Deploying IoT Devices

Deploying IoT Devices

Best practices for managing and securing IoT networks

The number and breadth of devices that make up the Internet of Things (IoT) continues to grow rapidly, with everything from kitchen appliances to video surveillance and access control systems offering the ability to connect to a network. Each of these offers tremendous value, but the true power of the IoT lies in the ability to connect disparate systems and devices to leverage the combined data they produce to generate some valuable insight and actionable intelligence.

Integrations between IP-based surveillance, access control, intercoms, speakers, traffic management, HVAC and many others offer the potential to share useful information between connected devices to deliver a fuller view of a situation across multiple locations than any one system could possibly provide on its own.

The effectiveness of IoT networks relies on understanding how devices can work together to capitalize on the combined strengths of each sensor to deliver value and solve specific challenges by collecting widely dispersed data from disparate sources to provide a complete view of security and operations. Given the billions of IoT sensors deployed around the world and the value of the data they provide, the need to properly deploy, manage and secure those devices has become more urgent.

It’s one thing to have all this technology at your fingertips, but it’s another thing to understand the problems you’re trying to solve with that technology. Therefore, it is vital to start with the problem and identify the technologies that offer solutions to those challenges.

Additionally, there is the fact that the more devices an organization has connected to the network, the greater the potential for network breaches, as well as the need to manage the continually-growing number of devices on the network. By following some best practices, organizations can mitigate potential concerns in these and other areas to harness the true power of their IoT networks.

Addressing Vulnerabilities

All devices connected to a network represent potential back doors that hackers could exploit to gain access to a network and the various systems to which it’s connected. Therefore, as evidenced by the number of high-profile breaches that seem to be occurring with alarming regularity, cybersecurity is a top priority for everyone.

Unfortunately, all networked devices and systems can be vulnerable, and in our connected world, the cybersecurity of a network is only as strong as the weakest device connected to it. Therefore, it is essential that all networked devices provide the level of security necessary to protect the overall system from the potentially catastrophic effects of a breach.

Perhaps the biggest concern with networked devices is that they could be used by cybercriminals as a platform to breach other parts of a system, which could then be used to gather data or take down or hijack a system. In theory, any networked device can be used to attack another network device. For example, a vulnerable networked HVAC system could be used to gain access to a retailer’s overall network, which could provide hackers with access to POS and financial data, including customer names and credit card information that could be used for identity theft or other crime. Unfortunately, this is becoming more of a reality with each passing day.

Organizations can reduce the likelihood of a breached device serving as a back door for hackers to access other devices by segmenting it, hardening it or isolating it in some way that protects the device to the best of their ability and keeps it separated from other systems and the sensitive information they contain. It is also necessary to continually re-assess cybersecurity methods and procedures to make sure they’re adequate for the threats that continue to emerge daily.

A great example of this would be surveillance cameras, which are different from other devices in that they often run on a segmented surveillance-only network and are not designed to tap into other systems. A much easier target would be a Windows computer, given that it might have access to more systems and probably has an Active Directory domain that provides access to a larger file system or to sensitive data itself. So when properly deployed and connected to the network, it would be highly unlikely that someone could use a camera to gain access to sensitive or personal information contained in another networked system.

Overcoming the Human Element

While strong tools, technologies and features are vital to supporting cybersecurity, they aren’t capable of addressing what tends to be the weakest link in cybersecurity: the human element.

That’s why it’s so important for organizations to set and apply standards and enforce policies across their systems, and to put policies in place to ensure best practices are followed throughout the organization. This should include guidelines regarding connecting personal devices like mobile phones or wireless access points to the network.

One of the biggest challenges organizations face is simply knowing what’s deployed on their network. Depending on its size and specific needs, an organization may have hundreds or thousands of IoT devices and sensors deployed in one or multiple locations.

Thankfully there are technologies available that can scan the network to identify every device that’s connected to it. In some cases, these solutions will even ensure that all devices from a particular manufacturer are properly configured according to a company’s requirements and policies.

Armed with a solid understanding of the hardware, systems, and devices that are deployed on the network, organizations can then develop the processes and procedures for securing them. Part of this is making sure devices offer appropriate security features and can be hardened or updated through firmware.

Once policies have been put in place, it’s also important for an organization to have someone who can communicate IT policies and work with the integrator to ensure that devices are configured to fit within that policy. For example, a primary policy would be that any device that’s installed on the network, whether it’s a server, workstation or an IoT device, must communicate using encryption over the customer’s local area network in order to lower the risk of cyberattacks.

Based on that policy, any IP camera that’s installed must enable encryption, and the video management system will need to be able to read the encrypted communication from that camera. Going a step further, when drafting these policies, end users also have to take mobile devices into account and establish a policy that protects the organization’s network from being compromised by an individual’s personal device.

