Most of the devices in the Internet of Things (IoT) reside outside of your security wall. Some, such as mobile point-of-sale terminals and other publicly accessible devices, are outside because they could be a gateway for malicious attacks. Others, such as sensors and remote monitors, may be too distant to include inside. And some, such as medical devices and other specialized tools, may be outside of IT’s sphere. However, all of these devices still need to be protected as they go about their tasks of collecting and communicating sensitive and valuable personal data.
Protecting the Internet of Things is not like protecting a data center. The devices are small, often publicly accessible and vulnerable, and have limited computing power. As we saw in recent security breaches, keeping some devices inside the firewall is not recommended. The devices themselves need to be hardened to withstand attacks and resist tampering, but without compromising front-line performance and battery life or increasing operating costs. By building the necessary security functions into silicon, IoT technology such as point-of-sale devices and self-serve kiosks can control their integrity from the factory.
Retailers must vigilantly secure the valuable information they hold. It is important for consumers to know that companies are working to protect their financial information from cyberthreats by deploying security deep into their retail systems. As connected retail continues to grow, directly addressing security challenges will be an important part of brand reputation and success. Antivirus, immutable identity, dynamic whitelisting, applications control, and secure boot are mandatory functions to defend the millions of connected point-of-sale and kiosk devices around the world regularly targeted by hackers. These tools provide immediate protection from zero-day vulnerabilities and unauthorized application changes, while reducing the frequency of software patches.
With little or no local storage, IoT devices are heavily dependent on communications, so securing the communications path is as important as hardening the device. Having your credit card information stolen is annoying and potentially costly. Having your healthcare information stolen can be personally embarrassing, have long-term effects, and provide hackers with everything they need for identity theft.
As the IoT moves further and further into healthcare, medical devices are coming under attack because of the valuable information they contain. Standard security does not protect against insider attacks, staff errors, security lapses, or theft of data in transit. Adding powerful data encryption to healthcare devices protects confidential patient data in transit and at rest. As a side benefit, encryption can also monitor and control access to the systems and their data, sending alarms in the event of unauthorized attempts to access them. Even more than consumers, patients place a high value on trust and privacy. Security breaches or leaks of confidential healthcare data could be harmful or fatal.
Securing the IoT — whether in retail, healthcare, industrial, or home environments — means looking at the whole ecosystem, not individual points and devices, from silicon to software and from platforms to management. Industry specialists must be able to incorporate these tools into their unique solutions, addressing the specific needs of their target markets. Best practices demand that we not only harden the devices, but also secure the communications and monitor and manage the security state. Most important, we need to remember that by protecting the data, we are protecting the privacy of our customers, colleagues, neighbors, friends, and families.