Fortinet, global provider of cyber security solutions, warns that the IoT revolution is poised to bring new challenges to network security. Connectivity is no longer limited to high-end technology consumers (watches and drones), but nearly everything - from children’s toys to kitchen appliances and media devices. Purchasers of these new technology-enabled products are far from security experts, or even security aware. Instead, their primary purchasing requirement is ease of use.
Market researcher Gartner predicts that by 2020, humans will each have 26 connected devices that gather, send, and correlate data. Nearly all of the connected devices rely on complimentary software components running on an ever-increasing variety of smart devices. For enterprises, this means the security risks related to this new era of technology personalization are both significant and unplanned. With the advent of IOT, employees will simply sync their personal smart devices, connect to the corporate WiFi network and even remotely connect to the cloud-based services deployed across the corporate network.
In the name of security, vendors today are implementing thousands of unique combinations of software, and implementing dozens of technologies (WiFi, Bluetooth, NFC, zigbee, RFID) on billions of new devices. Unfortunately, the traditional approach of bolting security onto inherently unsecure devices is no longer possible as IoT devices are headless. Headless devices cannot be patched, updated, nor have a client installed on them. Instead, enterprise security professionals need to adopt a vastly different security strategy.
“The emergence of IoT is pushing security from being a network afterthought and bolt-on technology to an integral, persistent, omnipresent part of the network. The 1980s approach to install an MDM client on smartphones and tablets, which we still do today, just isn’t an option for IOT devices. Secured, trustworthy networking is preferred over networking plus security. To limit the scope and exposure of an exploited device, we need to create even smaller security domains,” said Rajesh Maurya, Regional Director, India & SAARC at Fortinet.
As such, Fortinet advises network security professionals to adopt the following key strategies when bracing for the tsunami of data and devices:
Control network access
The vast majority of these new IoT devices are headless, so one needs to weed out high-risk, compromised or unauthorized devices and traffic before letting them enter your network.
Assume you will be breached
Most organizations spend the majority of their security dollars on building a better front door. Instead, those resources need to be shifted to actively monitoring your network and identifying anomalous behavior inside your perimeter.
Intelligently segment your network
The attacks that do the most damage are the ones that can move freely inside your environment once perimeter security has been bypassed. Secure internal segmentation ensures that a breach is limited to a small area of your network, and that attempts at unauthorized lateral movement can be detected. It also allows you to quickly identify infected devices for quarantine and remediation.
The answer to complexity is simplicity
It is important to use tools that scale dynamically, are provisioned easily, and that work together as a cooperative security fabric in order to share threat intelligence from across the company’s distributed environment and coordinate a response to a threat.
“IoT needs economical security inspection services at the actual connection point for every device, as opposed to trying to funnel all traffic through a small number of typically over-burdened systems that are hard to maintain and upgrade given the continued expectation of always-on, always available connectivity,” said Rajesh Maurya.