Wireless Analytics Logo
  • Services
    • Managed Services
    • Professional Services
    • Technology Solutions
  • Partners
    • Channel Partners
    • Solutions Partners
    • Carrier Partners
  • Knowledge Center
    • Case Studies
    • Whitepapers
    • Videos & Webinars
  • About Us
    • Press & Events
    • Careers
    • Contact
  • Blog

Free Rate Plan Analysis

Login

bridge_MJyfRU9O.jpg

Wireless Analytics Blog

Can a Legacy IT Team Take on IoT Deployments? 

[fa icon="calendar"] Mar 28, 2018 10:22:50 AM / by Alex Mordach

Alex Mordach

  • Tweet
IoT Series 3 Email Blog 3.21.18.jpg

The Internet of Things (IoT) has become the new frontier of business, and concurrently, is the new frontier of threats. In this four-part series, I’m covering various angles of IoT Security. Whether you’re on the purchasing, sourcing, and finance side, handle IT security and risk management, or you are project- or product-managing an IoT deployment, security is a major piece of the puzzle. Start from the beginning of the series here and subscribe to our blog to be notified when part four drops.

IoT is still in its early years. As with all technological gold rushes, the security mechanisms that protect those systems lag the trend itself. In other words, if the internet of things has just entered its awkward, gangly teen stage, the IoT security ecosystem is its younger sibling, looking on with a raised eyebrow and shaking her head with concern.

The rush to IoT poses risk for everyone. Risk that, in a good-case scenario, is mitigated by forethought and preparation, protecting a business and its consumers from exposure to harm. In a not-so-good-case scenario, vulnerabilities are exposed, and personal data and information falls into the hands of those for whom it was never intended.

A prime example of this in the IoT space is the 2013 Target security breach, in which attackers gained access to Target’s broader network via network-connected HVAC systems used to report on store air and temperature quality. About 40 million debit and credit card account numbers were acquired by the attackers within the two weeks between Black Friday and Christmas.

Still, IoT devices are being rushed to market without adequate concern for security, opening a company up to additional risks with major downstream implications. Throwing an IT security or risk management team without IoT security expertise into the deep end of an IoT deployment is unlikely to end well. Here is what you can do to prepare.

How IT and Risk Management Teams Can Approach IoT Security

An Open Network Approach

Traffic flows through public internet gateways without being backhauled through a private, secured network. This is typically used when non-sensitive information is being passed to a cloud or other network endpoint. While this is a more simplistic approach to take and easier to deploy, it doesn’t mean that no basic security measures should be put in place.

If the right modern IoT cellular network provider is used, it should be able to enable you to turn on features such as deep-packet inspection of your traffic, content filtering of that traffic, and apply usage pattern-based analytics. If your device is only expected to send data to a cloud API and you start seeing FTP or other traffic, this is a red flag that the device could be compromised.

A Closed-Loop Connection Approach

When requirements specify that certain content cannot go over the public internet (in banking or highly sensitive environments, for example), closed-loop connections happen on an internal intranet. All traffic is secured over an encrypted tunnel (IPSEC or something similar) and never actually touches the public internet.

The world of IoT security, in its adolescence, is fragmented. You have vendors doing security specifically on analytics, or on connections, or on data in motion, or data at rest. Closed-loop security connections err on the side of caution. The appropriate security approach for your IoT project will depend upon its use case. If you’re sending diagnostic data off a controller that contains nothing that would be considered private or gives up personal or sensitive information, you may be okay passing that over the public internet. But if it’s credit card or customer information, you might opt for a closed loop.

Basic Security Hygiene of an IoT Project

One of the most common security misses we encounter with businesses launching something IoT are what we consider to be basic security hygiene practices. In an initial set-up phase, your IT security should assess (at a minimum): Who has access to the IoT platform? The API credentials? Are you using hardened credentials? Even in the most sophisticated security system set-ups, we see default passwords never being changed.

