Preventing Automation Woes
When preparing for security when it comes to IoT devices, there are a few basic steps facility managers need to take:
Saying “No!” to Consumer-Grade Hardware
First among them is to resist the temptation to save a few dollars by attempting to automate on the cheap. Trying to save money by automating a commercial enterprise with consumer-grade devices is a recipe for disaster.
Businesses may incorrectly think that consumer products are good enough. If it works at home, then why not the office as well? There is a reason such products are targeted at consumers: standards-wise, they are simply not up to the task in an enterprise setting, and this is non-more so evident than it terms of security; consumer products simply cannot compare to enterprise-grade devices. They are just not designed to offer the same level of defense as enterprise-grade equipment and software.
Knowing Your Supplier
When investing in both commercial and enterprise-grade devices, knowing the source of the hardware is important as well. Design, component manufacturing and product assembly often take place in a variety of locations, so determining the history of a device can be difficult.
Consider, for example, when in 2015 Amazon was considering acquiring a company called Elemental Technologies. Elemental Technologies produced software for compressing video files and formatting them for different devices. The proposed acquisition would have fit in with Amazon’s government contracts, including the highly secure cloud infrastructure that Amazon Web Services (AWS) was building for the CIA.
As part of its due diligence, Amazon hired a third-party company to examine Elemental’s computer servers for potential security issues. During the process, examiners found a tiny microchip on the servers that they determined allowed attackers to access any network that included the machines. According to a Bloomberg report on the investigation, the microchips had been inserted at factories run by manufacturing subcontractors in China.
The takeaway: Security is not just a matter of individuals or small groups with the focus of extortion. Espionage is now often sanctioned by hostile foreign governments.
Finding the Right Partner
Businesses around the world are adopting IoT to establish an intelligent work environment to benefit their employees and increase productivity, as well as to achieve a myriad of other benefits. With that being the case, security will always be an issue, and that issue will only grow as more IoT devices join the network.
Still, it is not all doom and gloom. Organizations can have an intelligent workplace without sacrificing security, provided they select the right partners when going ahead and pay heed to those partners’ commitment to a safe and secure network environment and workplace.