How the Internet of Things is changing the approach to corporate security

The Internet of Things is one of the areas in which innovations in the field of wireless, mobile and cloud technologies will develop. However, for corporations the “united universe” carries not only indisputable advantages, but also various difficulties, including those related to security.

What is the Internet of things for business?

Despite all the talk about the Internet of things, there are still a large number of different interpretations about what is meant by this.
')
“The first big problem is that different organizations have a different understanding of what the Internet of things is,” says Gartner analyst Earl Perkins. "Accordingly, the approaches to ensuring security are different for everyone."

What the Internet of things will be for a particular organization depends on its goals and objectives. Nevertheless, there is a certain “skeleton”, without which such a unified infrastructure cannot be built. 451 Research researcher Brian Partridge (Brian Partridge) says that such a skeleton consists of "devices, a network, and some kind of cloud service."

"At each of these levels, there is room for security problems - and they will definitely arise if the system was not designed correctly from the very beginning."

The Internet of Things implies connections between many elements, which seriously complicates the infrastructure. LIFARS security expert Ondrej Krehel says that this is what causes problems (“complexity is the main enemy of security”).

Any element of the Internet of things system is connected with others and affects them, opening up to attackers the ability to conduct attacks. And all these elements are created only to work with data.



According to ZDnet , more than half of the polled American companies are either already using IoT to collect data or are planning to start doing it in the near future.

Data protection

Data is the blood of the internet of things. Accordingly, the entire security system of the corporate Internet of things should be built around data protection. This means that despite the importance of protection at the device and application level, ensuring security at the data level remains a major concern.

According to Partridge, there are three main security challenges related to collecting and transporting data on the Internet of things:

• Confidentiality is the prevention of access to data by people who should not have this capability.
• Preservation of integrity - data must be transmitted over the network so that it cannot be intercepted and changed.
• Authentication - you must be able to determine whether the data came from a trusted source and are correct.

The Internet of Things is still a new concept, and few employees of companies are familiar with it, and also understand that when working with such systems, the methods of collecting, processing, storing and transmitting data differ from the usual ones. That is why many familiar security techniques are simply ineffective when it comes to the Internet of things.

“Thanks to the Internet of Things, big data has become even more,” says Perkins. "Now you literally flood the network with information, data that was not there before."

Gateways and their protection

The terms “data” and “database” do not usually cause people to associate with something that is in constant motion. The database can be compared with a bank (at least, they are often perceived as such by companies), and protecting money in a bank is different from protecting money in a moving armored van.

In reality, the data is constantly moving, and the ways of their movement with the advent of the Internet of things have become much more complicated. When creating a system of interrelated elements, there are still "points of contact", thanks to which data is exchanged between different parts of the network. According to Krechel, the focus is on the protection of these particular points.

“There are many intermediate points in the data path at which they can be intercepted. Now the challenge is not to securely connect the device to the network. It is important to ensure the security of the interaction of different devices in it. "

Most IoT devices do not have enough processing power to process code that protects data. As a rule, in such networks, gateways and proxies are used, thanks to which information is exchanged between different devices - these are the elements of the system that interest intruders in the first place.

Should I avoid the Internet of things?

Partridge says he is often asked if you want to avoid the Internet of things in enterprises because of possible security problems. The expert believes that you should not be afraid of IoT technologies, since they provide companies with great opportunities for business development.

At the same time, the security focus should shift from protecting devices and software to protecting the interactions of the various elements of the associated system. Security is about devices and services, says Kerhel.

All this opens up new opportunities for service providers - they can offer the protection of “intermediate points” of interaction and gateways as a service. This will help businesses to secure their data.

Kerchel says that few companies will be able to independently provide data security in the IoT system, which is why it will be easier for them to contact third-party service providers who can help protect corporate systems.

Partridge agrees with this thesis: "Security audits, consulting, plans to counter attacks and reduce risks - companies will be willing to pay a lot of money for all of this."

In addition, Perkins believes that the development of the Internet of Things will help people change their view of safety as a whole — using integrated devices will help achieve a higher level of protection in everyday life.



For example, a “smart home” may warn the owners that any device (washing machine, microwave, etc.) has broken down, or notice a leak of carbon monoxide. Retailers will be able to track stolen goods using internet-connected security beacons.

Despite all the difficulties with security, the Internet of Things opens up significant opportunities for technology development and new business opportunities.