The internet of things, more commonly known as IoT, has arrived in the enterprise in a really big way. That should come as no surprise because the potential benefits are immense. Whether it’s the building sensors, surveillance cameras, point of sale systems, or conference room technology, IoT devices are on the network, helping to enable digital transformation.
While many IoT devices on the network are sanctioned by IT, in far too many cases, they are unsanctioned deployments. In those cases, organizations aren’t aware of all the connected devices that are running or the risks they may represent. An unknown and unmonitored IoT device on a corporate network represents a potential attack vector that can put an organization at risk.
Typically, enterprises want to support IoT devices on the network, but they also want to make sure that devices are secured in a way that doesn’t hinder productivity or add new burdens on IT security. It’s important to achieve both.
IoT Security by the Numbers
According to a Unit 42 IoT Threat Report, IoT accounts for more than 30% of all network-connected devices in the average enterprise. All those devices represent what Unit 42 refers to as a time bomb just waiting to explode. In fact, the research shows that 57% of IoT devices are vulnerable to medium- or high-severity attacks.Also, the Gartner Machina IoT Forecast database predicts there will be over 18 billion connected devices in enterprises by 2030. To put the numbers in perspective, by 2030, there will be four times the number of devices connecting to the network than the users in an enterprise.
Adding further insult to injury, 98% of all IoT traffic is unencrypted. Unencrypted traffic means that if an IoT device sends information over the network or the public internet, that information is sent “in the clear” meaning anyone can see it. Unencrypted data coming from unmanaged IoT devices could potentially lead to a data breach or a successful ransomware attack.
IoT Device Risk
When looking at the risks of IoT devices, there are several areas of exposure due to the limitations of existing solutions
- Lack of visibility and contact
- Unseen vulnerabilities create exponential risk
- Threats are outpacing the ability to stop them
- Legacy security architectures hinder compliance
- No clear ownership for securing IoT devices
Removing the Burden and Risk of IoT Devices
The first step to reduce the risk of unmanaged IoT is to get visibility into what’s on the network. After all, you can’t manage what you don’t know.
Simply scanning the network and hoping to find devices isn’t enough. Traditional network scanning techniques are typically limited to identifying known asset types. Traditional network scanning also poses additional risk as it can crash or even break mission-critical operational technology equipment. Given the large variety and volume of IoT devices, it has been near impossible to discover or classify all connected devices. That’s where there has been a real burden for IoT management. It’s not that IT staff don’t want to know what’s on the network. It’s that IoT devices don’t show up in the tools that network and security professionals have been using.
With passive monitoring and machine learning, it’s possible to locate, and identify the patterns associated with a given device. By monitoring not just what’s on the network, but also the behavior of the devices on the network, a clearer picture can emerge. This data can be used to inform an IoT security policy, replacing the traditional approach of manual policy generation for what devices can or cannot do on a network which is extremely cumbersome and error-prone and not scalable.
Removing the burden of IoT risk mitigation is about automating manual processes. It’s about gaining full visibility into what is on the network and then using the power of machine learning to understand what is risky behavior and what is normal. Converting the findings about how devices behave into automated policies that secure IoT within the infrastructure can make IoT adoption more secure and far less risky.
With a data-driven, automated policy creation, informed by what IoT is actually doing on the network in place, the next step is to pair these policies with the full range of cloud and on-premises security services to block all the known and unknown threats that target your IoT devices
Five Ways to Remove the Burden and Risk of IoT Devices
- Visibility and risk assessment of all IoT devices
- Contextual segmentation
- Application of least privilege controls
- Continuous monitoring of behavior and blocking of all attacks
- Automation of integrated workflows and simplified management
Don’t leave your IoT devices to the mercy of shadow IT, which is unmanaged. Take control, reduce risk, and let your organization benefit from IoT, without the burden of unmanaged security risk.