This post is next in a three-part series. In the first blog post, we discussed how the past has driven today’s device management obstacles, and outlined how today’s experiences help us prepare for tomorrow.
In this next part of the series, we look at today's challenges with IoT devices and how they teach us about the future.
IoT devices track just about everything, from thermal conditions and energy consumption in the office or home, to the real-time inventory of goods in a warehouse.
IoT devices can even tell you how much coffee is left in a pot. Seriously.
Along with today’s explosion of IoT device adoption come a host of challenges.
An IoT sensor averages about 40¢, making IoT assets easily replaceable — and temporary. As for connectivity, IoT devices and the associated data they provide are only useful if they’re always on. Without a continuous connection, finding meaning in the data is beyond difficult.
Finally (and unfortunately), when cost is the reason for adoption, the trade-off is often security. For many IoT assets, security is compromised for inexpensive devices.
The skyrocketing rates of internet-connected products brought along some distinct asset management challenges.
An accurate inventory of cloud instances or on-premise devices is tough enough. Then tack on inexpensive IoT assets with various purposes, operating systems, and unpredictable life spans — and understanding which devices must be secured becomes really complicated.
The key word here is understanding. Grouping together internet-connected assets isn’t helpful. For example, a sensor on a smart shelf used for warehouse inventory management needs to be treated differently than a security camera.
To conduct an asset inventory, manage, and implement security priorities for IoT devices, keep these questions in mind:
While monitoring for IoT assets, make sure internet-connected devices aren’t at risk with weak security settings.
Case in point: Back in 2016, there was the attack of “zombie baby monitors”. Hackers exploited hordes of IoT devices like baby monitors and webcams. The devices — all set with default usernames and passwords — were infected with malware and attacked popular websites with garbage traffic.
The lesson here? Ensure IoT assets aren’t using default security settings so they can’t be easily compromised.
The life span of IoT assets is short. Sometimes internet-connected devices last a year. In other cases, a device lives for only a week.
Having parameters and metrics in place when an IoT device is about to stop working is critical.
With the ever-increasing rates of IoT adoption, everything about the computing environment is changing. Where data and storage live will be different, along with how security controls are implemented in the future.
Whenever an IoT device deviates from policy, there needs to be a plan in place to automate response actions. And knowing which tools should protect which IoT assets is foundational to ensure these devices are secured.
"Culture is the foundation for any high-performing team. We all process information differently, we listen differently. We come from different backgrounds and experiences. No matter who you are, I want to know that. I want to understand what makes you you and treat you the way you want to be treated, not how I project myself onto you.”
— Jen Easterly, director, Cybersecurity and Infrastructure Security Agency (CISA)
“[Create an environment] where people can understand when they can take time off and not feel like everything is going to fall apart. [Where] they have a plan for their career and how they’re going to grow. [Where] they have time to be with their friends and family enough not to be burned out."
— Deidre Diamond, founder and CEO of CyberSN and Security Diversity
“Actively invite engagement, listen with purpose, and look for signs of burnout. You can't expect everyone to feel equally comfortable expressing an opinion, and so it's important to solicit feedback at times as opposed to always passively expecting it. When you are getting engagement, listen with purpose. Make an effort to not only hear what's being said, but understand and empathize. Lastly, look for signs of burnout. … If you're noticing signs of burnout on the team, look for ways to intervene, like ensuring adequate team resourcing/load balancing to create a healthy work/life balance for everyone, and that team members are able to take PTO."
— Daniel Trauner, senior director of security, Axonius
“We need an environment where failure is not only tolerated, but an understood aspect of innovation. Our attackers are failing forward every single day, [and] we deserve the ability to do the same if we are going to protect our people, data, and organizations.”
— Chris Cochran, co-founder at Hacker Valley Media and creative director at Axonius
41 Madison Avenue, 37th Floor
New York, NY 10010
.png "Dan Trauner blog quote")
