+
EDITOR’S QUESTION
MOHAMMAD JAMAL TABBARA,
SENIOR SYSTEMS ENGINEER
AT INFOBLOX
//////////////////
encryption and secure authentication, along
with continuously updating and patching
your IoT firmware or OS. From on-premise
infrastructure perspective, insure that your
network security solutions are providing a
secure and legitimate communication with
the public Internet.
Encryption is one of the preliminary security
features that must be enabled at all times.
Besides encryption, secure authentication
and authorisation, access control, whether
physical or remote, data integrity checks,
secure device provisioning, network
segmentation, along with continuously
updating and patching your IoT firmware
or OS, are all considered to be fundamental
methods and practices that should be
enforced on your IoT assets.
Security considerations while
developing an IoT security strategy
Key IoT security vulnerabilities
CISOs should consider
IoT devices are Internet devices, hence
the name Internet of Things, which
means that these ‘Things’ bring with it
many of the existing ‘Internet’ security
threats and vulnerabilities such as data
theft, denial of service attack, access
control hijack, malware infection,
malicious communications and many
threats that we are seeing today or
even new unprecedented evolving
threats. Furthermore, the economics
of the ‘Internet of Things’ from the
manufacturing vendors’ perspectives,
indicates that security will continue to be
an afterthought for IoT devices unless
regulations are enforced. Besides, adding
the IPv6 requirement, along with IPv4,
increases the security complexity, as now
both IP protocols have to be secured.
CISOs must insure that they have
the right security platforms and best
www.intelligentcio.com
practices in place to mitigate these IoT
cyber threats and vulnerabilities at every
layer of the IoT ecosystem. According to a
study, almost 57% of IoT devices are not
secured. Unfortunately many of the IoT
devices that exist today lack the necessary
and fundamental security measures needed
in order to provide secure IoT devices
and ecosystems. This will continue unless
regulation happens.
There are multiple security aspects that
should be addressed in the IoT realm
such as device, data, service, platform
and application security. Commonly, as a
business or a consumer, you might only
have control over the device security policy
level, with some control over the on-premise
network that you control.
Whenever a new IoT device is brought to
your network, you must at least start with
enforcing the fundamental secure polices
to insure that you have the basic IoT
device protection such as enabling data
An IoT security strategy involves multiple
aspects of the IoT ecosystem players and
assets such as the IoT device, platform,
infrastructure, and application, along with the
right partnerships between the manufactures,
solution integrators and operators.
The strategy requires the executives to factor
data security and integrity from the device
up to the cloud while in transit over the
Internet and securely provision devices and
its services.
Besides, creating a collaborative and active
integrations with an end-to-end security
strategy in the Internet of Things (IoT) will
unlock multiple barriers against the IoT
executives towards a secure IoT ecosystem,
especially when clients are educated about
the potential IoT threats and what practices
they should follow to secure their IoT devices
from their side.
Each aspect builds greater security assurance
in the overall IoT ecosystem.
INTELLIGENTCIO
29