The Internet of things is a hot topic at the moment.
In Securing the Internet of Things Peter Sondergaard of Gartner reports:
Securing the Internet of Things represents new challenges in terms of the type, scale and complexity of the technologies and services that are required. The Internet of Things means sensitive information, such as device operation details and personal data, transitions from moving within secure networks to moving between third parties.
It’s inescapable: The fundamental meaning of security is changing as things both inside your enterprise and those you create become connected to the Internet.
In the blog Protecting Trade Secrets, Eric Ostroff also recognises the problem, and offers the advice:
As time goes on, it will be very difficult, if not impossible, to avoid using the “Internet of Things” in a business context. When you do connect devices to the internet, assume that they have security vulnerabilities. Thus, before connecting the device to the internet, you need to work with your IT department/consultants to make sure that it has adequate security features.
Note there is a lot of R&D being done all over the place to figure out how to go about securing it. However, for me, there is one simple thing you can do right now that will significantly help.
The principle is simple. When designing a zoo, you don’t put all the animals into one enclosure. Instead, you recognise that animals like lions, tigers and crocodiles are dangerous; so you build them their own separate enclosures.
So why not do the same for your network: One enclosure for the sensitive corporate data; one for your building management systems; one for your user BYOD and a different one for IoT devices. Just as you feed the animal in the zoo via a controlled access point to make sure each animal gets the right type of food, in a segmented network there are control points that allow data exchanges needed to support a business process.
This approach is called a segregated or segmented network, and tools exist to enable you to manage data flows between the segments: Firewalls; Guards; Proxies; Gateways and for particularly dangerous animals Data Diodes.
Many organisations have been taking this approach for years, called the DMZ. But now we are entering a time where a single segment – the DMZ – is no longer sufficient and you need to consider segregating your network into many more segments.
Actually, this is good practice anyway, irrespective of the IoT.