The Security Ledger

IoT Security’s Known Unknowns | Network World

GlobalSign became the latest Certificate Authority to promise PKI at Internet of Things Scale.

As Internet of Things devices proliferate, it’s more important to discover how many and what kind are on your network and figure out how to make them secure. Editor’s Note: this article first appeared on Network World. You can read the article here at Network World Insider. 

Judging by all the media attention that The Internet of Things (or IoT) gets these days, you would think that the world was firmly in the grip of a physical and digital transformation. The truth, though, is that we all are still in the early days of the IoT.

The analyst firm Gartner, for example, puts the number of Internet connected “things” at just 8.4 billion in 2017 – counting both consumer and business applications. That’s a big number, yes, but much smaller number than the “50 billion devices” or “hundreds of billions of devices” figures that get bandied about in the press.

Of course, the fact that the full promise of the Internet of Things awaits in the distant future, or that there are only 10s of billions of connected devices and not scores of billions of them doesn’t change the reality for you, which is that the Internet of Things already poses a security threat to your organization.

Where does the networking professional worried about Internet of Things based threats start? Here are a few thoughts to consider as you plan your organization’s response:

Know your known knowns

Known knowns are the things you know you know, as former Defense Secretary Donald Rumsfeld put it. They include all your traditional assets: laptops, desktops, servers (including development and test servers), as well as smart phones and tablets. They also include peripheral devices like multifunction printers, photocopiers and so on.

To really know your known knowns, however, you need to see past the obvious and interrogate each of those IT assets to make sure you’ve accounted for any features and functions that could undermine your network security. Furthermore, you need to develop the means of bringing those devices under management.

With smart phones, for example, mobile device management platforms have long been a means of extending control and management to those devices by enforcing patch levels, banning “jailbroken” devices and limiting app store choice. Given the spate of malicious applications showing up on platforms like Google Play, if you’re not paying attention to the security posture of your employees’ and contractors’ mobile phones, you’re taking a big risk.

Read the rest of the article over at Network World.