How to secure the Internet of Things
Fortunately, securing the multitude of potential attack points exists. This involves leveraging the same strategy as other IP-based communications.
Firstly, it is important to identify and understand which devices are part of the IoT network. Crucial knowledge about the nature of IoT devices is one of the stronger approaches in making decisions to protect the device and manage its data, similar to the security functions currently in existence for mobile endpoints. If a device is infected with malware, for example, it can be blocked from accessing the IoT network.
As IP-enabled devices differ in functionality, the most logical solution is to secure these devices at a network level rather than the endpoint level, thereby overcoming the limitations present in endpoint security functions. Depending on the support of inspection of IoT communications protocol, IoT can also leverage on existing network security solutions like firewall and IPS. In addition, by using the Zero Trust principles of least privilege access with granular segmentation, enterprises can secure IoT data and application access.
While the IoT may offer potential for improving the way that enterprises and government currently operate, it is fundamental to overcome the biggest challenge faced: the regulation surrounding IoT data collection system and the way these records will be used, shared and secured. To achieve this, it is imperative for enterprises, governments and standard organisations to collaborate and leverage expertise to overcome IoT's complex, multi-faceted security vulnerabilities.
Sharat Sinha is Vice President, Asia Pacific, Palo Alto Networks
Sign up for Computerworld eNewsletters.