A recent article in TechTarget, “IoT Security Issues Unplugged,” looked at the massive security challenges emerging and being created by the Internet of Things (IoT).
Robert Richardson, editorial director of TechTarget’s Security Media Group, clearly pointed out the flaws of attempting to manage security at the network layer and how this will not work as billions of new IP addresses are increasing the size of the “attack surface” exponentially in the IoT.
Richardson noted that the influx of IoT devices cannot be individually managed, they can only be accommodated. And while not saying it directly, he pointed to the inevitability of having to manage security in the IoT through “massive self-organizing of local networks.”
Security for the IoT also points to the need for much greater emphasis on digital risk management that starts with an evaluation of business processes and failure scenarios, and the need to start organizing and managing around an organization’s risk profiles as opposed to going through the network.
Instead of looking at white listing IP addresses, the tactical solution is to understand and employ authentication and management of valid users for IoT devices within a perimeter of IT infrastructure (or self-organizing local network). The only way to do this is with software defined perimeters (SDP) that are going to change the paradigm of how you think about reducing risk.
Without getting into the details here, SDPs can be designed and deployed to protect individual applications or whole IT environments – and particularly those supporting critical infrastructure.
For more info, check out this white paper on the emergence of SDPs and feel free to reach out to me directly to learn more.