July 3, 2018
Security in the Age of the IoT
By now, you’ve almost certainly heard the term “Internet of Things.” But what exactly is it? Are we talking about another passing fad in technology?What is the Internet of Things?
Imagine living in a world where almost everything in your home, office and everywhere in between is microchipped for identification and tracking purposes, and those items “talk” to each other. It may sound outlandish, but it’s not. The Internet of Things (or IoT) is the term used to describe this forthcoming reality.
The Institute of Electrical and Electronics Engineers (IEEE) defines the Internet of Things as “a network of items – each embedded with sensors – which are connected to the Internet.”
Industry experts and CIOs haven’t pinpointed when IoT will be effective; they only know it’s coming.
"By 2020, it’s expected that between 50-70 billion decides will be connected, so data security is absolutely key."
What will the Internet of Things look like in our everyday lives? Well, let’s say you’re taking a road trip with a couple of friends. Your car will be able to optimize itself for fuel efficiency and performance and adjust temperatures based on sensors that determine passengers’ comfort levels. Factories will incorporate smarter energy management practices, including water consumption and electricity usage. Farmers will be able to maintain optimal conditions through the tracking of moisture levels in the soil. Your air conditioner will be able to schedule its own seasonal inspection and service. Smart medical devices could create exciting advancements in the healthcare industry for patients and physicians alike. Your business assets – including computers, mobile phones and all of your data – will be connected to the Internet, as well. The Internet of Things is going to deliver greater efficiency and convenience, but what about security?
Security: Is it Worth the Risk?
The widespread application of technology has brought with it plenty of risks, as we’re seeing with the cybersecurity concerns all over the news these days. The more pervasive the technology, the greater the risk. It stands to reason, then, that the Internet of Things could present the opportunity for significant data breaches.
What Happens if You Ignore IoT Security?
There are many implications for organizations who are lax about security – and they almost always affect the end user disproportionately. Credit card information may be stolen, putting people’s financial futures at risk. Individual privacy can be compromised if hackers are able to gain access to home monitoring systems. Public safety may even be jeopardized, from smoke detectors to an airplane’s navigation system to a car’s braking system. Hackers can also interfere with critical infrastructure, sensitive government data and more.
How to Protect Your Business Assets in the IoT
“Connected devices are everywhere – from obvious ones, like smart watches and Internet-enabled cars, to ones most people may not even be aware of, such as smoke detectors,” said international president of ISACA Robert Stroud in 2015. “Often, organizations can be using IoT without even realizing it – which means their risk management stakeholders are not involved and potential attack vectors are going unmonitored.” The Information Systems and Audit Control Association (ISACA) recommends that companies ask the following nine questions as they consider how the Internet of Things will impact their businesses:
- How will the device be used from a business perspective, and what business value is expected?
- What threats are anticipated, and how will they be mitigated?
- Who will have access to the device, and how will their identities be established and proven?
- What is the process for updating the device in the event of an attack or vulnerability?
- Who is responsible for monitoring new attacks or vulnerabilities pertaining to the device?
- Have risk scenarios been evaluated and compared to anticipated business value?
- What personal information is collected, stored and/or processed by the IoT device?
- Do the individuals whose information is being collected know that it is being collected and used, and have they given consent?
- With whom will the data be shared?
By 2020, it’s expected that between 50-70 billion decides will be connected, so data security is absolutely key as these advancements move forward.
ISACA also recommends that organizations consider these dos and don’ts:
Dos: evaluate business value; balance risk and rewards; notify all stakeholders of anticipated usage; engage with business teams early; gather all stakeholders to ensure engagement and thorough planning; examine and document information that is collected and transmitted by devices to analyze possible privacy impacts; discuss with relevant stakeholders when, how and with whom that information will be shared and under what circumstances.
Don’ts: deploy quickly without consulting business or other stakeholders; disregard existing policy requirements, such as security and privacy; ignore regulatory mandates; assume vendors have thought to throw your particular usage or security requirements; disregard device-specific attacks or vulnerabilities.
Employing an advanced asset tracking solution is key to being positioned for the Internet of Things. Your goal should be to establish an easy, powerful, configurable and highly secure platform that tracks, manages and stores information, closes the loop and keeps everyone – equipment owners, equipment support, and end users – in constant contact. Having a superior asset tracking system in place helps organizations take the first critical step toward the Internet of Things by giving them the capacity to track their equipment using a flexible tool designed to incorporate new technologies as they become prevalent. Users may set up custom user- or location-based security settings.
Asset Panda offers free Android and iPhone/iPad apps that sync with the cloud – so no more costly, time-consuming spreadsheets. Clients can generate automated reports about their assets. A built-in mobile barcode scanner helps them quickly locate specific items by searching items they’ve already logged into Asset Panda. Collectively, these features help promote efficient tracking of assets -- even for entities with a tremendous volume of fixed assets to manage at any given time -- eliminates costly errors and focuses critical resources where they’re most needed. From its flexibility and configurability to the ease of use and unbeatable value, this truly groundbreaking platform stands alone in the marketplace.
For more information about Asset Panda, or to start your free 14-day trial, go to assetpanda.com