ReadWrite
Published in

ReadWrite

It’s Time to Take IoT Security Seriously

Just like any internet-connected device, IoT devices can be targeted, hacked, and exploited for nefarious purposes. The industrial internet of things (IIoT) represents a target-rich hunting ground for bad actors with malicious intent, which means attacks on IIoT devices will escalate. That’s why IoT device security should be a priority for every business, and why SASE should be at the center of your IoT security discussions.

Strong IoT Security is an Must

These potentially devastating security breaches make exceptionally strong IoT security an imperative for any business that depends on data from devices communicating over a cellular connection. The latest technologies, such as communications platform as a service (CPaaS) and secure access service edge (SASE) can help manufacturers keep their connected devices secure, but to counter the evolving range of cybersecurity threats, security experts should conduct regular audits and implement a three-pronged approach:

  1. Learn from the IoT security failures of others;
  2. Apply modern technologies and strategies to harden the security of their devices and applications.
  1. DNS poisoning: Another common threat stems from compromised public domain name systems (DNS). DNS poisoning is a tactic employed by malicious actors to divert and re-route communication between devices away from a legitimate application server to a spoofed one.
  2. Distributed denial of service: A distributed denial of service (DDoS) attack is a technique by which a server is inundated with redundant requests, effectively overloading its capacity and taking it completely offline. A DDoS is usually carried out from a botnet into which a large number of previously breached servers and computers have been subsumed.
  3. Unprotected SIM: Remote cellular IoT devices may be located in publicly accessible locations, such as sensors and meters, where a bad actor can easily snatch them, breach them, and steal the SIM card held inside the device and use it to tap into the company’s data.
  4. Redefining home base: Once malware has successfully taken control of a IoT device, it can re-program it to ‘call home’ to the hacker’s base, thereby sending sensitive data to malicious actors without the owner’s knowledge and consent.

Humans in the loop

It’s an obvious attack surface but worth restating. Hackers are skilled at exploiting one of the weakest links in the security chain: humans. People-even seasoned security professionals-may opt for convenient over bullet-proof. This may be intentional; they don’t want the hassle of complex passwords and the need to frequently change them. Effective ‘password hygiene’ is crucial, meaning effective policies that require human operators to use hard-to-crack passwords (or multi-factor authentication) that are beyond the scope of a brute force attack.

Past security breaches teach valuable lessons

While the technology used by hackers continues to evolve and new zero-day exploits are discovered daily, security professionals can still learn valuable lessons by analyzing past security breaches and applying lessons learned to their network and security policies.

Deficient network topologies and security protocols

A surprisingly large number of IoT network connectivity models rely on an approach that routes traffic first through the central local area network (LAN — a company’s internal network) and then to the WAN (the public internet) to the individual device’s location. This is especially true for IoT networks that extend across vast (often continental or global) distances.

CPaaS adds communications to your cloud

The shortcomings of the prevalent approach have led to the design of a new model: the communications platform as a service (CPaaS). To efficiently manage and process thousands of connected IoT devices, companies need a dedicated cloud that is optimized for the task; in this regard, CPaaS offers unique advantages.

SASE maximizes protection for IoT devices

The term SASE (short for Secure Access Service Edge and pronounced like the English word ‘sassy’) was coined by Gartner in its 2019 Networking Hype Cycle and Market Trends report. The term popularized a new cloud architecture concept, in which the networking and security functions are bundled together and delivered as a single service via the cloud.

SASE is optimized for IIoT

The SASE model differs markedly from traditional networking models in several ways. First, it locates security checkpoints closer to the original data source. Next, the various policies (such as access protocols) are administered at distributed points of presence (PoP). These PoPs can be a company’s data centers or cloud regions, if located in relatively close proximity to the device in question. Access is granted upon verification of the identity of the IoT device. A device can be identified based on specific attributes or its location. Furthermore, the policies themselves are programmable and can be tailored to the needs of individual applications.

  • Access to cloud resources: In a traditional network setting, cellular access of IoT devices to cloud resources are treated like any other online asset, using traditional firewalls, proxies, and normal access to the public internet. A SASE, on the other hand, provides IoT devices with optimized, streamlined, cloud-aware network access.
  • Networks and internet access: It is complicated to access a cellular network through a traditional software-defined wide area network (SD-WAN) enterprise architecture. A SASE service integrates cellular access and traffic optimization capabilities into a cloud service. This greatly facilitates connectivity between devices.
  • Backend application security: In the traditional model, firewalls, or web application firewalls (WAF), and backend services are usually separate and distinct applications or platforms, which makes integration cumbersome. A SASE, however, provides policing and identity-based access control from a central location, giving users a comprehensive view of network topology and activity.
  • Network access control: Standalone IoT devices rely on local configuration settings and software components to control network activity. Instead, SASE services aggregate a number of network security and access control — including firewalls as a service — into one unified fabric.

Getting started with CPaaS and SASE

First, undertake an audit of where your company stands regarding connected devices. What network topography do you use? Do you already make use of cellular connectivity for your IoT devices? Next, see which of your devices are at the greatest risk, and assess what these risks are. Lastly, perform a gap analysis to see how your current infrastructure compares with a CPaaS and SASE environment.

--

--

ReadWrite is the leading media platform dedicated to IoT and the Connected World. We work with the industry's top technologies, thinkers, and companies to tell the stories that drive this world forward.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ReadWrite

The latest #news, analysis, and conversation on the #InternetOfThings