Dec 17, 2020

Enterprise cybersecurity must scale up to match the IoT

Nigel Thompson
5 min
Enterprise cybersecurity must scale up to match the IoT
The scale of the threat to IoT must not be underestimated, says Nigel Thompson...

The IoT is misunderstood. We may hear stories of smart devices being hacked in the home, or read news reports which condemn the poor security of a particular consumer product like smart doorbells. But in truth, IoT device vulnerability is pervasive. Right now, there are likely to be unencrypted or poorly-secured devices in our homes, but also in our children’s schools, our enterprises and our governments’ offices.

Cyber attacks on enterprise IoT networks are at a different level of danger when compared to home hacks. When critical infrastructure, such as connected devices found in manufacturing or healthcare, is hacked, the results can be devastating for personal safety, jobs, and even lives. 

Now, as the IoT grows exponentially to billions of devices, protecting each and every endpoint seems like an impossible job.

The swift pace of IoT has created an issue of scale “where the size of the environment of endpoints, data, and threats is making the job of the CIO and CISO unmanageable,” as Frost and Sullivan analysts put it. But there are ways security teams can manage this huge threat. The key is to be aware of the nature of the threat, and follow the fundamental steps to scaling up cybersecurity.

The threat surface is rapidly expanding

The threats due to enterprise IoT are significant and should not be underestimated. These connected devices generate an enormous amount of highly detailed data. Should this data be stolen or disrupted, the results could be highly destructive to business reputation and operational availability. Also, the data within supply chains that detail operational demands, production data and more will always have value to competitors.

IoT security is a challenge across verticals. According to Frost and Sullivan, the factory and industrial automation market will have nearly 10.8 million connected devices by 2025, while building automation will reach 30 million. Other verticals expecting substantial growth, according to the report, include connected cars and telematics, retail, healthcare and medical devices, and enterprise-issued and bring your own (BYO) devices.

“This will substantially increase the threat surface, which is reflected in the rapidly expanding threat landscape,” the firm wrote in their report. The total number of devices include recognisable endpoints, such as phones and tablets, as well as devices across nearly every other industry.

Of course, with these device deployments, there is great opportunity to improve operational efficiency, improve the lifecycle management of capital assets, provide real-time insight into the enterprise happenings, and engage with customers in new ways. But the security concerns are also real. The challenge is to manage the security risks so that these benefits can be realised, and the risks minimised.

It’s possible to regain control of all endpoints

There are a number of steps that can be taken to ensure adequate IoT security. One step every organisation can take right away is to procure devices from manufacturers that develop their products with security in mind – baking security in from the ground up, rather than bolting it on afterwards. As part of that effort, organisations should make sure to have their security teams test any new hardware and software for security flaws and ensure the devices can be managed just like other endpoints.

Effective IoT security is complicated not only by flaws in procured devices. It’s also influenced by how different business departments independently choose to manage and secure their IoT devices. All organisations must be aware of this, and should prepare to effectively track, secure, and manage all newly connected devices across the enterprise in a uniform way.

One of the most important strategies to success will be not treating IoT devices as a discrete security challenge, but as part of the organisation’s overall endpoint security strategy. If security teams are to have the visibility and control they need, endpoint and IoT security management must be unified. That includes devices that run any operating system, such as Android, Chrome, Windows, and macOS. With fewer consoles, or ideally a single console, when managing all endpoints, security teams will have all the information they need to properly identify security threats and respond to potential breaches, and to more intelligently defend systems and data.

Enterprises can’t afford to wait long to centralise their IoT and endpoint security. The longer they wait, the harder it’s going to be to successfully consolidate, especially as IoT deployments accelerate and there are ever more devices on networks, for example, as a result of the explosion of remote working caused by the recent COVID-19 pandemic. Without a centralised console, decentralised information about security events – including attacks across domains – will be lost or overlooked, and teams will be forced to try to manually piece together their responses.

Spot the signs when procuring enterprise IoT systems

Security teams must be alert to five key attributes when buying IoT devices from providers, to ensure maximum endpoint security:

· Centralised management of users, data files, apps and devices

· Alignment and compatibility with the most popular endpoint operating systems

· The ability to control the security configurations of access credentials, passwords and more

· Pattern tracking and analysis, to spot anomalies that could indicate crime

· Flexibility for deployment across cloud and on-premise environments

The CIO and CISO roles can survive the IoT. But organisations must be proactive in defending themselves against IoT threats. By exercising vigilance and deploying intuitive technologies, enterprises can scale their security efforts to match the expansive IoT.

Nigel Thompson, is VP Product Marketing at BlackBerry

Share article

Jun 8, 2021

Fastly's CDN Reportedly to Blame for Global Internet Outage

Technology
Fastly
servers
websites
Tilly Kenyon & Oliver James Fr...
3 min
Multiple outages have hit social media, government, and news websites across the globe

A huge outage has brought down a number of major websites around the world. Among those affected are gov.uk, Hulu, PayPal, Vimeo, and news outlets such as CNN, The Guardian, The New York Times, BBC, and Financial Times.

It is thought a glitch at Fastly ─ a popular CDN provider ─ is causing the worldwide issue. Fastly has confirmed it’s facing an outage on its status website but fails to specify a reason for the fault ─ only that the problem isn’t limited to a single data centre and, instead, is a “global CDN disruption” that is potentially affecting the company’s global network.

“We’re currently investigating potential impact to performance with our CDN services,” the firm said.

What is Fastly?

Fastly is a content delivery network (CDN) company that helps users view digital content more quickly. The company also provides security, video delivery, and so-called edge computing services. They use strategically distributed, highly performant POPs to help move data and applications closer to users and deliver up-to-date content quickly.

The firm has been proving increasingly popular among leading media websites. After going public on the New York Stock Exchange in 2019, shares rose exponentially in price, but after today’s outages, Fastly’s value has taken a sharp 5.21% fall and are currently trading at US$48.06. 

What are CDNs?

Content delivery networks (CDNs) are a web of small computers, or servers, that link together to collaborate as a single computer. CDNs improve the performance of internet-connected devices by placing these servers as close as possible to the people using those devices in different locations, creating hundreds of points of presence, otherwise known as POPs.

They help minimise delays in loading web page content by reducing the physical distance between the server and the user. This helps users around the world view the same high-quality content without slow loading times. 

Without a CDN, content origin servers must respond to every single end-user request. This results in significant traffic to the origin and subsequent load, thereby increasing the chances for origin failure if the traffic spikes are exceedingly high or if the load is persistent.

The Risk of CDNs

Over time, developers have attempted to protect users from the dangers of overreliance through the implementation of load balancing, DDoS (Denial of Service) protection, web application firewalls, and a myriad of other security features. 

Clearly, by the state of today’s major website outage, these measures aren’t enough. Evidently, CDNs present a risk factor that is widely underestimated ─ which needs to be rectified with haste. Content delivery networks have become a key part of the global infrastructure, and so it’s imperative that organisations start to figure out risk mitigation strategies to protect companies reliant on the interconnected service from further disruption and disarray. 

Over the coming days, both Technology Magazine and Data Centre Magazine will continue to provide updates on the current situation as developments are made.

Share article