Enterprise IoT threatens to undermine cloud and IT security

We had so much trouble getting security back to normal and now we've screwed it up with a new thermostat and copy machine which makes all the security measures worthless.

The Internet of Things is ubiquitous in your personal life. But the technology is making its way into Global 2000 companies. Yet, most of the Global 2000 companies are unaware that their adoption of the Internet of Things poses risks to IT and cloud security.

How does this happen? Well, as thermostats and sensors in a building's HVAC system fail, for example, smart devices that process information on the devices often replace them. These new IoT sensor devices are often self-contained computers, many with their own operating systems and internal data storage. IT is largely unaware of their presence in the company, and they are placed on the company's network without IT's knowledge.

[[217462]]

In addition to the devices IT doesn't know about, there are also devices IT knows about that are equally risky. Upgraded printers, copiers, Wi-Fi hubs, factory robots are far more sophisticated and capable than previous systems, but they also have the potential to turn against you -- including attacking cloud-based systems, where your data resides.

Worse, many of these IoT devices are easily hackable, so they can easily serve as proxies for stealing network data and passwords, or even breaking into cloud-based systems, which may not have security systems in place to take access from inside a company’s firewall into account.

And don't let price be a proxy for security level: I've found that the more specialized and expensive the devices are, the less secure they are.

This is going to be a big problem in 2018 and 2019. A lot of companies are getting hammered before they take corrective action.

The corrective action for this is obvious: if an IoT device (whatever it is) does not provide the same level of security as your public cloud provider, or has security systems enabled that you trust, then you should not use that device.

Most IoT companies are improving their security and even supporting managed security in some public clouds. However, such secure IoT devices are always slow to arrive, so most companies deploy what is available on the market: IoT devices without a proper security system bundled with them.

Sadly, I suspect IoT security will mostly be playing the mole game for the next few years as these things regularly show up on enterprise networks.

This is really too bad. We had so much trouble getting security back to normal and now we've screwed it up with the new thermostat and copy machine which makes all the security measures worthless.