Use an IoT security architecture to protect networks end to end
By Johna Till Johnson
Organizations can reap benefits from IoT technology but only if it is properly secured. Learn the components of IoT network architecture and the unique security considerations of each. IoT can be game-changing for organizations — in more ways than one. In fact, organizations that successfully implemented IoT generated an average of $8.36 million in new revenue, $5 million in savings and 41.8% improvement in business process efficiency, according to a Nemertes Research study.
But how are those organizations securing their IoT initiatives?
Too often, they are not securing them at all. There are two main reasons for this. First, many initiatives were launched by operational technologists or business professionals for whom cybersecurity is not yet an established discipline the way it is for IT folks. Second, there are no universal standards or frameworks covering cybersecurity for IoT, particularly when it comes to IoT infrastructure. The most fundamental way to mitigate IoT risks is to bake security into the IoT network architecture. An IoT security architecture is a blueprint that illustrates all components of the IoT infrastructure for all IoT projects and details how to secure each component.
Securing the components of IoT network architecture
Critical to securing IoT infrastructure is understanding the architecture and its components. Make sure security measures are taken to bolster IoT networks. Below, learn more about individual architecture components and how to secure them.
Sensors and actuators. Sensors are the monitors that pick up data and relay it for further analysis. Actuators are devices that act as robotic controls. Many IoT attacks have used actuators, such as printers, as launch points into a business’s network. In both cases, it is imperative to ensure device access is controlled via settable passwords, encrypt any data stored locally, and monitor and contain any executable code run by the device.
Sensor and actuator network. This is the local network that connects devices to the first layer of analytics. It is analogous to a LAN in use cases such as hospitals and manufacturing plant floors. It may also be a WAN in scenarios such as autonomous vehicles. The network is usually wireless — for example, Wi-Fi, Bluetooth or 5G. Protect traffic across this network and its individual network components — such as access points — from being hijacked. Pay close attention to network access control. This requires emphasis on privileged account management. Make sure there are few individuals with the ability to configure network components. Traffic should be encrypted to avoid attacks.
Bus. Most initiatives do not yet consolidate multiple IoT traffic streams into an IoT bus. Expect this to evolve as companies realize the complexity of scaling and managing multiple IoT initiatives.
Once a bus is present, it will need to be secured and managed like any other component.
Sensor and actuator analytics platforms. IoT data is useless unless it is analyzed and acted upon. Most IoT initiatives include one or more analytics platforms. These can be cloud-based or on premises, depending on the initiative. To secure the platforms, establish multifactor authentication for access, enable encryption where possible and monitor for anomalous behavior.
Sensor and actuator analytics networks. Some organizations run analytics across multiple platforms — Azure, AWS and on premises, for example. But, for IoT to be successful, enterprises must connect those platforms and implement security measures. Considering how multi-cloud security can have similarly unique challenges, this may require special focus for IoT applications.
Management and control plane. The IoT infrastructure must be managed and controlled, and this control plane needs to include cybersecurity.
Use native capabilities to ensure end-to-end security of IoT infrastructure and ensure the management service is itself secure. Leading IoT security management and control vendors include Armis, Samsara and Ordr.
Managing IoT traffic
Beyond building security into an IoT architecture, there is a fundamental principle that IoT cybersecurity specialists should adopt and impress upon their colleagues: The IoT infrastructure should be virtualized and managed independently. It would be unwise to dump IoT traffic onto a general-purpose network. IoT traffic has unique requirements for both performance and security. And IoT security architecture should enable the traffic to be managed and secured independently from end to end. It should also enable a single IoT cybersecurity policy to be implemented across all computing, network, storage and analytics platforms for consistency.