These are issues nobody should have to think about, but this is the reality of adding layers of complexity upon layers of complexity to a security environment. It pays to do back-maintenance before moving forward with IoT.

Post-deployment, someone should be looking after the health of your IoT device. We commonly do this month-to-month to monitor for uncommon statistics and behavior. Through this, you’ll be able to identify things like compromised devices, devices using an abnormally abundant amount of traffic, or other behaviors that hint at a possible breach. At the end of the day, you want to prevent a breach or data overage. If you don’t have the IT and risk management staff to manage the monitoring of your IoT systems and devices (most companies don’t), you will benefit from having a reliable managed services provider do it for you.

Legacy IT security teams are not built to support the new frontier of IoT environments. As a business considers or begins an IoT deployment, it must consider how it will handle the security side. A managed services provider specializing in IoT can help with this before you're so far into the planning stage that missed considerations will now cost additional time and money; Or worse, before unconsidered vulnerabilities are exposed by an attacker.

In the final post in this series, we’ll tackle the project and product management team’s perspective when it comes to IoT security. Subscribe to our blog to be notified when it goes live.

If you already have an IoT line of business or IoT is on your radar, schedule an appointment with me for a free one hour strategy session.

 

Alex Mordach

Written by Alex Mordach

Alexander Mordach joined Wireless Analytics in 2005 and currently serves as its Director of Technology Solutions. Prior to joining Wireless Analytics, Alexander worked as an engineer for Phoenix Technologies, bringing UEFI BIOS solutions to the mass marketplace. He has always been an advocate of groundbreaking technology and helps Wireless Analytics stay on the forefront of all mobile technologies. Mr. Mordach received his Bachelor’s Degree in Computer Science from the University of Massachusetts at Lowell. In his spare time, he enjoys spending time outdoors with his family, and is an avid Disney fan.

