As businesses enter the Internet of All Things, the recurrent concern of security is not far behind. Whether it’s POS devices, digital signage, customer WiFi, kiosks, video surveillance—or even HVAC control, every new connected device brings with it the risk of an information breach.
In this post, I’ll list some of the top security concerns. But to learn about ways to address these concerns—and for a list of key enablers, please read my full article in M2M Evolution Magazine. In addition, these enables are instrumental in bringing your network into PCI compliance. To learn more about PCI Compliance and the changes stemming from the recent approval of PCI-DSS 3.0, check out the free webinar I’m giving this week.
Cradlepoint is in the business of connecting end devices to the network and the cloud—particularly using 4G LTE. As such, we pay a lot of attention to network security. We think that implementing good M2M security comes down to 4 key best practices:
1. Device Authentication
2. Connection Security
3. Stored Data Security
4. Network Equipment Security
4½. A Note on Sharing Network Equipment & Connectivity
One of the most common security breaches happens when malicious devices such as credit card skimmers are attached to the LAN side of the network. So the first step is to make sure you know what devices are on your network.
The way M2M applications connect to a network be complicated: It can be a combination of WiFi, Ethernet and serial LAN connectivity for local area networks, 3G/4G and Ethernet connectivity (via T1/cable/DSL) on wide-area networks. Whether light- or heavy-weight, these devices also have system resources of their own you need to be aware of.
Stored Data Security
Whether your data is hosted privately or at a third party, there are a number of well-established security standards you need to meet. What you need to do to make them safe depends on how sensitive they are. This means any data that is collected from or in the transit queue to an M2M device.
Network Equipment Security
It is critical, of course, to make sure you have locked down the security of the network devices themselves. Otherwise, those malicious types may be able to take control of a network resource and use it to gain access to your private data.
Sharing Network Equipment & Connectivity
As companies look for ways to reduce capital expenses, a trend is emerging of using the same router and network connection to serve multiple purposes. Retail enterprises now use this single set-up for all those devices we mentioned at the start—the cameras, the POS devices, and the signage—as well as M2M devices from third-party vendors. With the right routers, you can segment your networks to do all of this safely.
The Buddy System
As M2M devices become more ubiquitous, so do the threats to their safe use. Whether by unauthorized access, use, disclosure, disruption, modification, inspection… and on and on… forces are out there trying to access sensitive data. As I’ve outlines, there are many steps you can take to help protect your information. But one of the best ways is to talk regularly with the companies who provide your network connectivity, equipment, data storage, and more. In this day and age, companies cannot achieve information security alone: Security is a partnership.