risks listed above can be exacerbated in a number of ways.

"Companies entering the IoT market may not have experience in dealing with security issues … Although some IoT devices are highly sophisticated, many others may be inexpensive and essentially disposable," the FTC said in the report. "In those cases, if a vulnerability were discovered after manufacture, it may be difficult or impossible to update the software or apply a patch. And if an update is available, many consumers may never hear about it."

Ultimately, the FTC called for self-regulation of the industry, citing that the absence of legislation should help foster the freeflow of information essential to the Internet of Things, and the innovation taking place in the market. The FTC concluded that it isn't necessary to enact IoT-specific legislation at this time, but did reiterate the need for more general data security legislation.

"There was wide agreement among workshop participants about the importance of securing Internet-enabled devices, with some participants stating that many devices now available in the market are not reasonably secure, posing risks to the information that they collect and transmit and also to information on consumers' networks or even to others on the Internet. These problems highlight the need for substantive data security and breach notification legislation at the federal level."

Next Steps

Connectivity explosion: by 2017, 90% of Samsung products will be IoT devices.

Understand seven enterprise risks caused by the Internet of Things.

Essential Guide

Prevent enterprise IoT security challenges with preparation

GUIDE SECTIONS

  1. Basics
  2. Risks
  3. Strategy
  4. Privacy

Join the conversation

5 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Does your company have plans in place to deal with IoT devices on your corporate network?
Cancel
Yes, it does. In short, the plan is simple - IoT devices aren't allowed onto the network until they're proven to be A) Equally secure, and B) Equally or more effective than the current piece of technology used to accomplish a given task. We're trying to keep a lid on this and keep the number of connected devices as low as possible - one all-purpose device tends to be far better than dozens of individually superior ones.
Cancel
Our company's plans to deal with IoT devices on our corporate network include managing the devices so they can be used from anywhere during any type of emergency. Whether there is a powerful snowstorm resulting in traffic and driving bans or there is a national security issue, we want our IoT devices to allow people to continue to do their jobs without compromising their safety or the safety of others.
Cancel
Device makers should work on security standards to ensure no device introduces vulnerabilities. Bitcoin-like tokens being worked on by IBM should be explored for security.
Cancel
I think that the industry needs to create some kind of community of practice or some way of vetting the security of Internet of Things devices.   There seem to be a growing number of them, and its not clear what if any testing really goes on with them.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close