Find a Partner
A decade ago, when smartphones started to penetrate the corporate world, IT managers had to consider the implications of Bring Your Own Device (BYOD) for their organization’s security. Now the proliferation of the Internet of Things (IoT) or connected devices has added an additional layer of complexity. Organizations are trying to keep pace with the rapid adoption of new technologies and the resulting network security problems. Businesses will have to take a more disciplined approach to resolve these issues.
BYOD and IoT security issues have similarities and differences. Both BYOD and IoT are challenging the definition of the edge for IT security. Traditional corporations had well-defined edges. But with BYOD and IoT, the edges are becoming convoluted.
For example, an employee can have both their personal information and company information on a BYOD. So if a monitoring software wipes out the device data by mistake, it can affect the employee’s personal data. This creates a dilemma for enterprises who allow BYOD. They need to secure their network through proper firewalls and security applications, but they also need to give their employees the freedom to use the full potential of the latest technology.
In an IoT case, the edge gets convoluted because the applications might be outside of the infrastructure of a business. A health insurance provider might be using an on-patient health monitoring device that is connecting with its manufacturer’s network. It’s not clear if the edge is owned by the manufacturer or the health insurance provider.
IoT also brings its own problems. BYOD devices like smartphones and tablets are expensive. IoT devices like sensors and cameras are comparatively cheaper. So IT departments have to deal with a lot more IoT devices than BYODs. According to Gartner, there were 1.5 billion smart phones sold in 2017. In the same time period, estimated 8.3 billion connected devices or IoTs were assumed to be in use. So network security experts have a whole new scaling problem with IoT.
The reality is that businesses of all sizes have to come up with methods to deal with both BYOD and IoT security. Here are some ways to think about addressing the problems.
Well-defined Onboarding Process
Both BYOD and IoT have a common problem: they slip through the cracks. Employees can start using their personal devices without informing anyone. Similarly, a business might start using new equipment that has IoT components which could be connecting to the internet and sending information back to the manufacturer.
Companies have to look at their business requirements and create a comprehensive onboarding policy for BYOD and IoT. If security is of the highest concern, then companies might have to put restrictions on what BYOD or IoT devices are acceptable. Creating a well-defined onboarding process will allow companies to limit the scope of the attack surface and help provide better network security.
Better Policies, Guidelines, and Awareness
Everyone involved in the decision-making process should be able to easily define what is allowed and what is prohibited. The policies and guidelines have to be clear about things like firewall rules, access privileges, network segmentation, and more. If BYODs can use only certain applications, or IoTs can use only certain ports, that should be documented in a proper way. Also, the whole organization needs to cooperate to bring those policies to the forefront for better awareness.
Better Assessment and Monitoring Tools
Cybercriminals and hackers are aware of the opportunities that BYOD and IoT devices have created. Businesses will need to proactively monitor and prevent attacks. That requires the development of the right tools.
BYOD has been around for a little longer. So IT administrators have already taken into account how to address BYOD in their network. Businesses have used well-defined firewalls, anti-virus protection, intrusion detection, malware and ad blocking tools to keep their network safe from BYOD threats. As more administrators implemented these solutions, they realized that consolidating these features into a single tool would help them implement network security more efficiently.
The result is the rise of Unified Threat Management (UTM) that combines traffic monitoring, threat detection, and prevention in a single package. UTMs have already helped network administrators implement better firewalls and network security policies for their BYOD devices. The next step is to make sure UTM firewalls can address IoT-related issues. Fortunately, some UTMs are device-aware and can profile IoT devices to detect anomalous behavior. Administrators may have to pay attention to a larger number of devices, so registration and monitoring of IoT devices will require better automation tools to address scalability concerns.
Both BYOD and IoT are here to stay. As IoT devices follow in the footsteps of BYOD, it is necessary to recognize the security challenges that many will face. IoT is not slowing down, and security administrators need to ensure they have the right network security in place to protect their data and sensitive information. NG Firewall provides administrators with an all-in-one, affordable solution to not only protect the network, but also the connected devices. Untangle’s NG Firewall solution also provides enterprise-grade protection at the gateway, ensuring all your endpoints (including IoT) are protected.
Copyright © 2019 Untangle
1 (866) 233-2296