Policies play an integral part in overcoming the human element. Another factor is having tools that make it easy to maintain consistency when deploying cybersecurity features in IoT devices. For example, if someone has to individually configure hundreds of different devices one by one to make them secure—especially if you have multiple people doing it—the human factor takes over, and mistakes can be made.

Finding the Right Fit

For integrators, the road to strong cybersecurity starts with selecting products that can deliver strong cybersecurity for protecting customers’ networks. When selecting solutions for end users, it’s important to look for products that offer features that fit into the customer’s security policy. This could include encryption, IP address filtering to restrict who and what can access a device, digitally signed firmware, or secure booting, which will halt the boot process if foreign code is introduced to the device.

However, when installing and deploying devices, it’s not practical to simply turn on all the security features, drop it into an enterprise environment and hope that it works. IoT relies on interconnectivity and communication between devices, so there needs to be coordination between the necessary connections, and communication has to be encrypted.

Keep in mind that not all encryption is the same, meaning that whatever encryption is running on the edge device must also be running on the server it’s connecting to. Otherwise, they simply can’t communicate, which completely undermines the core benefit of the IoT.

This means each end user will require some degree of customization in the configuration of devices, so integrators have to make sure they and their staff have the right skills and that they’re properly communicating with the end user to make sure their security needs are heard and addressed. Additionally, the level of customization and the end user’s cybersecurity needs must be dictated by established policies.

Many manufacturers also provide a hardening guide that details how to best secure their devices. This can be an invaluable tool for integrators and end users, but it can’t replace the need for an organization to have a security policy in place and then use the hardening guide to determine which specific features can be implemented to fit into that policy.

Another key factor when looking at products is to identify a manufacturer that adheres to cybersecurity best practices such as strong encryption and a variety of additional security features that deliver the highest level of protection for devices. They must also be open and transparent so that when a vulnerability is discovered in one of their devices, they will alert customers and provide a fix as soon as possible.

Managing IoT Device Lifecycles

An unfortunate reality is that all devices will eventually expire or at the very least, reach the end of their useful life. For example, an IP camera could have a functional lifetime of upward of 10 to 15 years. However, security vulnerabilities will change quickly and dramatically over that period, which makes it difficult for manufacturers to keep providing the updates required to keep those cameras protected in an evolving cybersecurity threat landscape.

The good news is that in many cases, this can be predictable, provided an organization is engaged in some sort of structured lifecycle management program. Implementing, monitoring and managing life cycles provides organizations with the ability to better plan for introducing new technology into their environment. Lifecycle management also allows organizations to keep pace with new and emerging cybersecurity threats while ensuring they are using the appropriate and most advanced technologies to minimize security threats and vulnerabilities and avoid the negative costs associated with cyber breaches.

This process also allows organizations to identify those devices that may be nearing the end of their useful life or that are too outdated for the manufacturer to provide supportincluding firmware and operating system updates-making them susceptible to risk.

Regardless, these devices must be replaced with newer solutions that offer up-to-date cybersecurity features and are supported by the manufacturer. In addition to security, the hallmark of a good lifecycle management program is the ability for an organization to plan and budget for replacing a certain number or percentage of devices each year rather than facing an expensive replacement of an entire system or major component.

Given the number and variety of networked devices available today, applications of IoT networks would seem to be limited only by the imagination. The combined data generated by these interconnected systems offer tremendous potential to deliver deep insights and intelligence that have never before been possible, provided IoT devices and networks are properly designed, deployed, managed and secured. These best practices will help manufacturers, integrators and end users harness the true power of the IoT.

This article originally appeared in the September 2019 issue of Security Today.

Featured

  • Maximizing Your Security Budget This Year

    The Importance of Proactive Security Measures: 4 Stories of Regret

    We all want to believe that crime won’t happen to us. So, some business owners hope for the best and put proactive security measures on the back burner, because other things like growth, attracting new customers, and meeting deadlines all seem more pressing. Read Now

  • Global IT Outage Cause by Faulty Update from Cybersecurity Provider CrowdStrike

    Systems are starting to come back online after a global IT outage on Friday disrupted everything from airline operations to banks and 911 call centers. Read Now

  • Securing the Flow of Operations

    The transportation industry is a complex and dynamic environment where efficient management of physical keys, vehicles and shared devices is critical to ensuring smooth operations, reducing costs and maintaining security. Every day, more transportation facilities are using modern electronic key and asset management systems to better secure, audit and manage the important assets that keep operations running smoothly. Read Now

  • The Recipe for Stadium Security

    The threat landscape of stadium security is fluid. Today’s venues and stadiums have operational security 24/7, hosting sporting events, community events, concerts, conventions and more – each with a unique visitor base and each with unique security risks. Read Now

Featured Cybersecurity

Webinars

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3