Five Tips For Dealing With Shadow IoT
The Internet of Shady Things, or shadow IoT for short, sounds like a seedy place and it is. Here are five tips on how you can put connected things in perspective.
Imagine a hospital with hundreds of networked refrigerators bought by unsuspecting departments. These refrigerators make their way into Wifi and hinder the flow of other important information. Doctors who rely on voice-over wifi to communicate will no longer receive notifications on their pagers and medical monitors will no longer send the latest data needed to treat patients. This is shadow IoT. At a time when IoT devices are infiltrating the business, organizations need to make sure their IT departments are managing and securing these resources.
In the past, shadow IT was a nightmare for most organizations – it was known to be out of control and posed a variety of security problems. But with the influx of smartphones within the company, that way of thinking has changed. Now it is seen as an indicator of how one can support productivity, or in other words, it is about using innovations safely.
It’s still tempting to go back to the traditional IT tactical handbook and “just say no” for fear of the new technology. So it happened to in the late 90sWIRELESS INTERNET ACCESSand with iPhone & Co. in the late noughties. But new IoT devices could also be the source of real business benefits. Connected refrigerators may initially be nonsense – until they can increase both sales and productivity in a field like the pharmaceutical industry.
IP cameras can coordinate the first responders in emergencies by providing real-time videos to the coordinators, which better educate them about the current situation. Digital media players can deliver immersive retail experiences to consumers by ensuring that relevant content is displayed to them in any store, anywhere in the world. These are just a few practical examples that are in use today.
So there is no doubt that IT organizations will quickly become overwhelmed. The answer is to develop the right building blocks so that the organization can conditionally say “yes” to the shadow IoT.
Here are five tips for dealing with shadow IoT:
1. Subdivide the network: users who bring new devices into the network that are probably not compatible with the critical infrastructure should be connected. Because of this, it’s time to add a few new SSIDs and VLANs to the network. Some companies already have a guest network that blocks access to company resources. This is just the beginning, however, as IoT devices may require access to some corporate resources while guests do not. The IT department can decide over time which resources will be made available in the IoT network. Ultimately, an IoT network fits somewhere between the completely trustworthy corporate network and what organizations use for guests.
2. Think seriously about PKI and NAC: Organizations do not want users to enter their credentials into the networked refrigerator to bring it online, because if the refrigerator is compromised it will act as a real employee on the network. The Public Key Infrastructure (PKI) can help by ensuring that only authorized end devices that have been logged in by the user and classified as trustworthy by the IT department can establish a connection. Layering in-network Access Control (NAC) in turn ensures that the devices are trustworthy and meet minimum security criteria. Less trustworthy IoT devices are segmented into the correct network.
3. Deactivate Telnet: If possible, completely deactivate Telnet traffic in your networks. If that doesn’t work, at least block external Telnet access. Unsecured connections such as Telnet, combined with devices with standard passwords, allow the spread of malware.
4. Think about traffic shaping: Traffic shaping, especially on suspicious data streams, can help reduce the effects of attacks from the Internet network and improve connectivity for mission-critical services.
5. Manage as much as possible: Employees can bring some networked devices under Enterprise Mobility Management (EMM) and other security frameworks. If your company develops and tests its own IoT devices, you should use platforms such as Windows 10 and Android, as their security tools are more sophisticated than development platforms for consumer devices. If devices cannot be configured via a central platform, you should collaborate with staff during the setup. By doing this, you ensure that the types of default configurations that have been exploited in the past are disabled.
These security best practices are required as a basis for the use of IoT in companies. By adopting these recommendations, companies create the security requirements for future networked devices and make the company more secure today.