[fa icon="linkedin-square"]Linkedin

Subscribe to Email Updates

  • Recent
  • Popular
  • Categories

Lists by Topic

  • Enterprise Mobility Management (40)
  • Mobile Device Management (MDM) (27)
  • BYOD (22)
  • Wireless Analytics News (21)
  • wireless expense management (19)
  • mobile device management (16)
  • Wireless Expense Management (15)
  • MDM (14)
  • managed mobility services (14)
  • MMS (13)
  • telecom expense management (12)
  • wireless mobility management (12)
  • International Mobility (7)
  • data plans (7)
  • AOTMP (6)
  • TEMIA (6)
  • best practices (6)
  • enterprise mobility (6)
  • iOS (6)
  • EMM (5)
  • IoT (5)
  • Tips (5)
  • WEM (5)
  • mobile security (5)
  • mobility (5)
  • Erik Eames (4)
  • Helpdesk Support (4)
  • Telecom Expense Management (4)
  • iPhone (4)
  • mobile (4)
  • mobile policy (4)
  • 3rd Party MMS (3)
  • Apple (3)
  • Carrier Negotiations (3)
  • IT (3)
  • Security (3)
  • Wireless Analytics (3)
  • at&t (3)
  • cell phones (3)
  • device upgrades (3)
  • enterprise (3)
  • enterprise apps (3)
  • enterprise iPhone (3)
  • enterprise mobility projects (3)
  • helpdesk (3)
  • mobile device (3)
  • mobile roaming (3)
  • roaming charges (3)
  • tablet (3)
  • wireless customer satisfaction (3)
  • 4G (2)
  • 5G (2)
  • Android (2)
  • Awards (2)
  • Enterprise iPad Use (2)
  • MVNO (2)
  • Managing Mobility Services (2)
  • MobileIron (2)
  • PC (2)
  • S8 (2)
  • Truphone (2)
  • Verizon (2)
  • WMM (2)
  • Webinar (2)
  • Wi-Fi Calling (2)
  • Wireless Policy (2)
  • carrier features (2)
  • device deployment (2)
  • help desk (2)
  • iOS 9.3 (2)
  • iPad (2)
  • internet of things (2)
  • mobile device deployment (2)
  • mobile devices (2)
  • mobile invoice optimization (2)
  • mobility management (2)
  • outsourcing (2)
  • sales force (2)
  • tablets (2)
  • telecom audit (2)
  • windows phone (2)
  • AOTMP ranks (1)
  • Apple subscription (1)
  • Asset Management (1)
  • BYOD Laptops (1)
  • BYOE (1)
  • Batteries (1)
  • Bill Payment (1)
  • BlackBerry 10 (1)
  • Brexit (1)
  • Build vs. Partner (1)
  • Business Leaders (1)
  • CDMA (1)
  • CES (1)
  • CLEAN Platform (1)
  • CRM (1)
  • Channel Partner Software (1)
  • Climate Change (1)
  • Cost Allocations (1)
  • Cost Savings (1)
  • Earth Day (1)
  • Email (1)
  • Expense Management (1)
  • Fujitsu (1)
  • GSM (1)
  • Green Energy (1)
  • HR Department (1)
  • IMT-2020 (1)
  • International Telecommunication Union (1)
  • International Wi-Fi Calling (1)
  • IoT Evolution Expo (1)
  • LTE (1)
  • Microsoft (1)
  • Mobile Inventory (1)
  • Nokia (1)
  • Pharmaceutical (1)
  • Project Management (1)
  • Recycle (1)
  • Samsung (1)
  • Samsung Gear S2 (1)
  • Samsung Gear S2 Classic (1)
  • Savings Assessments (1)
  • Siri (1)
  • Super Mario Run (1)
  • SyncUp (1)
  • T-Mobile (1)
  • Voice recognition (1)
  • Wandera (1)
  • Wi-Fi (1)
  • Windows 10 (1)
  • Windows Phone 10 (1)
  • business stakeholders (1)
  • carbon footprint (1)
  • chief service provider (1)
  • choosing a managed mobility services provider, (1)
  • device migration (1)
  • device subscription (1)
  • display dock (1)
  • easy device migration (1)
  • easyvista (1)
  • event (1)
  • gartner (1)
  • iOS 11 (1)
  • iOS 7 (1)
  • iPod touch (1)
  • mHealth (1)
  • migrating device platforms (1)
  • mobile data control (1)
  • mobile virtual network operator (1)
  • mobility lifecycle (1)
  • mobility support (1)
  • partner (1)
  • policy (1)
  • predictions (1)
  • reimbursement (1)
  • shadow IT (1)
  • smart phone (1)
  • smartphone (1)
  • uk (1)
  • unlimited (1)
  • user migration (1)
  • watchOS 2 (1)
  • windows (1)
see all

