SAPVoice: Internet Of Things: 5 Ways To Overcome Security Challenges -

SAPVoice: Internet Of Things: 5 Ways To Overcome Security Challenges

Credit: forbes.com

  • Dec 07 2017 15:30About: 6 days ago
  • 7 views

The promise, benefits, and value of the Internet of Things (IoT) have been documented extensively, but a number of widely publicized IoT attacks leaves the impression that IoT is deeply insecure. What is often not mentioned is that many of these attacks originated due to failures in implementing basic protections.

But even where the vendor has taken reasonable precautions, things can go horribly wrong, as can be seen in a – literally – fly-by attack on smart lighting.

Another challenge is that IoT-enabled devices are deployed “where the action is” – whether that’s on the factory floor, oil platforms, public roads, offices, stores, and moving vehicles, or in cities running over wireless networks.

That means that they are often physically accessible by employees, contractors, and even the general public. If we compare that to modern cloud data centers where only authorized personnel can enter, that is a substantial difference. With more people having potential access, the risk of compromise goes up, so we may need to ensure the device itself is physically protected against tampering.

But these are not insurmountable obstacles. The question is less one of not knowing to do to protect IoT environments, but one of to implement and apply security measures to keep the solution safe.

Here are five recommendations for securing IoT:

Modern security practices follow a risk-based approach that considers both the ease of an attack and the impact should one happen – giving a strong indicator of how much security you’ll need. The reality is that an IoT solution that monitors, manages, and optimizes operations in a chemical factory requires much tighter security protocols than one that simply turns off the light in a conference room when sensors detect nobody is present. In the former, a successful attack could lead to a catastrophic industrial accident including injury and loss of life. In the latter, the worst that could happen is that an electricity bill is a little higher.

There is a misconception that the Internet of Things by definition means that many devices are connected to many other devices – increasing the risk that a successful attack leads to catastrophic failure or to the take-over of a substantial portion of your IoT infrastructure. In many cases, devices have a single purpose and only need to send the data they collect to a single location. By limiting the number of IoT devices that talk to each other, we can better secure each one and limit the damage should any breaches occur.

The risk is yours, any failure in security is your responsibility, and you will be held accountable for the result – so it is important to maintain control. This starts with device selection: Make sure that they either have the security features you need, or, preferably, are “open” so you can analyze and understand how they work, and then add any features you need to fill security gaps. This includes the ability to update devices in an automated and secure way and to control that process yourself.

It’s critical to encrypt communication between devices and data ingestion points to make sure nobody can listen in, tamper with sensitive data in transit, or recover enough information to spoof or impersonate the device and feed the system manipulated data. Modern encryption techniques work in much the same way as HTTPS does to protect information online. Encryption also needs to be tied to device identity to ensure the data we think comes from a particular device actually does.

Apply proven security technologies, tools, and best practices used in traditional IT landscapes. In many cases, they can be implemented directly: by using digital certificates or equivalent, by restricting what IoT devices can do and which they can communicate with, and by adding protection and monitoring mechanisms. In other cases, with microcontrollers and low-power networks for example, we may need to apply new techniques, but we can draw on existing principles and concepts.

IoT adoption is still in early days. Unfortunately, that means that there aren’t many established standards yet, and while the number of devices brought to market is quickly rising, certification schemes and regulations are lagging. As a result, adopters still need to carefully plan and build-in security from the start, and properly evaluate any IoT equipment brought in-house.

As large technology providers recognize the security challenges introduce new IoT technologies and software solutions, the situation is rapidly improving. At SAP, we’re also committed to both describing the pitfalls and providing clear guidelines to overcome them. Learn more .



Follow Us on Twitter

value Internet Things (IoT) been documented extensively number widely publicized attacks leaves impression that deeply insecure. What often mentioned many these originated failures implementing basic protections.

Related stories with SAPVoice: Internet Of Things: 5 Ways To Overcome Security Challenges

Details surface regarding Jeremy Pruitt’s contract to become Tennessee’s coach -World News
Details surface regarding Jeremy Pruitt’s contract to become Tennessee’s coach 6 days ago
All signs are pointing to the end of a wild Tennessee coaching search that’s arrived at Jeremy Pruitt. Now, information is being revealed about his contract. Pruitt, Alabama’s defensive coordinator, is believed to have agreed to a deal that wi
5 things to know about new Tennessee coach Jeremy Pruitt -World News
5 things to know about new Tennessee coach Jeremy Pruitt 6 days ago
The Tennessee coaching search finally has come to an end, with Alabama defensive coordinator Jeremy Pruitt getting the nod. The search took several crazy turns, including blowback from fans after Ohio State defensive coordinator Greg Schiano was thought t
New Total War Warhammer 2 mode lets powerful PCs push the game to its limits -World News
New Total War Warhammer 2 mode lets powerful PCs push the game to its limits 6 days ago
Creative Assembly has announced a new mode for Total War Warhammer 2 that lets players with powerful PCs push the strategy game's battles to their limits.The Laboratory, due out as a free update on 14th December, is a Skaven-themed custom battle playgroun
Kirk Herbstreit: Offensive coordinator will be ‘big hire’ for Jeremy Pruitt at Tennessee -World News
Kirk Herbstreit: Offensive coordinator will be ‘big hire’ for Jeremy Pruitt at Tennessee 6 days ago
The Tennessee coaching search finally ended late Wednesday night and became official early Thursday morning, when the Volunteers hired Alabama defensive coordinator Jeremy Pruitt to become their next head football coach. Pruitt, also formerly the defensiv
Evicted white Zimbabwean farmer told he's going home -World News
Evicted white Zimbabwean farmer told he's going home 6 days ago
A white Zimbabwean farmer kicked off his property at gunpoint in June has been told he will be going home within days, the first signs of the post-Robert Mugabe government making good on promises to respect agricultural property rights.
Parallels drawn between pot legalization and the waning days of alcohol prohibition -World News
Parallels drawn between pot legalization and the waning days of alcohol prohibition 6 days ago
Every province had its own approach to battling booze in the early 20th century. And, like the way the federal government has approached the legalization of cannabis, the rules for ending prohibition of alcohol were up to each province.
Nigeria's oil minister to engage with union to avoid possible strike -World News
Nigeria's oil minister to engage with union to avoid possible strike 6 days ago
Nigeria's oil minister said on Thursday the government would engage with the Petroleum and Natural Gas Senior Staff Association of Nigeria after the trade union threatened to launch a nationwide strike.