Sergey Nivens - Fotolia

Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What is the security impact of enterprise IoT?

Software management at the device level is key to mitigating security risks in the enterprise when IoT arrives.

The Internet of Things (IoT) is the notion that most data traffic will ultimately involve machine–to-machine (M2M) communications, often of a telemetric nature.  The character of such traffic is low-bandwidth and bursty: That is, asynchronous and occurring at random intervals.  Market experts agree that such traffic is inevitable and will enable many new functions, both in the enterprise as well as the consumer space. 

Enterprise IoT traffic fueled by consumer use

IoT traffic will be introduced initially into the enterprise network by way of consumer applications.  As eHealth and fitness applications enter the consumer space, people will want their applications to operate at work and at home.  Consequently, such applications will increasingly transmit status telemetry data from employee-owned personal devices through the enterprise network, and ultimately to remote service providers. The problem with such traffic is that it is impossible to know if it represents a benign personal application or a Trojan horse capturing and transmitting critical company data.  Both have similar communication profiles and are intermittent; blocking them can be problematic.

Of course, it is likely that enterprises themselves will adopt IoT technology to provide useful telemetry on everything from utility and security monitoring to process control and business intelligence. This traffic, although better controlled, will still be unpredictable. As a result, it will be largely ignored by existing security applications and protocols.

Existing security standards should help

Does such IoT data pose a major threat to existing enterprise security?  Although one might be tempted to say "yes," the fact of the matter is that good security hygiene elsewhere is likely to ensure IoT does not pose an unacceptable risk to existing applications. In fact, enterprise IoT telemetry can be defined in an IPv6 overlay, completely avoiding the IPv4 primary networks that mostly characterize today's enterprise networks.

What is more problematic is the security of IoT data itself.  This is fundamentally an exercise in securing devices and their communications with other devices or applications.  While this is not simple, ensuring telemetric devices are identifiable and incorporate only software that can be identified as trusted is essential.  Utilities for managing software at the device level exist and are available from a number of vendors.  While these won't be listed here, interested readers are encouraged to drop me an email to obtain additional information.

Fundamentally, the key to IoT and security is to ensure enterprise implementations are not adopted without IT involvement and active participations.  By ensuring security is a requirement before deployment, many security issues can be avoided.

Bottom line? Don't be worried, but be prepared.  IoT can enable important new business functionality and is worth the risk.IT can play a key role in identifying and reducing that risk.

This was last published in January 2015

Dig Deeper on Network Security Best Practices and Products

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

4 comments

Send me notifications when other members comment.

Please create a username to comment.

How are you managing individual devices to prepare for IoT in the workplace?
Cancel
With the understanding that IoT, or Internet of Things, will mean machine-to-machine interfacing in the future, we are managing our devices for this transition by installing new security procedures and applications then training the employees on how to properly use the new security systems. Multi-tiered authentication processes and using an encrypted, secure cloud service rounds out our preparations for the upcoming IoT world.
Cancel
Basic safety and security procedures like access cards and codes and strict user policies can help ensure that each device is used efficiently and isn't open to any unnecessary risk. 
Cancel
In my view, IoT's effect on security largely lies on the applications that have to transmit data shared across different devices within an enterprise network.
Cancel

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close