Deploying IoT Devices

Deploying IoT Devices

Best practices for managing and securing IoT networks

The number and breadth of devices that make up the Internet of Things (IoT) continues to grow rapidly, with everything from kitchen appliances to video surveillance and access control systems offering the ability to connect to a network. Each of these offers tremendous value, but the true power of the IoT lies in the ability to connect disparate systems and devices to leverage the combined data they produce to generate some valuable insight and actionable intelligence.

Integrations between IP-based surveillance, access control, intercoms, speakers, traffic management, HVAC and many others offer the potential to share useful information between connected devices to deliver a fuller view of a situation across multiple locations than any one system could possibly provide on its own.

The effectiveness of IoT networks relies on understanding how devices can work together to capitalize on the combined strengths of each sensor to deliver value and solve specific challenges by collecting widely dispersed data from disparate sources to provide a complete view of security and operations. Given the billions of IoT sensors deployed around the world and the value of the data they provide, the need to properly deploy, manage and secure those devices has become more urgent.

It’s one thing to have all this technology at your fingertips, but it’s another thing to understand the problems you’re trying to solve with that technology. Therefore, it is vital to start with the problem and identify the technologies that offer solutions to those challenges.

Additionally, there is the fact that the more devices an organization has connected to the network, the greater the potential for network breaches, as well as the need to manage the continually-growing number of devices on the network. By following some best practices, organizations can mitigate potential concerns in these and other areas to harness the true power of their IoT networks.

Addressing Vulnerabilities

All devices connected to a network represent potential back doors that hackers could exploit to gain access to a network and the various systems to which it’s connected. Therefore, as evidenced by the number of high-profile breaches that seem to be occurring with alarming regularity, cybersecurity is a top priority for everyone.

Unfortunately, all networked devices and systems can be vulnerable, and in our connected world, the cybersecurity of a network is only as strong as the weakest device connected to it. Therefore, it is essential that all networked devices provide the level of security necessary to protect the overall system from the potentially catastrophic effects of a breach.

Perhaps the biggest concern with networked devices is that they could be used by cybercriminals as a platform to breach other parts of a system, which could then be used to gather data or take down or hijack a system. In theory, any networked device can be used to attack another network device. For example, a vulnerable networked HVAC system could be used to gain access to a retailer’s overall network, which could provide hackers with access to POS and financial data, including customer names and credit card information that could be used for identity theft or other crime. Unfortunately, this is becoming more of a reality with each passing day.

Organizations can reduce the likelihood of a breached device serving as a back door for hackers to access other devices by segmenting it, hardening it or isolating it in some way that protects the device to the best of their ability and keeps it separated from other systems and the sensitive information they contain. It is also necessary to continually re-assess cybersecurity methods and procedures to make sure they’re adequate for the threats that continue to emerge daily.

A great example of this would be surveillance cameras, which are different from other devices in that they often run on a segmented surveillance-only network and are not designed to tap into other systems. A much easier target would be a Windows computer, given that it might have access to more systems and probably has an Active Directory domain that provides access to a larger file system or to sensitive data itself. So when properly deployed and connected to the network, it would be highly unlikely that someone could use a camera to gain access to sensitive or personal information contained in another networked system.

Overcoming the Human Element

While strong tools, technologies and features are vital to supporting cybersecurity, they aren’t capable of addressing what tends to be the weakest link in cybersecurity: the human element.

That’s why it’s so important for organizations to set and apply standards and enforce policies across their systems, and to put policies in place to ensure best practices are followed throughout the organization. This should include guidelines regarding connecting personal devices like mobile phones or wireless access points to the network.

One of the biggest challenges organizations face is simply knowing what’s deployed on their network. Depending on its size and specific needs, an organization may have hundreds or thousands of IoT devices and sensors deployed in one or multiple locations.

Thankfully there are technologies available that can scan the network to identify every device that’s connected to it. In some cases, these solutions will even ensure that all devices from a particular manufacturer are properly configured according to a company’s requirements and policies.

Armed with a solid understanding of the hardware, systems, and devices that are deployed on the network, organizations can then develop the processes and procedures for securing them. Part of this is making sure devices offer appropriate security features and can be hardened or updated through firmware.

