Pervasive Protection: IoT Security in the Enterprise

By Andrew Der

The Internet of Things has become a pretty broad term for all things with network connectivity capabilities. At Verizon Ventures we take particular interest in IoT as it relates to the enterprise, which we discussed earlier this year during episode 4 of our podcast. In this episode, we explored the topic of IoT security with four industry experts:

• Thierry Sender, Director of Network Applications Product Technology at Verizon. He heads IoT product development for Verizon Product Innovation and New Businesses, with a focus on strategy and vertical implementations.
• Jenny Fielding, Managing Director at Techstars, a venture fund and accelerator with a strong emphasis on IoT.
• Raj Singh, Managing Director at JetBlue Technology Ventures, which incubates, invests in, and partners with early stage startups at the intersection of technology, travel, and hospitality.
• Allison Clift-Jennings , co-founder and CEO of Verizon Venture’s portfolio company Filament. Filament’s technology creates networks that enable industrial IoT with legacy and modern infrastructure.

Here’s what they had to say…

“Security is one of those things that is so important that it starts to lose its luster…”

-Allison Clift-Jennings, Filament

One of the most pressing issues with enterprise IoT lies in security. It seems as though there has been a recent shift in priorities from defending and securing the IoT devices themselves to defending systems and infrastructure from IoT devices which can be used to implement DDoS attacks. Who is responsible for securing IoT? Is it the end-users or the infrastructure it is built on?

One universally frustrating aspect of security is that responsibility tends to be pushed around to other departments or individual people, rather than being tackled as a shared burden.

Allison Clift-Jennings, co-founder and CEO of Filament, compared industrial IoT security to flossing your teeth. Everyone seems to agree that it’s a good idea, but that doesn’t mean everyone practices it correctly and consistently. One thing Filament does in relation to security is insist that every device have a “secure element,” which resembles a microchip and prevents the ability to impersonate a device or steal passwords. Allison believes that a secure element should be step zero for IoT startups today and went as far to say that it’s irresponsible for IoT manufacturers to make anything that does not have a secure element in it.

“[IoT security is] going to have to be pervasive. It’s not one of the things that everybody talks about in the day-to-day. It’s just got to become part of the pervasive way in which things are being built and thought of from its inception.”

-Thierry Sender, Verizon

Verizon’s Thierry Sender believes that IoT security is going to have to be pervasive and we have to harden devices as a first step to secure the IoT. Eventually, things like certificate management and blockchain capabilities are going to be built into devices, managing communication back to cloud applications.

As IoT device capabilities continue to broaden and deepen, we will reach a certain point where the security at the device level will no longer suffice.

We’re likely going to need a tiered approach to security solutions, and if it’s mission critical, we will need to ensure that we’re leveraging all the capabilities that are available. This includes proper CDN management with DDoS mitigation capabilities, private networking spaces and private cloud applications.

Thierry also broached the topic of there being such a wide dynamic range of the types of solutions that are available and how, with new unpredictable attacks emerging, we will need to utilize machine learning capabilities in IoT security to protect us from attacks. Detecting anomalies and proactively seeking out devices that aren’t behaving correctly will become a major element of IoT security moving forward. This would mean taking on big data learnings in a security context so that we’re able to suspend devices or take proactive network action to prevent something that looks like an attack.

“Now we’re at the stage where security has to come to IoT. It’s not just about the devices and it’s not just about those devices impacting other devices. It’s actually about your data. You as an enterprise want to protect and secure your data and so you need an infrastructure that has security built in.”

-Raj Singh, JetBlue Technology Ventures

Raj Singh, managing director at JetBlue Technology Ventures went on to make the point that if you try to layer security on top of devices after the fact, it’s almost inevitably going to fail. The challenge with IoT security is getting enterprise companies to build in security from day one and then allowing all the other layers that live on top of the device to be secure as well.

“If startups want to be working with big companies, they know they have to focus on security. It’s definitely one of the reasons that corporate partners are so important and impactful to our program.”

-Jenny Fielding, Techstars

Jenny Fielding, managing director at Techstars, reflected on her experience in shaping IoT companies’ strategies and the role that security typically plays. There are so many different elements in running a startup and security is a critical component. She cited a recent Gartner report that stated that the biggest barrier to adoption for enterprise IoT is security with ROI coming in a close second. As a startup founder, prioritizing different elements of development is a huge part of the job and security is an area that needs to be addressed.

Read more from Verizon Ventures: