The Internet of Things & Network Security: A Desperate Need for Standards
Just about everything is connected: from cell phones and wearable devices to cars, refrigerators and industrial equipment. IT experts have long recognized this global connectivity will only continue to skyrocket. Gartner has predicted that more than 26 billion devices will be connected globally by 2020, and other experts have put that number in the 50-to-100 billion range.
Connectivity adds convenience to our jobs. It is almost expected that employees will use BYOD devices such as laptops, smart phones and tablets to communicate. But a tremendous challenge for IT professionals is network security. Not knowing what is connected to your enterprise’s network is dangerous. How does your IT staff protect sensitive information from hackers if you and they can’t account for risks such from invisible connected infiltrators?
Well, it sometimes takes a village to be vigilant. There’s currently a rush to create universal standards for IoT that will cover a wide expanse of areas, including security. Setting global standards for IoT security management will certainly help your IT staff keep questionable devices from wreaking havoc on your network.
Industry and Professional Standards
Several standards groups — including those led by tech giants like Google, Intel and Qualcomm — have put their hats into the ring of devising universal IoT standards. These groups are reviewing areas such as IoT architecture, interoperability, privacy and security, but none have prevailed. Liken it to the infamous battle between VHS and Betamax — may the best ideas win. Most countries have been working on developing individual IoT standards, but ideas on how to do that differ.
Some recent signs of progress have probably caught the eye of your IT manager:
The International Telecommunication Union Standardisation Sector (ITU-T) Study Group recently met in Singapore and came up with two new global recommendations for IOT. One of those recommendations identifies common parameters for security management, remote activation, diagnostics and software upgrades. Industry standards on these issues would lessen the stress of your IT manager, who would have an easier and more efficient way to manage IoT applications and devices.
The Industrial Internet Consortium is devising guidelines for security, connectivity and interoperability. It’s backed by large enterprises such as AT&T, Cisco, GE, IBM and Intel.
Business Insider predicts that more than $6 trillion will be spent on IoT solutions over the next five years, hastening the work of these two and other IoT industry alliances as they try to formalize universal expectations on how connected products should communicate, function and provide an accepted level of security that won’t bring down networks and businesses.
How Enterprises Should Address IoT
Still, although universal IoT standards will certainly help get everyone on the same page, enterprises don’t have time to wait for them to take shape.
The solution to managing IoT for businesses is strong network access control. Network access control (NAC) allows organizations to control not only who accesses the LAN, but the activities they can do once connected, such as which servers and data they can access, and which applications they can use.
In our next post we will be introducing Portnox CLEAR, our Security-as-a-Service network access platform, that delivers continuous risk monitoring of all your endpoints, even when they leave your premises. Your IT staff can assess threat levels in real time — from anywhere, on any device. Network access control becomes automatic and seamless, boosting security and saving time. Receive device-specific, customized risk profiles each day. It is stress free.
CLEAR also offers offense, not defense, from continuous endpoint risk profiling; fully automated or manual risk-based controls and actions; and access across all device layers. It’s all in the cloud, meaning CLEAR is quick and easy to use – kind of like IoT devices themselves.
Stay tuned for more next week.