Gartner: Four ways to address IoT device attack
By 2020, 21 billion of Internet of Things (IoT) devices will be in use worldwide. Of these, close to 6 percent will be in use for industrial IoT applications. However, IT organisations have issues identifying these devices and characterising them as part of current network access policy.
Gartner has recently stated that infrastructure and operations (I&O) leaders must therefore update their network access policy to seamlessly address the onslaught of IoT devices. Business Review Asia takes a look.
1. Know the scale
"Having embraced a bring-your-own-device strategy, organisations must now get employee devices on the enterprise network and start addressing the 21 billion IoT devices that we project will want access to the enterprise network," said Tim Zimmermann, research vice president at Gartner ahead of the IoT security track at the Gartner Symposium/ITxpo in Cape Town later this month.
As the business world becomes more connected – and, perhaps, more dependent – on the use of IoT, the potential for an attacker to slip through the ever expanding net could potentially increase.
2. Maintain control
Zimmermann said: "Whether a video surveillance camera for a parking lot, a motion detector in a conference room or the HVAC for the entire building, the ability to identify, secure and isolate all IoT devices — and in particular "headless" devices — is more difficult to manage and secure.
He also explained that it is important that the IT organisation works directly with facilities management and other business units to identify all devices and projects connected to the enterprise infrastructure and attaching to the network.
3. Have robust access policy
Once all of the devices attached to the network are identified, the IT organisation must create or modify the network access policy as part of an enterprise policy enforcement strategy. This should determine if and how these devices will be connected, as well as what role they will be assigned that will govern their access.
In order to monitor access and priority of IoT devices, I&O leaders need to consider additional enterprise network best practices. These can be defining a connectivity policy, as many IoT devices will be connected via Wi-Fi; performing spectrum planning — many IoT devices may be using 2.4GHz, but may not be using 802.11 protocols such as Bluetooth, ZigBee or Z-Wave, which may create interference; or considering packet sniffers to identify devices that may do something undesirable on the network.
4. Consider virtual segments
While more IoT devices are added to the enterprise network, I&O leaders will need to create virtual segments. These will allow network architects to separate all IoT assets (such as LED lights or a video camera) from other network traffic, supporting each FM application or BU process from other enterprise applications and users.
As the concept of virtual segments continues to mature, the capabilities will allow network architects to prioritise the traffic of differing virtual segments as compared with the rest of the traffic on the network. For example, security video traffic and normal enterprise application traffic may have a higher priority than LED lighting.
Analysts will further discuss how organisations need to plan for the digital future during Gartner Symposium/ITxpo 2016 Follow news and updates on Twitter using#GartnerSYM.
The September issue of Business Review Australia & Asia is now live..
Follow @BizRevAsia and @MrNLon on Twitter.