Posts by Topic

  • Enterprise Mobility Management (40)
  • Mobile Device Management (MDM) (27)
  • BYOD (22)
  • Wireless Analytics News (21)
  • wireless expense management (19)
  • mobile device management (16)
  • Wireless Expense Management (15)
  • MDM (14)
  • managed mobility services (14)
  • MMS (13)
  • telecom expense management (12)
  • wireless mobility management (12)
  • International Mobility (7)
  • data plans (7)
  • AOTMP (6)
  • TEMIA (6)
  • best practices (6)
  • enterprise mobility (6)
  • iOS (6)
  • EMM (5)
  • IoT (5)
  • Tips (5)
  • WEM (5)
  • mobile security (5)
  • mobility (5)
  • Erik Eames (4)
  • Helpdesk Support (4)
  • Telecom Expense Management (4)
  • iPhone (4)
  • mobile (4)
  • mobile policy (4)
  • 3rd Party MMS (3)
  • Apple (3)
  • Carrier Negotiations (3)
  • IT (3)
  • Security (3)
  • Wireless Analytics (3)
  • at&t (3)
  • cell phones (3)
  • device upgrades (3)
  • enterprise (3)
  • enterprise apps (3)
  • enterprise iPhone (3)
  • enterprise mobility projects (3)
  • helpdesk (3)
  • mobile device (3)
  • mobile roaming (3)
  • roaming charges (3)
  • tablet (3)
  • wireless customer satisfaction (3)
  • 4G (2)
  • 5G (2)
  • Android (2)
  • Awards (2)
  • Enterprise iPad Use (2)
  • MVNO (2)
  • Managing Mobility Services (2)
  • MobileIron (2)
  • PC (2)
  • S8 (2)
  • Truphone (2)
  • Verizon (2)
  • WMM (2)
  • Webinar (2)
  • Wi-Fi Calling (2)
  • Wireless Policy (2)
  • carrier features (2)
  • device deployment (2)
  • help desk (2)
  • iOS 9.3 (2)
  • iPad (2)
  • internet of things (2)
  • mobile device deployment (2)
  • mobile devices (2)
  • mobile invoice optimization (2)
  • mobility management (2)
  • outsourcing (2)
  • sales force (2)
  • tablets (2)
  • telecom audit (2)
  • windows phone (2)
  • AOTMP ranks (1)
  • Apple subscription (1)
  • Asset Management (1)
  • BYOD Laptops (1)
  • BYOE (1)
  • Batteries (1)
  • Bill Payment (1)
  • BlackBerry 10 (1)
  • Brexit (1)
  • Build vs. Partner (1)
  • Business Leaders (1)
  • CDMA (1)
  • CES (1)
  • CLEAN Platform (1)
  • CRM (1)
  • Channel Partner Software (1)
  • Climate Change (1)
  • Cost Allocations (1)
  • Cost Savings (1)
  • Earth Day (1)
  • Email (1)
  • Expense Management (1)
  • Fujitsu (1)
  • GSM (1)
  • Green Energy (1)
  • HR Department (1)
  • IMT-2020 (1)
  • International Telecommunication Union (1)
  • International Wi-Fi Calling (1)
  • IoT Evolution Expo (1)
  • LTE (1)
  • Microsoft (1)
  • Mobile Inventory (1)
  • Nokia (1)
  • Pharmaceutical (1)
  • Project Management (1)
  • Recycle (1)
  • Samsung (1)
  • Samsung Gear S2 (1)
  • Samsung Gear S2 Classic (1)
  • Savings Assessments (1)
  • Siri (1)
  • Super Mario Run (1)
  • SyncUp (1)
  • T-Mobile (1)
  • Voice recognition (1)
  • Wandera (1)
  • Wi-Fi (1)
  • Windows 10 (1)
  • Windows Phone 10 (1)
  • business stakeholders (1)
  • carbon footprint (1)
  • chief service provider (1)
  • choosing a managed mobility services provider, (1)
  • device migration (1)
  • device subscription (1)
  • display dock (1)
  • easy device migration (1)
  • easyvista (1)
  • event (1)
  • gartner (1)
  • iOS 11 (1)
  • iOS 7 (1)
  • iPod touch (1)
  • mHealth (1)
  • migrating device platforms (1)
  • mobile data control (1)
  • mobile virtual network operator (1)
  • mobility lifecycle (1)
  • mobility support (1)
  • partner (1)
  • policy (1)
  • predictions (1)
  • reimbursement (1)
  • shadow IT (1)
  • smart phone (1)
  • smartphone (1)
  • uk (1)
  • unlimited (1)
  • user migration (1)
  • watchOS 2 (1)
  • windows (1)
see all

Recent Posts

Learn more

Services

  • Managed Services
  • Professional Services
  • Technology Solutions
  • Services Matrix

Partners

  • Channel Partners
  • Solutions Partners
  • Carrier Partners

Knowledge Center

  • Case Studies
  • Whitepapers
  • Videos & Webinars

About Us

  • Press & Events
  • Careers
  • Contact
Search Google

© 2018 Wireless Analytics All Rights Reserved Privacy Policy

[fa icon="linkedin-square"]Linkedin [fa icon="twitter-square"]Twitter

Questions? Call Us 1-978-762-0900 or 888-588-5550

[fa icon="chevron-up"]Back to top