Security & the Internet of Things: Three considerations

On the face of it, the Internet of Things (IoT) promises a world of unparalleled convenience for ordinary people.  Soon, you will control your devices and appliances remotely, your fridge will automatically reorder goods that are running low and your car will proactively book its next service. Pioneers in the field are already taking products and services to market that connect everything from toothbrushes to fitness products. According to Gartner’s new report “The Future Smart Home: 500 Smart Objects Will Enable New Business Opportunities”, a typical family home, in a mature affluent market, could contain several hundred smart objects by 2022.

For governments, utilities and services providers, IoT presents opportunities to monitor and manage assets, automate processes and save significantly on resources and manpower. Utilities are already using connected meters to track usage and pre-empt surges in demand or faults. Connected patient systems are already allowing healthcare providers to track the health status of outpatients and adjust treatment or send help where necessary. Every area of life – from work, to transport, healthcare, government service delivery and entertainment – stands to benefit from the innovations and efficiencies possible in a fully connected world.

New Opportunities, New Threats

In Asia Pacific and Japan, home to some of the world’s highest bandwidth and largest number of connected devices and device manufacturers, IoT is predicted to be the fastest growing segment in the region’s tech industry by 2017.

However, with this opportunity comes new threats. The rise of IoT has already sparked concerns about privacy. With a surge of new devices connecting to both personal and corporate networks, security is going to be a key battleground. As IoT becomes more ubiquitous,it opens up a multitude of new access points into the network for cybercriminals – and therefore the potential to disrupt business processes. In fact, IDC predicts that 90 percent of all IT networks will have an IoT-based security breach within the next years.

As data breaches grow larger and more frequent, what should businesses in Asia Pacific and Japan  plan for / focus on as more and more connected devices come online? Here are three considerations:

  • Establish a baseline of what’s “normal”: At its most basic level, traditional security tactics such as “hardened” perimeters and rigid mobile device management, will no longer be effective. In today’s environment, we at Riverbed believe enterprises should shift investments to detection and response. Key to this is enhancing visibility across all applications, networks, and devices as the first critical step toward improving overall security postures.

Establishing a baseline of whats normalhelps to better isolate actual threats and intrusions and respond accordingly.

  • Maximize Insight: Acknowledge the value of the network team in security operations. It has visibility and access to forensic data that simply doesn’t exist in other parts of an organization, and can provide the Security Operations Center (SOC) with a view of what is “normal” network activity and access. This makes identifying and quickly addressing potential threats easier and faster. Additionally, the network team likely uses some or all of the following to monitor network performance: packet capture agents, packet analyzers, netflow sources and deep packet inspection performance monitoring applications. Integrating these tools into a Security Incident Event Management (SIEM) system will provide high fidelity visibility, and a quick pivot into useful forensic data.
  • Reallocate Budgets: The high profile attacks of the last year completely evaded perimeter-style security controls. Attacks that target people—always more vulnerable than technology—will remain in the headlines well beyond 2015. Despite this, security budgets won’t grow much, because demonstrating ROI on security investments can be a futile exercise (“How much money did we make with that firewall again?”).