Once policies have been put in place, it’s also important for an organization to have someone who can communicate IT policies and work with the integrator to ensure that devices are configured to fit within that policy. For example, a primary policy would be that any device that’s installed on the network, whether it’s a server, workstation or an IoT device, must communicate using encryption over the customer’s local area network in order to lower the risk of cyberattacks.

Based on that policy, any IP camera that’s installed must enable encryption, and the video management system will need to be able to read the encrypted communication from that camera. Going a step further, when drafting these policies, end users also have to take mobile devices into account and establish a policy that protects the organization’s network from being compromised by an individual’s personal device.

Policies play an integral part in overcoming the human element. Another factor is having tools that make it easy to maintain consistency when deploying cybersecurity features in IoT devices. For example, if someone has to individually configure hundreds of different devices one by one to make them secure—especially if you have multiple people doing it—the human factor takes over, and mistakes can be made.

Finding the Right Fit

For integrators, the road to strong cybersecurity starts with selecting products that can deliver strong cybersecurity for protecting customers’ networks. When selecting solutions for end users, it’s important to look for products that offer features that fit into the customer’s security policy. This could include encryption, IP address filtering to restrict who and what can access a device, digitally signed firmware, or secure booting, which will halt the boot process if foreign code is introduced to the device.

However, when installing and deploying devices, it’s not practical to simply turn on all the security features, drop it into an enterprise environment and hope that it works. IoT relies on interconnectivity and communication between devices, so there needs to be coordination between the necessary connections, and communication has to be encrypted.

Keep in mind that not all encryption is the same, meaning that whatever encryption is running on the edge device must also be running on the server it’s connecting to. Otherwise, they simply can’t communicate, which completely undermines the core benefit of the IoT.

This means each end user will require some degree of customization in the configuration of devices, so integrators have to make sure they and their staff have the right skills and that they’re properly communicating with the end user to make sure their security needs are heard and addressed. Additionally, the level of customization and the end user’s cybersecurity needs must be dictated by established policies.

Many manufacturers also provide a hardening guide that details how to best secure their devices. This can be an invaluable tool for integrators and end users, but it can’t replace the need for an organization to have a security policy in place and then use the hardening guide to determine which specific features can be implemented to fit into that policy.

Another key factor when looking at products is to identify a manufacturer that adheres to cybersecurity best practices such as strong encryption and a variety of additional security features that deliver the highest level of protection for devices. They must also be open and transparent so that when a vulnerability is discovered in one of their devices, they will alert customers and provide a fix as soon as possible.

Managing IoT Device Lifecycles

An unfortunate reality is that all devices will eventually expire or at the very least, reach the end of their useful life. For example, an IP camera could have a functional lifetime of upward of 10 to 15 years. However, security vulnerabilities will change quickly and dramatically over that period, which makes it difficult for manufacturers to keep providing the updates required to keep those cameras protected in an evolving cybersecurity threat landscape.

The good news is that in many cases, this can be predictable, provided an organization is engaged in some sort of structured lifecycle management program. Implementing, monitoring and managing life cycles provides organizations with the ability to better plan for introducing new technology into their environment. Lifecycle management also allows organizations to keep pace with new and emerging cybersecurity threats while ensuring they are using the appropriate and most advanced technologies to minimize security threats and vulnerabilities and avoid the negative costs associated with cyber breaches.

This process also allows organizations to identify those devices that may be nearing the end of their useful life or that are too outdated for the manufacturer to provide supportincluding firmware and operating system updates-making them susceptible to risk.

Regardless, these devices must be replaced with newer solutions that offer up-to-date cybersecurity features and are supported by the manufacturer. In addition to security, the hallmark of a good lifecycle management program is the ability for an organization to plan and budget for replacing a certain number or percentage of devices each year rather than facing an expensive replacement of an entire system or major component.

Given the number and variety of networked devices available today, applications of IoT networks would seem to be limited only by the imagination. The combined data generated by these interconnected systems offer tremendous potential to deliver deep insights and intelligence that have never before been possible, provided IoT devices and networks are properly designed, deployed, managed and secured. These best practices will help manufacturers, integrators and end users harness the true power of the IoT.

This article originally appeared in the September 2019 issue of Security Today.


  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity


New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • ResponderLink


    Shooter Detection Systems (SDS), an company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3