IoT security: What are the keys to protecting the castle 24×7?

By | 4 minute read | February 16, 2017

IBM Munich HQ

The world is connected by devices — devices that collect and share information through the Internet of Things (IoT). IoT offers consumers and businesses powerful benefits, and to realize those benefits, it’s important to secure IoT solutions for their integrity and for the protection of your corporation and brand reputation.

Security attacks, including DDoS have been caused, in part, by IoT devices.  In a recent ransom endeavor, a hotel’s key card system was infiltrated resulting in the hotel being locked out of its own computer system, leaving guests stranded in the lobby feeling confused and slightly panicked.

These kinds of attacks underline the need for vigilance with IoT security and the importance of being able to view, manage and update IoT devices and firmware after the point of manufacture. With billions of connected devices now potential access points to cyber attacks, IoT security is, and should be, a major concern for individuals and enterprises of all sizes and industries.

IoT security is no longer a theoretical classroom case study

Yes, IoT opportunities offer new areas of growth for business leaders. But at the same time, due to varied and frequent incursion incidents created by brazen and skilled hackers bent on criminal intent, enterprises are now weighing up risk vs. reward.

IoT risk and security management is an issue that demands attention now — it was identified as a primary inhibitor to IoT adoption in a recent report by 451 Research, with 46% of the responders citing security concerns as an impediment to IoT adoption.

Striking the balance between protecting the infrastructure and capitalizing on the IoT’s potential is a top priority for enterprises of any size when the stakes are high: an IoT equipment compromise can drastically change the risk profile for the company. While connected devices usher in new opportunities for growth and revenue, at the same time, connected devices offer new entry points for hackers to exploit. The very assets an organization is trying use to create new solutions is becoming the way into the fortress.

Unique considerations for IoT

Security needs for a consumer IoT system are far different from the needs of a complex, mission-critical, enterprise system. It must be robust and vigilant because IoT devices are connected to the physical world.

When you look at the volume, variety, diversity in type and location of device, and then take into account the fact that devices are being produced at a faster pace than architecture and security can keep up, it’s easy to understand why enterprises and the industry might seem to be facing the perfect storm.

In the Dyn and Brian Krebs attack, the bonnets consisted largely of unsecure Internet of Things (IoT) devices — webcams, digital video recorders, routers and so on. This isn’t new, either, but the scale is bigger now.

IoT security is a continuous life cycle

That’s why preventing enterprise data and IoT devices from potential compromise is becoming an active, ongoing and organic pursuit championed at every level of the organization.

IoT solutions are broad and complex, requiring a robust set of security measures to ensure integrity and safety. A cognitive life cycle approach to IoT security continuously evolves as new threats emerge; these new threats are fed into the environment for which protection and intelligence must be provided.

The long term value of cognitive security

Cognitive security refers to the ability to engage in a continuous learning cycle – where a system or system of systems is constantly revitalizing the information it uses to help enterprises safeguard their most precious assets – including their reputation.  IBM offers cognitive security services – or learning technology – to help organizations master the diversity of IoT devices.

IBM Watson IoT Platform has security by design engineered into the platform and the infrastructure on which the platform is based.

1. Device and data protection

  • Secure device-to-cloud interaction
  • Protection of payload data and encryption
  • Continuous validation of device identity to protect platform integrity and control information access
  • Authentication and access controls for users, applications and gateways

2. Proactive threat intelligence

  • Expert, comprehensive risk analysis
  • Visualizing threats for prioritized response
  • Alerts from real-time analysis of device behavior and interaction patterns

3. Cognitive risk management

  • Develops risk hypotheses by correlating security events with conditions across IoT landscape
  • Self-adapts to changing risk profiles
  • Initiates incident response based on confidence parameters
  • Optimizes threat forensics capture to contend future threats
  • Continually improves with experience

Here’s a view of the IBM IoT security framework

IBM IoT Security Framework

IBM IoT Security Framework

Preparation is the key to keeping your IoT landscape secure

Preparation is the key to security by design. Security should be part of the initial IoT deployment plan, not an afterthought. Moreover, everyone involved with IoT needs to think about security by design – ensuring safety for IoT is built into IoT devices and software, from manufacturers to end-users. Never underestimate the importance of being able to view, manage and update IoT devices and firmware after the point of manufacture.

  • Plan ahead: Be constantly vigilant and plan ahead
  • Build security into your strategy: Acknowledge the new world – which includes both opportunities and risks, and build security into every step of your IoT strategy
  • Assess where you are now: IBM offers services to help you take stock and determine where you stand
  • Adapt: and t ake a proactive approach
  • Embrace IoT with confidence

You can learn more about IBM and keeping the IoT secure, or contact us for an executive briefing.