13

Ten Expert Tips on

Internet of Things Security

13

Over the last few years, Internet of Things (IoT)

is all everyone has talked about. So it comes
as no surprise, that 2016 has brought even
more talk to the industry. More products will
launch and headlines will continue to be filled
on the subject.

However, as the industry continues to rise in

popularity the more we hear about the serious
security issues pertaining to IoT
devices. I asked a few experts to
share their tips on IoT security
and how businesses can address
this challenge.

1
Implement a
BYOD policy.

Often, data breaches

are the result of
employees losing track
of company-owned
devices such as laptops,
tablets and storage
devices containing
sensitive information.

This problem is exacerbated by employees

using their own devices for work related tasks.
In addition to impressing upon employees the
need to keep track of their devices, businesses
should encrypt their company-owned devices
using a certified encryption methodology.

- Krishna Narine, Business Litigation Lawyer

Meredith & Narine, LLC

Source

2
It all starts with the
manufacturers.

Achieving security rests

less on the businesses
that use IoT devices and
more on the businesses
that manufacture them.
Manufacturers need to
design security in from
the beginning, both in
software and hardware.

Ultimately, success in cyber security for IoT

depends on designing in security from the
beginning in the same way that we have
achieved high reliability in areas like rail safety,
aviation safety, food safety, security of iconic
buildings (i.e. designing buildings to withstand
a blast), and so on.

- Emilian Papadopoulos, President

Good Harbor Security Risk Management

Source

3
Dont be
in a rush.

Don't put all your

eggs in one basket.
Technology is
awesome, and we truly
are living in the future,
but over-reliance on
technology is a surefire
recipe for disaster.

IoT presents a treasure trove of personal

information, financial data, and other sensitive
information. Smart businesses and individuals
will be careful to temper their excitement and
desire to jump into this
increasingly-interconnected world of
convenience against their willingness to assume
additional risk of attack or penetration.

- Frank Spano, Executive Director

The Counterterrorism Institute

Source

4
Add on layers
of security.

A VPN (Virtual Private

Network) secures one's
home or business
network to allow traffic
only from verified
devices, or at least
separates the unverified
traffic out.

With the rise of the IOT, it is becoming easier and

easier for malicious hackers to access verified
information through these devices. While theyre
marketed as being mostly secure, it only takes
one error for someone to get access to your
entire network. Using a VPN can totally
prevent this, adding a layer of redundancy that
is so underrated in todays world.

- Bryce Hamlin,Public Relations Coordinator

Hide.me

Source

5
Integrate security into
your development
lifecycle.

Companies that
produce IoT devices
need to ensure that
they have a solid
software development
lifecycle that is inclusive
of security testing.

By ensuring security is baked into the

development process from day one, the
company can dramatically move the needle
to help ensure the security of their devices,
while also reducing waste within the
development lifecycle.

- Andrew Storms,Vice President, Security Services

New Context

Source

6
Automation
is key.

Automation will be one of the

keys to increasing efficiency in
enterprise SOCs. For instance, an
automated incident response
system can identify and resolve
low-complexity, high-volume tasks
with little to no human intervention,
leaving expert security personnel
with more time to handle the more
nuanced and complicated issues.
That is critical, not only because
more devices will create more tasks,
but because attacks are growing
increasingly sophisticated.

Additionally, if that same platform can centralize

information from existing security tools, it
streamlines operations by limiting the number
of tools that analysts use to initially triage alerts.
And, if the platform can capture processes for
standardization and reuse, it further increases
productivity by reducing duplicate work.

- Cody Cornell,Founder and CEO

Swimlane LLC

Source

7
Integration of cyber
threat intelligence.

The relevance of Cyber

Threat Intelligence (CTI),
as a part of a proactive
information security
program, will become
essential for
information security.

It is critical for organizations to be able to identify

evolving methods and emerging technology
trends used by the cybercriminals, and then to
continually assess their capability in this regard.
Because many organizations don't have
access to internal specialists, they will need to
turn to external experts from the CTI sector.

- Mark Coderre, National Security Practice Director

OpenSky Corporation

Source

8
Security starts with
proper training.

Enterprises need to
approach IoT security
bottoms up by re-training
software developers:
their own and their
supply chain, ecosystem
stakeholders.

To avoid IoT security being an afterthought,

it is critical for the developers to start with a
full system view of the IoT solution, not just
their component alone, before they write
the first line of code.

- Prathap Dendi, General Manager

Emerging Technologies, AppDynamics

Source

9
Stop the
negligence.

The primary cause

of security breaches
in business remains
employee negligence
or intent and not
the malfeasance of
hackers.

Education and training around policies and

protocols for security is imperative to avoiding
negligent behaviors, like weak and shared
passwords or lackadaisical logouts, leading to
issues. Having clear and complete understanding
of possible vulnerabilities and limiting accessibility
of control within software and hardware
specifications and settings is of dire importance
in limiting and avoiding intentional sabotage.

- Felicite Moorman, CEO

StratIS

Source

10

Oceans of
the internet.

Asking how to
theft-proof electronic
information in the
Internet of things is like
asking how to protect
your ships against Pirates
and Vikings during the
11th and 12th century.

We gained control of pirating the moment we

gained control over the seas and oceans...In
comparison, we do not control the vast
oceans of the Internet. We do not even have
agreed-upon standards, nor even an
understanding of all the harmful capabilities of
hackers on the web.... We are still at the stage
of inventing technologies on the Internet.

- Matti Kon, President & CEO

InfoTech Solutions for Business

Source

Interested in learning more about the

future of IT? Check on this interactive
on the future of cloud computing.
Explore the future of cloud