Security pinpointed as a major issue for devices, as a new survey finds nearly two thirds of organizations lack Internet of Things (IoT) visibility.
Tradition security solutions are not able to secure the growing variety of IoT devices and organizations are having to reconsider strategies to deal with them, according to a new survey.
The report, compiled by analyst firm Quocirca on behalf of IT security firm Forescout found that IoT is playing a major role in a third of businesses, but getting the various IT functions (networking, security, DevOps, etc.) at an organization to work together was perceived by 83 percent of respondents as one of the top Internet of Things security challenges.
The survey also found that 65 percent of respondents have ‘quite’, ‘little’ or ‘no’ confidence in terms of being able to identify and control all IoT devices on their network. This uncertainty is substantiated by the fact that many IoT operating systems are open source and can therefore be adapted by device manufacturers, leading to many variants, according to analysts.
Even SMEs will deal with lots of IoT devices
The average business expects to be dealing with 7,000 IoT devices over the next 18 months. Even smaller businesses expect the numbers to be hundreds or thousands; far more than they are used to securing when it comes to traditional user endpoints.
The research questions over 200 senior IT decision makers in the UK, Germany, Austria and Switzerland. It said that being able to discover and classify IoT devices without the use of agents (most of which will only support popular operations systems such as Windows, Android, iOS and OS X) was perceived by 64 percent of respondents as ‘extremely important’ or ‘quite important’, with this figure increasing to 73 percent within the healthcare sector, which has the most unusual range of devices including CT scanners, diabetic pumps and heart monitors.
Bob Tarzey, analyst and director at Quocirca (who conducted the survey), said: “IoT deployments already involve millions of devices in businesses across Europe. Many will have limited processing power and require low power usage.”
“Others will have unusual operating systems and, in certain cases, the Things involved will be unknown to IT security teams when they first request network access. All of this requires tools that can manage and understand the security status of all network attached devices, without the need to install agents.”
“The staggering growth of IoT is creating both value and risks for enterprise organizations,” said Jan Hof, international marketing director at ForeScout Technologies. “While IoT is recognized by many as an opportunity to improve and streamline business processes, there are associated security risks that need to be addressed – first and foremost through visibility of devices as soon as they connect to the network. You cannot secure what you cannot see.”
Lack of visibility
Jason Hart, CTO of Data Protection at Gemalto, told Internet of Business that Given the lack of consideration of security controls within IoT devices, hackers have the ability to control or take ownership of devices, compromise data and/or use it as a means to conduct DDoS attacks like the Mirai Botnet (today, it emerged that Sierra Wireless AirLink Gateways have been infected by the same botnet – Ed)
“This emphasises the importance of IoT security and trust, and should serve as a reminder that encryption, authentication and key management need to be ingrained in all connected systems. The goal for IoT manufacturers, cloud providers and third party vendors should be to deploy encryption on a wide scale, create an infrastructure of trusted identities that can be authenticated virtually, and have a key management system that allows the owner of the IoT device to control and manage their own keys. It’s ideal that each IoT device would have its own unique key,” he said.
Related: Cloud Security Alliance issues guidelines on Internet of Things security