Deploying IoT Devices

Deploying IoT Devices

Best practices for managing and securing IoT networks

The number and breadth of devices that make up the Internet of Things (IoT) continues to grow rapidly, with everything from kitchen appliances to video surveillance and access control systems offering the ability to connect to a network. Each of these offers tremendous value, but the true power of the IoT lies in the ability to connect disparate systems and devices to leverage the combined data they produce to generate some valuable insight and actionable intelligence.

Integrations between IP-based surveillance, access control, intercoms, speakers, traffic management, HVAC and many others offer the potential to share useful information between connected devices to deliver a fuller view of a situation across multiple locations than any one system could possibly provide on its own.

The effectiveness of IoT networks relies on understanding how devices can work together to capitalize on the combined strengths of each sensor to deliver value and solve specific challenges by collecting widely dispersed data from disparate sources to provide a complete view of security and operations. Given the billions of IoT sensors deployed around the world and the value of the data they provide, the need to properly deploy, manage and secure those devices has become more urgent.

It’s one thing to have all this technology at your fingertips, but it’s another thing to understand the problems you’re trying to solve with that technology. Therefore, it is vital to start with the problem and identify the technologies that offer solutions to those challenges.

Additionally, there is the fact that the more devices an organization has connected to the network, the greater the potential for network breaches, as well as the need to manage the continually-growing number of devices on the network. By following some best practices, organizations can mitigate potential concerns in these and other areas to harness the true power of their IoT networks.

Addressing Vulnerabilities

All devices connected to a network represent potential back doors that hackers could exploit to gain access to a network and the various systems to which it’s connected. Therefore, as evidenced by the number of high-profile breaches that seem to be occurring with alarming regularity, cybersecurity is a top priority for everyone.

Unfortunately, all networked devices and systems can be vulnerable, and in our connected world, the cybersecurity of a network is only as strong as the weakest device connected to it. Therefore, it is essential that all networked devices provide the level of security necessary to protect the overall system from the potentially catastrophic effects of a breach.

Perhaps the biggest concern with networked devices is that they could be used by cybercriminals as a platform to breach other parts of a system, which could then be used to gather data or take down or hijack a system. In theory, any networked device can be used to attack another network device. For example, a vulnerable networked HVAC system could be used to gain access to a retailer’s overall network, which could provide hackers with access to POS and financial data, including customer names and credit card information that could be used for identity theft or other crime. Unfortunately, this is becoming more of a reality with each passing day.

Organizations can reduce the likelihood of a breached device serving as a back door for hackers to access other devices by segmenting it, hardening it or isolating it in some way that protects the device to the best of their ability and keeps it separated from other systems and the sensitive information they contain. It is also necessary to continually re-assess cybersecurity methods and procedures to make sure they’re adequate for the threats that continue to emerge daily.

A great example of this would be surveillance cameras, which are different from other devices in that they often run on a segmented surveillance-only network and are not designed to tap into other systems. A much easier target would be a Windows computer, given that it might have access to more systems and probably has an Active Directory domain that provides access to a larger file system or to sensitive data itself. So when properly deployed and connected to the network, it would be highly unlikely that someone could use a camera to gain access to sensitive or personal information contained in another networked system.

Overcoming the Human Element

While strong tools, technologies and features are vital to supporting cybersecurity, they aren’t capable of addressing what tends to be the weakest link in cybersecurity: the human element.

That’s why it’s so important for organizations to set and apply standards and enforce policies across their systems, and to put policies in place to ensure best practices are followed throughout the organization. This should include guidelines regarding connecting personal devices like mobile phones or wireless access points to the network.

One of the biggest challenges organizations face is simply knowing what’s deployed on their network. Depending on its size and specific needs, an organization may have hundreds or thousands of IoT devices and sensors deployed in one or multiple locations.

Thankfully there are technologies available that can scan the network to identify every device that’s connected to it. In some cases, these solutions will even ensure that all devices from a particular manufacturer are properly configured according to a company’s requirements and policies.

Armed with a solid understanding of the hardware, systems, and devices that are deployed on the network, organizations can then develop the processes and procedures for securing them. Part of this is making sure devices offer appropriate security features and can be hardened or updated through firmware.

