(Note: The following has been submitted as a guest post to CommScope Blogs by Steve Hilton, co-founder and president at MachNation. Opinions and comments provided in this guest post, as with all posts to CommScope Blogs, are that of the author and do not necessarily reflect the views of CommScope.)
Security is one of the hottest Internet of Things (IoT) topics discussed today among enterprises, vendors, carriers and system integrators – and for good reason. Vulnerabilities abound including weak passwords, sensitive information being shared over unencrypted networks and exposure to cross-site scripting attacks. MachNation, the only dedicated IoT research and application development firm, outlined the Top 5 enterprise IoT security concerns based on a survey and analysis of leading IoT security providers.
Concern #1. Intricacy of solutions
An enterprise-grade IoT solution typically uses technology from 5-7 different vendors. Getting such a complex solution deployed requires technical sophistication. An even bigger challenge is ensuring that this type of multi-vendor deployment is secure. Each component’s architecture must not only be rock-solid, but enterprises must apply a secure model holistically to the integrated solution.
Concern #2. Complexity of vulnerabilities
Vulnerabilities in an IoT solution include physical hardware attacks, man-in-the-middle attacks, integration weaknesses and cloud application infrastructure attacks. While existing IT security models serve as a good starting point to reduce common vulnerabilities, an enterprise must identify viable IoT-centric attack vectors while weighing the costs and benefits of added security.
Concern #3. Lack of deployment expertise
Most enterprises today – even tech-savvy firms – lack teams to handle complex IoT deployments. IoT security requires new skill sets that empower individuals to understand impacted business processes, operational support and IoT security across the technology stack. To be successful most enterprises need deployment expertise from specialty IoT services organizations or systems integrators.
Concern #4. Insufficiently trained end-users
Proper user training on new IoT systems and procedures brings awareness of an IoT solution’s capabilities and decreases the likelihood that user error will lead to exposure risk. Enterprises must give users only the amount of IoT credentials and training required for effective use of the IoT solution – too much training can be as risky as too little.
Concern #5. New and unknown threats
Today’s known IoT security architectures and threats are complex. However, many of the threats have simply not been identified yet. Keep in mind that enterprises expect IoT devices like smart meters, remote sensors and connected cars to last 5 to 20 years. Keeping a long-lived IoT device secure while detecting the ‘unknown unknowns’ of the future is no easy task indeed.
What are some of your security concerns related to IoT solutions and deployments?
MachNation has been working with its partners, vendors, public and private organizations and system integrators to publish data, opinions and recommendations on the IoT ecosystem. You can find more information on our partner portal.