Internet of things devices present unique security problems due to being spread out, exposed to physical attacks and often lacking processor power. Credit: Thinkstock Even in the planning stages of a deployment, IoT security is one of the chief stumbling blocks to successful adoption of the technology. And while the problem is vastly complicated, there are three key angles to think about when laying out how IoT sensors will be deployed in any given setup: How secure are the device themselves, how many are there and can they receive security patches. Physical access Physical access is an important but, generally, straightforward consideration for traditional IT security. Data centers can be carefully secured, and routers and switches are often located in places where they’re either difficult to fiddle with discreetly or difficult to access in the first place. Where IoT is concerned, however, best security practices aren’t as fleshed out. Some types of IoT implementation could be relatively simple to secure – a bad actor could find it comparatively difficult to tinker with a piece of complex diagnostic equipment in a well-secured hospital, or a big piece of sophisticated robotic manufacturing equipment on an access-controlled factory floor. Compromises can happen, certainly, but a bad actor trying to get into a secure area is still a well-understood security threat. By contrast, smart city equipment scattered across a metropolis – traffic cameras, smart parking meters, noise sensors and the like – is readily accessible by the general public, to say nothing of anybody able to look convincing in a hard hat and hazard vest. The same issue applies to soil sensors in rural areas and any other technology deployed to a sufficiently remote location. The solutions to this problem vary. Cases and enclosures could deter some attackers, but they might not be practical in some instances. The same goes for video surveillance of the devices, which could become a target itself. The IoT Security Foundation recommends disabling all ports on a device that aren’t strictly necessary for it perform its function, implementing tamper-proofing on circuit boards, and even embedding those circuits entirely in resin. Discovery and networking Securing the connections between IoT sensors and the backend is arguably the toughest part to solve, in part because an alarming number of organizations aren’t even aware of all the devices on their network at any given time. Hence, device discovery remains a critically important part of network security for IoT. The main reason for this lack of visibility is that the nature of IoT as an operational technology, rather than one that’s solely administered by IT staff, means that line-of-business personnel will sometimes connect helpful devices to the network without telling the people in charge of keeping the network secure. For network operations people, used to having a clear sense of the entire network’s topology, this can be an unaccustomed headache. Beyond IT personnel working closely with the operational side of the business to ensure all devices connected to the network are properly provisioned and monitored, network scanners can discover connected devices on a network automatically, whether that’s via network traffic analysis, device profiles, whitelists or other techniques. Software patching Many IoT sensors don’t have a lot of built-in computing capability, so some of those devices aren’t able to run a security-software agent nor accept updates and patches remotely. That is a huge worry, because there are software vulnerabilities being discovered every day that target the IoT. An inability to patch those holes when they’re discovered is a serious problem. Moreover, certain devices simply won’t be able to be properly secured and made patchable. The only solution might be to find a different product that accomplishes the functional task yet has better security. Related content news AWS launches Cost Optimization Hub to help curb cloud expenses At its ongoing re:Invent 2023 conference, the cloud service provider introduced several new and free updates that are expected to help enterprises optimize their AWS costs. By Anirban Ghoshal Nov 28, 2023 3 mins Amazon re:Invent Events Industry how-to Getting started on the Linux (or Unix) command line, Part 4 Pipes, aliases and scripts make Linux so much easier to use. By Sandra Henry-Stocker Nov 27, 2023 4 mins Linux news AI partly to blame for spike in data center costs Low vacancies and the cost of AI have driven up colocation fees by 15%, DatacenterHawk reports. By Andy Patrizio Nov 27, 2023 4 mins Generative AI Data Center news Nvidia’s made-for-China chip delayed due to integration issues: Report Nvidia’s AI-focused H20 GPUs bypass US restrictions on China’s silicon access, including limits on-chip performance and density. By Sam Reynolds Nov 24, 2023 4 mins CPUs and Processors Generative AI Technology Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe