The number of devices that rely on network connectivity to do their jobs is skyrocketing — mobile-connected devices will outnumber people in the world by the end of the year, according to Cisco. All those smartphones and tablets are improving productivity and access to data, but they can also become security risks that open your network to attacks. The vulnerability of network connections has always been a problem, but the more devices are linked, the more risks you’ll have to manage, and the more stringent your security will have to be.
No potential threat is greater than the Internet of Things (IoT). As the IoT takes hold in organizations, it will exponentially multiply the number of devices on your network, connecting everything from thermostats and HVAC systems to vehicles and manufacturing equipment. Experts expect 26 billion connected units by 2020.
Every organization is facing the inevitability of the IoT and must take a stand against future security risks now. Here are three things you should do to take control of your connectivity and head off any risks as we brace for an explosion of devices as part of the IoT.
1. Awareness. You must understand what device connectivity exists on your networks — either through a wired network port or a wireless connection. It’s important that your organization has a policy and a process for introducing new connectivity to the network, whether through a tablet, virtual private network (VPN) tunnel, or wireless carrier. Organizations at higher levels of the IT operational maturity model must document and monitor these connections as part of their governance, risk management, and compliance (GRC) program.
2. Identification. Your organization should have the technical ability to identify what is connected to your network. Organizations can do this through regular network discovery sweeps, annual vulnerability assessments, and more. These activities seek to identify rogue or unauthorized devices before they negatively impact your environment. Additionally, there are many technical controls, such as security information and event management (SIEM), intrusion detection systems (IDS), intrusion prevention systems (IPS), identity- and application-aware next-generation firewalls (NGFW,) and unified threat management (UTM), that provide robust automated reporting. It’s important to note that identification is a continuous process. Not only does it require regular reviewing, it also requires recurring tune-ups in all but the most static environments.
3. Control. Connectivity needs to be managed with operational and security controls. Everything from port security to identity- and application-aware appliances should be deployed to restrict privileges and connectivity where necessary. These should be supported by a change management and control program that gives IT and operational departments the visibility they need to effectively and securely introduce new communication channels to the network.
Though there are benefits to allowing fleet tracking, personal fitness, facility infrastructure, and other connected devices in your organization, this communication can pose a threat to your environment that, if left unchecked, could wreak havoc on your organization’s security.
With new devices being developed and introduced to your environment daily, now’s the time to make sure your security protocols are updated to handle the IoT. SHI’s security architects can help your organization handle this growing threat. To speak to someone about evaluating the security of your IT environment, as well as introducing controls that can help prevent a data breach, please contact your local SHI account executive or email SecuritySolutions@SHI.com.