FINAL WORD

Jonathan Nguyen-Duy , Vice President , Global Field CISO Team , Fortinet

IoT sensors installed on manufacturing equipment provide production managers with critical information . Environmental data from these sensors signal evidence of wear and tear on expensive equipment , alerting managers about maintenance before that equipment fails and costs the organisation millions of dollars in lost productivity .

As a result of these and other use cases , organisations are finding that in order to keep up with the massive amounts of data they are amassing , they need to act fast and build out their data management resources . For many , this comes in the form of a standard , two-pronged solution : easily scalable cloud data centres and highperforming infrastructures developed to support data mining for critical information .

An increased digital footprint results in increased risk

One of the top challenges associated with IoT adoption is security . Botnets are the most common IoT cyberthreat , causing Distributed Denial of Service ( DDoS ) attacks like the notorious Mirai , which infected tens of thousands of IoT devices before causing massive disruption .

When compromised , IoT devices may do the following :

1 . Intercept data being transmitted 2 . Act as a vehicle for malware 3 . Fall under control of a botnet to carry out a specific , disruptive task such as DDoS

According to research conducted by the team at FortiGuard Labs , IoT devices were involved in half of the top 12 exploits last year . This is primarily due to the fact that most IoT devices are designed with fault code , no built-in security measures and an inability to be updated even when network managers identify a vulnerability .

IoT and the cloud : A uniquely challenging combination

Every IoT device is potentially another cloud connection and every connection to the network represents yet another security vulnerability . So , what does this mean for your organisation ? As you develop new IoT assets and move to the cloud , your security strategies for both need to be in sync with one another . When an IoT device is compromised , your public and private clouds are at risk and this can eventually affect your core network and even your customers .

How to secure IoT and cloud connections

There are six key considerations when it comes to securing IoT and cloud environments :

1 . Robust vulnerability management . Understanding what is on your network and the potential threats they pose is critical . Keeping track of your IoT devices ensures they can be updated with security patches ( where possible ), properly segmented and isolated , or protected using effective proximity controls that can offer defence in the case of an attack .

2 . Compensating controls . By implementing proper controls , security teams can mitigate risks posed by those devices that can ’ t be updated . Proximity devices , including firewall and IPS systems , should be leveraged to ensure the inspection of data moving between IoT devices and the cloud . Additionally , behaviourbased detection can be used to identify traffic discrepancies , such as the communication between botnet command and control centres .

3 . Encryption . This practice should be leveraged where possible to ensure the confidentiality and integrity of data .

4 . Hardened security at the cloud edge . Not all IoT environments are secure , so hardening the cloud network is essential . In addition to other mitigation efforts , avoiding DDoS attacks and malware is also a matter of inspecting traffic at the cloud edge .

5 . Integration and automation . The policies that govern security tools and the collection of security event data need to exist within the same management platform . This will ensure event correlation , consistent functionalities , reliable configuration delivery and the orchestration and enforcement of policies all through a single pane of glass .

6 . Security plus performance . Security platforms must be consistently reliable , no matter the environment in which they are deployed . Regardless of whether they are deployed as a virtual instance or a physical appliance , they must be able to process large amounts of data without slowing down the collection and processing of critical data .

Final thoughts

To maximise the benefits of Digital Transformation , organisations must employ effective security strategies for IoT devices and the cloud . A unified strategy that addresses both the cloud and IoT using advanced threat intelligence and automation is vital . This will secure critical connections moving forward and set your organisation up for success in the modern marketplace . •

84 INTELLIGENTCIO www . intelligentcio . com