tenexperttipsoninternetofthingssecurity-160302170210

8/17/2019 tenexperttipsoninternetofthingssecurity-160302170210

1/34

Ten Expert Tips onInternet of Things Security


2/34

Over the last few years, Internet of Things (IoT)

is all everyone has talked about. So it comes

as no surprise, that 2016 has brought even

more talk to the industry. More products will

launch and headlines will continue to be filled

on the subject.


3/34

However, as the industry continues to rise in

popularity the more we hear about the serious

security issues pertaining to IoT

devices. I asked a few experts to

share their tips on IoT security

and how businesses can address

this challenge.


4/34

Implement a

BYOD policy.

1


5/34

Often, data breaches

are the result of

employees losing track

of company-owned

devices such as laptops,tablets and storage

devices containing

sensitive information.

“


6/34

This problem is exacerbated by employeesusing their own devices for work related tasks.

In addition to impressing upon employees the

need to keep track of their devices, businesses

should encrypt their company-owned devicesusing a certified encryption methodology.

- Krishna Narine, Business Litigation Lawyer

Meredith & Narine, LLC

Source

“

https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/https://powermore.dell.com/technology/10-expert-tips-on-internet-of-things-security/


7/34

It all starts with themanufacturers.

2


8/34

Achieving security restsless on the businesses

that use IoT devices and

more on the businesses

that manufacture them.Manufacturers need to

design security in from

the beginning, both in

software and hardware.

“


9/34

Ultimately, success in cyber security for IoT

depends on designing in security from the

beginning in the same way that we have

achieved high reliability in areas like rail safety,

aviation safety, food safety, security of iconicbuildings (i.e. designing buildings to withstand

a blast), and so on.

- Emilian Papadopoulos, President

Good Harbor Security Risk Management

Source

“



10/34

Don’t be

in a rush.

3


11/34

Don't put all your

eggs in one basket.

Technology is

awesome, and we truly

are living in the future,but over-reliance on

technology is a surefire

recipe for disaster.

“


12/34

IoT presents a treasure trove of personal

information, financial data, and other sensitiveinformation. Smart businesses and individuals

will be careful to temper their excitement and

desire to jump into this

increasingly-interconnected world ofconvenience against their willingness to assume

additional risk of attack or penetration.

- Frank Spano, Executive DirectorThe Counterterrorism Institute

Source

“



13/34

Add on layers

of security.

4


14/34

A VPN (Virtual Private

Network) secures one's

home or business

network to allow traffic

only from verifieddevices, or at least

separates the unverified

traffic out.

“


15/34

With the rise of the IOT, it is becoming easier and

easier for malicious hackers to access verifiedinformation through these devices. While they’re

marketed as being mostly secure, it only takes

one error for someone to get access to your

entire network. Using a VPN can totallyprevent this, adding a layer of redundancy that

is so underrated in today’s world.

- Bryce Hamlin,Public Relations CoordinatorHide.me

Source

“



16/34

Integrate security intoyour development

lifecycle.

5


17/34

Companies that

produce IoT devices

need to ensure that

they have a solidsoftware development

lifecycle that is inclusive

of security testing.

“


18/34

By ensuring security is baked into thedevelopment process from day one, the

company can dramatically move the needle

to help ensure the security of their devices,

while also reducing waste within thedevelopment lifecycle.

- Andrew Storms,Vice President, Security Services

New Context

Source

“



19/34

Automationis key.

6


20/34

Automation will be one of thekeys to increasing efficiency in

enterprise SOCs. For instance, an

automated incident response

system can identify and resolve

low-complexity, high-volume tasks

with little to no human intervention,

leaving expert security personnelwith more time to handle the more

nuanced and complicated issues.

That is critical, not only because

more devices will create more tasks,

but because attacks are growing

increasingly sophisticated.

“


21/34

Additionally, if that same platform can centralize

information from existing security tools, it

streamlines operations by limiting the number

of tools that analysts use to initially triage alerts.

And, if the platform can capture processes for

standardization and reuse, it further increases

productivity by reducing duplicate work.

- Cody Cornell,Founder and CEO

Swimlane LLC

Source

“



22/34

Integration of cyberthreat intelligence.

7


23/34

The relevance of Cyber

Threat Intelligence (CTI),

as a part of a proactive

information securityprogram, will become

essential for

information security.

“


24/34

It is critical for organizations to be able to identify

evolving methods and emerging technology

trends used by the cybercriminals, and then to

continually assess their capability in this regard.

Because many organizations don't have

access to internal specialists, they will need to

turn to external experts from the CTI sector.

- Mark Coderre, National Security Practice Director

OpenSky Corporation

Source

“



25/34

Security starts withproper training.

8


26/34

Enterprises need to

approach IoT security

bottoms up by re-training

software developers:their own and their

supply chain, ecosystem

stakeholders.

“


27/34

To avoid IoT security being an afterthought,it is critical for the developers to start with a

full system view of the IoT solution, not just

their component alone, before they write

the first line of code.

- Prathap Dendi, General Manager

Emerging Technologies, AppDynamics

Source

“



28/34

Stop the

negligence.

9


29/34

The primary cause

of security breaches

in business remains

employee negligenceor intent and not

the malfeasance of

hackers.

“


30/34

Education and training around policies and

protocols for security is imperative to avoiding

negligent behaviors, like weak and sharedpasswords or lackadaisical logouts, leading to

issues. Having clear and complete understanding

of possible vulnerabilities and limiting accessibility

of control within software and hardware

specifications and settings is of dire importance

in limiting and avoiding intentional sabotage.

- Felicite Moorman, CEOStratIS

Source

“



31/34

Oceans of

the internet.

10


32/34

Asking how to

theft-proof electronic

information in the

Internet of things is like

asking how to protectyour ships against Pirates

and Vikings during the

11th and 12th century.

“


33/34

We gained control of pirating the moment we

gained control over the seas and oceans...Incomparison, we do not control the vast

oceans of the Internet. We do not even have

agreed-upon standards, nor even an

understanding of all the harmful capabilities ofhackers on the web.... We are still at the stage

of inventing technologies on the Internet.

- Matti Kon, President & CEO

InfoTech Solutions for Business

Source

“



34/34

Interested in learning more about the

future of IT? Check on this interactive

on the future of cloud computing.

Explore the future of cloud
http://dell.to/1POjjX8http://dell.to/1POjjX8

tenexperttipsoninternetofthingssecurity-160302170210

Documents

Transcript of tenexperttipsoninternetofthingssecurity-160302170210