Microsoft boosts data protection to enhance Internet of Things security

Microsoft enhanced security of its Internet of Things (IoT) offerings to making it adaptive, reactive, segmented, and multilayered, just like the human immune system, without needing to worry about it on a daily basis.

Manufacturers are helping lead the IoT boom. With connected sensors and devices throughout their value chain, manufacturers are harnessing the power of data to improve production methods and better refine products. Currently there are billions of connected devices and hundreds of thousands more are being added every day; this is not a trend but how manufacturers are doing business. Approximately 3.9 billion connected things were in use in 2014. Gartner expects this figure to rise to at least 25 billion by 2020.

By 2020, over 25 percent of identified attacks in enterprises will involve IoT, though IoT will account for less than 10 percent of IT security budgets. Discovery, provisioning, authentication and data protection will account for 50 percent of all security spend for IoT through 2020. Network segmentation and isolation solutions will account for 33 percent of all IoT security spend through 2020. By 2020, over 50 percent of all large IoT implementations will require cloud-based security services to operate within acceptable risks, while by year-end 2018, over 50 percent of IoT device manufacturers will remain unable to address product threats emanating from weak authentication practices.

By 2020, more than 25 percent of identified attacks in enterprises will involve the IoT, which will account for less than 10 percent of IT security budgets. As IoT presents an ever-expansive security issue, several security areas are advancing to cope with IoT’s evolution, including segmentation, isolation solutions, and cloud-based security.

The Gartner report throws light on security mistakes that could leave users vulnerable to attack; explain why network segmentation and isolation is likely to be a significant focus for future security budgets; key locations for detection, response, access, and other policy enforcement needs; make clear why organization needs cloud-based security services to deliver an acceptable level of operations in a cost-effective manner.

Gartner states that “network segmentation (keeping access points and connections separate and creating subnetworks) and isolation will be a significant focus for future security budgets.” Those securing IoT networks need to have the same mission. Gartner also predicts that by 2020 network segmentation and isolation efforts will make up 33 percent of IoT security spends.

For manufacturers, another focal point of IoT security should be adopting an operational technology (OT)-driven strategy for IoT network segmentation and isolation of compromised data and devices. Securing OT and entry points (devices) needs to be the first, second, and third thought when thinking about IoT security.

Once the network entry points are secured and best practices for segmentation are put in place, an enterprise can then shift to other aspects of IoT security, such as connections and data. It is this decentralized and holistic approach that will yield high security.

The vital step in IoT security is implementing measures that run in the background but keep the manufacturer safe. Connected sensors that are engineered to work together, on-floor devices with unique ID keys, and an IoT solution that can isolate a “rogue” device are all measures to consider when bolstering IoT security.

For manufacturers who rely on IoT for improved productivity and insights, this is not good enough. There is so much to be gained from approaching IoT security like the immune system: a 360-degree, holistic approach. When all departments have security on their minds and best practices are observed, the whole system is boosted.

Additionally, Gartner predicts that by 2020 more than 50 percent of enterprises with a large IoT infrastructure will require a cloud solution. Cloud-based IoT security makes a holistic approach to security easier with things like stored information on learned threats, simpler network segmentation, access management, monitoring, detection, and software patches.

Approximately 3.9 billion connected things were in use in 2014. Gartner expects this figure to rise to at least 25 billion by 2020. Meanwhile, control of IoT remains problematic as the endemic cultural and mission differences between operational technology (OT) organizations and IT organizations will continue to produce fragmented solutions for IoT – OT organizations seek product specific security solutions decoupled from the broader observation and protection of enterprise-wide security, and IT organizations seek enterprise-wide control and imposing IT techniques on technologies not often compatible with IT approaches.

IoT environments will have characteristics of both organizational types. However, whereas OT frequently has a business unit sponsor, IoT goes into, through and beyond business unit silos, and does not often have clear owners. IoT becomes an increasingly attractive early link in kill chain, as IoT vendors are most likely to repeat the security mistakes of the past and to not embrace modern security, vulnerability management and disclosure practices.

IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.