How to Securely Manage Your IoT Devices

By:  |  Category: Blog, Security Tuesday, October 30th, 2018  |  No Comments

Managing IoT devices is a lot like running a preschool after recess. The toys are all over the place and the kids are going crazy.

So how do IT security professionals protect their business from cyber risk and still let the employees have access to all their connected devices?

A good place to start is by giving an “identity” to each device connected into their network and incorporating them into existing identity management processes.

1. Give devices an identity: This involves a paradigm shift.  Consider IoT devices not as pieces of technology and therefore a “threat”, but instead, as privileged users who have access to sensitive information. By assigning a device and identity and provisioning them appropriately, their activity can be monitored and managed throughout their whole life cycle on the network.

2. Apply device governance: Once each device is given an identity, you should apply policy-based authentication and access control. It’s easy to deploy an IoT device and forget about it, but the reality is that these devices are a conduit between the internet and your environment, making them an easy attack vector for unauthorized users to gain access to sensitive corporate information.

Device authentication and access should be governed and routinely revisited during the full device lifecycle — through software updates, bug fixes, new firmware, routine maintenance and diagnostic improvements.

3. Vigilantly reduce access: Just as you would only give an employee the minimum access to data and systems they need to do their jobs, businesses need to limit the access of their IoT devices.

Employ firewalls and permissions to safeguard against unauthorized devices obtaining proprietary or privileged information. For example, your smart printer doesn’t need access to the CFO’s income statements folder. The less access you give an IoT device, or employee, the less damage either could bring to the enterprise.

4. Manage device passwords: Similar to users, IoT devices contain passwords that grant them authentication to systems, files and data. Best practices for managing user passwords — such as requiring routine resets and multifactor — also apply to IoT passwords. These passwords must be updated routinely and closely managed to protect the vital information they store.

5. Monitor the device: Devices should be monitored 24×7 to identify unusual activity, check for necessary patch updates, and confirm each device is still in the right network segment. Machines are highly predictable, and abnormal behavior can be a clear giveaway if there is an unauthorized user controlling the device. Without the right monitoring processes in place, these abnormalities — and thereby potential malicious actors — can go undetected.

Managing IoT devices as contributing parts of your business that need identity monitoring, instead of viewing them as threats, is the best way to ensure any access is kept in check and potential threats or anomalies are monitored.

Although there can be thousands of IoT devices connected to a network at once, it takes only one poorly managed machine to inadvertently breach an organization.

As more of these devices join the network, businesses that employ these best practices can work to eliminate IoT as a threat, and begin to realize the productivity potential it was designed to bring them in the first place.

If you need assistance with managing IoT devices and cyber security services give EnhancedTECH a call at 714-970-9330 or contact us at [email protected]

Leave a Comment
Read previous post:
Cyber Security Best Practices
The Majority of Users Don’t Know Cyber Security Best Practices

Cyber Security Best Practices: According to KnowBe4 and new data from MediaPRO’s third annual State of Privacy and Security Awareness...