Once policies have been put in place, it’s also important for an organization to have someone who can communicate IT policies and work with the integrator to ensure that devices are configured to fit within that policy. For example, a primary policy would be that any device that’s installed on the network, whether it’s a server, workstation or an IoT device, must communicate using encryption over the customer’s local area network in order to lower the risk of cyberattacks.

Based on that policy, any IP camera that’s installed must enable encryption, and the video management system will need to be able to read the encrypted communication from that camera. Going a step further, when drafting these policies, end users also have to take mobile devices into account and establish a policy that protects the organization’s network from being compromised by an individual’s personal device.

Policies play an integral part in overcoming the human element. Another factor is having tools that make it easy to maintain consistency when deploying cybersecurity features in IoT devices. For example, if someone has to individually configure hundreds of different devices one by one to make them secure—especially if you have multiple people doing it—the human factor takes over, and mistakes can be made.

Finding the Right Fit

For integrators, the road to strong cybersecurity starts with selecting products that can deliver strong cybersecurity for protecting customers’ networks. When selecting solutions for end users, it’s important to look for products that offer features that fit into the customer’s security policy. This could include encryption, IP address filtering to restrict who and what can access a device, digitally signed firmware, or secure booting, which will halt the boot process if foreign code is introduced to the device.

However, when installing and deploying devices, it’s not practical to simply turn on all the security features, drop it into an enterprise environment and hope that it works. IoT relies on interconnectivity and communication between devices, so there needs to be coordination between the necessary connections, and communication has to be encrypted.

Keep in mind that not all encryption is the same, meaning that whatever encryption is running on the edge device must also be running on the server it’s connecting to. Otherwise, they simply can’t communicate, which completely undermines the core benefit of the IoT.

This means each end user will require some degree of customization in the configuration of devices, so integrators have to make sure they and their staff have the right skills and that they’re properly communicating with the end user to make sure their security needs are heard and addressed. Additionally, the level of customization and the end user’s cybersecurity needs must be dictated by established policies.

Many manufacturers also provide a hardening guide that details how to best secure their devices. This can be an invaluable tool for integrators and end users, but it can’t replace the need for an organization to have a security policy in place and then use the hardening guide to determine which specific features can be implemented to fit into that policy.

Another key factor when looking at products is to identify a manufacturer that adheres to cybersecurity best practices such as strong encryption and a variety of additional security features that deliver the highest level of protection for devices. They must also be open and transparent so that when a vulnerability is discovered in one of their devices, they will alert customers and provide a fix as soon as possible.

Managing IoT Device Lifecycles

An unfortunate reality is that all devices will eventually expire or at the very least, reach the end of their useful life. For example, an IP camera could have a functional lifetime of upward of 10 to 15 years. However, security vulnerabilities will change quickly and dramatically over that period, which makes it difficult for manufacturers to keep providing the updates required to keep those cameras protected in an evolving cybersecurity threat landscape.

The good news is that in many cases, this can be predictable, provided an organization is engaged in some sort of structured lifecycle management program. Implementing, monitoring and managing life cycles provides organizations with the ability to better plan for introducing new technology into their environment. Lifecycle management also allows organizations to keep pace with new and emerging cybersecurity threats while ensuring they are using the appropriate and most advanced technologies to minimize security threats and vulnerabilities and avoid the negative costs associated with cyber breaches.

This process also allows organizations to identify those devices that may be nearing the end of their useful life or that are too outdated for the manufacturer to provide supportincluding firmware and operating system updates-making them susceptible to risk.

Regardless, these devices must be replaced with newer solutions that offer up-to-date cybersecurity features and are supported by the manufacturer. In addition to security, the hallmark of a good lifecycle management program is the ability for an organization to plan and budget for replacing a certain number or percentage of devices each year rather than facing an expensive replacement of an entire system or major component.

Given the number and variety of networked devices available today, applications of IoT networks would seem to be limited only by the imagination. The combined data generated by these interconnected systems offer tremendous potential to deliver deep insights and intelligence that have never before been possible, provided IoT devices and networks are properly designed, deployed, managed and secured. These best practices will help manufacturers, integrators and end users harness the true power of the IoT.

This article originally appeared in the September 2019 issue of Security Today.

Featured

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3