tenexperttipsoninternetofthingssecurity-160302170210
-
Upload
denis-vasquez -
Category
Documents
-
view
218 -
download
0
Transcript of tenexperttipsoninternetofthingssecurity-160302170210
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
1/34
Ten Expert Tips onInternet of Things Security
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
2/34
Over the last few years, Internet of Things (IoT)
is all everyone has talked about. So it comes
as no surprise, that 2016 has brought even
more talk to the industry. More products will
launch and headlines will continue to be filled
on the subject.
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
3/34
However, as the industry continues to rise in
popularity the more we hear about the serious
security issues pertaining to IoT
devices. I asked a few experts to
share their tips on IoT security
and how businesses can address
this challenge.
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
4/34
Implement a
BYOD policy.
1
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
5/34
Often, data breaches
are the result of
employees losing track
of company-owned
devices such as laptops,tablets and storage
devices containing
sensitive information.
“
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
6/34
This problem is exacerbated by employeesusing their own devices for work related tasks.
In addition to impressing upon employees the
need to keep track of their devices, businesses
should encrypt their company-owned devicesusing a certified encryption methodology.
- Krishna Narine, Business Litigation Lawyer
Meredith & Narine, LLC
Source
“
https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
7/34
It all starts with themanufacturers.
2
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
8/34
Achieving security restsless on the businesses
that use IoT devices and
more on the businesses
that manufacture them.Manufacturers need to
design security in from
the beginning, both in
software and hardware.
“
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
9/34
Ultimately, success in cyber security for IoT
depends on designing in security from the
beginning in the same way that we have
achieved high reliability in areas like rail safety,
aviation safety, food safety, security of iconicbuildings (i.e. designing buildings to withstand
a blast), and so on.
- Emilian Papadopoulos, President
Good Harbor Security Risk Management
Source
“
https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
10/34
Don’t be
in a rush.
3
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
11/34
Don't put all your
eggs in one basket.
Technology is
awesome, and we truly
are living in the future,but over-reliance on
technology is a surefire
recipe for disaster.
“
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
12/34
IoT presents a treasure trove of personal
information, financial data, and other sensitiveinformation. Smart businesses and individuals
will be careful to temper their excitement and
desire to jump into this
increasingly-interconnected world ofconvenience against their willingness to assume
additional risk of attack or penetration.
- Frank Spano, Executive DirectorThe Counterterrorism Institute
Source
“
https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
13/34
Add on layers
of security.
4
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
14/34
A VPN (Virtual Private
Network) secures one's
home or business
network to allow traffic
only from verifieddevices, or at least
separates the unverified
traffic out.
“
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
15/34
With the rise of the IOT, it is becoming easier and
easier for malicious hackers to access verifiedinformation through these devices. While they’re
marketed as being mostly secure, it only takes
one error for someone to get access to your
entire network. Using a VPN can totallyprevent this, adding a layer of redundancy that
is so underrated in today’s world.
- Bryce Hamlin,Public Relations CoordinatorHide.me
Source
“
https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
16/34
Integrate security intoyour development
lifecycle.
5
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
17/34
Companies that
produce IoT devices
need to ensure that
they have a solidsoftware development
lifecycle that is inclusive
of security testing.
“
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
18/34
By ensuring security is baked into thedevelopment process from day one, the
company can dramatically move the needle
to help ensure the security of their devices,
while also reducing waste within thedevelopment lifecycle.
- Andrew Storms,Vice President, Security Services
New Context
Source
“
https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
19/34
Automationis key.
6
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
20/34
Automation will be one of thekeys to increasing efficiency in
enterprise SOCs. For instance, an
automated incident response
system can identify and resolve
low-complexity, high-volume tasks
with little to no human intervention,
leaving expert security personnelwith more time to handle the more
nuanced and complicated issues.
That is critical, not only because
more devices will create more tasks,
but because attacks are growing
increasingly sophisticated.
“
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
21/34
Additionally, if that same platform can centralize
information from existing security tools, it
streamlines operations by limiting the number
of tools that analysts use to initially triage alerts.
And, if the platform can capture processes for
standardization and reuse, it further increases
productivity by reducing duplicate work.
- Cody Cornell,Founder and CEO
Swimlane LLC
Source
“
https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
22/34
Integration of cyberthreat intelligence.
7
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
23/34
The relevance of Cyber
Threat Intelligence (CTI),
as a part of a proactive
information securityprogram, will become
essential for
information security.
“
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
24/34
It is critical for organizations to be able to identify
evolving methods and emerging technology
trends used by the cybercriminals, and then to
continually assess their capability in this regard.
Because many organizations don't have
access to internal specialists, they will need to
turn to external experts from the CTI sector.
- Mark Coderre, National Security Practice Director
OpenSky Corporation
Source
“
https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
25/34
Security starts withproper training.
8
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
26/34
Enterprises need to
approach IoT security
bottoms up by re-training
software developers:their own and their
supply chain, ecosystem
stakeholders.
“
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
27/34
To avoid IoT security being an afterthought,it is critical for the developers to start with a
full system view of the IoT solution, not just
their component alone, before they write
the first line of code.
- Prathap Dendi, General Manager
Emerging Technologies, AppDynamics
Source
“
https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
28/34
Stop the
negligence.
9
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
29/34
The primary cause
of security breaches
in business remains
employee negligenceor intent and not
the malfeasance of
hackers.
“
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
30/34
Education and training around policies and
protocols for security is imperative to avoiding
negligent behaviors, like weak and sharedpasswords or lackadaisical logouts, leading to
issues. Having clear and complete understanding
of possible vulnerabilities and limiting accessibility
of control within software and hardware
specifications and settings is of dire importance
in limiting and avoiding intentional sabotage.
- Felicite Moorman, CEOStratIS
Source
“
https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
31/34
Oceans of
the internet.
10
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
32/34
Asking how to
theft-proof electronic
information in the
Internet of things is like
asking how to protectyour ships against Pirates
and Vikings during the
11th and 12th century.
“
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
33/34
We gained control of pirating the moment we
gained control over the seas and oceans...Incomparison, we do not control the vast
oceans of the Internet. We do not even have
agreed-upon standards, nor even an
understanding of all the harmful capabilities ofhackers on the web.... We are still at the stage
of inventing technologies on the Internet.
- Matti Kon, President & CEO
InfoTech Solutions for Business
Source
“
https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/
-
8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210
34/34
Interested in learning more about the
future of IT? Check on this interactive
on the future of cloud computing.
Explore the future of cloud
http://dell.to/1POjjX8http://dell.to/1POjjX8