IoT has arrived. And it is undoubtedly big. IoT deployments today may range from simple devices such as asset tracking, to fairly complex scenarios such as using AI to perform predictive maintenance on a factory floor. Originally implemented by large organizations, IoT is now adopted by companies regardless of size, all hoping to benefit from the harvesting of data from the edge devices. This in turn enables them to process that information to facilitate better business decisions.
A common mantra in these deployments has often been “faster, better, cheaper.” This, inadvertently, is at the cost of added risks and poor security practices.
A paper commissioned by Bromium in 2018 and presented by Dr. Michael McGuire at RSA, found that the cybercrime economy has grown to $1.5 trillion dollars annually. Recently, a research report produced by Omdia, commissioned by Syniverse found that ensuring data, network and device security is the biggest challenge to a successful IoT deployment by enterprises participating in that research.
Let us look at some of the common issues that plague poorly planned IoT deployments:
- Not Planned for Scale and Growth
When a network grows in bits and pieces, the organization can find itself supporting a plethora of device types and technologies. This becomes difficult to manage and support. The result is an environment that is complex and highly nuanced – an operational and support nightmare.
- Fire and Forget
Bad endings often result from devices and IoT gateways that are deployed and then left alone, as long as they’re “running well.” By doing this, devices are allowed to continue to run on older software as newer versions, patches and fixes become available. This makes these devices unreliable, both from a performance and secure standpoint.
- Assuming the Internet is Safe
The public internet is free for anyone to utilize, including the “bad guys.” They may not have malicious intent to a particular company, but the things they do, such as a DDoS attack, can bring the internet down or impact its services that affects everyone else on it. Some examples of attacks that affected global internet services are the February 2018 GitHub DDoS attack and the October 2016 Dyn attack.
- No One is Listening
A common misconception of small- and medium-sized companies is that hackers and bad actors only target “high value” organizations. The truth is, Man in the Middle (MitM) attacks target smaller- and medium-sized companies, with comparatively smaller security budget, as they are often “easier” to break into.
A Verizon Data Breach Investigations Report stated that 58% of cyber-attack victims were small businesses. About one-third of exploitation of unintentional weaknesses were MitM attacks, according to IBM’s X-Force Threat Intelligence Index 2018.
- Encryption is Enough
Since the bulk majority of IoT traverses the internet, companies encrypt their data as a security measure. Encryption provides confidentiality but does not address reliability and availability of the transmission. A Juniper Research paper in 2018 found that small businesses invest less than $500 per year in cybersecurity products.
Deploying a new technology is often a significant investment with anticipated returns – in savings, increased productivity and revenue enablement. There are some basic steps organizations can take to ensure a smooth and successful rollout.
- Planning with Strategy in Place
Treat the deployment like a project with requirements, features, use cases and appropriate success measures outlined.
The planning phase is fundamental in every deployment, where often the most crucial decisions are determined.
- Take Time to Test
A small-scale deployment for testing purposes can be highly beneficial – through the various learnings, lessons and risk avoidance encountered.
This allows organizations to make mistakes and self-correct quickly. Additionally, the organization can integrate the new technology with its existing business and support systems. This is a classic crawl-walk-run approach.
- Think Big
A new technology is not just a shiny new toy. It’s an enabler to achieving business goals. And this would be integral to all parts of the organization as well as the customers organization. A readiness checklist that includes sales, support, operations, legal, marketing, branding and security needs to be in place. Early involvement drives excitement and adoption. Create value proposition to the various stakeholders.
- Security as a Deterrent, Not as a Remedy
Enterprises and organizations now identify security as a key requirement for any deployment. Identify security requirements aligned to the corporate strategy as well as the IoT use cases. Some IoT use cases require more stringent security as verticals drive adherence and compliance to regulated standards. There is additional need to safeguard data as malicious acts of cybercrime often target personal data and industrial information.
- The Internet is Not the Only Path for IoT
Almost all IoT traffic is transacted over the public internet. But the internet is not architected for security and does not assure availability. It only offers best effort services and cannot support use cases requiring high bandwidth and low latency. Alternative solutions like a secure private network or secure cellular connectivity enable use cases, providing coverage, mobility as well as security all while keeping the IoT data off the public internet.
IoT offers huge potential for organizations, tying in devices at the edge, using various communications technologies to access applications in a cloud environment. With its high level of automation, digitization and virtualization, IoT enables organizations and its extended ecosystem a variety of benefits. Planning ahead, aligning the crucial people, tools and processes in the organization can lead to a successful and robust rollout.
What lessons have you learned from you IoT deployment? Leave me a comment below so we can continue the conversation.
Kathiravan Kandasamy is Senior Director of Product Management at Syniverse.