Risky Business: 6 Key Strategies for Helping Your Customers Secure IoT Endpoints
While the Internet of Things (IoT) has fundamentally changed the way we interact with data, organizations, and each other, it has also brought unprecedented risk, because every connected device is a potential entry point for hackers.
The unfortunate reality is that any connected device–small or large, simple or sophisticated–is a potential starting point for mounting an attack, spreading malware, manipulating operations or stealing valuable information.
A Complex Challenge
IoT deployments can involve hundreds to millions of devices, each operating in an environment that is not always easy to protect. Two up-and-coming trends, 5G cellular and increased computing at the edge, are adding to the IoT security challenge. To offset these challenges, two separate areas need to be addressed: end devices and the network protocol itself.
Help Your Customers Take a Security-First Approach
Recognizing the importance of IoT security, many national and international organizations now provide guidelines on how to protect IoT deployments. In the United States, for example, the Department of Homeland Security (DHS), which is a lead agency on cybersecurity, recommends a set of six strategic principles for securing the IoT. Introduced in 2016, they remain a strong foundation for helping your customers create a comprehensive strategy for IoT security:
- Incorporate security at the design phase: Help your customers make security an essential element of the design. They should treat it as an integral component of every device and network connection, incorporated from the earliest points as part of the development process.
- Promote security updates and vulnerability management: Hackers are always working on new attack methods, which means security requirements change over time and new vulnerabilities can appear at any time. Your customers should use patches, security updates and other strategies for managing vulnerability to ensure ongoing protection.
- Build on recognized security practices: Your customers can establish a solid foundation for protection and save time by using industry-proven techniques that address issues of interoperability, accountability and liability. Third-party certifications also verify the strength of security mechanisms and their effectiveness in specific use cases.
- Prioritize security measures according to potential impact: Your customers’ entire deployments need to be secure, but identifying where the risk is greatest can help identify where to start and how to commit resources. Knowing the potential consequences of disruption, breach or malicious activity can help your customers focus their efforts.
- Promote transparency across the IoT: Your customers should evaluate their supply chain to identify any vulnerabilities, either within or without their organization, that need to be addressed. Increased awareness of the greater ecosystem of the IoT deployment can help your customer identify where and how security measures and redundancies should be introduced.
- Connect carefully and deliberately: From initial provisioning to decommissioning, every connection a device makes is a potential source of risk. Your customers should consider all the ways to protect those connections, including limiting the amount of time spent online to minimize vulnerability.
 How This Translates to IoT Endpoints
The DHS guidelines address IoT security at a high level and help identify specific steps to take when it comes to the design of the IoT device itself. Here are some specific examples of the DHS philosophy that your customers can put into practice:
- Ensure your customer’s device only runs authentic code.
- Ensure firmware updates are deployed by authorized sources.
- Reduce the attack surface, remove unnecessary code, and disable unnecessary services.
- Deploy layered end-to-end security.
- Reduce the incentive to potential hackers.
A Secure Endpoint Needs to Attach to a Secure Network
It may seem obvious, but no matter how secure an endpoint is made, if the network connection is not also secure then all the endpoint security work may be for naught. Endpoints need to
- Page 1
- Page 2