Updating an enterprise’s security posture to include IoT considerations is a process
The question probably isn’t “if” you’re using IoT, but “how.” But in a world filled with increasingly sophisticated hacking threats, the biggest question probably is this: How are you ensuring security of the IoT devices and data on your enterprise network?
For many enterprises, this question is difficult to answer, because of the sheer volume of IoT deployments coming from not only their IT team, but from the marketing team and other internal departments. With our LTE-based edge networking solutions, we see organizations of all shapes, sizes, and industries leveraging IoT in truly innovative ways, especially within these four categories:
- Remote Control of Digital Signs — Using LTE to adjust widely distributed public-facing content, such as advertising and promotional messages
- Remote Monitoring of Video Surveillance — Using LTE to transport mission-critical security footage
- Remote Monitoring of IoT Data from Sensors — Using LTE to send IoT data to the cloud or a data center
- Interactive Kiosks for Shopping & Services — Using LTE to deliver dependable Point-of-Sale and other applications
Businesses and agencies do not want to say “no” to these opportunities for operational efficiencies, cost savings, and even entirely new business models. That said, they think twice about IoT because of the many risks and vulnerabilities to consider, including:
- Lack of common security standards for IoT
- Criminal threat actors are targeting IoT devices and gateways
- Outdated security and software development models for IoT devices
- Risky practices such as using default credentials
- Lack of software upgrading and patching
- Difficulty keeping track of the many “things” residing on the corporate network
These IoT security challenges are especially worrisome when you scroll your news feed or turn on the TV and see evolution of hacking tactics. Mirai. Brickerbot. Reaper. WannaCry. The list of dangerous threats to IoT is long and well-known. Networks of robots are using DDoS attacks to hold organizations ransom, steal personal data, and more. In fact, in 2018, the number of IoT attacks logged by SonicWall jumped 216 percent, according to the 2019 SonicWall Cyber Threat Report.
In response to the dizzying scope of IoT data and those trying to take advantage of it, organizations are rethinking their network security strategies.
Strategies for IoT Security
Segmentation is about separating one application from other applications on an information systems network — such as making sure sensitive customer payment info is set apart from all other data. However, there is more than one way to do network segmentation.
Traditional Network Segmentation
Cradlepoint routers feature a built-in zone-based firewall, enabling both port-based and trunked VLAN policies that determine which VLAN traffic is allowed and where it can go. Trunked VLANs improve scalability by reducing the amount of hardware needed. Further, all VLAN configuration changes can be pushed out remotely through Cradlepoint’s NetCloud Manager.
Physical Network Separation
In some cases, it make sense to run one IoT application and its data through its own router. This physical separation via air-gapped edge routers keeps traffic from secondary devices such as digital signs totally separate from mission-critical traffic such as credit card information or electronic heath records.
In Cradlepoint’s IoT security webinar, cybersecurity expert Dr. Chase Cunningham defined zero trust this way: “Zero Trust is strategically focused on addressing lateral threat movement within the infrastructure by leveraging micro-segmentation and granular enforcement, based on user context, data access controls, application security, and the device posture.”
Zero trust is a process that no organization can glide through all at once. It takes commitment, diligence, and patient to address your zero trust needs one component at a time.
One big part of a zero trust strategy is the idea that no devices inside or outside the network should be granted access until they are approved. Basically it means invitation first, authentication second — which is a key benefit of Cradlepoint’s NetCloud Perimeter (NCP) feature. NCP uses Software-Defined Perimeter (SD-Perimeter) technology to allow organizations to easily set up a perimeter-secured overlay network for IoT devices and data in just a few minutes.
These invitation-only, zero trust WANs leverage the public internet in a private IP space — totally obscured from other networks and web-borne attacks.
Another key aspect of a zero trust strategy is automation, which helps alleviate the human error aspect of tedious network management while dramatically reducing the man-hours for your IT staff. Cradlepoint’s NetCloud Manager addresses this challenge by enabling organizations to remotely push updates and patches to all of the routers on the network in an instant through a single-pane-of-glass platform.