Recently, I was reading about how voice records from an Amazon Echo’s Alexa had been subpoenaed in a murder investigation. Police were trying to determine if the machine had picked up anything incriminating during a suspicious death, while Amazon argued that handing over the device’s data would violate the First Amendment and consumer privacy rights.
While I’m aware my own Alexa is always listening, I’ve never been too concerned about casually going about my day while it records the mundane conversations I’m having with friends and family.
I’ve also read countless articles about the distributed denial-of-service (DDoS) attack that happened in October last year. I remember it severely impacting some of my favorite online communities, like Spotify, Reddit and the PlayStation Network.
This attack was unique in that the botnet was primarily driven by malware deployed on unsecured or under-secured IoT devices. Security cameras, routers and baby monitors paved the way for one of the worst DDoS onslaughts in history.
Managing your devices
These two examples got me thinking about our current world of connected devices. It’s amazing how quickly — and, in some cases, haphazardly — they are being deployed within corporate ecosystems. Clearly, the possibilities and benefits of these connected devices are huge. MOBI has customer examples of these connected devices saving time, money and even lives.
The real challenge for an enterprise today is capturing these advantages in a safe, responsible and well-thought-out way. The deployment and management of these devices needs to be balanced with a prudent and centralized method of managing all other connected program endpoints. It’s relatively easy to deploy vast quantities of IoT devices across a workforce; it’s much harder to not only know where all devices are located, but also ensure they are properly functioning, secured and updated with the latest firmware.
Before making any IoT procurement decisions, always do your research. Some devices stop receiving automatic manufacturer firmware patches or updates when connected to another network. Others come with potentially dangerous default settings enabled, such as Universal Plug and Play for example. Make sure your devices can be configured to meet relevant policy requirements before they’re implemented, not weeks or months down the road. Just because new devices can be connected to the internet right away doesn’t mean they should be.
Ongoing management of connected devices is the hardest part. Without proper tools and processes in place, it’s much harder to find out where each device is and how it’s functioning once deployed. Centralized management solutions with years of IoT experience and in-depth diagnostic capabilities help concentrate the constant stream of data and vast number of communication paths, allowing a business to monitor the health and functionality of its individual devices.
Corporate IT has always been (justifiably) paranoid about what devices can access their internal network. Ensuring IoT doesn’t become an unintended source of information gathering, firewall backdoor or host for a massive botnet (and assume the corresponding liability that entails) is critical to making this technology more widely adopted, accepted and trusted.
Before your business deploys its first IoT device, create an IoT-exclusive network that can separate existing program devices from the new and/or unknown. Not only does this make it easier to manage a device inventory, it also ensures that, in a worst-case scenario, malware is unable to gain enterprise-wide network access and damage data outside of your IoT program.
Understanding built-in security capabilities and how to change default device passwords/passcodes goes a long way toward successfully monitoring network traffic too. Once native security is understood and maximized, devices can be accurately assessed and assigned an appropriate level of network access to preserve the integrity of whatever data it’s capable of handling. Knowing which devices are connected and what they’re doing at all times is critical to network security.
Expect network bandwidth and carrier data consumption to rise dramatically as a result of IoT and plan accordingly. Software-defined networking can help you prioritize network resources and bandwidth to meet mobile policy expectations and reduce the overall network strain caused by these devices. If a network needs to analyze and store big data, prepare and test strategies so that your technology is ready and able to handle this new workload from the start.
As IoT continues to evolve, securing enterprise devices and networks will only become more critical to business success. Hopefully these tips and a little preparation can keep your devices off the front page and away from tomorrow’s headlines.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.